SlideShare a Scribd company logo

Ethics in IT Security

Download as PPT, PDF
M
mtvvvv

Ethics in IT Security

Internet
1 of 31
ISE 542: IT Security Chapter – 10 Ethics in IT Security
Outline  Law and Ethics in Information Security  Codes of Ethics and Professional Organizations
Introduction  To minimize liabilities/reduce risks, the information security practitioner must:  Understand current legal environment  Stay current with laws and regulations  Watch for new issues that emerge
Law and Ethics in Information Security  Laws: rules that mandate or prohibit certain societal behavior  Ethics: define socially acceptable behavior  Laws carry sanctions of a governing authority; ethics do not
What is Computer Ethics? computer ethics is the analysis of the nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such technology It is a study, an analysis of the values of human actions influenced by computer technology.
Why study computer and information ethics  Apply ethical point of view to real-world computing context  Identify and solve ethical problems in specific fields of computing
Why study computer and information ethics doing so will make us behave like responsible professionals doing so will teach us how to avoid computer abuse and catastrophes the advance of computing technology will continue to create temporary policy vacuums the use of computing permanently transforms certain ethical issues to the degree that their alterations require independent study the use of computing technology creates, and will continue to create, novel ethical issues that require special study.
Anatomy of the Problem Recent terrorist attacks and the raise in cyber attacks have raised concern about the security of information, security of individuals, and a need to protect the nation’s cyber infrastructure US Patriot Act of 2001 defined critical infrastructure as those "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters."
What are the causes?  Revenge  Joke  The Hacker's Ethics • All information should be free  Terrorism  Political and Military Espionage  Business (Competition) Espionage  Hate (national origin, gender, and race)  Personal gain/Fame/Fun  Ignorance
Social and Ethical Consequences  Psychological effects – these include hate and joke especially on an individual.  may lead to individual reclusion,  increasing isolation  Moral decay – There is a moral imperative in all our actions. When human actions, whether bad or good, become so frequent, they create a level of familiarity that leads to acceptance as “normal”. This type of acceptance of actions formerly viewed as immoral and bad by society lead to moral decay.
Social and Ethical Consequences  Loss of privacy – After an attack, there is usually an over reaction and a resurgence in the need for quick solutions to the problem that seems to have hit home. Many businesses are responding with patches, filters, ID tools, and a whole list of “solutions”.  Trust – Along with privacy lost, is trust lost. Individuals once attacked, lose trust in a person, group, company or anything else believed to be the source of the attack or believed to be unable to stop the attack.
Relevant U.S. Laws (General)  Computer Fraud and Abuse Act of 1986 (CFA Act)  National Information Infrastructure Protection Act of 1996  USA Patriot Act of 2001  Telecommunications Deregulation and Competition Act of 1996  Computer Security Act of 1987
Privacy  One of the hottest topics in information security  Privacy of Customer Information Section of common carrier regulation  Federal Privacy Act of 1974  Electronic Communications Privacy Act of 1986  Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act  Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999
Export and Espionage Laws  Economic Espionage Act of 1996 (EEA)  attempts to prevent trade secrets from being illegally shared.  Security And Freedom Through Encryption Act of 1999 (SAFE)  to provide guidance on the use of encryption, and provided measures of public protection from government intervention.
U.S. Copyright Law  Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats  With proper acknowledgement, permissible to include portions of others’ work as reference  U.S. Copyright Office Web site: www.copyright.gov
International Laws and Legal Bodies  European Council Cyber-Crime Convention:  Establishes international task force overseeing Internet security functions for standardized international technology laws  Attempts to improve effectiveness of international investigations into breaches of technology law  Well received by intellectual property rights advocates due to emphasis on copyright infringement prosecution  Lacks realistic provisions for enforcement
Digital Millennium Copyright Act (DMCA)  U.S. contribution to international effort to reduce impact of copyright, trademark, and privacy infringement  A response to European Union Directive 95/46/EC, which adds protection to individuals with regard to processing and free movement of personal data
United Nations Charter  Makes provisions, to a degree, for information security during information warfare (IW)  IW involves use of information technology to conduct organized and lawful military operations  IW is relatively new type of warfare, although military has been conducting electronic warfare operations for decades
Ethics and Information Security
Ethics and Education  Overriding factor in leveling ethical perceptions within a small population is education  Employees must be trained in expected behaviors of an ethical employee, especially in areas of information security  Proper ethical training vital to creating informed, well prepared, and low-risk system user
Codes of Ethics and Professional Organizations  Several professional organizations have established codes of conduct/ethics  Codes of ethics can have positive effect; unfortunately, many employers do not encourage joining of these professional organizations  Responsibility of security professionals to act ethically and according to policies of employer, professional organization, and laws of society
Association of Computing Machinery (ACM)  ACM established in 1947 as “the world's first educational and scientific computing society”  Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property
International Information Systems Security Certification Consortium, Inc. (ISC)2  Non-profit organization focusing on development and implementation of information security certifications and credentials  Code primarily designed for information security professionals who have certification from (ISC)2
System Administration, Networking, and Security Institute (SANS)  Professional organization with a large membership dedicated to protection of information and systems  SANS offers set of certifications called Global Information Assurance Certification (GIAC)
Information Systems Audit and Control Association (ISACA)  Professional association with focus on auditing, control, and security  Concentrates on providing IT control practices and standards  ISACA has code of ethics for its professionals
Computer Security Institute (CSI)  Provides information and training to support computer, networking, and information security professionals  Though without a code of ethics, has argued for adoption of ethical behavior among information security professionals
Information Systems Security Association (ISSA)  Nonprofit society of information security (IS) professionals  Primary mission to bring together qualified IS practitioners for information exchange and educational development  Promotes code of ethics similar to (ISC)2 , ISACA and ACM
Other Security Organizations  Internet Society (ISOC): promotes development and implementation of education, standards, policy and education to promote the Internet  Computer Security Division (CSD): division of National Institute for Standards and Technology (NIST); promotes industry best practices and is important reference for information security professionals
Other Security Organizations (continued)  CERT (Computer Emergency Response Team) Coordination Center (CERT/CC): center of Internet security expertise operated by Carnegie Mellon University
Key U.S. Federal Agencies  Department of Homeland Security (DHS)  Federal Bureau of Investigation’s National Infrastructure Protection Center (NIPC)  National Security Agency (NSA)  U.S. Secret Service

