SlideShare a Scribd company logo

Chapter1 Cyber security Law & policy.pptx

N
Nargis Parveen

Cybersecurity Law & Policy

Education
1 of 41
Cyber Security Introduction to Law & Policy
Cyber security  Cybersecurity denotes the technologies and procedures intended to safeguard computers, networks, and data from unlawful admittance, weaknesses, and attacks transported through the Internet by cyber delinquents.  Cyber security's core function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access - both online and at work - from theft or damage.  ISO 27001 (ISO27001) is the international Cybersecurity Standard that delivers a model for creating, applying, functioning, monitoring, reviewing, preserving, and improving an Information Security Management System.
Policy • What is policy? • “Policy is a set of ideas and proposals for action, which culminates in a government decision. Typically policy will become a rule or regulation, enforceable by law” “Policies simply guide our actions. Policies can be guidelines, rules, regulations, laws, principles, or directions
Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain societal behavior • Ethics: define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group; ethics based on these • Laws carry sanctions of a governing authority; ethics do not Principles of Information Security, 4th Edition 5
Understanding Cybersecurity Law and Ethics With ransomware, viruses, spear phishing and other types of cyberattacks proliferating in today’s digital world, both people and organizations need protection from those who would infiltrate their networks and misuse and steal their data. • Cybersecurity law helps define • such boundaries and sets up important guardrails that guide how organizations handle issues like data privacy and confidentiality.
Who makes the law? • Different national approaches • Checks and balances • Separation of powers Legislative Executive Judicial • Sources of law
What Is Cybersecurity Law? • Every day, malicious hackers develop increasingly sophisticated methods to exploit vulnerabilities in technology infrastructure and launch cyberattacks against all types of companies and institutions. Cybersecurity laws are designed to protect information technology (IT) and computer systems from these bad actors(User) • These laws spell out what constitutes a cybercrime and specify measures that organizations must take to protect their systems, networks and information from cyberattack. • Covering a wide scope of issues, from intellectual property rights to the distribution of digital media, cybersecurity laws help regulate the internet and internet-related technologies.
Types of Cyber Law • Privacy Laws: • Privacy laws govern the collection, use, and protection of individuals’ personal information online. • Examples include the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States. • Cybercrime Laws: • Cybercrime laws focus on criminal activities conducted online, including hacking, identity theft, online fraud, and cyberbullying. • Data Breach Notification Laws: • Data breach notification laws mandate that organizations inform affected individuals and authorities when a data breach occurs.
Cybersecurity Laws: • Cybersecurity laws require organizations to implement measures to protect their digital infrastructure and sensitive data. • These laws often set standards and requirements for data security practices. Intellectual Property Laws: • Intellectual property laws protect digital content, patents, trademarks, and copyrights in the digital realm. • They address issues like copyright infringement and online piracy. E-Commerce and Online Contracts: • Laws related to e-commerce and online contracts establish legal frameworks for online transactions, electronic signatures, and consumer rights. • They provide a basis for resolving disputes in the digital marketplace. Cyber Law(cont’d.)
• Social Media and Online Content Regulations: • Regulations governing social media and online content address issues such as hate speech, defamation, and harmful content. • They set guidelines for the removal or restriction of such content. • Computer Crime Laws: • Computer crime laws specifically target offenses involving computer systems and networks. • They encompass unauthorized access, malware distribution, and cyberattacks on critical infrastructure. • Cryptocurrency and Blockchain Regulations: • As digital currencies and blockchain technology gain prominence, regulations address issues like cryptocurrency trading, initial coin offerings (ICOs), and blockchain-based contracts. • International Cybersecurity Agreements: • Some laws and agreements focus on international cooperation in combating cybercrimes and promoting cybersecurity best practices. • Examples include the Budapest Convention on Cybercrime and bilateral cybersecurity
General Computer Crime Laws • Computer Fraud and Abuse Act of 1986 (CFA Act): cornerstone of many computer- related federal laws and enforcement efforts • National Information Infrastructure Protection Act of 1996: – Modified several sections of the previous act and increased the penalties for selected crimes – Severity of penalties judged on the purpose • For purposes of commercial advantage • For private financial gain • In furtherance of a criminal act Principles of Information Security, 4th Edition 12
Privacy • US Regulations – Privacy of Customer Information Section of the common carrier regulation – Federal Privacy Act of 1974 – Electronic Communications Privacy Act of 1986 – Health Insurance Portability and Accountability Act of 1996 (HIPAA) – Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999 Principles of Information Security, 4th Edition 13
