This document discusses laws, regulations, ethics, and professional organizations related to information security. It provides an overview of relevant US laws, such as the Computer Fraud and Abuse Act, and international agreements. The document also discusses how ethics can differ across cultures and the role of professional organizations in promoting codes of ethics for information security practitioners. Organizations are advised to understand applicable laws and regulations to minimize liability and adopt policies to deter unethical behavior.
This document discusses ethics in IT security. It covers laws and ethics, codes of ethics from professional organizations like ACM and ISSA, relevant US laws on topics like privacy and copyright, and the importance of education and training in developing an ethical approach to information security. Overall it emphasizes the responsibility of security practitioners to understand legal/regulatory issues and act ethically.
This document discusses laws, regulations, ethics, and professional organizations related to information security. It defines key concepts like laws, ethics, liability, due care and due diligence. Major sections cover relevant US laws, privacy laws, types of laws, and international legal issues. Professional ethics organizations and their codes are also summarized.
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
Laws define prohibited and mandated behaviors while ethics define socially acceptable behaviors based on cultural mores. Relevant US laws include the Computer Fraud and Abuse Act, National Information Infrastructure Protection Act, USA Patriot Act, and others. Organizations can establish codes of ethics and reduce liability by exercising due care and due diligence in protecting information.
This document contains slides from a chapter on principles of information security. It discusses how laws are based on ethics, and different types of relevant laws in the US and other countries. These include privacy laws, copyright laws, and export/espionage laws. It also discusses ethics in information security, cultural differences, and professional organizations that promote ethics through codes of conduct and certifications. The role of education and deterrence to promote ethical behavior is covered.
This document discusses laws, regulations, and ethics related to information security. It begins by explaining the importance of understanding an organization's legal responsibilities and keeping up with changing laws. It then discusses the differences between laws, ethics, and cultural norms. Several US and international laws are outlined pertaining to issues like computer crime, identity theft, copyright, and data privacy. The document also discusses the role of ethics and deterring unethical behavior through training, policies, and professional codes of conduct.
Chapter 11 laws and ethic information securitySyaiful Ahdan
This document provides an overview of key concepts regarding law and ethics in information security. It discusses the differences between laws and ethics, and how policies function similarly to laws within an organization. Several major US laws are outlined, including those covering general computer crimes, privacy, identity theft, export and espionage, copyright, and financial reporting. International agreements and professional organizations relevant to information security ethics are also mentioned. The document aims to help readers understand the legal and ethical responsibilities for information security practitioners.
This document discusses ethics in IT security. It covers laws and ethics, codes of ethics from professional organizations like ACM and ISSA, relevant US laws on topics like privacy and copyright, and the importance of education and training in developing an ethical approach to information security. Overall it emphasizes the responsibility of security practitioners to understand legal/regulatory issues and act ethically.
This document discusses laws, regulations, ethics, and professional organizations related to information security. It defines key concepts like laws, ethics, liability, due care and due diligence. Major sections cover relevant US laws, privacy laws, types of laws, and international legal issues. Professional ethics organizations and their codes are also summarized.
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
Laws define prohibited and mandated behaviors while ethics define socially acceptable behaviors based on cultural mores. Relevant US laws include the Computer Fraud and Abuse Act, National Information Infrastructure Protection Act, USA Patriot Act, and others. Organizations can establish codes of ethics and reduce liability by exercising due care and due diligence in protecting information.
This document contains slides from a chapter on principles of information security. It discusses how laws are based on ethics, and different types of relevant laws in the US and other countries. These include privacy laws, copyright laws, and export/espionage laws. It also discusses ethics in information security, cultural differences, and professional organizations that promote ethics through codes of conduct and certifications. The role of education and deterrence to promote ethical behavior is covered.
This document discusses laws, regulations, and ethics related to information security. It begins by explaining the importance of understanding an organization's legal responsibilities and keeping up with changing laws. It then discusses the differences between laws, ethics, and cultural norms. Several US and international laws are outlined pertaining to issues like computer crime, identity theft, copyright, and data privacy. The document also discusses the role of ethics and deterring unethical behavior through training, policies, and professional codes of conduct.
Chapter 11 laws and ethic information securitySyaiful Ahdan
This document provides an overview of key concepts regarding law and ethics in information security. It discusses the differences between laws and ethics, and how policies function similarly to laws within an organization. Several major US laws are outlined, including those covering general computer crimes, privacy, identity theft, export and espionage, copyright, and financial reporting. International agreements and professional organizations relevant to information security ethics are also mentioned. The document aims to help readers understand the legal and ethical responsibilities for information security practitioners.
