SlideShare a Scribd company logo
1 of 15
Download to read offline
Principles of Information Security,
Fifth Edition
Chapter 3
Legal, Ethical, and Professional
Issues in Information Security
Lesson 1 – Laws and Ethics
Learning Objectives
• Upon completion of this material, you should be
able to:
– Describe the functions of and relationships among
laws, regulations, and professional organizations in
information security
– Explain the differences between laws and ethics
Principles of Information Security, Fifth Edition 2
Introduction
• You must understand the scope of an
organization’s legal and ethical responsibilities.
• To minimize liabilities/reduce risks, the information
security practitioner must:
– Understand the current legal environment
– Stay current with laws and regulations
– Watch for new and emerging issues
Principles of Information Security, Fifth Edition 3
Law and Ethics in Information Security
• Laws: rules that mandate or prohibit certain
behavior and are enforced by the state
• Ethics: regulate and define socially acceptable
behavior
• Cultural mores: fixed moral attitudes or customs of
a particular group
• Laws carry the authority of a governing authority;
ethics do not.
Principles of Information Security, Fifth Edition 4
Organizational Liability and the Need
for Counsel
• Liability: the legal obligation of an entity extending
beyond criminal or contract law; includes the legal
obligation to make restitution
• Restitution: the legal obligation to compensate an
injured party for wrongs committed
• Due care: the legal standard requiring a prudent
organization to act legally and ethically and know
the consequences of actions
• Due diligence: the legal standard requiring a
prudent organization to maintain the standard of
due care and ensure actions are effective
Principles of Information Security, Fifth Edition 5
Organizational Liability and the Need
for Counsel (cont’d)
• Jurisdiction: court’s right to hear a case if the wrong
was committed in its territory or involved its
citizenry
• Long-arm jurisdiction: application of laws to those
residing outside a court’s normal jurisdiction;
usually granted when a person acts illegally within
the jurisdiction and leaves
Principles of Information Security, Fifth Edition 6
Policy Versus Law
• Policies: managerial directives that specify
acceptable and unacceptable employee behavior in
the workplace
• Policies function as organizational laws; must be
crafted and implemented with care to ensure they
are complete, appropriate, and fairly applied to
everyone
• Difference between policy and law: Ignorance of a
policy is an acceptable defense.
Principles of Information Security, Fifth Edition 7
Policy Versus Law (cont’d)
• Criteria for policy enforcement:
– Dissemination (distribution)
– Review (reading)
– Comprehension (understanding)
– Compliance (agreement)
– Uniform enforcement
Principles of Information Security, Fifth Edition 8
Types of Law
• Civil: governs nation or state; manages
relationships/conflicts between organizations and
people
• Criminal: addresses activities and conduct harmful
to society; actively enforced by the state
• Private: family/commercial/labor law; regulates
relationships between individuals and organizations
• Public: regulates structure/administration of
government agencies and their relationships with
citizens, employees, and other governments
Principles of Information Security, Fifth Edition 9
Relevant U.S. Laws
• The United States has been a leader in the
development and implementation of information
security legislation.
• Information security legislation contributes to a
more reliable business environment and a stable
economy.
• The United States has demonstrated
understanding of the importance of securing
information and has specified penalties for
individuals and organizations that breach civil and
criminal law.
Principles of Information Security, Fifth Edition 10
General Computer Crime Laws
• Computer Fraud and Abuse Act of 1986 (CFA Act):
Cornerstone of many computer-related federal laws and
enforcement efforts
• National Information Infrastructure Protection Act of
1996:
– Modified several sections of the previous act and
increased the penalties for selected crimes
– Severity of the penalties was judged on the value of the
information and the purpose
• For purposes of commercial advantage
• For private financial gain
• In furtherance of a criminal act
Principles of Information Security, Fifth Edition 11
General Computer Crime Laws
(cont’d)
• USA PATRIOT Act of 2001: Provides law
enforcement agencies with broader latitude in order
to combat terrorism-related activities
• USA PATRIOT Improvement and Reauthorization
Act: Made permanent fourteen of the sixteen
expanded powers of the Department of Homeland
Security and the FBI in investigating terrorist activity
• Computer Security Act of 1987: One of the first
attempts to protect federal computer systems by
establishing minimum acceptable security practices.
Principles of Information Security, Fifth Edition 12
Privacy
• One of the hottest topics in information security
• Right of individuals or groups to protect themselves
and personal information from unauthorized access
• Ability to aggregate data from multiple sources
allows creation of information databases previously
impossible
• The number of statutes addressing an individual’s
right to privacy has grown.
Principles of Information Security, Fifth Edition 13
Principles of Information Security, Fifth Edition 14
Privacy (cont’d)
• U.S. Regulations
– Privacy of Customer Information Section of the
common carrier regulation
– Federal Privacy Act of 1974
– Electronic Communications Privacy Act of 1986
– Health Insurance Portability and Accountability Act
of 1996 (HIPAA), aka Kennedy-Kassebaum Act
– Financial Services Modernization Act, or Gramm-
Leach-Bliley Act of 1999
Principles of Information Security, Fifth Edition 15