Recommended

Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
Gamentortc
 
Professional Ethics of IT
Professional Ethics of ITProfessional Ethics of IT
Professional Ethics of IT
Maria Stella Solon
 
Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-security
Milinda Wickramasinghe
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
Carl Ceder
 
Social and professional issuesin it
Social and professional issuesin itSocial and professional issuesin it
Social and professional issuesin it
Rushana Bandara
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 

Recommended

Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
Gamentortc
 
Professional Ethics of IT
Professional Ethics of ITProfessional Ethics of IT
Professional Ethics of IT
Maria Stella Solon
 
Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-security
Milinda Wickramasinghe
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
Carl Ceder
 
Social and professional issuesin it
Social and professional issuesin itSocial and professional issuesin it
Social and professional issuesin it
Rushana Bandara
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Dam Frank
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
Directorate of Information Security | Ditjen Aptika
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
vasanthimuniasamy
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
WilmerHale
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
Dam Frank
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Ethical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on ComputingEthical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on Computing
Laguna State Polytechnic University
 
Ethics for IT Professionals
Ethics for IT ProfessionalsEthics for IT Professionals
Ethics for IT Professionals
Prof. Erwin Globio
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
Faraz Ahmed
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Network security policies
Network security policiesNetwork security policies
Network security policies
Usman Mukhtar
 
Information security management
Information security managementInformation security management
Information security management
UMaine
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
Data protection
Data protectionData protection
Data protection
Lewis Silkin
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Physical Security.ppt
Physical Security.pptPhysical Security.ppt
Physical Security.ppt
maritesalcantara5
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
Noushad Hasan
 
Information ethics
Information ethicsInformation ethics
Information ethics
STCC Library
 
Digital Law Powerpoint
Digital Law PowerpointDigital Law Powerpoint
Digital Law Powerpoint
lydneat
 

More Related Content

What's hot

Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Network security policies
Network security policiesNetwork security policies
Network security policies
Usman Mukhtar
 
Information security management
Information security managementInformation security management
Information security management
UMaine
 

What's hot (20)

Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Ethical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on ComputingEthical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on Computing
 
Ethics for IT Professionals
Ethics for IT ProfessionalsEthics for IT Professionals
Ethics for IT Professionals
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
 
Social engineering
Social engineering Social engineering
Social engineering
 
Network security policies
Network security policiesNetwork security policies
Network security policies
 
Information security management
Information security managementInformation security management
Information security management
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Data protection
Data protectionData protection
Data protection
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Security policies
Security policiesSecurity policies
Security policies
 
Physical Security.ppt
Physical Security.pptPhysical Security.ppt
Physical Security.ppt
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 

Viewers also liked

Information ethics
Information ethicsInformation ethics
Information ethics
STCC Library
 
Unauthorized access and use
Unauthorized access and useUnauthorized access and use
Unauthorized access and use
chrispaul8676
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
Lipsita Behera
 

Viewers also liked (13)

