SlideShare a Scribd company logo

Chapter1 Cyber security Law & policy.pptx

N
Nargis Parveen

Cybersecurity laws are designed to protect digital systems and data from cybercrime. Major cybersecurity laws include the Computer Fraud and Abuse Act, Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard. These laws mandate cybersecurity practices, data privacy and security requirements, and set guidelines for sharing threat information. Federal agencies like the Department of Homeland Security, FBI, and FTC enforce these laws and work to safeguard critical infrastructure from cyberattacks.

Education
1 of 41
Cyber Security Introduction to Law & Policy
Cyber security  Cybersecurity denotes the technologies and procedures intended to safeguard computers, networks, and data from unlawful admittance, weaknesses, and attacks transported through the Internet by cyber delinquents.  Cyber security's core function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access - both online and at work - from theft or damage.  ISO 27001 (ISO27001) is the international Cybersecurity Standard that delivers a model for creating, applying, functioning, monitoring, reviewing, preserving, and improving an Information Security Management System.
Policy • What is policy? • “Policy is a set of ideas and proposals for action, which culminates in a government decision. Typically policy will become a rule or regulation, enforceable by law” “Policies simply guide our actions. Policies can be guidelines, rules, regulations, laws, principles, or directions
Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain societal behavior • Ethics: define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group; ethics based on these • Laws carry sanctions of a governing authority; ethics do not Principles of Information Security, 4th Edition 5
Understanding Cybersecurity Law and Ethics With ransomware, viruses, spear phishing and other types of cyberattacks proliferating in today’s digital world, both people and organizations need protection from those who would infiltrate their networks and misuse and steal their data. • Cybersecurity law helps define • such boundaries and sets up important guardrails that guide how organizations handle issues like data privacy and confidentiality.
Who makes the law? • Different national approaches • Checks and balances • Separation of powers Legislative Executive Judicial • Sources of law
What Is Cybersecurity Law? • Every day, malicious hackers develop increasingly sophisticated methods to exploit vulnerabilities in technology infrastructure and launch cyberattacks against all types of companies and institutions. Cybersecurity laws are designed to protect information technology (IT) and computer systems from these bad actors(User) • These laws spell out what constitutes a cybercrime and specify measures that organizations must take to protect their systems, networks and information from cyberattack. • Covering a wide scope of issues, from intellectual property rights to the distribution of digital media, cybersecurity laws help regulate the internet and internet-related technologies.
Types of Cyber Law • Privacy Laws: • Privacy laws govern the collection, use, and protection of individuals’ personal information online. • Examples include the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States. • Cybercrime Laws: • Cybercrime laws focus on criminal activities conducted online, including hacking, identity theft, online fraud, and cyberbullying. • Data Breach Notification Laws: • Data breach notification laws mandate that organizations inform affected individuals and authorities when a data breach occurs.
Cybersecurity Laws: • Cybersecurity laws require organizations to implement measures to protect their digital infrastructure and sensitive data. • These laws often set standards and requirements for data security practices. Intellectual Property Laws: • Intellectual property laws protect digital content, patents, trademarks, and copyrights in the digital realm. • They address issues like copyright infringement and online piracy. E-Commerce and Online Contracts: • Laws related to e-commerce and online contracts establish legal frameworks for online transactions, electronic signatures, and consumer rights. • They provide a basis for resolving disputes in the digital marketplace. Cyber Law(cont’d.)
• Social Media and Online Content Regulations: • Regulations governing social media and online content address issues such as hate speech, defamation, and harmful content. • They set guidelines for the removal or restriction of such content. • Computer Crime Laws: • Computer crime laws specifically target offenses involving computer systems and networks. • They encompass unauthorized access, malware distribution, and cyberattacks on critical infrastructure. • Cryptocurrency and Blockchain Regulations: • As digital currencies and blockchain technology gain prominence, regulations address issues like cryptocurrency trading, initial coin offerings (ICOs), and blockchain-based contracts. • International Cybersecurity Agreements: • Some laws and agreements focus on international cooperation in combating cybercrimes and promoting cybersecurity best practices. • Examples include the Budapest Convention on Cybercrime and bilateral cybersecurity
General Computer Crime Laws • Computer Fraud and Abuse Act of 1986 (CFA Act): cornerstone of many computer- related federal laws and enforcement efforts • National Information Infrastructure Protection Act of 1996: – Modified several sections of the previous act and increased the penalties for selected crimes – Severity of penalties judged on the purpose • For purposes of commercial advantage • For private financial gain • In furtherance of a criminal act Principles of Information Security, 4th Edition 12
