Cybersecurity laws are designed to protect digital systems and data from cybercrime. Major cybersecurity laws include the Computer Fraud and Abuse Act, Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard. These laws mandate cybersecurity practices, data privacy and security requirements, and set guidelines for sharing threat information. Federal agencies like the Department of Homeland Security, FBI, and FTC enforce these laws and work to safeguard critical infrastructure from cyberattacks.
When identifying the most useful best-practice standards and guidance for implementing effective cyber security, it is important to establish the role that each fulfils, its scope and how it interacts (or will interact) with other standards and guidance.
Cybersecurity standards are generally applicable to all organisations regardless of their size or the industry and sector in which they operate. This page provides generic information on each of the standards that is usually recognised as an essential component of any cyber security strategy.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
When identifying the most useful best-practice standards and guidance for implementing effective cyber security, it is important to establish the role that each fulfils, its scope and how it interacts (or will interact) with other standards and guidance.
Cybersecurity standards are generally applicable to all organisations regardless of their size or the industry and sector in which they operate. This page provides generic information on each of the standards that is usually recognised as an essential component of any cyber security strategy.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
Cyber security and demonstration of security toolsVicky Fernandes
Presentation on Cybersecurity and demonstration of security tools, conducted by Vicky Fernandes on 10th September 2019 at Don Bosco Institute of Technology, Mumbai.
Being aware of the trends that are expected to shape the digital landscape is an important step in ensuring the security of your data and online assets.
Amongst others, the webinar covers:
• Top Cyber Trends for 2023
• Cyber Insurance
• Prioritization of Cyber Risk
Presenters:
Colleen Lennox
Colleen Lennox is the Founder of Cyber Job Central, a newly formed job board dedicated to Cybersecurity job openings. Colleen has 25+ years in Technical Recruiting and loves to help other find their next great job!
Madhu Maganti
Madhu is a goal-oriented cybersecurity/IT advisory leader with more than 20 years of comprehensive experience leading high-performance teams with a proven track record of continuous improvement toward objectives. He is highly knowledgeable in both technical and business principles and processes.
Madhu specializes in cybersecurity risk assessments, enterprise risk management, regulatory compliance, Sarbanes-Oxley (SOX) compliance and system and organization controls (SOC) reporting.
Date: January 25, 2023
Tags: ISO, ISO/IEC 27032, Cybersecurity Management
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
https://pecb.com/article/cybersecurity-risk-assessment
https://pecb.com/article/a-deeper-understanding-of-cybersecurity
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/BAAl_PI9uRc
Cyber security and demonstration of security toolsVicky Fernandes
Presentation on Cybersecurity and demonstration of security tools, conducted by Vicky Fernandes on 10th September 2019 at Don Bosco Institute of Technology, Mumbai.
What is cyber law?
What is cyber crime?
Cybercrimes areas
what law relating to
Data protection and privacy
Software Licensing Issues
IT acts
Policy Versus Law
Codes of Ethics and Professional Organizations
Lecture presentation to identify sets of principles, standards, or rules that guide the moral action of an individual; illustrate morality and code of conduct; apply the ten commandments of computer ethics; determine some ethical issues in computing; analyze the relevant laws in computing; criticize and argue legal issues of Data Privacy, Cybercrime and Intellectual Property.
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
Increasingly, nonprofits hold large quantities of digital assets (such as donor information, grant application details, financial records, etc.). Organizations of all sizes and industries are being targeted by cyber criminals. Cyber-attacks will often devastate an organization’s operations and have significant financial, legal and reputational consequences.
In this webinar, Imran Ahmad of Miller Thomson, LLP will explain how implementing best practices from a pre-breach standpoint can go a long way to mitigate the negative consequences of a cyber-attack.
What you will learn:
- what the cyber threat landscape looks like
- how to ensure privacy of your digital assets
- steps to take in the aftermath of a cyber-attack
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
2. Cyber security
Cybersecurity denotes the technologies and procedures intended to
safeguard computers, networks, and data from unlawful admittance,
weaknesses, and attacks transported through the Internet by cyber
delinquents.
Cyber security's core function is to protect the devices we all use
(smartphones, laptops, tablets and computers), and the services we
access - both online and at work - from theft or damage.
ISO 27001 (ISO27001) is the international Cybersecurity Standard that
delivers a model for creating, applying, functioning, monitoring,
reviewing, preserving, and improving an Information Security
Management System.
3.
4. Policy
• What is policy?