Information ethics
Information ethicsInformation ethics
Information ethics
 
Digital Law Powerpoint
Digital Law PowerpointDigital Law Powerpoint
Digital Law Powerpoint
 
Digital law powerpoint
Digital law powerpointDigital law powerpoint
Digital law powerpoint
 
Unauthorized access and use
Unauthorized access and useUnauthorized access and use
Unauthorized access and use
 
Illegal downloading
Illegal downloadingIllegal downloading
Illegal downloading
 
Chapter 4 Computer Science :: Computer Ethics and Security
Chapter 4 Computer Science :: Computer Ethics and SecurityChapter 4 Computer Science :: Computer Ethics and Security
Chapter 4 Computer Science :: Computer Ethics and Security
 
Chapter 4 Computer Ethics and Security
Chapter 4 Computer Ethics and Security Chapter 4 Computer Ethics and Security
Chapter 4 Computer Ethics and Security
 
3.2.1 The Internet
3.2.1 The Internet3.2.1 The Internet
3.2.1 The Internet
 
Ethics in Information Technology
Ethics in Information TechnologyEthics in Information Technology
Ethics in Information Technology
 
The 10 Commandments of Computer Ethics
The 10 Commandments of Computer EthicsThe 10 Commandments of Computer Ethics
The 10 Commandments of Computer Ethics
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similar to Ethics in IT Security

02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ssuserceaa40
 
Stallings ch18 privacy
Stallings ch18 privacyStallings ch18 privacy
Stallings ch18 privacy
salehnia
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
padler01
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and Challenges
Tam Nguyen
 
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docxBCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
JASS44
 
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
PECB
 

Similar to Ethics in IT Security (20)

02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
3999779.ppt
3999779.ppt3999779.ppt
3999779.ppt
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf
 
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8
 
lesson333.ppt
lesson333.pptlesson333.ppt
lesson333.ppt
 
Ethics in Cyber Crime_will be helpful for ethics presentation.pptx
Ethics in Cyber Crime_will be helpful for ethics presentation.pptxEthics in Cyber Crime_will be helpful for ethics presentation.pptx
Ethics in Cyber Crime_will be helpful for ethics presentation.pptx
 
Chapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdfChapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdf
 
Review questions
Review questionsReview questions
Review questions
 
Stallings ch18 privacy
Stallings ch18 privacyStallings ch18 privacy
Stallings ch18 privacy
 
Introduction to Hacking (101) Fundamentals
Introduction to Hacking (101) FundamentalsIntroduction to Hacking (101) Fundamentals
Introduction to Hacking (101) Fundamentals
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and Challenges
 
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docxBCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
SHAILENDRA.ppt
SHAILENDRA.pptSHAILENDRA.ppt
SHAILENDRA.ppt
 

Recently uploaded

75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
Asmae Rabhi
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 

Recently uploaded (20)