Privacy • US Regulations – Privacy of Customer Information Section of the common carrier regulation – Federal Privacy Act of 1974 – Electronic Communications Privacy Act of 1986 – Health Insurance Portability and Accountability Act of 1996 (HIPAA) – Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999 Principles of Information Security, 4th Edition 13
Privacy (cont’d.) • Identity Theft – Federal Trade Commission: “occurring when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes” – Fraud And Related Activity In Connection With Identification Documents, Authentication Features, And Information (Title 18, U.S.C. § 1028) Principles of Information Security, 4th Edition 14
Privacy (cont’d.) • If someone suspects identity theft – Report to the three dominant consumer reporting companies that your identity is threatened – Account • Close compromised account • Dispute accounts opened without permission – Register your concern with the FTC – Report the incident to either your local police or police in the location where the identity theft occurred Principals of Information Security, Fourth Edition 15
Health Insurance Portability and Accountability Act (HIPAA) Governments also took action, addressing cybersecurity in laws such as HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The following types Privacy Rule and considered covered entities: • Healthcare providers: • Health plans • Clearinghouses • Business associates
What is the purpose of HIPAA? HIPAA is a federal law enacted to: Protect the privacy of a patient’s personal and health information. Provide for electronic and physical security of personal and health information. Standardize coding to simplify billing and other transactions The following types of individuals and organizations are subject to the Privacy Rule and considered covered entities:
Export and Espionage Laws • Economic Espionage Act of 1996 (EEA) • Security And Freedom Through Encryption Act of 1999 (SAFE) • The acts include provisions about encryption that: – Reinforce the right to use or sell encryption algorithms, without concern of key registration – Prohibit the federal government from requiring it – Make it not probable cause in criminal activity – Relax export restrictions – Additional penalties for using it in a crime 18
U.S. Copyright Law • Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats • With proper acknowledgment, permissible to include portions of others’ work as reference • U.S. Copyright Office Web site: www.copyright.gov Principles of Information Security, 4th Edition 19
Financial Reporting • Sarbanes-Oxley Act of 2002 • Affects executive management of publicly traded corporations and public accounting firms • Seeks to improve reliability and accuracy of financial reporting and increase the accountability of corporate governance • Penalties for noncompliance range from fines to jail terms • Reliability assurance will require additional emphasis on confidentiality and integrity Principles of Information Security, 4th Edition 20
Freedom of Information Act of 1966 (FOIA) • Allows access to federal agency records or information not determined to be matter of national security • U.S. government agencies required to disclose any requested information upon receipt of written request • Some information protected from disclosure Principles of Information Security, 4th Edition 21
International Laws and Legal Bodies • When organizations do business on the Internet, they do business globally • Professionals must be sensitive to laws and ethical values of many different cultures, societies, and countries • Because of political complexities of relationships among nations and differences in culture, there are few international laws relating to privacy and information security • These international laws are important but are limited in their enforceability Principles of Information Security, 4th Edition 22
Gramm-Leach-Bliley Act • Also known as the Financial Services Modernization Act of 1999, the Gramm- Leach-Bliley Act is a federal law that outlines rules designed to protect financial information. It requires financial institutions such as banks, credit unions and insurance companies to inform their customers of how they intend to share user data.
Key cybersecurity Global Laws:
Who Enforces Cybersecurity Law? Today, federal, state, local and tribal authorities enforce a host of cybersecurity laws and regulations. The federal agencies responsible for upholding cybersecurity legislation include the following: Federal Trade Commission (FTC) S. Department of Homeland Security (DHS) National Institute of Standards and Technology (NIST)  Federal Bureau of Investigation(FBI)
Major IT Professional Organizations • Association of Computing Machinery (ACM) – Established in 1947 as “the world's first educational and scientific computing society” – Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property Principles of Information Security, 4th Edition 26
Major IT Professional Organizations (cont’d.) • International Information Systems Security Certification Consortium, Inc. (ISC)2 – Non-profit organization focusing on development and implementation of information security certifications and credentials – Code primarily designed for information security professionals who have certification from (ISC)2 – Code of ethics focuses on four mandatory canons Principles of Information Security, 4th Edition 27
Major IT Professional Organizations (cont’d.) • System Administration, Networking, and Security Institute (SANS) – Professional organization with a large membership dedicated to protection of information and systems – SANS offers set of certifications called Global Information Assurance Certification (GIAC) Principles of Information Security, 4th Edition 28