This document provides an overview of the history and principles of information security. It begins by outlining the key learning objectives which include understanding the definition and evolution of information security. It then discusses the origins of information security in the early computer systems of World War II and the development of physical and technical controls over time. The document traces the field through several decades of growth with the creation of ARPANET and the internet, and outlines the current approach of implementing a holistic information security program through a top-down, systematic life cycle approach.
This document provides an overview of the history and principles of information security. It begins by outlining the key learning objectives which include understanding the definition and evolution of information security. It then discusses the origins of information security in the early computer systems of World War II and the development of security controls to limit physical access. It traces the field through the creation of ARPANET and the Internet, and how security was a lower priority in early implementations. The document concludes by describing the systems development life cycle for implementing a comprehensive information security program within an organization.
The document discusses various topics related to the ethical and legal aspects of computer security. It begins by defining computer crime/cybercrime as criminal activity where computers or networks are used as a tool, target, or place of criminal activity. It then discusses different types of computer crimes based on the role of computers, including computers as targets, storage devices, and communication tools. The document also covers intellectual property concepts like copyright, patents, and trademarks. It discusses laws and standards related to these topics, such as the US Digital Millennium Copyright Act and the European Union Data Protection Directive. The document concludes by discussing privacy, ethical issues, and codes of conduct related to computer security and usage.
1ITC358ICT Management and Information SecurityChapter 12.docxhyacinthshackley2629
1
ITC358
ICT Management and Information Security
Chapter 12
Law and Ethics
In law a man is guilty when he violates the rights of others.
In ethics he is guilty if he only thinks of doing so. – Immanuel Kant
1
Objectives
Upon completion of this chapter, you should be able to:
Differentiate between law and ethics
Describe the ethical foundations and approaches that underlie modern codes of ethics
Identify major national and international laws that relate to the practice of information security
Describe the role of culture as it applies to ethics in information security
Identify current information on laws, regulations, and relevant professional organisations
2
Introduction
All information security professionals must understand the scope of an organisation’s legal and ethical responsibilities
Understand the current legal environment
Keep apprised of new laws, regulations, and ethical issues as they emerge
To minimise the organisation’s liabilities
Educate employees and management about their legal and ethical obligations
And proper use of information technology
3
Law and Ethics in Information Security
Laws
Rules adopted and enforced by governments to codify expected behaviour in modern society
The key difference between law and ethics is that law carries the sanction of a governing authority and ethics do not
Ethics are based on cultural mores
Relatively fixed moral attitudes or customs of a societal group
4
Information Security and the Law
InfoSec professionals and managers must understand the legal framework within which their organisations operate
Can influence the organisation to a greater or lesser extent, depending on the nature of the organisation and the scale on which it operates
5
Types of Law
Civil law
Pertains to relationships between and among individuals and organisations
Criminal law
Addresses violations harmful to society
Actively enforced and prosecuted by the state
Tort law (search Tort law in Australia)
A subset of civil law that allows individuals to seek redress in the event of personal, physical, or financial injury
6
Types of Law (cont’d.)
Private law
Regulates the relationships among individuals and among individuals and organisations
Family law, commercial law, and labour law
Public law
Regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments
Criminal, administrative, and constitutional law
7
Table 12-1a: Key U.S. laws of interest to information security professionals
8
Table 12-1b: Key U.S. laws of interest to information security professionals
9
Relevant U.S. Laws
The Computer Fraud and Abuse Act of 1986 (CFA Act)
The cornerstone of many computer-related federal laws and enforcement efforts
Amended in October 1996 by the National Information Infrastructure Protection Act
Modified several sections of the previous act, and increased the penalties for se.
This document provides an overview of the history and evolution of information security. It begins by covering the origins of computer security during World War II to protect early mainframes. It then discusses the development of ARPANET in the 1960s and the early internet in the 1970s/80s, when security was initially neglected. The document outlines the continuing growth of networks and interconnected systems in the 1990s to present day and the importance of securing these environments. It introduces some core concepts of information security including definitions, critical information characteristics, and the systems development life cycle approach to implementation.
This document discusses legal and ethical issues in information security. It differentiates between laws, which are rules mandated by governing bodies, and ethics, which define socially acceptable behavior. The document outlines several key U.S. laws regarding privacy, copyright, and freedom of information. It also discusses the importance of understanding international, state and local regulations. Professional organizations for information security professionals are described that promote codes of ethics to guide appropriate behavior.
