FellowBuddy.com is an innovative platform that brings students together to share notes, exam papers, study guides, project reports and presentation for upcoming exams.
We connect Students who have an understanding of course material with Students who need help.
Benefits:-
# Students can catch up on notes they missed because of an absence.
# Underachievers can find peer developed notes that break down lecture and study material in a way that they can understand
# Students can earn better grades, save time and study effectively
Our Vision & Mission – Simplifying Students Life
Our Belief – “The great breakthrough in your life comes when you realize it, that you can learn anything you need to learn; to accomplish any goal that you have set for yourself. This means there are no limits on what you can be, have or do.”
Like Us - https://www.facebook.com/FellowBuddycom
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
FellowBuddy.com is an innovative platform that brings students together to share notes, exam papers, study guides, project reports and presentation for upcoming exams.
We connect Students who have an understanding of course material with Students who need help.
Benefits:-
# Students can catch up on notes they missed because of an absence.
# Underachievers can find peer developed notes that break down lecture and study material in a way that they can understand
# Students can earn better grades, save time and study effectively
Our Vision & Mission – Simplifying Students Life
Our Belief – “The great breakthrough in your life comes when you realize it, that you can learn anything you need to learn; to accomplish any goal that you have set for yourself. This means there are no limits on what you can be, have or do.”
Like Us - https://www.facebook.com/FellowBuddycom
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
This document contains complete course outline of Professional Practices. Most of the topics are for computer science students. This document covers course of 32 lectures 1.5 hours each for professional practice course also known as Professional Ethics.
Security Hash Algorithm (SHA) was developed in 1993 by the National Institute of Standards and Technology (NIST) and National Security Agency (NSA).
It was designed as the algorithm to be used for secure hashing in the US Digital Signature Standard.
• Hashing function is one of the most commonly used encryption methods. A hash is a special mathematical function that performs one-way encryption.
• SHA-l is a revised version of SHA designed by NIST and was published as a Federal Information Processing Standard (FIPS).
• Like MD5, SHA-l processes input data in 512-bit blocks.
• SHA-l generates a 160-bit message digest. Whereas MD5 generated message digest of 128 bits.
• The procedure is used to send a non secret but signed message from sender to receiver. In such a case following steps are followed:
1. Sender feeds a plaintext message into SHA-l algorithm and obtains a 160-bit SHA-l hash.
2. Sender then signs the hash with his RSA private key and sends both the plaintext message and the signed hash to the receiver.
3. After receiving the message, the receiver computes the SHA-l hash himself and also applies the sender's public key to the signed hash to obtain the original hash H.
Human Factors in Cyber Security: User authentication as a use caseShujun Li
Invited 3-hour tutorial as an invited guest speaker at the 2017 Summer School on "Human Factor in Systems Safety and Security", organized by the Department of Computing and Informatics, Bournemouth University, UK and sponsored by the IEEE Systems, Man and Cybernetics (SMC) Society. Delivered on 7 July 2017.
This presentation speaks about the ethics regarding information security research. It includes responsible disclosure, vulnerability life cycle and applicable laws and regulations with regard to Sri Lankan context.
Venue: WSO2 Jaffna
Date: 22nd of September 2016
Time: 1800h (Local time)
Speaker: Milinda Wickramasinghe (Software Engineer | WSO2 Platform Security)
To Support Digital India, We are trying to enforce the security on the web and digital Information. This Slides provide you basic as well as advance knowledge of security model. Model covered in this slides are Chinese Wall, Clark-Wilson, Biba, Harrison-Ruzzo-Ullman Model, Bell-LaPadula Model etc.
Types of Access Control.
This document contains complete course outline of Professional Practices. Most of the topics are for computer science students. This document covers course of 32 lectures 1.5 hours each for professional practice course also known as Professional Ethics.
Security Hash Algorithm (SHA) was developed in 1993 by the National Institute of Standards and Technology (NIST) and National Security Agency (NSA).
It was designed as the algorithm to be used for secure hashing in the US Digital Signature Standard.
• Hashing function is one of the most commonly used encryption methods. A hash is a special mathematical function that performs one-way encryption.