More Related Content

What's hot

Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Ethics for it professionals and it users
Ethics for it professionals and it usersEthics for it professionals and it users
Ethics for it professionals and it usersBhanja Kishor Samudra
 
Professional code of Ethics
Professional code of EthicsProfessional code of Ethics
Professional code of EthicsRauf Khalid
 
Adversarial system under criminal law
Adversarial system under criminal law Adversarial system under criminal law
Adversarial system under criminal law gagan deep
 
Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issuesDhani Ahmad
 
The Rights of Crime Victims In Indian Criminal Justice System
The Rights of Crime Victims In Indian Criminal Justice SystemThe Rights of Crime Victims In Indian Criminal Justice System
The Rights of Crime Victims In Indian Criminal Justice Systemsinghajay92
 
Inroduction to companies act 1956
Inroduction to companies act 1956Inroduction to companies act 1956
Inroduction to companies act 1956Vishal Kachhdiya
 
Taxation of Extractives Industry in Kenya - RSM Ashvir
Taxation of Extractives Industry in Kenya - RSM AshvirTaxation of Extractives Industry in Kenya - RSM Ashvir
Taxation of Extractives Industry in Kenya - RSM AshvirAshif Kassam
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Personal Information Protection and Electronic Documents Act (PIPEDA) and Imp...
Personal Information Protection and Electronic Documents Act (PIPEDA) and Imp...Personal Information Protection and Electronic Documents Act (PIPEDA) and Imp...
Personal Information Protection and Electronic Documents Act (PIPEDA) and Imp...Michael Sukachev
 
Basic Legal Concepts
Basic Legal ConceptsBasic Legal Concepts
Basic Legal ConceptsMr Shipp
 
Computer ethics
Computer  ethicsComputer  ethics
Computer ethicsSKS
 
Confidentiality
ConfidentialityConfidentiality
Confidentialityblutoothe
 
Definition and classification of law
Definition and classification of lawDefinition and classification of law
Definition and classification of lawMoazzam Habib
 
Police (FIR)
Police (FIR)Police (FIR)
Police (FIR)madhikhel
 

What's hot (20)

Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Ethics for it professionals and it users
Ethics for it professionals and it usersEthics for it professionals and it users
Ethics for it professionals and it users
 
Professional code of Ethics
Professional code of EthicsProfessional code of Ethics
Professional code of Ethics
 
ACM code of ethics
ACM code of ethicsACM code of ethics
ACM code of ethics
 
Criminal law
Criminal lawCriminal law
Criminal law
 
Adversarial system under criminal law
Adversarial system under criminal law Adversarial system under criminal law
Adversarial system under criminal law
 
Chapter 2: ICCPR Chapter
Chapter 2: ICCPR Chapter Chapter 2: ICCPR Chapter
Chapter 2: ICCPR Chapter
 
Legal, ethical & professional issues
Legal, ethical & professional issuesLegal, ethical & professional issues
Legal, ethical & professional issues
 
The Rights of Crime Victims In Indian Criminal Justice System
The Rights of Crime Victims In Indian Criminal Justice SystemThe Rights of Crime Victims In Indian Criminal Justice System
The Rights of Crime Victims In Indian Criminal Justice System
 
Inroduction to companies act 1956
Inroduction to companies act 1956Inroduction to companies act 1956
Inroduction to companies act 1956
 
Taxation of Extractives Industry in Kenya - RSM Ashvir
Taxation of Extractives Industry in Kenya - RSM AshvirTaxation of Extractives Industry in Kenya - RSM Ashvir
Taxation of Extractives Industry in Kenya - RSM Ashvir
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Personal Information Protection and Electronic Documents Act (PIPEDA) and Imp...
Personal Information Protection and Electronic Documents Act (PIPEDA) and Imp...Personal Information Protection and Electronic Documents Act (PIPEDA) and Imp...
Personal Information Protection and Electronic Documents Act (PIPEDA) and Imp...
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simple
 