This document discusses ethical and legal issues related to information systems. It describes how new technologies can impact human behavior and create new ethical dilemmas. It also discusses how codes of ethics are used to help navigate these issues by establishing standards of acceptable behavior for professional groups. While codes of ethics provide clarity and consistency, they also have limitations like not addressing all potential issues and not being legally binding.
This document provides an introduction and overview of computer security and privacy. It discusses how computer security aims to protect information from unauthorized access while allowing intended use. Privacy involves protecting personal information. The document then covers physical security, network security, basic security objectives of confidentiality, integrity and availability. It provides examples of security policies, mechanisms, and goals of prevention, detection and recovery. Finally, it discusses the brief history of computer security and privacy and covers early efforts to address these issues through standards, legislation and security controls.
This is the eighth Chapter of Cisco Cyber Security Essentials course Which discusses the safeguarding the cyber security domains and steps to become a cyber security professional.
This document discusses privacy and security risks in the digital age and strategies for managing those risks. It outlines increasing regulation at the federal, state, and international levels related to data breaches and privacy. This has led organizations to undertake multiple, siloed compliance efforts. The document proposes a unified approach to information security compliance that addresses all legal requirements and uses popular standards. It also discusses how risk transfer through insurance can help organizations manage security and privacy risks.
The document discusses the learning objectives and history of information security. It outlines the evolution from physical security controls for mainframes to modern concerns around network and data security. The key phases of the security systems development life cycle are introduced as investigation, analysis, logical design, physical design, implementation, and maintenance/change. Securing each phase is also discussed.
This document provides a detailed syllabus for an Information Security course. It includes 5 units: Introduction, Security Investigation, Security Analysis, Logical Design, and Physical Design. The Introduction unit covers the history of information security and computer security. It defines key concepts like confidentiality, integrity, availability, and the CIA triangle. It also discusses security models and the components of an information system. The other units will cover topics like risk management, access control, security standards, cryptography, and physical security controls.
This document provides a detailed syllabus for an Information Security course. It covers 5 units:
1) Introduction - Provides a history of information security and an overview of key concepts like the CIA triangle of Confidentiality, Integrity and Availability.
2) Security Investigation - Covers the need for security, threats, attacks, and legal/ethical issues.
3) Security Analysis - Focuses on risk management, access controls, and information flow.
4) Logical Design - Addresses security policies, standards, security architecture design and planning continuity.
5) Physical Design - Covers security technologies, intrusion detection systems, cryptography, access controls, physical security and personnel security
This document provides information about the CS8792 CRYPTOGRAPHY & NETWORK SECURITY course. It discusses cryptography, the course outcomes, syllabus, and key concepts in cryptography including symmetric encryption, asymmetric encryption, data integrity algorithms, and authentication protocols. It also covers essential network and computer security requirements, legal and ethical issues, security policies, OSI security architecture including security attacks, mechanisms, and services.
This document provides information about the CS8792 CRYPTOGRAPHY & NETWORK SECURITY course. It discusses cryptography, the course outcomes, syllabus, and key concepts in cryptography including symmetric encryption, asymmetric encryption, data integrity algorithms, and authentication protocols. It also covers essential network and computer security requirements, legal and ethical issues, security policies, OSI security architecture including security attacks, mechanisms, and services.
The document summarizes key topics in legal and ethical aspects of computer security including cybercrime, intellectual property, privacy, and ethics. It discusses how computers can be tools, targets, or places for criminal activity. Intellectual property issues around copyright, patents, and trademarks in relation to software, content, and algorithms are also covered. Privacy laws and ethical codes of conduct for professionals are reviewed in relation to responsible use of technology and information.
Information System Security Policy Studies as a Form of Company Privacy Prote...Editor IJCATR
Technology that interconnects computers in the world allows to be able to exchange information and data even communicate with each other in the form of images and video. The more valuable the information is required a security standard to maintain the information. Computer security target, among others, is as protection of information. The higher the security standards provided the higher the privacy protection of the information. Protection of employee privacy within a company is one factor that must be considered in the information systems implementation. Information system security policies include: System maintenance, risk handling, access rights settings and human resources, security and control of information assets, enterprise server security policy and password policy. The policies that have been reviewed, be a form of protection of corporate information
This document contains review questions about ethical, social, and political issues related to technology. It discusses how ethics, society, and politics are interconnected and provides examples. Key technology trends like increasing computer power and data storage capabilities are highlighted as heightening ethical concerns due to their impact on privacy, data analysis, and system dependence. The document also defines responsibility, accountability, and liability and outlines the five steps of an ethical analysis. It identifies six ethical principles and discusses professional codes of conduct, privacy, and how technology challenges privacy protection. Intellectual property rights and challenges posed by the Internet are also addressed.