• SHA-l is a revised version of SHA designed by NIST and was published as a Federal Information Processing Standard (FIPS).
• Like MD5, SHA-l processes input data in 512-bit blocks.
• SHA-l generates a 160-bit message digest. Whereas MD5 generated message digest of 128 bits.
• The procedure is used to send a non secret but signed message from sender to receiver. In such a case following steps are followed:
1. Sender feeds a plaintext message into SHA-l algorithm and obtains a 160-bit SHA-l hash.
2. Sender then signs the hash with his RSA private key and sends both the plaintext message and the signed hash to the receiver.
3. After receiving the message, the receiver computes the SHA-l hash himself and also applies the sender's public key to the signed hash to obtain the original hash H.
Human Factors in Cyber Security: User authentication as a use caseShujun Li
Invited 3-hour tutorial as an invited guest speaker at the 2017 Summer School on "Human Factor in Systems Safety and Security", organized by the Department of Computing and Informatics, Bournemouth University, UK and sponsored by the IEEE Systems, Man and Cybernetics (SMC) Society. Delivered on 7 July 2017.
This presentation speaks about the ethics regarding information security research. It includes responsible disclosure, vulnerability life cycle and applicable laws and regulations with regard to Sri Lankan context.
Venue: WSO2 Jaffna
Date: 22nd of September 2016
Time: 1800h (Local time)
Speaker: Milinda Wickramasinghe (Software Engineer | WSO2 Platform Security)
To Support Digital India, We are trying to enforce the security on the web and digital Information. This Slides provide you basic as well as advance knowledge of security model. Model covered in this slides are Chinese Wall, Clark-Wilson, Biba, Harrison-Ruzzo-Ullman Model, Bell-LaPadula Model etc.
Types of Access Control.
The importance of information security nowadaysPECB
Nowadays living without access to the information of interest at any time, any place through countless types
of devices has become unimaginable. However, its security has become more important than information
access itself. In fact today information security rules the world…! Why?
OpenText SlideShare – Mitigate Compliance Risks through secure information ex...OpenText
Business organizations around the world exchange information on 24/7/365 basis. This needs to be secure to meet certain legal, regulatory and corporate compliance requirements. In addition to being complaint, certain industries need to meet audit requirements
This SlideShare discusses the challenges around compliance, what are some of the governance requirements and the options to overcome the compliance and governance risks through secure information exchange solutions. Visit OpenText http://www.opentext.com/campaigns/infoexchange to discover more
Information Security in a Compliance WorldEvan Francen
Presented by Evan Francen at the 2012 RK Dixon Tech Summit
What drives information security in your organization?
What is information security?
Customer requirements
Compliance
Compliant = Secure?
Solution - Strategic Information Security
Top Five Things You Should Do (Tactically & Strategically)
Need Help? – Contact Us!
Thanks everyone who attended and participated in the sessions offered by the Association of International Product Marketing and Management (AIPMM) at ProductCamp SoCal 2012.
With members in over 65 countries, the AIPMM is the worldwide certifying body of product team professionals. It is the hub of all things product management. It is where product professionals go for answers.
It is the world's largest professional organization of product managers, brand managers, product marketing managers and other product team professionals who are responsible for guiding their organizations, or clients, through a constantly changing business landscape.
The Association of International Product Management and Marketing is creating a culture of mentoring within the product management professions
— to assist current product professionals in successfully confronting obstacles in their day to day efforts
— to facilitate rising product professionals in gaining experience and becoming successful product management leaders in their organizations
— to forward the profession, individual practitioners and product teams in successfully bringing products through the entire product lifecycle process
AIPMM Premium Membership provides the foundation for building your own product professional mentor network with access to member-only mentor matching, mentor/protégé facilitation, leadership trainings and opportunities for continuing education, as well as the potential to join the distinguished AIPMM Product Management Ambassadors Council.
AIPMM also offers training courses that prepare product management and marketing teams to take the CPM® and/or the CPMM® certification exam(s).
AIPMM's Certified Product Manager (CPM®) and Certified Product Marketing Manager (CPMM®) programs are internationally recognized because they allow product professionals to demonstrate their expertise and provide corporate members an assurance that their product management and marketing teams are operating at a high competency level.