Major IT Professional Organizations (cont’d.) • Information Systems Audit and Control Association (ISACA) – Professional association with focus on auditing, control, and security – Concentrates on providing IT control practices and standards – ISACA has code of ethics for its professionals Principles of Information Security, 4th Edition 29
Major IT Professional Organizations (cont’d.) • Information Systems Security Association (ISSA) – Non-profit society of information security (IS) professionals – Primary mission to bring together qualified IS practitioners for information exchange and educational development – Promotes code of ethics similar to (ISC)2, ISACA, and ACM Principles of Information Security, 4th Edition 30
Cybersecurity Information Sharing Act • In 2015, Congress passed the Cybersecurity Information Sharing Act (CISA). • This law provides liability protections to private companies to encourage them to share information with the government about identified cyber threats. • By making information sharing with the government easier, the law aims to keep federal authorities informed of any cyber threats that could put critical infrastructure and national security at risk. • The law also stipulates the government’s responsibility to share information about cyber threats with private companies.
Payment Card Industry Data Security Standard • Launched in 2004, the Payment Card Industry Data Security Standard (PCI DSS) establishes rules for protecting consumers’ credit and debit card data. Managed service providers and any organization that processes, stores or transmits payment card information must comply with these regulations. • The PCI DSS aims to improve security throughout the payment transaction process, preventing credit card fraud and data breaches. It mandates the use of: Secure networks equipped with robust firewalls Digital encryption for credit card transactions Controlled access to cardholder data The use of updated antivirus software and other anti-malware programs
Sarbanes-Oxley Act
Children’s Online Privacy Protection Act • The Children’s Online Privacy Protection Act (COPPA) of 1998 establishes rules for how website operators and online services can collect the personal information of children under 13 years of age. It helps ensure that online entities don’t gather children’s personal data without parental consent. • Components of the law stipulate when and how websites should seek consent from parents and guardians. The law also outlines what privacy policies need to include, along with the various responsibilities website operators have with regard to protecting children’s safety and privacy online.
Federal Trade Commission Act • A precursor to modern cybersecurity laws, the Federal Trade Commission (FTC) Act of 1914 was drafted to prevent organizations from neglecting basic privacy rights, which today include cybersecurity practices that put consumers at risk. The law empowers the FTC to take legal action against organizations when they: Fail to protect consumer privacy rights Mislead consumers regarding the security of their data Cause considerable harm to consumers by violating their privacy rights
Federal Information Security Modernization Act • The Federal Information Security Modernization Act (FISMA) of 2014 mandates that federal agencies protect their information systems and data by putting security controls in place. These controls help ensure the integrity, accessibility and confidentiality of the data that federal agencies gather and use. Under the law, federal agencies must establish information security programs that: Conduct regular risk assessments Perform security testing and evaluations Develop incident response planning Regularly monitor security controls Complete compliance reports
State and Local Government Cybersecurity Act of 2021 • The State and Local Government Cybersecurity Act of 2021 aims to help state, local and tribal authorities effectively coordinate with the Cybersecurity and Infrastructure Security Agency, an arm of DHS, to confront cyber threats. Other provisions in the law include the following: Granting technical assistance to respond to cyberattacks Communicating indicators for cyber threats and risk, as well as effective defensive measures Developing a platform to exchange standards, policies and best practices in cybersecurity
Key U.S. Federal Agencies • Department of Homeland Security (DHS) – Made up of five directorates, or divisions – Mission is to protect the people as well as the physical and informational assets of the US • Federal Bureau of Investigation’s National InfraGard Program – Maintains an intrusion alert network – Maintains a secure Web site for communication about suspicious activity or intrusions – Sponsors local chapter activities – Operates a help desk for questions 38
Key U.S. Federal Agencies (cont’d.) • National Security Agency (NSA) – Is the Nation’s cryptologic organization – Protects US information systems – Produces foreign intelligence information – Responsible for signal intelligence and information system security • U.S. Secret Service – In addition to protective services, charged with the detection and arrest of persons committing a federal office relating to computer fraud or false identification 39
Summary • Laws: rules that mandate or prohibit certain behavior in society; drawn from ethics • Ethics: define socially acceptable behaviours; based on cultural mores (fixed moral attitudes or customs of a particular group) • Types of law: civil, criminal, private, public 40
Summary (cont’d.) • Relevant U.S. laws: – Computer Fraud and Abuse Act of 1986 (CFA Act) – National Information Infrastructure Protection Act of 1996 – USA PATRIOT Act of 2001 – USA PATRIOT Improvement and Reauthorization Act – Computer Security Act of 1987 – Title 18, U.S.C. § 1028 41