Cyber laws are needed to regulate digital information and activities online. They cover areas like internet access, e-commerce, privacy, and freedom of expression. Cyber laws are important because almost all internet transactions have legal implications. India's National Cyber Security Policy aims to protect public and private infrastructure from cyberattacks by safeguarding personal, financial, and sovereign data. Its objectives are to create a secure cyber ecosystem, assurance frameworks, and regulatory structures to strengthen cybersecurity and respond effectively to threats. The Information Technology Act, 2000 provides sections to empower users and safeguard cyberspace by prohibiting activities like hacking, identity theft, child pornography, and cyber terrorism.
- Cybersecurity refers to protecting information and communication systems from cyberattacks. It has become an important issue as technology has become ubiquitous and critical infrastructure increasingly relies on interconnected systems.
- Managing cybersecurity risk involves addressing threats, vulnerabilities, and potential impacts. Threats can come from criminals, spies, hackers or activists. Vulnerabilities are ways systems can be attacked. Impacts range from minor disruptions to significant effects on national security and the economy if critical infrastructure is compromised.
- The federal government works to secure its own systems and help protect non-federal systems and critical infrastructure. Congress is considering legislation to improve information sharing, cybersecurity workforce training, and protection of critical infrastructure. However, long-term challenges
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
More Related Content
Similar to ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
This document provides an overview of the history and principles of information security. It begins by outlining the key learning objectives which include understanding the definition and evolution of information security. It then discusses the origins of information security in the early computer systems of World War II and the development of physical and technical controls over time. The document traces the field through several decades of growth with the creation of ARPANET and the internet, and outlines the current approach of implementing a holistic information security program through a top-down, systematic life cycle approach.
This document provides an overview of the history and principles of information security. It begins by outlining the key learning objectives which include understanding the definition and evolution of information security. It then discusses the origins of information security in the early computer systems of World War II and the development of security controls to limit physical access. It traces the field through the creation of ARPANET and the Internet, and how security was a lower priority in early implementations. The document concludes by describing the systems development life cycle for implementing a comprehensive information security program within an organization.
The document discusses various topics related to the ethical and legal aspects of computer security. It begins by defining computer crime/cybercrime as criminal activity where computers or networks are used as a tool, target, or place of criminal activity. It then discusses different types of computer crimes based on the role of computers, including computers as targets, storage devices, and communication tools. The document also covers intellectual property concepts like copyright, patents, and trademarks. It discusses laws and standards related to these topics, such as the US Digital Millennium Copyright Act and the European Union Data Protection Directive. The document concludes by discussing privacy, ethical issues, and codes of conduct related to computer security and usage.
1ITC358ICT Management and Information SecurityChapter 12.docxhyacinthshackley2629
1
ITC358
ICT Management and Information Security
Chapter 12
Law and Ethics
In law a man is guilty when he violates the rights of others.
In ethics he is guilty if he only thinks of doing so. – Immanuel Kant
1
Objectives
Upon completion of this chapter, you should be able to:
Differentiate between law and ethics
Describe the ethical foundations and approaches that underlie modern codes of ethics
Identify major national and international laws that relate to the practice of information security
Describe the role of culture as it applies to ethics in information security
Identify current information on laws, regulations, and relevant professional organisations
2
Introduction
All information security professionals must understand the scope of an organisation’s legal and ethical responsibilities
Understand the current legal environment
Keep apprised of new laws, regulations, and ethical issues as they emerge
To minimise the organisation’s liabilities
Educate employees and management about their legal and ethical obligations
And proper use of information technology
3
Law and Ethics in Information Security
Laws
Rules adopted and enforced by governments to codify expected behaviour in modern society
The key difference between law and ethics is that law carries the sanction of a governing authority and ethics do not
Ethics are based on cultural mores
Relatively fixed moral attitudes or customs of a societal group
4
Information Security and the Law
InfoSec professionals and managers must understand the legal framework within which their organisations operate
Can influence the organisation to a greater or lesser extent, depending on the nature of the organisation and the scale on which it operates
5
Types of Law
Civil law
Pertains to relationships between and among individuals and organisations
Criminal law
Addresses violations harmful to society
Actively enforced and prosecuted by the state
Tort law (search Tort law in Australia)
A subset of civil law that allows individuals to seek redress in the event of personal, physical, or financial injury
6
Types of Law (cont’d.)
