Certified Incident Handler (CIH) Practice Ecam

Which act, enacted in 2002, provides a comprehensive framework for information security controls over federal operations?

• A. SOX
• B. DMCA
• C. FISMA
• D. HIPAA

The correct answer is: FISMA

The answer is focused on the Federal Information Security Management Act (FISMA), which was enacted in 2002 to establish a comprehensive framework for ensuring the effectiveness of information security controls over federal government operations. FISMA mandates that federal agencies develop, document, and implement an information security program to protect sensitive data and systems from unauthorized access and threats. FISMA emphasizes risk management and requires agencies to assess their information systems, assign risk levels, and implement the necessary security measures. It also mandates regular audits and reviews to ensure compliance with the established security framework. By doing so, FISMA aims to create a federal baseline for information security that improves the resilience of government operations against cyber threats. In contrast, the other acts mentioned focus on different aspects of law and security. The Sarbanes-Oxley Act (SOX) primarily addresses corporate governance and financial practices, while the Digital Millennium Copyright Act (DMCA) pertains to copyright issues in the digital environment. The Health Insurance Portability and Accountability Act (HIPAA) focuses on protecting personal health information and ensuring the confidentiality of health data. Thus, FISMA stands out as specifically tailored to establish standards and controls for information security within federal operations.