Contact Hector Del Castillo at http:/linkd.in/hdelcastillo for information about AIPMM membership benefits, certification courses in your area, or for help aligning your business and product strategy.
The 340B Program and Implications of the Mega GuidanceCompleteRx
As the 340B Drug Pricing Program continues to undergo changes, our team has been following all the recent updates and how they impact hospital pharmacies. This presentation goes through the latest on the long awaited guidance of proposed changes that was posted by the Federal Register on August 28, 2015.
Professional and Ethical, Issues and ResponsibilitiesUpekha Vandebona
Discussing about Ethics in Business World. This mentions why we need to foster an ethical working environment and how to perform ethical decision making process.
I made this presentation for Professional And Ethical Issues In Information Systems, module that I'm studying at UWIC University, Cardiff.
I hope you like it, please, send your feedback.
1ITC358ICT Management and Information SecurityChapter 12.docxhyacinthshackley2629
1
ITC358
ICT Management and Information Security
Chapter 12
Law and Ethics
In law a man is guilty when he violates the rights of others.
In ethics he is guilty if he only thinks of doing so. – Immanuel Kant
1
Objectives
Upon completion of this chapter, you should be able to:
Differentiate between law and ethics
Describe the ethical foundations and approaches that underlie modern codes of ethics
Identify major national and international laws that relate to the practice of information security
Describe the role of culture as it applies to ethics in information security
Identify current information on laws, regulations, and relevant professional organisations
2
Introduction
All information security professionals must understand the scope of an organisation’s legal and ethical responsibilities
Understand the current legal environment
Keep apprised of new laws, regulations, and ethical issues as they emerge
To minimise the organisation’s liabilities
Educate employees and management about their legal and ethical obligations
And proper use of information technology
3
Law and Ethics in Information Security
Laws
Rules adopted and enforced by governments to codify expected behaviour in modern society
The key difference between law and ethics is that law carries the sanction of a governing authority and ethics do not
Ethics are based on cultural mores
Relatively fixed moral attitudes or customs of a societal group
4
Information Security and the Law
InfoSec professionals and managers must understand the legal framework within which their organisations operate
Can influence the organisation to a greater or lesser extent, depending on the nature of the organisation and the scale on which it operates
5
Types of Law
Civil law
Pertains to relationships between and among individuals and organisations
Criminal law
Addresses violations harmful to society
Actively enforced and prosecuted by the state
Tort law (search Tort law in Australia)
A subset of civil law that allows individuals to seek redress in the event of personal, physical, or financial injury
6
Types of Law (cont’d.)
Private law
Regulates the relationships among individuals and among individuals and organisations
Family law, commercial law, and labour law
Public law
Regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments
Criminal, administrative, and constitutional law
7
Table 12-1a: Key U.S. laws of interest to information security professionals
8
Table 12-1b: Key U.S. laws of interest to information security professionals
9
Relevant U.S. Laws
The Computer Fraud and Abuse Act of 1986 (CFA Act)
The cornerstone of many computer-related federal laws and enforcement efforts
Amended in October 1996 by the National Information Infrastructure Protection Act
Modified several sections of the previous act, and increased the penalties for se.
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
What is cyber law?
What is cyber crime?
Cybercrimes areas
what law relating to
Data protection and privacy
Software Licensing Issues
IT acts
Policy Versus Law
Codes of Ethics and Professional Organizations
Presentation to (ISC)2 Omaha-Lincoln Chapter meeting on March 15th, 2017. This presentation looks at managing compliance with multiple cybersecurity laws and regulations across different industries using the NIST Risk Management Framework.