Private law
Regulates the relationships among individuals and among individuals and organisations
Family law, commercial law, and labour law
Public law
Regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments
Criminal, administrative, and constitutional law
7
Table 12-1a: Key U.S. laws of interest to information security professionals
8
Table 12-1b: Key U.S. laws of interest to information security professionals
9
Relevant U.S. Laws
The Computer Fraud and Abuse Act of 1986 (CFA Act)
The cornerstone of many computer-related federal laws and enforcement efforts
Amended in October 1996 by the National Information Infrastructure Protection Act
Modified several sections of the previous act, and increased the penalties for se.
This document provides an overview of the history and evolution of information security. It begins by covering the origins of computer security during World War II to protect early mainframes. It then discusses the development of ARPANET in the 1960s and the early internet in the 1970s/80s, when security was initially neglected. The document outlines the continuing growth of networks and interconnected systems in the 1990s to present day and the importance of securing these environments. It introduces some core concepts of information security including definitions, critical information characteristics, and the systems development life cycle approach to implementation.
This document discusses legal and ethical issues in information security. It differentiates between laws, which are rules mandated by governing bodies, and ethics, which define socially acceptable behavior. The document outlines several key U.S. laws regarding privacy, copyright, and freedom of information. It also discusses the importance of understanding international, state and local regulations. Professional organizations for information security professionals are described that promote codes of ethics to guide appropriate behavior.
This document discusses ethical and legal issues related to information systems. It describes how new technologies can impact human behavior and create new ethical dilemmas. It also discusses how codes of ethics are used to help navigate these issues by establishing standards of acceptable behavior for professional groups. While codes of ethics provide clarity and consistency, they also have limitations like not addressing all potential issues and not being legally binding.
This document provides an introduction and overview of computer security and privacy. It discusses how computer security aims to protect information from unauthorized access while allowing intended use. Privacy involves protecting personal information. The document then covers physical security, network security, basic security objectives of confidentiality, integrity and availability. It provides examples of security policies, mechanisms, and goals of prevention, detection and recovery. Finally, it discusses the brief history of computer security and privacy and covers early efforts to address these issues through standards, legislation and security controls.
This is the eighth Chapter of Cisco Cyber Security Essentials course Which discusses the safeguarding the cyber security domains and steps to become a cyber security professional.
This document discusses privacy and security risks in the digital age and strategies for managing those risks. It outlines increasing regulation at the federal, state, and international levels related to data breaches and privacy. This has led organizations to undertake multiple, siloed compliance efforts. The document proposes a unified approach to information security compliance that addresses all legal requirements and uses popular standards. It also discusses how risk transfer through insurance can help organizations manage security and privacy risks.
The document discusses the learning objectives and history of information security. It outlines the evolution from physical security controls for mainframes to modern concerns around network and data security. The key phases of the security systems development life cycle are introduced as investigation, analysis, logical design, physical design, implementation, and maintenance/change. Securing each phase is also discussed.
This document provides a detailed syllabus for an Information Security course. It includes 5 units: Introduction, Security Investigation, Security Analysis, Logical Design, and Physical Design. The Introduction unit covers the history of information security and computer security. It defines key concepts like confidentiality, integrity, availability, and the CIA triangle. It also discusses security models and the components of an information system. The other units will cover topics like risk management, access control, security standards, cryptography, and physical security controls.
This document provides a detailed syllabus for an Information Security course. It covers 5 units:
1) Introduction - Provides a history of information security and an overview of key concepts like the CIA triangle of Confidentiality, Integrity and Availability.
2) Security Investigation - Covers the need for security, threats, attacks, and legal/ethical issues.
3) Security Analysis - Focuses on risk management, access controls, and information flow.
4) Logical Design - Addresses security policies, standards, security architecture design and planning continuity.
5) Physical Design - Covers security technologies, intrusion detection systems, cryptography, access controls, physical security and personnel security
This document provides information about the CS8792 CRYPTOGRAPHY & NETWORK SECURITY course. It discusses cryptography, the course outcomes, syllabus, and key concepts in cryptography including symmetric encryption, asymmetric encryption, data integrity algorithms, and authentication protocols. It also covers essential network and computer security requirements, legal and ethical issues, security policies, OSI security architecture including security attacks, mechanisms, and services.