Privacy (cont’d.) • Identity Theft – Federal Trade Commission: “occurring when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes” – Fraud And Related Activity In Connection With Identification Documents, Authentication Features, And Information (Title 18, U.S.C. § 1028) Principles of Information Security, 4th Edition 14
Privacy (cont’d.) • If someone suspects identity theft – Report to the three dominant consumer reporting companies that your identity is threatened – Account • Close compromised account • Dispute accounts opened without permission – Register your concern with the FTC – Report the incident to either your local police or police in the location where the identity theft occurred Principals of Information Security, Fourth Edition 15
Health Insurance Portability and Accountability Act (HIPAA) Governments also took action, addressing cybersecurity in laws such as HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The following types Privacy Rule and considered covered entities: • Healthcare providers: • Health plans • Clearinghouses • Business associates
What is the purpose of HIPAA? HIPAA is a federal law enacted to: Protect the privacy of a patient’s personal and health information. Provide for electronic and physical security of personal and health information. Standardize coding to simplify billing and other transactions The following types of individuals and organizations are subject to the Privacy Rule and considered covered entities:
Export and Espionage Laws • Economic Espionage Act of 1996 (EEA) • Security And Freedom Through Encryption Act of 1999 (SAFE) • The acts include provisions about encryption that: – Reinforce the right to use or sell encryption algorithms, without concern of key registration – Prohibit the federal government from requiring it – Make it not probable cause in criminal activity – Relax export restrictions – Additional penalties for using it in a crime 18
U.S. Copyright Law • Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats • With proper acknowledgment, permissible to include portions of others’ work as reference • U.S. Copyright Office Web site: www.copyright.gov Principles of Information Security, 4th Edition 19
Financial Reporting • Sarbanes-Oxley Act of 2002 • Affects executive management of publicly traded corporations and public accounting firms • Seeks to improve reliability and accuracy of financial reporting and increase the accountability of corporate governance • Penalties for noncompliance range from fines to jail terms • Reliability assurance will require additional emphasis on confidentiality and integrity Principles of Information Security, 4th Edition 20
Freedom of Information Act of 1966 (FOIA) • Allows access to federal agency records or information not determined to be matter of national security • U.S. government agencies required to disclose any requested information upon receipt of written request • Some information protected from disclosure Principles of Information Security, 4th Edition 21
International Laws and Legal Bodies • When organizations do business on the Internet, they do business globally • Professionals must be sensitive to laws and ethical values of many different cultures, societies, and countries • Because of political complexities of relationships among nations and differences in culture, there are few international laws relating to privacy and information security • These international laws are important but are limited in their enforceability Principles of Information Security, 4th Edition 22
Gramm-Leach-Bliley Act • Also known as the Financial Services Modernization Act of 1999, the Gramm- Leach-Bliley Act is a federal law that outlines rules designed to protect financial information. It requires financial institutions such as banks, credit unions and insurance companies to inform their customers of how they intend to share user data.
Key cybersecurity Global Laws:
Who Enforces Cybersecurity Law? Today, federal, state, local and tribal authorities enforce a host of cybersecurity laws and regulations. The federal agencies responsible for upholding cybersecurity legislation include the following: Federal Trade Commission (FTC) S. Department of Homeland Security (DHS) National Institute of Standards and Technology (NIST)  Federal Bureau of Investigation(FBI)
Major IT Professional Organizations • Association of Computing Machinery (ACM) – Established in 1947 as “the world's first educational and scientific computing society” – Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property Principles of Information Security, 4th Edition 26
Major IT Professional Organizations (cont’d.) • International Information Systems Security Certification Consortium, Inc. (ISC)2 – Non-profit organization focusing on development and implementation of information security certifications and credentials – Code primarily designed for information security professionals who have certification from (ISC)2 – Code of ethics focuses on four mandatory canons Principles of Information Security, 4th Edition 27
Major IT Professional Organizations (cont’d.) • System Administration, Networking, and Security Institute (SANS) – Professional organization with a large membership dedicated to protection of information and systems – SANS offers set of certifications called Global Information Assurance Certification (GIAC) Principles of Information Security, 4th Edition 28
Major IT Professional Organizations (cont’d.) • Information Systems Audit and Control Association (ISACA) – Professional association with focus on auditing, control, and security – Concentrates on providing IT control practices and standards – ISACA has code of ethics for its professionals Principles of Information Security, 4th Edition 29