Recommended

Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Threat landscape 4.0
Threat landscape 4.0Threat landscape 4.0
Threat landscape 4.0
Dr. C.V. Suresh Babu
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
Sri Manakula Vinayagar Engineering College
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Mohammad Ahmed
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 

Recommended

Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
Vaughan Olufemi ACIB, AICEN, ANIM
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Threat landscape 4.0
Threat landscape 4.0Threat landscape 4.0
Threat landscape 4.0
Dr. C.V. Suresh Babu
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
Sri Manakula Vinayagar Engineering College
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Mohammad Ahmed
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by prime
Prime Infoserv
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
kishore golla
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
VSAM Technologies India Private Limited
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
Computer crime
Computer crimeComputer crime
Computer crime
Uc Man
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
amiable_indian
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Cyber security and cyber laws
Cyber security and cyber lawsCyber security and cyber laws
Cyber security and cyber laws
Dr. Prashant Vats
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
Gopal Choudhary
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banksNetwork Intelligence India
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Investigation of a cyber crime
Investigation of a cyber crimeInvestigation of a cyber crime
Investigation of a cyber crime
atuljaybhaye
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
JhaiJhai6
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
MLG College of Learning, Inc
 

More Related Content

What's hot

Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
Toño Herrera
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by prime
Prime Infoserv
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
kishore golla
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
VSAM Technologies India Private Limited
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Eng Hasan Shamroukh CISCO Exams Author
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
Computer crime
Computer crimeComputer crime
Computer crime
Uc Man
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
amiable_indian
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Cyber security and cyber laws
Cyber security and cyber lawsCyber security and cyber laws
Cyber security and cyber laws
Dr. Prashant Vats
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
Gopal Choudhary
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
Paige Rasid
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Investigation of a cyber crime
Investigation of a cyber crimeInvestigation of a cyber crime
Investigation of a cyber crime
atuljaybhaye
 

What's hot (20)

Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by prime
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Computer crime
Computer crimeComputer crime
Computer crime
 
Cyber security
Cyber securityCyber security
Cyber security
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
Cyber security and cyber laws
Cyber security and cyber lawsCyber security and cyber laws
Cyber security and cyber laws
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee Training
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Investigation of a cyber crime
Investigation of a cyber crimeInvestigation of a cyber crime
Investigation of a cyber crime
 

Similar to Chapter1 Cyber security Law & policy.pptx

Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
JhaiJhai6
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
MLG College of Learning, Inc
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
Anil Yadav
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
Anil Yadav
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Richik Sarkar
 
3999779.ppt
3999779.ppt3999779.ppt
3999779.ppt
pixvilx
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptx
Shruthi48
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
Ulf Mattsson
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
Anushka Perera
 
Ethical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on ComputingEthical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on Computing
Laguna State Polytechnic University
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
MeshalALshammari12
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
TechSoup Canada
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
abdukadirabdullahuad
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Kasita's presentation
Kasita's presentationKasita's presentation
Kasita's presentationChande Kasita
 
Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 

Similar to Chapter1 Cyber security Law & policy.pptx (20)

Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security
 
3999779.ppt
3999779.ppt3999779.ppt
3999779.ppt
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptx
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
Ethical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on ComputingEthical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on Computing
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Kasita's presentation
Kasita's presentationKasita's presentation
Kasita's presentation
 
Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 

Recently uploaded

Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
timhan337
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
kaushalkr1407
 

Recently uploaded (20)

Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
 

Chapter1 Cyber security Law & policy.pptx

  • 2. Cyber security  Cybersecurity denotes the technologies and procedures intended to safeguard computers, networks, and data from unlawful admittance, weaknesses, and attacks transported through the Internet by cyber delinquents.  Cyber security's core function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access - both online and at work - from theft or damage.  ISO 27001 (ISO27001) is the international Cybersecurity Standard that delivers a model for creating, applying, functioning, monitoring, reviewing, preserving, and improving an Information Security Management System.
  • 3.
  • 4. Policy • What is policy? • “Policy is a set of ideas and proposals for action, which culminates in a government decision. Typically policy will become a rule or regulation, enforceable by law” “Policies simply guide our actions. Policies can be guidelines, rules, regulations, laws, principles, or directions
  • 5. Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain societal behavior • Ethics: define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group; ethics based on these • Laws carry sanctions of a governing authority; ethics do not Principles of Information Security, 4th Edition 5
  • 6. Understanding Cybersecurity Law and Ethics With ransomware, viruses, spear phishing and other types of cyberattacks proliferating in today’s digital world, both people and organizations need protection from those who would infiltrate their networks and misuse and steal their data. • Cybersecurity law helps define • such boundaries and sets up important guardrails that guide how organizations handle issues like data privacy and confidentiality.
  • 7. Who makes the law? • Different national approaches • Checks and balances • Separation of powers Legislative Executive Judicial • Sources of law
  • 8. What Is Cybersecurity Law? • Every day, malicious hackers develop increasingly sophisticated methods to exploit vulnerabilities in technology infrastructure and launch cyberattacks against all types of companies and institutions. Cybersecurity laws are designed to protect information technology (IT) and computer systems from these bad actors(User) • These laws spell out what constitutes a cybercrime and specify measures that organizations must take to protect their systems, networks and information from cyberattack. • Covering a wide scope of issues, from intellectual property rights to the distribution of digital media, cybersecurity laws help regulate the internet and internet-related technologies.
  • 9. Types of Cyber Law • Privacy Laws: • Privacy laws govern the collection, use, and protection of individuals’ personal information online. • Examples include the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States. • Cybercrime Laws: • Cybercrime laws focus on criminal activities conducted online, including hacking, identity theft, online fraud, and cyberbullying. • Data Breach Notification Laws: • Data breach notification laws mandate that organizations inform affected individuals and authorities when a data breach occurs.
  • 10. Cybersecurity Laws: • Cybersecurity laws require organizations to implement measures to protect their digital infrastructure and sensitive data. • These laws often set standards and requirements for data security practices. Intellectual Property Laws: • Intellectual property laws protect digital content, patents, trademarks, and copyrights in the digital realm. • They address issues like copyright infringement and online piracy. E-Commerce and Online Contracts: • Laws related to e-commerce and online contracts establish legal frameworks for online transactions, electronic signatures, and consumer rights. • They provide a basis for resolving disputes in the digital marketplace. Cyber Law(cont’d.)
  • 11. • Social Media and Online Content Regulations: • Regulations governing social media and online content address issues such as hate speech, defamation, and harmful content. • They set guidelines for the removal or restriction of such content. • Computer Crime Laws: • Computer crime laws specifically target offenses involving computer systems and networks. • They encompass unauthorized access, malware distribution, and cyberattacks on critical infrastructure. • Cryptocurrency and Blockchain Regulations: • As digital currencies and blockchain technology gain prominence, regulations address issues like cryptocurrency trading, initial coin offerings (ICOs), and blockchain-based contracts. • International Cybersecurity Agreements: • Some laws and agreements focus on international cooperation in combating cybercrimes and promoting cybersecurity best practices. • Examples include the Budapest Convention on Cybercrime and bilateral cybersecurity
  • 12. General Computer Crime Laws • Computer Fraud and Abuse Act of 1986 (CFA Act): cornerstone of many computer- related federal laws and enforcement efforts • National Information Infrastructure Protection Act of 1996: – Modified several sections of the previous act and increased the penalties for selected crimes – Severity of penalties judged on the purpose • For purposes of commercial advantage • For private financial gain • In furtherance of a criminal act Principles of Information Security, 4th Edition 12
  • 13. Privacy • US Regulations – Privacy of Customer Information Section of the common carrier regulation – Federal Privacy Act of 1974 – Electronic Communications Privacy Act of 1986 – Health Insurance Portability and Accountability Act of 1996 (HIPAA) – Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999 Principles of Information Security, 4th Edition 13