This document provides information about the CS8792 CRYPTOGRAPHY & NETWORK SECURITY course. It discusses cryptography, the course outcomes, syllabus, and key concepts in cryptography including symmetric encryption, asymmetric encryption, data integrity algorithms, and authentication protocols. It also covers essential network and computer security requirements, legal and ethical issues, security policies, OSI security architecture including security attacks, mechanisms, and services.
The document summarizes key topics in legal and ethical aspects of computer security including cybercrime, intellectual property, privacy, and ethics. It discusses how computers can be tools, targets, or places for criminal activity. Intellectual property issues around copyright, patents, and trademarks in relation to software, content, and algorithms are also covered. Privacy laws and ethical codes of conduct for professionals are reviewed in relation to responsible use of technology and information.
Information System Security Policy Studies as a Form of Company Privacy Prote...Editor IJCATR
Technology that interconnects computers in the world allows to be able to exchange information and data even communicate with each other in the form of images and video. The more valuable the information is required a security standard to maintain the information. Computer security target, among others, is as protection of information. The higher the security standards provided the higher the privacy protection of the information. Protection of employee privacy within a company is one factor that must be considered in the information systems implementation. Information system security policies include: System maintenance, risk handling, access rights settings and human resources, security and control of information assets, enterprise server security policy and password policy. The policies that have been reviewed, be a form of protection of corporate information
This document contains review questions about ethical, social, and political issues related to technology. It discusses how ethics, society, and politics are interconnected and provides examples. Key technology trends like increasing computer power and data storage capabilities are highlighted as heightening ethical concerns due to their impact on privacy, data analysis, and system dependence. The document also defines responsibility, accountability, and liability and outlines the five steps of an ethical analysis. It identifies six ethical principles and discusses professional codes of conduct, privacy, and how technology challenges privacy protection. Intellectual property rights and challenges posed by the Internet are also addressed.
Cyber laws are needed to regulate digital information and activities online. They cover areas like internet access, e-commerce, privacy, and freedom of expression. Cyber laws are important because almost all internet transactions have legal implications. India's National Cyber Security Policy aims to protect public and private infrastructure from cyberattacks by safeguarding personal, financial, and sovereign data. Its objectives are to create a secure cyber ecosystem, assurance frameworks, and regulatory structures to strengthen cybersecurity and respond effectively to threats. The Information Technology Act, 2000 provides sections to empower users and safeguard cyberspace by prohibiting activities like hacking, identity theft, child pornography, and cyber terrorism.
- Cybersecurity refers to protecting information and communication systems from cyberattacks. It has become an important issue as technology has become ubiquitous and critical infrastructure increasingly relies on interconnected systems.
- Managing cybersecurity risk involves addressing threats, vulnerabilities, and potential impacts. Threats can come from criminals, spies, hackers or activists. Vulnerabilities are ways systems can be attacked. Impacts range from minor disruptions to significant effects on national security and the economy if critical infrastructure is compromised.
- The federal government works to secure its own systems and help protect non-federal systems and critical infrastructure. Congress is considering legislation to improve information sharing, cybersecurity workforce training, and protection of critical infrastructure. However, long-term challenges
Similar to ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf (20)
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...NelTorrente
In this research, it concludes that while the readiness of teachers in Caloocan City to implement the MATATAG Curriculum is generally positive, targeted efforts in professional development, resource distribution, support networks, and comprehensive preparation can address the existing gaps and ensure successful curriculum implementation.
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
How to Fix the Import Error in the Odoo 17Celine George
An import error occurs when a program fails to import a module or library, disrupting its execution. In languages like Python, this issue arises when the specified module cannot be found or accessed, hindering the program's functionality. Resolving import errors is crucial for maintaining smooth software operation and uninterrupted development processes.