• “Policy is a set of ideas and proposals for action, which culminates in a
government decision. Typically policy will become a rule or regulation,
enforceable by law”
“Policies simply guide our actions. Policies can be guidelines, rules, regulations,
laws, principles, or directions
5. Law and Ethics in Information Security
• Laws: rules that mandate or prohibit certain societal behavior
• Ethics: define socially acceptable behavior
• Cultural mores: fixed moral attitudes or customs of a particular group;
ethics based on these
• Laws carry sanctions of a governing authority; ethics do not
Principles of Information Security, 4th Edition 5
6. Understanding Cybersecurity Law and Ethics
With ransomware, viruses, spear phishing and other types of cyberattacks
proliferating in today’s digital world, both people and organizations need
protection from those who would infiltrate their networks and misuse and
steal their data.
• Cybersecurity law helps define
• such boundaries and sets up important guardrails that guide how
organizations handle issues like data privacy and confidentiality.
7. Who makes the law?
• Different national approaches
• Checks and balances
• Separation of powers
Legislative
Executive
Judicial
• Sources of law
8. What Is Cybersecurity Law?
• Every day, malicious hackers develop increasingly sophisticated methods to exploit
vulnerabilities in technology infrastructure and launch cyberattacks against all types of
companies and institutions. Cybersecurity laws are designed to protect information
technology (IT) and computer systems from these bad actors(User)
• These laws spell out what constitutes a cybercrime and specify measures that
organizations must take to protect their systems, networks and information from
cyberattack.
• Covering a wide scope of issues, from intellectual property rights to the distribution of
digital media, cybersecurity laws help regulate the internet and internet-related
technologies.
9. Types of Cyber Law
• Privacy Laws:
• Privacy laws govern the collection, use, and protection of individuals’
personal information online.
• Examples include the General Data Protection Regulation (GDPR) in Europe
and the California Consumer Privacy Act (CCPA) in the United States.
• Cybercrime Laws:
• Cybercrime laws focus on criminal activities conducted online, including
hacking, identity theft, online fraud, and cyberbullying.
• Data Breach Notification Laws:
• Data breach notification laws mandate that organizations inform affected
individuals and authorities when a data breach occurs.
10. Cybersecurity Laws:
• Cybersecurity laws require organizations to implement measures to protect their
digital infrastructure and sensitive data.
• These laws often set standards and requirements for data security practices.
Intellectual Property Laws:
• Intellectual property laws protect digital content, patents, trademarks, and
copyrights in the digital realm.
• They address issues like copyright infringement and online piracy.
E-Commerce and Online Contracts:
• Laws related to e-commerce and online contracts establish legal frameworks for
online transactions, electronic signatures, and consumer rights.
• They provide a basis for resolving disputes in the digital marketplace.
Cyber Law(cont’d.)
11. • Social Media and Online Content Regulations:
• Regulations governing social media and online content address issues such as hate
speech, defamation, and harmful content.
• They set guidelines for the removal or restriction of such content.
• Computer Crime Laws:
• Computer crime laws specifically target offenses involving computer systems and
networks.
• They encompass unauthorized access, malware distribution, and cyberattacks on
critical infrastructure.
• Cryptocurrency and Blockchain Regulations:
• As digital currencies and blockchain technology gain prominence, regulations address
issues like cryptocurrency trading, initial coin offerings (ICOs), and blockchain-based
contracts.
• International Cybersecurity Agreements:
• Some laws and agreements focus on international cooperation in combating
cybercrimes and promoting cybersecurity best practices.
• Examples include the Budapest Convention on Cybercrime and bilateral
cybersecurity
12. General Computer Crime Laws
• Computer Fraud and Abuse Act of 1986 (CFA Act): cornerstone of many computer-
related federal laws and enforcement efforts
• National Information Infrastructure Protection Act of 1996:
– Modified several sections of the previous act and increased the penalties for
selected crimes
– Severity of penalties judged on the purpose
• For purposes of commercial advantage
• For private financial gain
• In furtherance of a criminal act
Principles of Information Security, 4th Edition 12
13. Privacy
• US Regulations
– Privacy of Customer Information Section of the common carrier regulation
– Federal Privacy Act of 1974
– Electronic Communications Privacy Act of 1986
– Health Insurance Portability and Accountability Act of 1996 (HIPAA)
– Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999
Principles of Information Security, 4th Edition 13
14. Privacy (cont’d.)
• Identity Theft
– Federal Trade Commission: “occurring when someone uses your
personally identifying information, like your name, Social Security
number, or credit card number, without your permission, to commit fraud
or other crimes”
– Fraud And Related Activity In Connection With Identification Documents,
Authentication Features, And Information (Title 18, U.S.C. § 1028)
Principles of Information Security, 4th Edition 14
15. Privacy (cont’d.)
• If someone suspects identity theft
– Report to the three dominant consumer reporting companies that your
identity is threatened
– Account
• Close compromised account
• Dispute accounts opened without permission
– Register your concern with the FTC
– Report the incident to either your local police or police in the location
where the identity theft occurred
Principals of Information Security, Fourth Edition 15
16. Health Insurance Portability and Accountability Act
(HIPAA)
Governments also took action, addressing cybersecurity in laws such as
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal
law that required the creation of national standards to protect sensitive patient
health information from being disclosed without the patient’s consent or
knowledge.