Major IT Professional Organizations (cont’d.) • Information Systems Security Association (ISSA) – Non-profit society of information security (IS) professionals – Primary mission to bring together qualified IS practitioners for information exchange and educational development – Promotes code of ethics similar to (ISC)2, ISACA, and ACM Principles of Information Security, 4th Edition 30
Cybersecurity Information Sharing Act • In 2015, Congress passed the Cybersecurity Information Sharing Act (CISA). • This law provides liability protections to private companies to encourage them to share information with the government about identified cyber threats. • By making information sharing with the government easier, the law aims to keep federal authorities informed of any cyber threats that could put critical infrastructure and national security at risk. • The law also stipulates the government’s responsibility to share information about cyber threats with private companies.
Payment Card Industry Data Security Standard • Launched in 2004, the Payment Card Industry Data Security Standard (PCI DSS) establishes rules for protecting consumers’ credit and debit card data. Managed service providers and any organization that processes, stores or transmits payment card information must comply with these regulations. • The PCI DSS aims to improve security throughout the payment transaction process, preventing credit card fraud and data breaches. It mandates the use of: Secure networks equipped with robust firewalls Digital encryption for credit card transactions Controlled access to cardholder data The use of updated antivirus software and other anti-malware programs
Sarbanes-Oxley Act
Children’s Online Privacy Protection Act • The Children’s Online Privacy Protection Act (COPPA) of 1998 establishes rules for how website operators and online services can collect the personal information of children under 13 years of age. It helps ensure that online entities don’t gather children’s personal data without parental consent. • Components of the law stipulate when and how websites should seek consent from parents and guardians. The law also outlines what privacy policies need to include, along with the various responsibilities website operators have with regard to protecting children’s safety and privacy online.
Federal Trade Commission Act • A precursor to modern cybersecurity laws, the Federal Trade Commission (FTC) Act of 1914 was drafted to prevent organizations from neglecting basic privacy rights, which today include cybersecurity practices that put consumers at risk. The law empowers the FTC to take legal action against organizations when they: Fail to protect consumer privacy rights Mislead consumers regarding the security of their data Cause considerable harm to consumers by violating their privacy rights
Federal Information Security Modernization Act • The Federal Information Security Modernization Act (FISMA) of 2014 mandates that federal agencies protect their information systems and data by putting security controls in place. These controls help ensure the integrity, accessibility and confidentiality of the data that federal agencies gather and use. Under the law, federal agencies must establish information security programs that: Conduct regular risk assessments Perform security testing and evaluations Develop incident response planning Regularly monitor security controls Complete compliance reports
State and Local Government Cybersecurity Act of 2021 • The State and Local Government Cybersecurity Act of 2021 aims to help state, local and tribal authorities effectively coordinate with the Cybersecurity and Infrastructure Security Agency, an arm of DHS, to confront cyber threats. Other provisions in the law include the following: Granting technical assistance to respond to cyberattacks Communicating indicators for cyber threats and risk, as well as effective defensive measures Developing a platform to exchange standards, policies and best practices in cybersecurity
Key U.S. Federal Agencies • Department of Homeland Security (DHS) – Made up of five directorates, or divisions – Mission is to protect the people as well as the physical and informational assets of the US • Federal Bureau of Investigation’s National InfraGard Program – Maintains an intrusion alert network – Maintains a secure Web site for communication about suspicious activity or intrusions – Sponsors local chapter activities – Operates a help desk for questions 38
Key U.S. Federal Agencies (cont’d.) • National Security Agency (NSA) – Is the Nation’s cryptologic organization – Protects US information systems – Produces foreign intelligence information – Responsible for signal intelligence and information system security • U.S. Secret Service – In addition to protective services, charged with the detection and arrest of persons committing a federal office relating to computer fraud or false identification 39
Summary • Laws: rules that mandate or prohibit certain behavior in society; drawn from ethics • Ethics: define socially acceptable behaviours; based on cultural mores (fixed moral attitudes or customs of a particular group) • Types of law: civil, criminal, private, public 40
Summary (cont’d.) • Relevant U.S. laws: – Computer Fraud and Abuse Act of 1986 (CFA Act) – National Information Infrastructure Protection Act of 1996 – USA PATRIOT Act of 2001 – USA PATRIOT Improvement and Reauthorization Act – Computer Security Act of 1987 – Title 18, U.S.C. § 1028 41