2. Principles of Information Security, 2nd Edition 2
Use this chapter as a guide for future reference on laws,
regulations, and professional organizations
Differentiate between laws and ethics
Identify major national laws that relate to the practice of
information security
Understand the role of culture as it applies to ethics in
information security
Learning Objectives
Upon completion of this material, you should be able to:
3. Principles of Information Security, 2nd Edition 3
Introduction
You must understand scope of an organization’s legal and
ethical responsibilities
To minimize liabilities/reduce risks, the information
security practitioner must:
Understand current legal environment
Stay current with laws and regulations
Watch for new issues that emerge
4. Principles of Information Security, 2nd Edition 4
Law and Ethics in Information Security
Laws: rules that mandate or prohibit certain societal
behavior
Ethics: define socially acceptable behavior
Cultural mores: fixed moral attitudes or customs of a
particular group; ethics based on these
Laws carry sanctions of a governing authority; ethics do not
5. Principles of Information Security, 2nd Edition 5
Types of Law
Civil
Criminal
Tort
Private
Public
6. Principles of Information Security, 2nd Edition 6
Relevant U.S. Laws (General)
Computer Fraud and Abuse Act of 1986 (CFAAct)
National Information Infrastructure Protection Act of 1996
USA Patriot Act of 2001
Telecommunications Deregulation and Competition Act
of 1996
Communications Decency Act of 1996 (CDA)
Computer Security Act of 1987
7. Principles of Information Security, 2nd Edition 7
Privacy
One of the hottest topics in information security
Is a “state of being free from unsanctioned intrusion”
Ability to aggregate data from multiple sources allows
creation of information databases previously unheard of
8. Principles of Information Security, 2nd Edition 8
Privacy of Customer Information
Privacy of Customer Information Section of common
carrier regulation
Federal Privacy Act of 1974
Electronic Communications Privacy Act of 1986
Health Insurance Portability and Accountability Act of
1996 (HIPAA), aka Kennedy-Kassebaum Act
Financial Services Modernization Act, or Gramm-Leach-
Bliley Act of 1999
11. Principles of Information Security, 2nd Edition 11
Export and Espionage Laws
Economic Espionage Act of 1996 (EEA)
Security And Freedom Through Encryption Act of 1999
(SAFE)
12. Principles of Information Security, 2nd Edition 12
U.S. Copyright Law
Intellectual property recognized as protected asset in the
U.S.; copyright law extends to electronic formats
With proper acknowledgement, permissible to include
portions of others’ work as reference
U.S. Copyright Office Web site: www.copyright.gov
13. Principles of Information Security, 2nd Edition 13
Freedom of Information Act of 1966 (FOIA)
Allows access to federal agency records or information
not determined to be matter of national security
U.S. government agencies required to disclose any
requested information upon receipt of written request
Some information protected from disclosure
14. Principles of Information Security, 2nd Edition 14
State and Local Regulations
Restrictions on organizational computer technology use
exist at international, national, state, local levels
Information security professional responsible for
understanding state regulations and ensuring
organization is compliant with regulations
15. Principles of Information Security, 2nd Edition 15
International Laws and Legal Bodies
European Council Cyber-Crime Convention:
Establishes international task force overseeing Internet
security functions for standardized international
technology laws
Attempts to improve effectiveness of international
investigations into breaches of technology law
Well received by intellectual property rights advocates due
to emphasis on copyright infringement prosecution
Lacks realistic provisions for enforcement
17. Principles of Information Security, 2nd Edition 17
Digital Millennium Copyright Act (DMCA)
U.S. contribution to international effort to reduce impact of
copyright, trademark, and privacy infringement
A response to European Union Directive 95/46/EC, which
adds protection to individuals with regard to processing
and free movement of personal data
18. Principles of Information Security, 2nd Edition 18
United Nations Charter
Makes provisions, to a degree, for information security
during information warfare (IW)
IW involves use of information technology to conduct
organized and lawful military operations
IW is relatively new type of warfare, although military has
been conducting electronic warfare operations for
decades
20. Principles of Information Security, 2nd Edition 20
Policy Versus Law
Most organizations develop and formalize a body of
expectations called policy
Policies serve as organizational laws
To be enforceable, policy must be distributed, readily
available, easily understood, and acknowledged by
employees
22. Principles of Information Security, 2nd Edition 22
Ethical Differences Across Cultures
Cultural differences create difficulty in determining what is
and is not ethical
Difficulties arise when one nationality’s ethical behavior
conflicts with ethics of another national group
Example: many of ways in which Asian cultures use
computer technology is software piracy
23. Principles of Information Security, 2nd Edition 23
Ethics and Education
Overriding factor in leveling ethical perceptions within a
small population is education
Employees must be trained in expected behaviors of an
ethical employee, especially in areas of information
security
Proper ethical training vital to creating informed, well
prepared, and low-risk system user
