SlideShare a Scribd company logo

Information Assurance And Security - Chapter 3 - Lesson 1

Download as PPT, PDF
M
MLG College of Learning, Inc

ISA - Chapter 3 - Lesson 1

Education
1 of 15
Principles of Information Security, Fifth Edition Chapter 3 Legal, Ethical, and Professional Issues in Information Security Lesson 1 – Laws and Ethics
Learning Objectives • Upon completion of this material, you should be able to: – Describe the functions of and relationships among laws, regulations, and professional organizations in information security – Explain the differences between laws and ethics Principles of Information Security, Fifth Edition 2
Introduction • You must understand the scope of an organization’s legal and ethical responsibilities. • To minimize liabilities/reduce risks, the information security practitioner must: – Understand the current legal environment – Stay current with laws and regulations – Watch for new and emerging issues Principles of Information Security, Fifth Edition 3
Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain behavior and are enforced by the state • Ethics: regulate and define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group • Laws carry the authority of a governing authority; ethics do not. Principles of Information Security, Fifth Edition 4
Organizational Liability and the Need for Counsel • Liability: the legal obligation of an entity extending beyond criminal or contract law; includes the legal obligation to make restitution • Restitution: the legal obligation to compensate an injured party for wrongs committed • Due care: the legal standard requiring a prudent organization to act legally and ethically and know the consequences of actions • Due diligence: the legal standard requiring a prudent organization to maintain the standard of due care and ensure actions are effective Principles of Information Security, Fifth Edition 5
Organizational Liability and the Need for Counsel (cont’d) • Jurisdiction: court’s right to hear a case if the wrong was committed in its territory or involved its citizenry • Long-arm jurisdiction: application of laws to those residing outside a court’s normal jurisdiction; usually granted when a person acts illegally within the jurisdiction and leaves Principles of Information Security, Fifth Edition 6
Policy Versus Law • Policies: managerial directives that specify acceptable and unacceptable employee behavior in the workplace • Policies function as organizational laws; must be crafted and implemented with care to ensure they are complete, appropriate, and fairly applied to everyone • Difference between policy and law: Ignorance of a policy is an acceptable defense. Principles of Information Security, Fifth Edition 7
Policy Versus Law (cont’d) • Criteria for policy enforcement: – Dissemination (distribution) – Review (reading) – Comprehension (understanding) – Compliance (agreement) – Uniform enforcement Principles of Information Security, Fifth Edition 8
Types of Law • Civil: governs nation or state; manages relationships/conflicts between organizations and people • Criminal: addresses activities and conduct harmful to society; actively enforced by the state • Private: family/commercial/labor law; regulates relationships between individuals and organizations • Public: regulates structure/administration of government agencies and their relationships with citizens, employees, and other governments Principles of Information Security, Fifth Edition 9
Relevant U.S. Laws • The United States has been a leader in the development and implementation of information security legislation. • Information security legislation contributes to a more reliable business environment and a stable economy. • The United States has demonstrated understanding of the importance of securing information and has specified penalties for individuals and organizations that breach civil and criminal law. Principles of Information Security, Fifth Edition 10
General Computer Crime Laws • Computer Fraud and Abuse Act of 1986 (CFA Act): Cornerstone of many computer-related federal laws and enforcement efforts • National Information Infrastructure Protection Act of 1996: – Modified several sections of the previous act and increased the penalties for selected crimes – Severity of the penalties was judged on the value of the information and the purpose • For purposes of commercial advantage • For private financial gain • In furtherance of a criminal act Principles of Information Security, Fifth Edition 11
General Computer Crime Laws (cont’d) • USA PATRIOT Act of 2001: Provides law enforcement agencies with broader latitude in order to combat terrorism-related activities • USA PATRIOT Improvement and Reauthorization Act: Made permanent fourteen of the sixteen expanded powers of the Department of Homeland Security and the FBI in investigating terrorist activity • Computer Security Act of 1987: One of the first attempts to protect federal computer systems by establishing minimum acceptable security practices. Principles of Information Security, Fifth Edition 12
Privacy • One of the hottest topics in information security • Right of individuals or groups to protect themselves and personal information from unauthorized access • Ability to aggregate data from multiple sources allows creation of information databases previously impossible • The number of statutes addressing an individual’s right to privacy has grown. Principles of Information Security, Fifth Edition 13
Principles of Information Security, Fifth Edition 14
Privacy (cont’d) • U.S. Regulations – Privacy of Customer Information Section of the common carrier regulation – Federal Privacy Act of 1974 – Electronic Communications Privacy Act of 1986 – Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act – Financial Services Modernization Act, or Gramm- Leach-Bliley Act of 1999 Principles of Information Security, Fifth Edition 15

Recommended

Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
MLG College of Learning, Inc
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics Presentation
Hajarul Cikyen
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
imehreenx
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
WilmerHale
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
Jisc Scotland
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
Perry Slack
 

Recommended

Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
MLG College of Learning, Inc
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics Presentation
Hajarul Cikyen
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
imehreenx
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
WilmerHale
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
Jisc Scotland
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
Perry Slack
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
sidra batool
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simple
Aurora Computer Studies
 
Information security management
Information security managementInformation security management
Information security management
UMaine
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3
MLG College of Learning, Inc
 
9781111534127 ppt ch02
9781111534127 ppt ch029781111534127 ppt ch02
9781111534127 ppt ch02
stanbridge
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
Jennifer Polack
 
04 privacy
04 privacy04 privacy
04 privacy
Esmhel Briones
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
Syaiful Ahdan
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal information
Uc Man
 
Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1
MLG College of Learning, Inc
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
Financial Poise
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive data
OpenAIRE
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
tomasztopa
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
Gamentortc
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
mrmwood
 
Chapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxChapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptx
JhaiJhai6
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptx
Shruthi48
 

More Related Content

What's hot

Information security management
Information security managementInformation security management
Information security management
UMaine
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
Financial Poise
 

What's hot (20)

Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simple
 
Information security management
Information security managementInformation security management
Information security management
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3
 
9781111534127 ppt ch02
9781111534127 ppt ch029781111534127 ppt ch02
9781111534127 ppt ch02
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
04 privacy
04 privacy04 privacy
04 privacy
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal information
 
Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive data
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 

Similar to Information Assurance And Security - Chapter 3 - Lesson 1

Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Financial Poise
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
hyacinthshackley2629
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
Samir Jha
 

Similar to Information Assurance And Security - Chapter 3 - Lesson 1 (20)

Chapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxChapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptx
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptx
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptx
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
 
4482LawEthics.ppt
4482LawEthics.ppt4482LawEthics.ppt
4482LawEthics.ppt
 
whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.ppt
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
 
Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.ppt
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
 
3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
 

More from MLG College of Learning, Inc

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 

Recently uploaded (20)

HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 

Information Assurance And Security - Chapter 3 - Lesson 1

  • 1. Principles of Information Security, Fifth Edition Chapter 3 Legal, Ethical, and Professional Issues in Information Security Lesson 1 – Laws and Ethics
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Describe the functions of and relationships among laws, regulations, and professional organizations in information security – Explain the differences between laws and ethics Principles of Information Security, Fifth Edition 2
  • 3. Introduction • You must understand the scope of an organization’s legal and ethical responsibilities. • To minimize liabilities/reduce risks, the information security practitioner must: – Understand the current legal environment – Stay current with laws and regulations – Watch for new and emerging issues Principles of Information Security, Fifth Edition 3
  • 4. Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain behavior and are enforced by the state • Ethics: regulate and define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group • Laws carry the authority of a governing authority; ethics do not. Principles of Information Security, Fifth Edition 4
  • 5. Organizational Liability and the Need for Counsel • Liability: the legal obligation of an entity extending beyond criminal or contract law; includes the legal obligation to make restitution • Restitution: the legal obligation to compensate an injured party for wrongs committed • Due care: the legal standard requiring a prudent organization to act legally and ethically and know the consequences of actions • Due diligence: the legal standard requiring a prudent organization to maintain the standard of due care and ensure actions are effective Principles of Information Security, Fifth Edition 5
  • 6. Organizational Liability and the Need for Counsel (cont’d) • Jurisdiction: court’s right to hear a case if the wrong was committed in its territory or involved its citizenry • Long-arm jurisdiction: application of laws to those residing outside a court’s normal jurisdiction; usually granted when a person acts illegally within the jurisdiction and leaves Principles of Information Security, Fifth Edition 6
  • 7. Policy Versus Law • Policies: managerial directives that specify acceptable and unacceptable employee behavior in the workplace • Policies function as organizational laws; must be crafted and implemented with care to ensure they are complete, appropriate, and fairly applied to everyone • Difference between policy and law: Ignorance of a policy is an acceptable defense. Principles of Information Security, Fifth Edition 7
  • 8. Policy Versus Law (cont’d) • Criteria for policy enforcement: – Dissemination (distribution) – Review (reading) – Comprehension (understanding) – Compliance (agreement) – Uniform enforcement Principles of Information Security, Fifth Edition 8
  • 9. Types of Law • Civil: governs nation or state; manages relationships/conflicts between organizations and people • Criminal: addresses activities and conduct harmful to society; actively enforced by the state • Private: family/commercial/labor law; regulates relationships between individuals and organizations • Public: regulates structure/administration of government agencies and their relationships with citizens, employees, and other governments Principles of Information Security, Fifth Edition 9
  • 10. Relevant U.S. Laws • The United States has been a leader in the development and implementation of information security legislation. • Information security legislation contributes to a more reliable business environment and a stable economy. • The United States has demonstrated understanding of the importance of securing information and has specified penalties for individuals and organizations that breach civil and criminal law. Principles of Information Security, Fifth Edition 10
  • 11. General Computer Crime Laws • Computer Fraud and Abuse Act of 1986 (CFA Act): Cornerstone of many computer-related federal laws and enforcement efforts • National Information Infrastructure Protection Act of 1996: – Modified several sections of the previous act and increased the penalties for selected crimes – Severity of the penalties was judged on the value of the information and the purpose • For purposes of commercial advantage • For private financial gain • In furtherance of a criminal act Principles of Information Security, Fifth Edition 11
  • 12. General Computer Crime Laws (cont’d) • USA PATRIOT Act of 2001: Provides law enforcement agencies with broader latitude in order to combat terrorism-related activities • USA PATRIOT Improvement and Reauthorization Act: Made permanent fourteen of the sixteen expanded powers of the Department of Homeland Security and the FBI in investigating terrorist activity • Computer Security Act of 1987: One of the first attempts to protect federal computer systems by establishing minimum acceptable security practices. Principles of Information Security, Fifth Edition 12
  • 13. Privacy • One of the hottest topics in information security • Right of individuals or groups to protect themselves and personal information from unauthorized access • Ability to aggregate data from multiple sources allows creation of information databases previously impossible • The number of statutes addressing an individual’s right to privacy has grown. Principles of Information Security, Fifth Edition 13
  • 14. Principles of Information Security, Fifth Edition 14
  • 15. Privacy (cont’d) • U.S. Regulations – Privacy of Customer Information Section of the common carrier regulation – Federal Privacy Act of 1974 – Electronic Communications Privacy Act of 1986 – Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act – Financial Services Modernization Act, or Gramm- Leach-Bliley Act of 1999 Principles of Information Security, Fifth Edition 15