The following types Privacy Rule and considered covered entities:
• Healthcare providers:
• Health plans
• Clearinghouses
• Business associates
17. What is the purpose of HIPAA?
HIPAA is a federal law enacted to:
Protect the privacy of a patient’s personal and health information.
Provide for electronic and physical security of personal and health information.
Standardize coding to simplify billing and other transactions
The following types of individuals and organizations are subject to the Privacy Rule and
considered covered entities:
18. Export and Espionage Laws
• Economic Espionage Act of 1996 (EEA)
• Security And Freedom Through Encryption Act of 1999 (SAFE)
• The acts include provisions about encryption that:
– Reinforce the right to use or sell encryption algorithms, without concern of key
registration
– Prohibit the federal government from requiring it
– Make it not probable cause in criminal activity
– Relax export restrictions
– Additional penalties for using it in a crime
18
19. U.S. Copyright Law
• Intellectual property recognized as protected asset in the U.S.; copyright
law extends to electronic formats
• With proper acknowledgment, permissible to include portions of others’
work as reference
• U.S. Copyright Office Web site: www.copyright.gov
Principles of Information Security, 4th Edition 19
20. Financial Reporting
• Sarbanes-Oxley Act of 2002
• Affects executive management of publicly traded corporations and public
accounting firms
• Seeks to improve reliability and accuracy of financial reporting and increase the
accountability of corporate governance
• Penalties for noncompliance range from fines to jail terms
• Reliability assurance will require additional emphasis on confidentiality and
integrity
Principles of Information Security, 4th Edition 20
21. Freedom of Information Act of 1966 (FOIA)
• Allows access to federal agency records or information not determined to
be matter of national security
• U.S. government agencies required to disclose any requested information
upon receipt of written request
• Some information protected from disclosure
Principles of Information Security, 4th Edition 21
22. International Laws and Legal Bodies
• When organizations do business on the Internet, they do business globally
• Professionals must be sensitive to laws and ethical values of many different
cultures, societies, and countries
• Because of political complexities of relationships among nations and differences in
culture, there are few international laws relating to privacy and information
security
• These international laws are important but are limited in their enforceability
Principles of Information Security, 4th Edition 22
23. Gramm-Leach-Bliley Act
• Also known as the Financial Services Modernization Act of 1999, the Gramm-
Leach-Bliley Act is a federal law that outlines rules designed to protect financial
information. It requires financial institutions such as banks, credit unions and
insurance companies to inform their customers of how they intend to share user
data.
25. Who Enforces Cybersecurity Law?
Today, federal, state, local and tribal authorities enforce a host of cybersecurity
laws and regulations. The federal agencies responsible for upholding cybersecurity
legislation include the following:
Federal Trade Commission (FTC)
S. Department of Homeland Security (DHS)
National Institute of Standards and Technology (NIST)
Federal Bureau of Investigation(FBI)
26. Major IT Professional Organizations
• Association of Computing Machinery (ACM)
– Established in 1947 as “the world's first educational and scientific computing
society”
– Code of ethics contains references to protecting information confidentiality,
causing no harm, protecting others’ privacy, and respecting others’ intellectual
property
Principles of Information Security, 4th Edition 26
27. Major IT Professional Organizations (cont’d.)
• International Information Systems Security Certification
Consortium, Inc. (ISC)2
– Non-profit organization focusing on development and implementation of
information security certifications and credentials
– Code primarily designed for information security professionals who have
certification from (ISC)2
– Code of ethics focuses on four mandatory canons
Principles of Information Security, 4th Edition 27
28. Major IT Professional Organizations (cont’d.)
• System Administration, Networking, and Security Institute
(SANS)
– Professional organization with a large membership dedicated to protection of
information and systems
– SANS offers set of certifications called Global Information Assurance
Certification (GIAC)
Principles of Information Security, 4th Edition 28
29. Major IT Professional Organizations (cont’d.)
• Information Systems Audit and Control Association (ISACA)
– Professional association with focus on auditing, control, and security
– Concentrates on providing IT control practices and standards
– ISACA has code of ethics for its professionals
Principles of Information Security, 4th Edition 29
30. Major IT Professional Organizations (cont’d.)
• Information Systems Security Association (ISSA)
– Non-profit society of information security (IS) professionals
– Primary mission to bring together qualified IS practitioners for
information exchange and educational development
– Promotes code of ethics similar to (ISC)2, ISACA, and ACM
Principles of Information Security, 4th Edition 30
31. Cybersecurity Information Sharing Act
• In 2015, Congress passed the Cybersecurity Information Sharing Act (CISA).