24. Principles of Information Security, 2nd Edition 24
Deterrence to Unethical and Illegal Behavior
Deterrence: best method for preventing an illegal or
unethical activity; e.g., laws, policies, technical controls
Laws and policies only deter if three conditions are
present:
Fear of penalty
Probability of being caught
Probability of penalty being administered
25. Principles of Information Security, 2nd Edition 25
Codes of Ethics and Professional Organizations
Several professional organizations have established
codes of conduct/ethics
Codes of ethics can have positive effect; unfortunately,
many employers do not encourage joining of these
professional organizations
Responsibility of security professionals to act ethically
and according to policies of employer, professional
organization, and laws of society
26. Principles of Information Security, 2nd Edition 26
Association of Computing Machinery (ACM)
ACM established in 1947 as “the world's first educational
and scientific computing society”
Code of ethics contains references to protecting
information confidentiality, causing no harm, protecting
others’ privacy, and respecting others’ intellectual
property
27. Principles of Information Security, 2nd Edition 27
International Information Systems Security
Certification Consortium, Inc. (ISC)2
Non-profit organization focusing on development and
implementation of information security certifications and
credentials
Code primarily designed for information security
professionals who have certification from (ISC)2
Code of ethics focuses on four mandatory canons
28. Principles of Information Security, 2nd Edition 28
System Administration, Networking, and
Security Institute (SANS)
Professional organization with a large membership
dedicated to protection of information and systems
SANS offers set of certifications called Global Information
Assurance Certification (GIAC)
29. Principles of Information Security, 2nd Edition 29
Information Systems Audit and Control
Association (ISACA)
Professional association with focus on auditing, control,
and security
Concentrates on providing IT control practices and
standards
ISACA has code of ethics for its professionals
30. Principles of Information Security, 2nd Edition 30
Computer Security Institute (CSI)
Provides information and training to support computer,
networking, and information security professionals
Though without a code of ethics, has argued for adoption
of ethical behavior among information security
professionals
31. Principles of Information Security, 2nd Edition 31
Information Systems Security Association
(ISSA)
Nonprofit society of information security (IS) professionals
Primary mission to bring together qualified IS practitioners
for information exchange and educational development
Promotes code of ethics similar to (ISC)2, ISACA and ACM
32. Principles of Information Security, 2nd Edition 32
Other Security Organizations
Internet Society (ISOC): promotes development and
implementation of education, standards, policy and
education to promote the Internet
Computer Security Division (CSD): division of National
Institute for Standards and Technology (NIST); promotes
industry best practices and is important reference for
information security professionals
33. Principles of Information Security, 2nd Edition 33
Other Security Organizations (continued)
CERT Coordination Center (CERT/CC): center of Internet
security expertise operated by Carnegie Mellon University
Computer Professionals for Social Responsibility (CPSR):
public organization for anyone concerned with impact of
computer technology on society
34. Principles of Information Security, 2nd Edition 34
Key U.S. Federal Agencies
Department of Homeland Security (DHS)
Federal Bureau of Investigation’s National Infrastructure
Protection Center (NIPC)
National Security Agency (NSA)
U.S. Secret Service
35. Principles of Information Security, 2nd Edition 35
Organizational Liability and the Need
for Counsel
Liability is legal obligation of an entity; includes legal
obligation to make restitution for wrongs committed
Organization increases liability if it refuses to take
measures known as due care
Due diligence requires that an organization make valid
effort to protect others and continually maintain that level
of effort
36. Principles of Information Security, 2nd Edition 36
Summary
Laws: rules that mandate or prohibit certain behavior in
society; drawn from ethics
Ethics: define socially acceptable behaviors; based on
cultural mores (fixed moral attitudes or customs of a
particular group)
Types of law: civil, criminal, tort law, private, public
37. Principles of Information Security, 2nd Edition 37
Summary
Relevant U.S. laws:
Computer Fraud and Abuse Act of 1986 (CFAAct)
National Information Infrastructure Protection Act of 1996
USA Patriot Act of 2001
Telecommunications Deregulation and Competition Act
of 1996
Communications Decency Act of 1996 (CDA)
Computer Security Act of 1987
38. Principles of Information Security, 2nd Edition 38
Homework
Relevant U.S. laws:
Computer Fraud and Abuse Act of 1986 (CFAAct)
National Information Infrastructure Protection Act of 1996
USA Patriot Act of 2001
Telecommunications Deregulation and Competition Act
of 1996
Communications Decency Act of 1996 (CDA)
Computer Security Act of 1987
These are relevant U.S. Laws on Information Security. Pick one
law and prepare a 10 minutes presentation on it. One week.
39. Principles of Information Security, 2nd Edition 39
Summary
Many organizations have codes of conduct and/or codes
of ethics
Organization increases liability if it refuses to take
measures known as due care
Due diligence requires that organization make valid effort
to protect others and continually maintain that effort