Recommended

Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
Prof. (Dr.) Tabrez Ahmad
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 

Recommended

Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
Prof. (Dr.) Tabrez Ahmad
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & Compliance
Amazon Web Services
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
Manu Mathew Cherian
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
RoshiniVijayakumar1
 
Cybersecurity: Public Sector Threats and Responses
Cybersecurity: Public Sector Threats and Responses Cybersecurity: Public Sector Threats and Responses
Cybersecurity: Public Sector Threats and Responses
Directorate of Information Security | Ditjen Aptika
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Vaishak Chandran
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
Mostafa Elgamala
 
CHFI
CHFICHFI
CHFI
Desmond Devendran
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Module 10 Physical Security
Module 10 Physical SecurityModule 10 Physical Security
Module 10 Physical Security
leminhvuong
 
File000119
File000119File000119
File000119
Desmond Devendran
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
chauhankapil
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
LearningwithRayYT
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in Society
Rubal Sagwal
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
JhaiJhai6
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 

More Related Content

What's hot

Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Module 10 Physical Security
Module 10 Physical SecurityModule 10 Physical Security
Module 10 Physical Security
leminhvuong
 

What's hot (20)

Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & Compliance
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
Cybersecurity: Public Sector Threats and Responses
Cybersecurity: Public Sector Threats and Responses Cybersecurity: Public Sector Threats and Responses
Cybersecurity: Public Sector Threats and Responses
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
CHFI
CHFICHFI
CHFI
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cia security model
Cia security modelCia security model
Cia security model
 
Module 10 Physical Security
Module 10 Physical SecurityModule 10 Physical Security
Module 10 Physical Security
 
File000119
File000119File000119
File000119
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in Society
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 

Similar to Chapter1 Cyber security Law & policy.pptx

How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
TechSoup Canada
 
Kasita's presentation
Kasita's presentationKasita's presentation
Kasita's presentation
Chande Kasita
 

Similar to Chapter1 Cyber security Law & policy.pptx (20)

Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security
 
3999779.ppt
3999779.ppt3999779.ppt
3999779.ppt
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptx
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
Ethical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on ComputingEthical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on Computing
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Kasita's presentation
Kasita's presentationKasita's presentation
Kasita's presentation
 
Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 

Recently uploaded

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Recently uploaded (20)

Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 

Chapter1 Cyber security Law & policy.pptx

  • 2. Cyber security  Cybersecurity denotes the technologies and procedures intended to safeguard computers, networks, and data from unlawful admittance, weaknesses, and attacks transported through the Internet by cyber delinquents.  Cyber security's core function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access - both online and at work - from theft or damage.  ISO 27001 (ISO27001) is the international Cybersecurity Standard that delivers a model for creating, applying, functioning, monitoring, reviewing, preserving, and improving an Information Security Management System.
  • 3.
  • 4. Policy • What is policy? • “Policy is a set of ideas and proposals for action, which culminates in a government decision. Typically policy will become a rule or regulation, enforceable by law” “Policies simply guide our actions. Policies can be guidelines, rules, regulations, laws, principles, or directions
  • 5. Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain societal behavior • Ethics: define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group; ethics based on these • Laws carry sanctions of a governing authority; ethics do not Principles of Information Security, 4th Edition 5
  • 6. Understanding Cybersecurity Law and Ethics With ransomware, viruses, spear phishing and other types of cyberattacks proliferating in today’s digital world, both people and organizations need protection from those who would infiltrate their networks and misuse and steal their data. • Cybersecurity law helps define • such boundaries and sets up important guardrails that guide how organizations handle issues like data privacy and confidentiality.
  • 7. Who makes the law? • Different national approaches • Checks and balances • Separation of powers Legislative Executive Judicial • Sources of law
  • 8. What Is Cybersecurity Law? • Every day, malicious hackers develop increasingly sophisticated methods to exploit vulnerabilities in technology infrastructure and launch cyberattacks against all types of companies and institutions. Cybersecurity laws are designed to protect information technology (IT) and computer systems from these bad actors(User) • These laws spell out what constitutes a cybercrime and specify measures that organizations must take to protect their systems, networks and information from cyberattack. • Covering a wide scope of issues, from intellectual property rights to the distribution of digital media, cybersecurity laws help regulate the internet and internet-related technologies.
  • 9. Types of Cyber Law • Privacy Laws: • Privacy laws govern the collection, use, and protection of individuals’ personal information online. • Examples include the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States. • Cybercrime Laws: • Cybercrime laws focus on criminal activities conducted online, including hacking, identity theft, online fraud, and cyberbullying. • Data Breach Notification Laws: • Data breach notification laws mandate that organizations inform affected individuals and authorities when a data breach occurs.
  • 10. Cybersecurity Laws: • Cybersecurity laws require organizations to implement measures to protect their digital infrastructure and sensitive data. • These laws often set standards and requirements for data security practices. Intellectual Property Laws: • Intellectual property laws protect digital content, patents, trademarks, and copyrights in the digital realm. • They address issues like copyright infringement and online piracy. E-Commerce and Online Contracts: • Laws related to e-commerce and online contracts establish legal frameworks for online transactions, electronic signatures, and consumer rights. • They provide a basis for resolving disputes in the digital marketplace. Cyber Law(cont’d.)
  • 11. • Social Media and Online Content Regulations: • Regulations governing social media and online content address issues such as hate speech, defamation, and harmful content. • They set guidelines for the removal or restriction of such content. • Computer Crime Laws: • Computer crime laws specifically target offenses involving computer systems and networks. • They encompass unauthorized access, malware distribution, and cyberattacks on critical infrastructure. • Cryptocurrency and Blockchain Regulations: • As digital currencies and blockchain technology gain prominence, regulations address issues like cryptocurrency trading, initial coin offerings (ICOs), and blockchain-based contracts. • International Cybersecurity Agreements: • Some laws and agreements focus on international cooperation in combating cybercrimes and promoting cybersecurity best practices. • Examples include the Budapest Convention on Cybercrime and bilateral cybersecurity
  • 12. General Computer Crime Laws • Computer Fraud and Abuse Act of 1986 (CFA Act): cornerstone of many computer- related federal laws and enforcement efforts • National Information Infrastructure Protection Act of 1996: – Modified several sections of the previous act and increased the penalties for selected crimes – Severity of penalties judged on the purpose • For purposes of commercial advantage • For private financial gain • In furtherance of a criminal act Principles of Information Security, 4th Edition 12
  • 13. Privacy • US Regulations – Privacy of Customer Information Section of the common carrier regulation – Federal Privacy Act of 1974 – Electronic Communications Privacy Act of 1986 – Health Insurance Portability and Accountability Act of 1996 (HIPAA) – Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999 Principles of Information Security, 4th Edition 13