• This law provides liability protections to private companies to encourage them to share
information with the government about identified cyber threats.
• By making information sharing with the government easier, the law aims to keep federal
authorities informed of any cyber threats that could put critical infrastructure and
national security at risk.
• The law also stipulates the government’s responsibility to share information about cyber
threats with private companies.
32. Payment Card Industry Data Security Standard
• Launched in 2004, the Payment Card Industry Data Security Standard (PCI DSS)
establishes rules for protecting consumers’ credit and debit card data. Managed service
providers and any organization that processes, stores or transmits payment card
information must comply with these regulations.
• The PCI DSS aims to improve security throughout the payment transaction process,
preventing credit card fraud and data breaches. It mandates the use of:
Secure networks equipped with robust firewalls
Digital encryption for credit card transactions
Controlled access to cardholder data
The use of updated antivirus software and other anti-malware programs
34. Children’s Online Privacy Protection Act
• The Children’s Online Privacy Protection Act (COPPA) of 1998 establishes rules for
how website operators and online services can collect the personal information
of children under 13 years of age. It helps ensure that online entities don’t gather
children’s personal data without parental consent.
• Components of the law stipulate when and how websites should seek consent
from parents and guardians. The law also outlines what privacy policies need to
include, along with the various responsibilities website operators have with
regard to protecting children’s safety and privacy online.
35. Federal Trade Commission Act
• A precursor to modern cybersecurity laws, the Federal Trade Commission (FTC)
Act of 1914 was drafted to prevent organizations from neglecting basic privacy
rights, which today include cybersecurity practices that put consumers at risk.
The law empowers the FTC to take legal action against organizations when they:
Fail to protect consumer privacy rights
Mislead consumers regarding the security of their data
Cause considerable harm to consumers by violating their privacy rights
36. Federal Information Security Modernization Act
• The Federal Information Security Modernization Act (FISMA) of 2014 mandates that federal
agencies protect their information systems and data by putting security controls in place.
These controls help ensure the integrity, accessibility and confidentiality of the data that
federal agencies gather and use.
Under the law, federal agencies must establish information security programs that:
Conduct regular risk assessments
Perform security testing and evaluations
Develop incident response planning
Regularly monitor security controls
Complete compliance reports
37. State and Local Government Cybersecurity Act of 2021
• The State and Local Government Cybersecurity Act of 2021 aims to help state, local and
tribal authorities effectively coordinate with the Cybersecurity and Infrastructure
Security Agency, an arm of DHS, to confront cyber threats.
Other provisions in the law include the following:
Granting technical assistance to respond to cyberattacks
Communicating indicators for cyber threats and risk, as well as effective defensive
measures
Developing a platform to exchange standards, policies and best practices in
cybersecurity
38. Key U.S. Federal Agencies
• Department of Homeland Security (DHS)
– Made up of five directorates, or divisions
– Mission is to protect the people as well as the physical and informational assets of the US
• Federal Bureau of Investigation’s National InfraGard Program
– Maintains an intrusion alert network
– Maintains a secure Web site for communication about suspicious activity or intrusions
– Sponsors local chapter activities
– Operates a help desk for questions
38
39. Key U.S. Federal Agencies (cont’d.)
• National Security Agency (NSA)
– Is the Nation’s cryptologic organization
– Protects US information systems
– Produces foreign intelligence information
– Responsible for signal intelligence and information system security
• U.S. Secret Service
– In addition to protective services, charged with the detection and arrest
of persons committing a federal office relating to computer fraud or false
identification
39
40. Summary
• Laws: rules that mandate or prohibit certain behavior in society;
drawn from ethics
• Ethics: define socially acceptable behaviours; based on cultural
mores (fixed moral attitudes or customs of a particular group)
• Types of law: civil, criminal, private, public
40
41. Summary (cont’d.)
• Relevant U.S. laws:
– Computer Fraud and Abuse Act of 1986 (CFA Act)
– National Information Infrastructure Protection Act of 1996
– USA PATRIOT Act of 2001
– USA PATRIOT Improvement and Reauthorization Act
– Computer Security Act of 1987
– Title 18, U.S.C. § 1028
41