Basic Legal Concepts
Basic Legal ConceptsBasic Legal Concepts
Basic Legal Concepts
 
Computer ethics
Computer  ethicsComputer  ethics
Computer ethics
 
Criminal damage
Criminal damageCriminal damage
Criminal damage
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Definition and classification of law
Definition and classification of lawDefinition and classification of law
Definition and classification of law
 
Police (FIR)
Police (FIR)Police (FIR)
Police (FIR)
 

Similar to Lesson 1- Laws and Ethics

Chapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxChapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxJhaiJhai6
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxShruthi48
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxJhaiJhai6
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2MLG College of Learning, Inc
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxNargis Parveen
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxEdFeranil
 
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...Larry Catá Backer
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptAnil Yadav
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptAnil Yadav
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docxhyacinthshackley2629
 
3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptxJohnLagman3
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdfMeshalALshammari12
 

Similar to Lesson 1- Laws and Ethics (20)

Chapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxChapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptx
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptx
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptx
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
 
4482LawEthics.ppt
4482LawEthics.ppt4482LawEthics.ppt
4482LawEthics.ppt
 
whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.ppt
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
 
Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.ppt
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
 
3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17Celine George
 
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxPatterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxMYDA ANGELICA SUAN
 
UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE
 
Human-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesHuman-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesMohammad Hassany
 
M-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxM-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxDr. Santhosh Kumar. N
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptxmary850239
 
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxAUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxiammrhaywood
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfMohonDas
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfTechSoup
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...raviapr7
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfYu Kanazawa / Osaka University
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICESayali Powar
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxKatherine Villaluna
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational PhilosophyShuvankar Madhu
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.EnglishCEIPdeSigeiro
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17Celine George
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17Celine George
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationMJDuyan
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?TechSoup
 

Recently uploaded (20)

How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17How to Use api.constrains ( ) in Odoo 17
How to Use api.constrains ( ) in Odoo 17
 
Patterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptxPatterns of Written Texts Across Disciplines.pptx
Patterns of Written Texts Across Disciplines.pptx
 
UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024UKCGE Parental Leave Discussion March 2024
UKCGE Parental Leave Discussion March 2024
 
Human-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming ClassesHuman-AI Co-Creation of Worked Examples for Programming Classes
Human-AI Co-Creation of Worked Examples for Programming Classes
 
M-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptxM-2- General Reactions of amino acids.pptx
M-2- General Reactions of amino acids.pptx
 
3.21.24 The Origins of Black Power.pptx
3.21.24  The Origins of Black Power.pptx3.21.24  The Origins of Black Power.pptx
3.21.24 The Origins of Black Power.pptx
 
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptxAUDIENCE THEORY -- FANDOM -- JENKINS.pptx
AUDIENCE THEORY -- FANDOM -- JENKINS.pptx
 
Diploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdfDiploma in Nursing Admission Test Question Solution 2023.pdf
Diploma in Nursing Admission Test Question Solution 2023.pdf
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
 
Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...Patient Counselling. Definition of patient counseling; steps involved in pati...
Patient Counselling. Definition of patient counseling; steps involved in pati...
 
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdfP4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
P4C x ELT = P4ELT: Its Theoretical Background (Kanazawa, 2024 March).pdf
 
Quality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICEQuality Assurance_GOOD LABORATORY PRACTICE
Quality Assurance_GOOD LABORATORY PRACTICE
 
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptxPractical Research 1: Lesson 8 Writing the Thesis Statement.pptx
Practical Research 1: Lesson 8 Writing the Thesis Statement.pptx
 
Philosophy of Education and Educational Philosophy
Philosophy of Education  and Educational PhilosophyPhilosophy of Education  and Educational Philosophy
Philosophy of Education and Educational Philosophy
 
Finals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quizFinals of Kant get Marx 2.0 : a general politics quiz
Finals of Kant get Marx 2.0 : a general politics quiz
 
Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.Easter in the USA presentation by Chloe.
Easter in the USA presentation by Chloe.
 
How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17How to Add a New Field in Existing Kanban View in Odoo 17
How to Add a New Field in Existing Kanban View in Odoo 17
 
How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17How to Add a many2many Relational Field in Odoo 17
How to Add a many2many Relational Field in Odoo 17
 
Benefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive EducationBenefits & Challenges of Inclusive Education
Benefits & Challenges of Inclusive Education
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?
 