  • 14. Privacy (cont’d.) • Identity Theft – Federal Trade Commission: “occurring when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes” – Fraud And Related Activity In Connection With Identification Documents, Authentication Features, And Information (Title 18, U.S.C. § 1028) Principles of Information Security, 4th Edition 14
  • 15. Privacy (cont’d.) • If someone suspects identity theft – Report to the three dominant consumer reporting companies that your identity is threatened – Account • Close compromised account • Dispute accounts opened without permission – Register your concern with the FTC – Report the incident to either your local police or police in the location where the identity theft occurred Principals of Information Security, Fourth Edition 15
  • 16. Health Insurance Portability and Accountability Act (HIPAA) Governments also took action, addressing cybersecurity in laws such as HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The following types Privacy Rule and considered covered entities: • Healthcare providers: • Health plans • Clearinghouses • Business associates
  • 17. What is the purpose of HIPAA? HIPAA is a federal law enacted to: Protect the privacy of a patient’s personal and health information. Provide for electronic and physical security of personal and health information. Standardize coding to simplify billing and other transactions The following types of individuals and organizations are subject to the Privacy Rule and considered covered entities:
  • 18. Export and Espionage Laws • Economic Espionage Act of 1996 (EEA) • Security And Freedom Through Encryption Act of 1999 (SAFE) • The acts include provisions about encryption that: – Reinforce the right to use or sell encryption algorithms, without concern of key registration – Prohibit the federal government from requiring it – Make it not probable cause in criminal activity – Relax export restrictions – Additional penalties for using it in a crime 18
  • 19. U.S. Copyright Law • Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats • With proper acknowledgment, permissible to include portions of others’ work as reference • U.S. Copyright Office Web site: www.copyright.gov Principles of Information Security, 4th Edition 19
  • 20. Financial Reporting • Sarbanes-Oxley Act of 2002 • Affects executive management of publicly traded corporations and public accounting firms • Seeks to improve reliability and accuracy of financial reporting and increase the accountability of corporate governance • Penalties for noncompliance range from fines to jail terms • Reliability assurance will require additional emphasis on confidentiality and integrity Principles of Information Security, 4th Edition 20
  • 21. Freedom of Information Act of 1966 (FOIA) • Allows access to federal agency records or information not determined to be matter of national security • U.S. government agencies required to disclose any requested information upon receipt of written request • Some information protected from disclosure Principles of Information Security, 4th Edition 21
  • 22. International Laws and Legal Bodies • When organizations do business on the Internet, they do business globally • Professionals must be sensitive to laws and ethical values of many different cultures, societies, and countries • Because of political complexities of relationships among nations and differences in culture, there are few international laws relating to privacy and information security • These international laws are important but are limited in their enforceability Principles of Information Security, 4th Edition 22
  • 23. Gramm-Leach-Bliley Act • Also known as the Financial Services Modernization Act of 1999, the Gramm- Leach-Bliley Act is a federal law that outlines rules designed to protect financial information. It requires financial institutions such as banks, credit unions and insurance companies to inform their customers of how they intend to share user data.
  • 25. Who Enforces Cybersecurity Law? Today, federal, state, local and tribal authorities enforce a host of cybersecurity laws and regulations. The federal agencies responsible for upholding cybersecurity legislation include the following: Federal Trade Commission (FTC) S. Department of Homeland Security (DHS) National Institute of Standards and Technology (NIST)  Federal Bureau of Investigation(FBI)
  • 26. Major IT Professional Organizations • Association of Computing Machinery (ACM) – Established in 1947 as “the world's first educational and scientific computing society” – Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property Principles of Information Security, 4th Edition 26
  • 27. Major IT Professional Organizations (cont’d.) • International Information Systems Security Certification Consortium, Inc. (ISC)2 – Non-profit organization focusing on development and implementation of information security certifications and credentials – Code primarily designed for information security professionals who have certification from (ISC)2 – Code of ethics focuses on four mandatory canons Principles of Information Security, 4th Edition 27
  • 28. Major IT Professional Organizations (cont’d.) • System Administration, Networking, and Security Institute (SANS) – Professional organization with a large membership dedicated to protection of information and systems – SANS offers set of certifications called Global Information Assurance Certification (GIAC) Principles of Information Security, 4th Edition 28
  • 29. Major IT Professional Organizations (cont’d.) • Information Systems Audit and Control Association (ISACA) – Professional association with focus on auditing, control, and security – Concentrates on providing IT control practices and standards – ISACA has code of ethics for its professionals Principles of Information Security, 4th Edition 29
