SlideShare a Scribd company logo

Chapter 3 - Lesson 1.pptx

Download as PPTX, PDF
J
JhaiJhai6

Principles of Information Security

Technology
1 of 15
Principles of Information Security, Fifth Edition Chapter 3 Legal, Ethical, and Professional Issues in Information Security Lesson 1 – Laws and Ethics
Principles of Information Security, Fifth Edition 2 Learning Objectives • Upon completion of this material, you should be able to: – Describe the functions of and relationships among laws, regulations, and professional organizations in information security – Explain the differences between laws and ethics
Principles of Information Security, Fifth Edition 3 Introduction • You must understand the scope of an organization’s legal and ethical responsibilities. • To minimize liabilities/reduce risks, the information security practitioner must: – Understand the current legal environment – Stay current with laws and regulations – Watch for new and emerging issues
Principles of Information Security, Fifth Edition 4 Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain behavior and are enforced by the state • Ethics: regulate and define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group • Laws carry the authority of a governing authority; ethics do not.
Principles of Information Security, Fifth Edition 5 Organizational Liability and the Need for Counsel • Liability: the legal obligation of an entity extending beyond criminal or contract law; includes the legal obligation to make restitution • Restitution: the legal obligation to compensate an injured party for wrongs committed • Due care: the legal standard requiring a prudent organization to act legally and ethically and know the consequences of actions • Due diligence: the legal standard requiring a prudent organization to maintain the standard of due care and ensure actions are effective
Principles of Information Security, Fifth Edition 6 Organizational Liability and the Need for Counsel (cont’d) • Jurisdiction: court’s right to hear a case if the wrong was committed in its territory or involved its citizenry • Long-arm jurisdiction: application of laws to those residing outside a court’s normal jurisdiction; usually granted when a person acts illegally within the jurisdiction and leaves
Principles of Information Security, Fifth Edition 7 Policy Versus Law • Policies: managerial directives that specify acceptable and unacceptable employee behavior in the workplace • Policies function as organizational laws; must be crafted and implemented with care to ensure they are complete, appropriate, and fairly applied to everyone • Difference between policy and law: Ignorance of a policy is an acceptable defense.
Principles of Information Security, Fifth Edition 8 Policy Versus Law (cont’d) • Criteria for policy enforcement: – Dissemination (distribution) – Review (reading) – Comprehension (understanding) – Compliance (agreement) – Uniform enforcement
Principles of Information Security, Fifth Edition 9 Types of Law • Civil: governs nation or state; manages relationships/conflicts between organizations and people • Criminal: addresses activities and conduct harmful to society; actively enforced by the state • Private: family/commercial/labor law; regulates relationships between individuals and organizations • Public: regulates structure/administration of government agencies and their relationships with citizens, employees, and other governments
Principles of Information Security, Fifth Edition 10 Relevant U.S. Laws • The United States has been a leader in the development and implementation of information security legislation. • Information security legislation contributes to a more reliable business environment and a stable economy. • The United States has demonstrated understanding of the importance of securing information and has specified penalties for individuals and organizations that breach civil and criminal law.
Principles of Information Security, Fifth Edition 11 General Computer Crime Laws • Computer Fraud and Abuse Act of 1986 (CFA Act): Cornerstone of many computer-related federal laws and enforcement efforts • National Information Infrastructure Protection Act of 1996: – Modified several sections of the previous act and increased the penalties for selected crimes – Severity of the penalties was judged on the value of the information and the purpose • For purposes of commercial advantage • For private financial gain • In furtherance of a criminal act
Principles of Information Security, Fifth Edition 12 General Computer Crime Laws (cont’d) • USA PATRIOT Act of 2001: Provides law enforcement agencies with broader latitude in order to combat terrorism-related activities • USA PATRIOT Improvement and Reauthorization Act: Made permanent fourteen of the sixteen expanded powers of the Department of Homeland Security and the FBI in investigating terrorist activity • Computer Security Act of 1987: One of the first attempts to protect federal computer systems by establishing minimum acceptable security practices.
Principles of Information Security, Fifth Edition 13 Privacy • One of the hottest topics in information security • Right of individuals or groups to protect themselves and personal information from unauthorized access • Ability to aggregate data from multiple sources allows creation of information databases previously impossible • The number of statutes addressing an individual’s right to privacy has grown.
Principles of Information Security, Fifth Edition 14
Principles of Information Security, Fifth Edition 15 Privacy (cont’d) • U.S. Regulations – Privacy of Customer Information Section of the common carrier regulation – Federal Privacy Act of 1974 – Electronic Communications Privacy Act of 1986 – Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act – Financial Services Modernization Act, or Gramm- Leach-Bliley Act of 1999

Recommended

Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Lesson 1- Laws and Ethics
Lesson 1- Laws and EthicsLesson 1- Laws and Ethics
Lesson 1- Laws and Ethics
MLG College of Learning, Inc
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptx
Shruthi48
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
JhaiJhai6
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
MLG College of Learning, Inc
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
MLG College of Learning, Inc
 