Lesson 1- Laws and Ethics

  • 1. Principles of Information Security, Fifth Edition Chapter 3 Legal, Ethical, and Professional Issues in Information Security Lesson 1 – Laws and Ethics
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Describe the functions of and relationships among laws, regulations, and professional organizations in information security – Explain the differences between laws and ethics Principles of Information Security, Fifth Edition 2
  • 3. Introduction • You must understand the scope of an organization’s legal and ethical responsibilities. • To minimize liabilities/reduce risks, the information security practitioner must: – Understand the current legal environment – Stay current with laws and regulations – Watch for new and emerging issues Principles of Information Security, Fifth Edition 3
  • 4. Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain behavior and are enforced by the state • Ethics: regulate and define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group • Laws carry the authority of a governing authority; ethics do not. Principles of Information Security, Fifth Edition 4
  • 5. Organizational Liability and the Need for Counsel • Liability: the legal obligation of an entity extending beyond criminal or contract law; includes the legal obligation to make restitution • Restitution: the legal obligation to compensate an injured party for wrongs committed • Due care: the legal standard requiring a prudent organization to act legally and ethically and know the consequences of actions • Due diligence: the legal standard requiring a prudent organization to maintain the standard of due care and ensure actions are effective Principles of Information Security, Fifth Edition 5
  • 6. Organizational Liability and the Need for Counsel (cont’d) • Jurisdiction: court’s right to hear a case if the wrong was committed in its territory or involved its citizenry • Long-arm jurisdiction: application of laws to those residing outside a court’s normal jurisdiction; usually granted when a person acts illegally within the jurisdiction and leaves Principles of Information Security, Fifth Edition 6
  • 7. Policy Versus Law • Policies: managerial directives that specify acceptable and unacceptable employee behavior in the workplace • Policies function as organizational laws; must be crafted and implemented with care to ensure they are complete, appropriate, and fairly applied to everyone • Difference between policy and law: Ignorance of a policy is an acceptable defense. Principles of Information Security, Fifth Edition 7
  • 8. Policy Versus Law (cont’d) • Criteria for policy enforcement: – Dissemination (distribution) – Review (reading) – Comprehension (understanding) – Compliance (agreement) – Uniform enforcement Principles of Information Security, Fifth Edition 8
  • 9. Types of Law • Civil: governs nation or state; manages relationships/conflicts between organizations and people • Criminal: addresses activities and conduct harmful to society; actively enforced by the state • Private: family/commercial/labor law; regulates relationships between individuals and organizations • Public: regulates structure/administration of government agencies and their relationships with citizens, employees, and other governments Principles of Information Security, Fifth Edition 9
  • 10. Relevant U.S. Laws • The United States has been a leader in the development and implementation of information security legislation. • Information security legislation contributes to a more reliable business environment and a stable economy. • The United States has demonstrated understanding of the importance of securing information and has specified penalties for individuals and organizations that breach civil and criminal law. Principles of Information Security, Fifth Edition 10
  • 11. General Computer Crime Laws • Computer Fraud and Abuse Act of 1986 (CFA Act): Cornerstone of many computer-related federal laws and enforcement efforts • National Information Infrastructure Protection Act of 1996: – Modified several sections of the previous act and increased the penalties for selected crimes – Severity of the penalties was judged on the value of the information and the purpose • For purposes of commercial advantage • For private financial gain • In furtherance of a criminal act Principles of Information Security, Fifth Edition 11
  • 12. General Computer Crime Laws (cont’d) • USA PATRIOT Act of 2001: Provides law enforcement agencies with broader latitude in order to combat terrorism-related activities • USA PATRIOT Improvement and Reauthorization Act: Made permanent fourteen of the sixteen expanded powers of the Department of Homeland Security and the FBI in investigating terrorist activity • Computer Security Act of 1987: One of the first attempts to protect federal computer systems by establishing minimum acceptable security practices. Principles of Information Security, Fifth Edition 12
  • 13. Privacy • One of the hottest topics in information security • Right of individuals or groups to protect themselves and personal information from unauthorized access • Ability to aggregate data from multiple sources allows creation of information databases previously impossible • The number of statutes addressing an individual’s right to privacy has grown. Principles of Information Security, Fifth Edition 13
  • 14. Principles of Information Security, Fifth Edition 14
  • 15. Privacy (cont’d) • U.S. Regulations – Privacy of Customer Information Section of the common carrier regulation – Federal Privacy Act of 1974 – Electronic Communications Privacy Act of 1986 – Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act – Financial Services Modernization Act, or Gramm- Leach-Bliley Act of 1999 Principles of Information Security, Fifth Edition 15