  • 14. Privacy (cont’d.) • Identity Theft – Federal Trade Commission: “occurring when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes” – Fraud And Related Activity In Connection With Identification Documents, Authentication Features, And Information (Title 18, U.S.C. § 1028) Principles of Information Security, 4th Edition 14
  • 15. Privacy (cont’d.) • If someone suspects identity theft – Report to the three dominant consumer reporting companies that your identity is threatened – Account • Close compromised account • Dispute accounts opened without permission – Register your concern with the FTC – Report the incident to either your local police or police in the location where the identity theft occurred Principals of Information Security, Fourth Edition 15
  • 16. Health Insurance Portability and Accountability Act (HIPAA) Governments also took action, addressing cybersecurity in laws such as HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The following types Privacy Rule and considered covered entities: • Healthcare providers: • Health plans • Clearinghouses • Business associates
  • 17. What is the purpose of HIPAA? HIPAA is a federal law enacted to: Protect the privacy of a patient’s personal and health information. Provide for electronic and physical security of personal and health information. Standardize coding to simplify billing and other transactions The following types of individuals and organizations are subject to the Privacy Rule and considered covered entities:
  • 18. Export and Espionage Laws • Economic Espionage Act of 1996 (EEA) • Security And Freedom Through Encryption Act of 1999 (SAFE) • The acts include provisions about encryption that: – Reinforce the right to use or sell encryption algorithms, without concern of key registration – Prohibit the federal government from requiring it – Make it not probable cause in criminal activity – Relax export restrictions – Additional penalties for using it in a crime 18
  • 19. U.S. Copyright Law • Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats • With proper acknowledgment, permissible to include portions of others’ work as reference • U.S. Copyright Office Web site: www.copyright.gov Principles of Information Security, 4th Edition 19
  • 20. Financial Reporting • Sarbanes-Oxley Act of 2002 • Affects executive management of publicly traded corporations and public accounting firms • Seeks to improve reliability and accuracy of financial reporting and increase the accountability of corporate governance • Penalties for noncompliance range from fines to jail terms • Reliability assurance will require additional emphasis on confidentiality and integrity Principles of Information Security, 4th Edition 20
  • 21. Freedom of Information Act of 1966 (FOIA) • Allows access to federal agency records or information not determined to be matter of national security • U.S. government agencies required to disclose any requested information upon receipt of written request • Some information protected from disclosure Principles of Information Security, 4th Edition 21
  • 22. International Laws and Legal Bodies • When organizations do business on the Internet, they do business globally • Professionals must be sensitive to laws and ethical values of many different cultures, societies, and countries • Because of political complexities of relationships among nations and differences in culture, there are few international laws relating to privacy and information security • These international laws are important but are limited in their enforceability Principles of Information Security, 4th Edition 22
  • 23. Gramm-Leach-Bliley Act • Also known as the Financial Services Modernization Act of 1999, the Gramm- Leach-Bliley Act is a federal law that outlines rules designed to protect financial information. It requires financial institutions such as banks, credit unions and insurance companies to inform their customers of how they intend to share user data.
  • 25. Who Enforces Cybersecurity Law? Today, federal, state, local and tribal authorities enforce a host of cybersecurity laws and regulations. The federal agencies responsible for upholding cybersecurity legislation include the following: Federal Trade Commission (FTC) S. Department of Homeland Security (DHS) National Institute of Standards and Technology (NIST)  Federal Bureau of Investigation(FBI)
  • 26. Major IT Professional Organizations • Association of Computing Machinery (ACM) – Established in 1947 as “the world's first educational and scientific computing society” – Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property Principles of Information Security, 4th Edition 26
  • 27. Major IT Professional Organizations (cont’d.) • International Information Systems Security Certification Consortium, Inc. (ISC)2 – Non-profit organization focusing on development and implementation of information security certifications and credentials – Code primarily designed for information security professionals who have certification from (ISC)2 – Code of ethics focuses on four mandatory canons Principles of Information Security, 4th Edition 27
  • 28. Major IT Professional Organizations (cont’d.) • System Administration, Networking, and Security Institute (SANS) – Professional organization with a large membership dedicated to protection of information and systems – SANS offers set of certifications called Global Information Assurance Certification (GIAC) Principles of Information Security, 4th Edition 28
  • 29. Major IT Professional Organizations (cont’d.) • Information Systems Audit and Control Association (ISACA) – Professional association with focus on auditing, control, and security – Concentrates on providing IT control practices and standards – ISACA has code of ethics for its professionals Principles of Information Security, 4th Edition 29