Recommended

Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Lesson 1- Laws and Ethics
Lesson 1- Laws and EthicsLesson 1- Laws and Ethics
Lesson 1- Laws and Ethics
MLG College of Learning, Inc
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptx
Shruthi48
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
JhaiJhai6
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
MLG College of Learning, Inc
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
MLG College of Learning, Inc
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptx
Nargis Parveen
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
EdFeranil
 
4482LawEthics.ppt
4482LawEthics.ppt4482LawEthics.ppt
4482LawEthics.ppt
LAXMIPRASANNA565999
 
whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.ppt
DEEPAK948083
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
abdukadirabdullahuad
 
Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.ppt
HaiderAli424102
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
Anil Yadav
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
Anil Yadav
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
ghghghghgh
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lesson 3- Major natural laws
Lesson 3- Major natural lawsLesson 3- Major natural laws
Lesson 3- Major natural laws
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3
MLG College of Learning, Inc
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
Gamentortc
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
MeshalALshammari12
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
hyacinthshackley2629
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
Samir Jha
 
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Larry Catá Backer
 
lesson333.ppt
lesson333.pptlesson333.ppt
lesson333.ppt
DEEPAK948083
 
Application of a decision making framework to an IT-related ethical
Application of a decision making framework to an IT-related ethical Application of a decision making framework to an IT-related ethical
Application of a decision making framework to an IT-related ethical
mallisonshavon
 
PPIT Lecture 8
PPIT Lecture 8PPIT Lecture 8
PPIT Lecture 8
Kashif Sohail
 
MANCOM VIRTUAL MEETING.pptx
MANCOM VIRTUAL MEETING.pptxMANCOM VIRTUAL MEETING.pptx
MANCOM VIRTUAL MEETING.pptx
JhaiJhai6
 
Environmental Science.pptx
Environmental Science.pptxEnvironmental Science.pptx
Environmental Science.pptx
JhaiJhai6
 

More Related Content

Similar to Chapter 3 - Lesson 1.pptx

1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
hyacinthshackley2629
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
Samir Jha
 
Application of a decision making framework to an IT-related ethical
Application of a decision making framework to an IT-related ethical Application of a decision making framework to an IT-related ethical
Application of a decision making framework to an IT-related ethical
mallisonshavon
 

Similar to Chapter 3 - Lesson 1.pptx (20)

Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptx
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
 
4482LawEthics.ppt
4482LawEthics.ppt4482LawEthics.ppt
4482LawEthics.ppt
 
whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.ppt
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.ppt
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Lesson 3- Major natural laws
Lesson 3- Major natural lawsLesson 3- Major natural laws
Lesson 3- Major natural laws
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
 
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
 
lesson333.ppt
lesson333.pptlesson333.ppt
lesson333.ppt
 
Application of a decision making framework to an IT-related ethical
Application of a decision making framework to an IT-related ethical Application of a decision making framework to an IT-related ethical
Application of a decision making framework to an IT-related ethical
 
PPIT Lecture 8
PPIT Lecture 8PPIT Lecture 8
PPIT Lecture 8
 

More from JhaiJhai6

MANCOM VIRTUAL MEETING.pptx
MANCOM VIRTUAL MEETING.pptxMANCOM VIRTUAL MEETING.pptx
MANCOM VIRTUAL MEETING.pptx
JhaiJhai6
 
Environmental Science.pptx
Environmental Science.pptxEnvironmental Science.pptx
Environmental Science.pptx
JhaiJhai6
 
EMS-TRENDS AND ISSUES report.pptx
EMS-TRENDS AND ISSUES report.pptxEMS-TRENDS AND ISSUES report.pptx
EMS-TRENDS AND ISSUES report.pptx
JhaiJhai6
 
Teachers Performance Evaluation.pptx
Teachers Performance Evaluation.pptxTeachers Performance Evaluation.pptx
Teachers Performance Evaluation.pptx
JhaiJhai6
 
Chapter 1 - Lesson 2.pptx
Chapter 1 - Lesson 2.pptxChapter 1 - Lesson 2.pptx
Chapter 1 - Lesson 2.pptx
JhaiJhai6
 

More from JhaiJhai6 (9)

MANCOM VIRTUAL MEETING.pptx
MANCOM VIRTUAL MEETING.pptxMANCOM VIRTUAL MEETING.pptx
MANCOM VIRTUAL MEETING.pptx
 
Environmental Science.pptx
Environmental Science.pptxEnvironmental Science.pptx
Environmental Science.pptx
 
Chapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptxChapter 2 - Lesson 2.pptx
Chapter 2 - Lesson 2.pptx
 
EMS.pptx
EMS.pptxEMS.pptx
EMS.pptx
 
EMS-TRENDS AND ISSUES report.pptx
EMS-TRENDS AND ISSUES report.pptxEMS-TRENDS AND ISSUES report.pptx
EMS-TRENDS AND ISSUES report.pptx
 
Teachers Performance Evaluation.pptx
Teachers Performance Evaluation.pptxTeachers Performance Evaluation.pptx
Teachers Performance Evaluation.pptx
 