  • 30. Major IT Professional Organizations (cont’d.) • Information Systems Security Association (ISSA) – Non-profit society of information security (IS) professionals – Primary mission to bring together qualified IS practitioners for information exchange and educational development – Promotes code of ethics similar to (ISC)2, ISACA, and ACM Principles of Information Security, 4th Edition 30
  • 31. Cybersecurity Information Sharing Act • In 2015, Congress passed the Cybersecurity Information Sharing Act (CISA). • This law provides liability protections to private companies to encourage them to share information with the government about identified cyber threats. • By making information sharing with the government easier, the law aims to keep federal authorities informed of any cyber threats that could put critical infrastructure and national security at risk. • The law also stipulates the government’s responsibility to share information about cyber threats with private companies.
  • 32. Payment Card Industry Data Security Standard • Launched in 2004, the Payment Card Industry Data Security Standard (PCI DSS) establishes rules for protecting consumers’ credit and debit card data. Managed service providers and any organization that processes, stores or transmits payment card information must comply with these regulations. • The PCI DSS aims to improve security throughout the payment transaction process, preventing credit card fraud and data breaches. It mandates the use of: Secure networks equipped with robust firewalls Digital encryption for credit card transactions Controlled access to cardholder data The use of updated antivirus software and other anti-malware programs
  • 34. Children’s Online Privacy Protection Act • The Children’s Online Privacy Protection Act (COPPA) of 1998 establishes rules for how website operators and online services can collect the personal information of children under 13 years of age. It helps ensure that online entities don’t gather children’s personal data without parental consent. • Components of the law stipulate when and how websites should seek consent from parents and guardians. The law also outlines what privacy policies need to include, along with the various responsibilities website operators have with regard to protecting children’s safety and privacy online.
  • 35. Federal Trade Commission Act • A precursor to modern cybersecurity laws, the Federal Trade Commission (FTC) Act of 1914 was drafted to prevent organizations from neglecting basic privacy rights, which today include cybersecurity practices that put consumers at risk. The law empowers the FTC to take legal action against organizations when they: Fail to protect consumer privacy rights Mislead consumers regarding the security of their data Cause considerable harm to consumers by violating their privacy rights
  • 36. Federal Information Security Modernization Act • The Federal Information Security Modernization Act (FISMA) of 2014 mandates that federal agencies protect their information systems and data by putting security controls in place. These controls help ensure the integrity, accessibility and confidentiality of the data that federal agencies gather and use. Under the law, federal agencies must establish information security programs that: Conduct regular risk assessments Perform security testing and evaluations Develop incident response planning Regularly monitor security controls Complete compliance reports
  • 37. State and Local Government Cybersecurity Act of 2021 • The State and Local Government Cybersecurity Act of 2021 aims to help state, local and tribal authorities effectively coordinate with the Cybersecurity and Infrastructure Security Agency, an arm of DHS, to confront cyber threats. Other provisions in the law include the following: Granting technical assistance to respond to cyberattacks Communicating indicators for cyber threats and risk, as well as effective defensive measures Developing a platform to exchange standards, policies and best practices in cybersecurity
  • 38. Key U.S. Federal Agencies • Department of Homeland Security (DHS) – Made up of five directorates, or divisions – Mission is to protect the people as well as the physical and informational assets of the US • Federal Bureau of Investigation’s National InfraGard Program – Maintains an intrusion alert network – Maintains a secure Web site for communication about suspicious activity or intrusions – Sponsors local chapter activities – Operates a help desk for questions 38
  • 39. Key U.S. Federal Agencies (cont’d.) • National Security Agency (NSA) – Is the Nation’s cryptologic organization – Protects US information systems – Produces foreign intelligence information – Responsible for signal intelligence and information system security • U.S. Secret Service – In addition to protective services, charged with the detection and arrest of persons committing a federal office relating to computer fraud or false identification 39
  • 40. Summary • Laws: rules that mandate or prohibit certain behavior in society; drawn from ethics • Ethics: define socially acceptable behaviours; based on cultural mores (fixed moral attitudes or customs of a particular group) • Types of law: civil, criminal, private, public 40
  • 41. Summary (cont’d.) • Relevant U.S. laws: – Computer Fraud and Abuse Act of 1986 (CFA Act) – National Information Infrastructure Protection Act of 1996 – USA PATRIOT Act of 2001 – USA PATRIOT Improvement and Reauthorization Act – Computer Security Act of 1987 – Title 18, U.S.C. § 1028 41