  • 30. Major IT Professional Organizations (cont’d.) • Information Systems Security Association (ISSA) – Non-profit society of information security (IS) professionals – Primary mission to bring together qualified IS practitioners for information exchange and educational development – Promotes code of ethics similar to (ISC)2, ISACA, and ACM Principles of Information Security, 4th Edition 30
  • 31. Cybersecurity Information Sharing Act • In 2015, Congress passed the Cybersecurity Information Sharing Act (CISA). • This law provides liability protections to private companies to encourage them to share information with the government about identified cyber threats. • By making information sharing with the government easier, the law aims to keep federal authorities informed of any cyber threats that could put critical infrastructure and national security at risk. • The law also stipulates the government’s responsibility to share information about cyber threats with private companies.
  • 32. Payment Card Industry Data Security Standard • Launched in 2004, the Payment Card Industry Data Security Standard (PCI DSS) establishes rules for protecting consumers’ credit and debit card data. Managed service providers and any organization that processes, stores or transmits payment card information must comply with these regulations. • The PCI DSS aims to improve security throughout the payment transaction process, preventing credit card fraud and data breaches. It mandates the use of: Secure networks equipped with robust firewalls Digital encryption for credit card transactions Controlled access to cardholder data The use of updated antivirus software and other anti-malware programs
  • 34. Children’s Online Privacy Protection Act • The Children’s Online Privacy Protection Act (COPPA) of 1998 establishes rules for how website operators and online services can collect the personal information of children under 13 years of age. It helps ensure that online entities don’t gather children’s personal data without parental consent. • Components of the law stipulate when and how websites should seek consent from parents and guardians. The law also outlines what privacy policies need to include, along with the various responsibilities website operators have with regard to protecting children’s safety and privacy online.
  • 35. Federal Trade Commission Act • A precursor to modern cybersecurity laws, the Federal Trade Commission (FTC) Act of 1914 was drafted to prevent organizations from neglecting basic privacy rights, which today include cybersecurity practices that put consumers at risk. The law empowers the FTC to take legal action against organizations when they: Fail to protect consumer privacy rights Mislead consumers regarding the security of their data Cause considerable harm to consumers by violating their privacy rights
  • 36. Federal Information Security Modernization Act • The Federal Information Security Modernization Act (FISMA) of 2014 mandates that federal agencies protect their information systems and data by putting security controls in place. These controls help ensure the integrity, accessibility and confidentiality of the data that federal agencies gather and use. Under the law, federal agencies must establish information security programs that: Conduct regular risk assessments Perform security testing and evaluations Develop incident response planning Regularly monitor security controls Complete compliance reports
  • 37. State and Local Government Cybersecurity Act of 2021 • The State and Local Government Cybersecurity Act of 2021 aims to help state, local and tribal authorities effectively coordinate with the Cybersecurity and Infrastructure Security Agency, an arm of DHS, to confront cyber threats. Other provisions in the law include the following: Granting technical assistance to respond to cyberattacks Communicating indicators for cyber threats and risk, as well as effective defensive measures Developing a platform to exchange standards, policies and best practices in cybersecurity
  • 38. Key U.S. Federal Agencies • Department of Homeland Security (DHS) – Made up of five directorates, or divisions – Mission is to protect the people as well as the physical and informational assets of the US • Federal Bureau of Investigation’s National InfraGard Program – Maintains an intrusion alert network – Maintains a secure Web site for communication about suspicious activity or intrusions – Sponsors local chapter activities – Operates a help desk for questions 38
  • 39. Key U.S. Federal Agencies (cont’d.) • National Security Agency (NSA) – Is the Nation’s cryptologic organization – Protects US information systems – Produces foreign intelligence information – Responsible for signal intelligence and information system security • U.S. Secret Service – In addition to protective services, charged with the detection and arrest of persons committing a federal office relating to computer fraud or false identification 39
  • 40. Summary • Laws: rules that mandate or prohibit certain behavior in society; drawn from ethics • Ethics: define socially acceptable behaviours; based on cultural mores (fixed moral attitudes or customs of a particular group) • Types of law: civil, criminal, private, public 40
  • 41. Summary (cont’d.) • Relevant U.S. laws: – Computer Fraud and Abuse Act of 1986 (CFA Act) – National Information Infrastructure Protection Act of 1996 – USA PATRIOT Act of 2001 – USA PATRIOT Improvement and Reauthorization Act – Computer Security Act of 1987 – Title 18, U.S.C. § 1028 41