This is the eighth Chapter of Cisco Cyber Security Essentials course Which discusses the safeguarding the cyber security domains and steps to become a cyber security professional.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. Differentiate between laws and ethics
Identify major national laws that relate to
the practice of information security
Understand the role of culture as it applies
to ethics in information security
Objectives
3. INTRODUCTION
You must understand scope of an
organization’s legal and ethical
responsibilities
To minimize liabilities/reduce risks, the
information security practitioner must:
Understand current legal environment
Stay current with laws and regulations
Watch for new issues that emerge
4. LAW AND ETHICS IN INFORMATION SECURITY
Laws: rules that mandate or prohibit
certain societal behavior
Ethics: define socially acceptable behavior
Cultural mores: fixed moral attitudes or
customs of a particular group; ethics
based on these
Laws carry sanctions of a governing
authority; ethics do not
5. TYPES OF LAW
Civil
Criminal
Tort
Private
Public
6. RELEVANT U.S. LAWS (GENERAL)
Computer Fraud and Abuse Act of 1986 (CFA
Act)
National Information Infrastructure Protection Act
of 1996
USA Patriot Act of 2001
Telecommunications Deregulation and
Competition Act
of 1996
Communications Decency Act of 1996 (CDA)
Computer Security Act of 1987
7. PRIVACY
One of the hottest topics in information
security
Is a “state of being free from unsanctioned
intrusion”
Ability to aggregate data from multiple
sources allows creation of information
databases previously unheard of
8. PRIVACY OF CUSTOMER INFORMATION
Privacy of Customer Information Section of
common carrier regulation
Federal Privacy Act of 1974
Electronic Communications Privacy Act of 1986
Health Insurance Portability and Accountability
Act of 1996 (HIPAA), aka Kennedy-Kassebaum
Act
Financial Services Modernization Act, or
Gramm-Leach-Bliley Act of 1999
9. EXPORT AND ESPIONAGE LAWS
Economic Espionage Act of 1996 (EEA)
Security And Freedom Through
Encryption Act of 1999 (SAFE)
10. U.S. COPYRIGHT LAW
Intellectual property recognized as protected
asset in the U.S.; copyright law extends to
electronic formats
With proper acknowledgement, permissible
to include portions of others’ work as
reference
U.S. Copyright Office Web site:
www.copyright.gov
11. FREEDOM OF INFORMATION ACT OF 1966
(FOIA)
Allows access to federal agency records
or information not determined to be matter
of national security
U.S. government agencies required to
disclose any requested information upon
receipt of written request
Some information protected from
disclosure
12. STATE AND LOCAL REGULATIONS
Restrictions on organizational computer
technology use exist at international,
national, state, local levels
Information security professional responsible
for understanding state regulations and
ensuring organization is compliant with
regulations
13. INTERNATIONAL LAWS AND LEGAL BODIES
European Council Cyber-Crime Convention:
Establishes international task force overseeing
Internet security functions for standardized
international
technology laws
Attempts to improve effectiveness of international
investigations into breaches of technology law
Well received by intellectual property rights
advocates due to emphasis on copyright
infringement prosecution
Lacks realistic provisions for enforcement
14. DIGITAL MILLENNIUM COPYRIGHT ACT (DMCA)
U.S. contribution to international effort to
reduce impact of copyright, trademark,
and privacy infringement
A response to European Union Directive
95/46/EC, which adds protection to
individuals with regard to processing and
free movement of personal data
15. UNITED NATIONS CHARTER
Makes provisions, to a degree, for
information security during information
warfare (IW)
IW involves use of information technology to
conduct organized and lawful military
operations
IW is relatively new type of warfare, although
military has been conducting electronic
warfare operations for decades
16. POLICY VERSUS LAW
Most organizations develop and
formalize a body of expectations called
policy
Policies serve as organizational laws
To be enforceable, policy must be
distributed, readily available, easily
understood, and acknowledged by
employees
18. ETHICAL DIFFERENCES ACROSS CULTURES
Cultural differences create difficulty in
determining what is and is not ethical
Difficulties arise when one nationality’s
ethical behavior conflicts with ethics of
another national group
Example: many of ways in which Asian
cultures use computer technology is
software piracy
19. ETHICS AND EDUCATION
Overriding factor in leveling ethical
perceptions within a small population is
education
Employees must be trained in expected
behaviors of an ethical employee, especially
in areas of information security
Proper ethical training vital to creating
informed, well prepared, and low-risk system
user
20. DETERRENCE TO UNETHICAL AND ILLEGAL
BEHAVIOR
Deterrence: best method for preventing an
illegal or unethical activity; e.g., laws,
policies, technical controls
Laws and policies only deter if three
conditions are present:
Fear of penalty
Probability of being caught
Probability of penalty being administered
21. CODES OF ETHICS AND PROFESSIONAL
ORGANIZATIONS
Several professional organizations have
established codes of conduct/ethics
Codes of ethics can have positive effect;
unfortunately, many employers do not
encourage joining of these professional
organizations
Responsibility of security professionals to act
ethically and according to policies of
employer, professional organization, and laws
of society
22. ASSOCIATION OF COMPUTING MACHINERY
(ACM)
ACM established in 1947 as “the world's
first educational and scientific computing
society”
Code of ethics contains references to
protecting information confidentiality,
causing no harm, protecting others’
privacy, and respecting others’ intellectual
property
23. INTERNATIONAL INFORMATION SYSTEMS
SECURITY CERTIFICATION CONSORTIUM, INC.