BSIT CAPSTONE& RESEARCH.pptx
BSIT CAPSTONE& RESEARCH.pptxBSIT CAPSTONE& RESEARCH.pptx
BSIT CAPSTONE& RESEARCH.pptx
 
Chapter 1 - Lesson 2.pptx
Chapter 1 - Lesson 2.pptxChapter 1 - Lesson 2.pptx
Chapter 1 - Lesson 2.pptx
 
capstone-ppt.pptx
capstone-ppt.pptxcapstone-ppt.pptx
capstone-ppt.pptx
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Recently uploaded (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 

Chapter 3 - Lesson 1.pptx

  • 1. Principles of Information Security, Fifth Edition Chapter 3 Legal, Ethical, and Professional Issues in Information Security Lesson 1 – Laws and Ethics
  • 2. Principles of Information Security, Fifth Edition 2 Learning Objectives • Upon completion of this material, you should be able to: – Describe the functions of and relationships among laws, regulations, and professional organizations in information security – Explain the differences between laws and ethics
  • 3. Principles of Information Security, Fifth Edition 3 Introduction • You must understand the scope of an organization’s legal and ethical responsibilities. • To minimize liabilities/reduce risks, the information security practitioner must: – Understand the current legal environment – Stay current with laws and regulations – Watch for new and emerging issues
  • 4. Principles of Information Security, Fifth Edition 4 Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain behavior and are enforced by the state • Ethics: regulate and define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group • Laws carry the authority of a governing authority; ethics do not.
  • 5. Principles of Information Security, Fifth Edition 5 Organizational Liability and the Need for Counsel • Liability: the legal obligation of an entity extending beyond criminal or contract law; includes the legal obligation to make restitution • Restitution: the legal obligation to compensate an injured party for wrongs committed • Due care: the legal standard requiring a prudent organization to act legally and ethically and know the consequences of actions • Due diligence: the legal standard requiring a prudent organization to maintain the standard of due care and ensure actions are effective
  • 6. Principles of Information Security, Fifth Edition 6 Organizational Liability and the Need for Counsel (cont’d) • Jurisdiction: court’s right to hear a case if the wrong was committed in its territory or involved its citizenry • Long-arm jurisdiction: application of laws to those residing outside a court’s normal jurisdiction; usually granted when a person acts illegally within the jurisdiction and leaves
  • 7. Principles of Information Security, Fifth Edition 7 Policy Versus Law • Policies: managerial directives that specify acceptable and unacceptable employee behavior in the workplace • Policies function as organizational laws; must be crafted and implemented with care to ensure they are complete, appropriate, and fairly applied to everyone • Difference between policy and law: Ignorance of a policy is an acceptable defense.
  • 8. Principles of Information Security, Fifth Edition 8 Policy Versus Law (cont’d) • Criteria for policy enforcement: – Dissemination (distribution) – Review (reading) – Comprehension (understanding) – Compliance (agreement) – Uniform enforcement
  • 9. Principles of Information Security, Fifth Edition 9 Types of Law • Civil: governs nation or state; manages relationships/conflicts between organizations and people • Criminal: addresses activities and conduct harmful to society; actively enforced by the state • Private: family/commercial/labor law; regulates relationships between individuals and organizations • Public: regulates structure/administration of government agencies and their relationships with citizens, employees, and other governments
  • 10. Principles of Information Security, Fifth Edition 10 Relevant U.S. Laws • The United States has been a leader in the development and implementation of information security legislation. • Information security legislation contributes to a more reliable business environment and a stable economy. • The United States has demonstrated understanding of the importance of securing information and has specified penalties for individuals and organizations that breach civil and criminal law.
  • 11. Principles of Information Security, Fifth Edition 11 General Computer Crime Laws • Computer Fraud and Abuse Act of 1986 (CFA Act): Cornerstone of many computer-related federal laws and enforcement efforts • National Information Infrastructure Protection Act of 1996: – Modified several sections of the previous act and increased the penalties for selected crimes – Severity of the penalties was judged on the value of the information and the purpose • For purposes of commercial advantage • For private financial gain • In furtherance of a criminal act
  • 12. Principles of Information Security, Fifth Edition 12 General Computer Crime Laws (cont’d) • USA PATRIOT Act of 2001: Provides law enforcement agencies with broader latitude in order to combat terrorism-related activities • USA PATRIOT Improvement and Reauthorization Act: Made permanent fourteen of the sixteen expanded powers of the Department of Homeland Security and the FBI in investigating terrorist activity • Computer Security Act of 1987: One of the first attempts to protect federal computer systems by establishing minimum acceptable security practices.
  • 13. Principles of Information Security, Fifth Edition 13 Privacy • One of the hottest topics in information security • Right of individuals or groups to protect themselves and personal information from unauthorized access • Ability to aggregate data from multiple sources allows creation of information databases previously impossible • The number of statutes addressing an individual’s right to privacy has grown.
  • 14. Principles of Information Security, Fifth Edition 14
  • 15. Principles of Information Security, Fifth Edition 15 Privacy (cont’d) • U.S. Regulations – Privacy of Customer Information Section of the common carrier regulation – Federal Privacy Act of 1974 – Electronic Communications Privacy Act of 1986 – Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act – Financial Services Modernization Act, or Gramm- Leach-Bliley Act of 1999