best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 

Ethics in IT Security

  • 1. ISE 542: IT Security Chapter – 10 Ethics in IT Security
  • 2. Outline  Law and Ethics in Information Security  Codes of Ethics and Professional Organizations
  • 3. Introduction  To minimize liabilities/reduce risks, the information security practitioner must:  Understand current legal environment  Stay current with laws and regulations  Watch for new issues that emerge
  • 4. Law and Ethics in Information Security  Laws: rules that mandate or prohibit certain societal behavior  Ethics: define socially acceptable behavior  Laws carry sanctions of a governing authority; ethics do not
  • 5. What is Computer Ethics? computer ethics is the analysis of the nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such technology It is a study, an analysis of the values of human actions influenced by computer technology.
  • 6. Why study computer and information ethics  Apply ethical point of view to real-world computing context  Identify and solve ethical problems in specific fields of computing
  • 7. Why study computer and information ethics doing so will make us behave like responsible professionals doing so will teach us how to avoid computer abuse and catastrophes the advance of computing technology will continue to create temporary policy vacuums the use of computing permanently transforms certain ethical issues to the degree that their alterations require independent study the use of computing technology creates, and will continue to create, novel ethical issues that require special study.
  • 8. Anatomy of the Problem Recent terrorist attacks and the raise in cyber attacks have raised concern about the security of information, security of individuals, and a need to protect the nation’s cyber infrastructure US Patriot Act of 2001 defined critical infrastructure as those "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters."
  • 9.
  • 10. What are the causes?  Revenge  Joke  The Hacker's Ethics • All information should be free  Terrorism  Political and Military Espionage  Business (Competition) Espionage  Hate (national origin, gender, and race)  Personal gain/Fame/Fun  Ignorance
  • 11. Social and Ethical Consequences  Psychological effects – these include hate and joke especially on an individual.  may lead to individual reclusion,  increasing isolation  Moral decay – There is a moral imperative in all our actions. When human actions, whether bad or good, become so frequent, they create a level of familiarity that leads to acceptance as “normal”. This type of acceptance of actions formerly viewed as immoral and bad by society lead to moral decay.
  • 12. Social and Ethical Consequences  Loss of privacy – After an attack, there is usually an over reaction and a resurgence in the need for quick solutions to the problem that seems to have hit home. Many businesses are responding with patches, filters, ID tools, and a whole list of “solutions”.  Trust – Along with privacy lost, is trust lost. Individuals once attacked, lose trust in a person, group, company or anything else believed to be the source of the attack or believed to be unable to stop the attack.
  • 13. Relevant U.S. Laws (General)  Computer Fraud and Abuse Act of 1986 (CFA Act)  National Information Infrastructure Protection Act of 1996  USA Patriot Act of 2001  Telecommunications Deregulation and Competition Act of 1996  Computer Security Act of 1987
  • 14. Privacy  One of the hottest topics in information security  Privacy of Customer Information Section of common carrier regulation  Federal Privacy Act of 1974  Electronic Communications Privacy Act of 1986  Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act  Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999
  • 15. Export and Espionage Laws  Economic Espionage Act of 1996 (EEA)  attempts to prevent trade secrets from being illegally shared.  Security And Freedom Through Encryption Act of 1999 (SAFE)  to provide guidance on the use of encryption, and provided measures of public protection from government intervention.
  • 16. U.S. Copyright Law  Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats  With proper acknowledgement, permissible to include portions of others’ work as reference  U.S. Copyright Office Web site: www.copyright.gov
  • 17. International Laws and Legal Bodies  European Council Cyber-Crime Convention:  Establishes international task force overseeing Internet security functions for standardized international technology laws  Attempts to improve effectiveness of international investigations into breaches of technology law  Well received by intellectual property rights advocates due to emphasis on copyright infringement prosecution  Lacks realistic provisions for enforcement
  • 18. Digital Millennium Copyright Act (DMCA)  U.S. contribution to international effort to reduce impact of copyright, trademark, and privacy infringement  A response to European Union Directive 95/46/EC, which adds protection to individuals with regard to processing and free movement of personal data
  • 19. United Nations Charter  Makes provisions, to a degree, for information security during information warfare (IW)  IW involves use of information technology to conduct organized and lawful military operations  IW is relatively new type of warfare, although military has been conducting electronic warfare operations for decades
  • 21. Ethics and Education  Overriding factor in leveling ethical perceptions within a small population is education  Employees must be trained in expected behaviors of an ethical employee, especially in areas of information security  Proper ethical training vital to creating informed, well prepared, and low-risk system user
  • 22. Codes of Ethics and Professional Organizations  Several professional organizations have established codes of conduct/ethics  Codes of ethics can have positive effect; unfortunately, many employers do not encourage joining of these professional organizations  Responsibility of security professionals to act ethically and according to policies of employer, professional organization, and laws of society
  • 23. Association of Computing Machinery (ACM)  ACM established in 1947 as “the world's first educational and scientific computing society”  Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property
  • 24. International Information Systems Security Certification Consortium, Inc. (ISC)2  Non-profit organization focusing on development and implementation of information security certifications and credentials  Code primarily designed for information security professionals who have certification from (ISC)2
  • 25. System Administration, Networking, and Security Institute (SANS)  Professional organization with a large membership dedicated to protection of information and systems  SANS offers set of certifications called Global Information Assurance Certification (GIAC)
  • 26. Information Systems Audit and Control Association (ISACA)  Professional association with focus on auditing, control, and security  Concentrates on providing IT control practices and standards  ISACA has code of ethics for its professionals
  • 27. Computer Security Institute (CSI)  Provides information and training to support computer, networking, and information security professionals  Though without a code of ethics, has argued for adoption of ethical behavior among information security professionals
  • 28. Information Systems Security Association (ISSA)  Nonprofit society of information security (IS) professionals  Primary mission to bring together qualified IS practitioners for information exchange and educational development  Promotes code of ethics similar to (ISC)2 , ISACA and ACM
  • 29. Other Security Organizations  Internet Society (ISOC): promotes development and implementation of education, standards, policy and education to promote the Internet  Computer Security Division (CSD): division of National Institute for Standards and Technology (NIST); promotes industry best practices and is important reference for information security professionals
  • 30. Other Security Organizations (continued)  CERT (Computer Emergency Response Team) Coordination Center (CERT/CC): center of Internet security expertise operated by Carnegie Mellon University
  • 31. Key U.S. Federal Agencies  Department of Homeland Security (DHS)  Federal Bureau of Investigation’s National Infrastructure Protection Center (NIPC)  National Security Agency (NSA)  U.S. Secret Service