(ISC)2
Non-profit organization focusing on development
and implementation of information security
certifications and credentials
Code primarily designed for information security
professionals who have certification from (ISC)2
Code of ethics focuses on four mandatory
canons
24. SYSTEM ADMINISTRATION, NETWORKING,
AND SECURITY INSTITUTE (SANS)
Professional organization with a large
membership dedicated to protection of
information and systems
SANS offers set of certifications called
Global Information Assurance Certification
(GIAC)
25. INFORMATION SYSTEMS AUDIT AND
CONTROL ASSOCIATION (ISACA)
Professional association with focus on
auditing, control, and security
Concentrates on providing IT control
practices and standards
ISACA has code of ethics for its
professionals
26. COMPUTER SECURITY INSTITUTE (CSI)
Provides information and training to support
computer, networking, and information
security professionals
Though without a code of ethics, has argued
for adoption of ethical behavior among
information security professionals
27. INFORMATION SYSTEMS SECURITY
ASSOCIATION (ISSA)
Nonprofit society of information security
(IS) professionals
Primary mission to bring together qualified
IS practitioners for information exchange
and educational development
Promotes code of ethics similar to (ISC)2,
ISACA and ACM
28. OTHER SECURITY ORGANIZATIONS
Internet Society (ISOC): promotes
development and implementation of
education, standards, policy and education to
promote the Internet
Computer Security Division (CSD): division of
National Institute for Standards and
Technology (NIST); promotes industry best
practices and is important reference for
information security professionals
29. OTHER SECURITY ORGANIZATIONS (CONTINUED)
CERT Coordination Center (CERT/CC):
center of Internet security expertise
operated by Carnegie Mellon University
Computer Professionals for Social
Responsibility (CPSR): public organization
for anyone concerned with impact of
computer technology on society
30. KEY U.S. FEDERAL AGENCIES
Department of Homeland Security (DHS)
Federal Bureau of Investigation’s National
Infrastructure Protection Center (NIPC)
National Security Agency (NSA)
U.S. Secret Service
31. ORGANIZATIONAL LIABILITY AND THE NEED
FOR COUNSEL
Liability is legal obligation of an entity;
includes legal obligation to make restitution
for wrongs committed
Organization increases liability if it refuses
to take measures known as due care
Due diligence requires that an organization
make valid effort to protect others and
continually maintain that level of effort
32. SUMMARY
Laws: rules that mandate or prohibit
certain behavior in society; drawn from
ethics
Ethics: define socially acceptable
behaviors; based on cultural mores (fixed
moral attitudes or customs of a particular
group)
Types of law: civil, criminal, tort law,
private, public
33. SUMMARY
Relevant U.S. laws:
Computer Fraud and Abuse Act of 1986 (CFA Act)
National Information Infrastructure Protection Act of
1996
USA Patriot Act of 2001
Telecommunications Deregulation and Competition
Act
of 1996
Communications Decency Act of 1996 (CDA)
Computer Security Act of 1987
34. SUMMARY
Many organizations have codes of conduct and/or
codes of ethics
Organization increases liability if it refuses to take
measures known as due care
Due diligence requires that organization make valid
effort to protect others and continually maintain that
effort