SlideShare a Scribd company logo

Chapter3.ppt

Download as PPT, PDF
H
HaiderAli424102

This document discusses laws, regulations, and ethics related to information security. It begins by explaining the importance of understanding an organization's legal responsibilities and keeping up with changing laws. It then discusses the differences between laws, ethics, and cultural norms. Several US and international laws are outlined pertaining to issues like computer crime, identity theft, copyright, and data privacy. The document also discusses the role of ethics and deterring unethical behavior through training, policies, and professional codes of conduct.

Software
1 of 22
Principles of Information Security, 3rd Edition 2 Introduction  You must understand scope of an organization’s legal and ethical responsibilities  To minimize liabilities/reduce risks, the information security practitioner must:  Understand current legal environment  Stay current with laws and regulations  Watch for new issues that emerge
Principles of Information Security, 3rd Edition 3 Law and Ethics in Information Security  Laws: rules that mandate or prohibit certain societal behavior  Ethics: define socially acceptable behavior  Laws carry sanctions of a governing authority; ethics do not  Cultural mores: fixed moral attitudes or customs of a particular group; ethics are based on these
Principles of Information Security, 3rd Edition 4 Organizational Liability and the Need for Counsel  Liability: legal obligation of an entity extending beyond criminal or contract law; includes legal obligation to make restitution  Restitution: to compensate for wrongs committed by an organization or its employees  Due care: insuring that employees know what constitutes acceptable behavior and know the consequences of illegal or unethical actions  Due diligence: making a valid effort to protect others; continually maintaining level of effort
Principles of Information Security, 3rd Edition 5 Relevant U.S. Laws  United States has been a leader in the development and implementation of information security legislation  Implementation of information security legislation contributes to a more reliable business environment and a stable economy  U.S. has demonstrated understanding of problems facing the information security field; has specified penalties for individuals and organizations failing to follow requirements set forth in U.S. civil statutes
Principles of Information Security, 3rd Edition 6 General Computer Crime Laws  Computer Fraud and Abuse Act of 1986 (CFA Act)  Computer Security Act of 1987  National Information Infrastructure Protection Act of 1996  USA PATRIOT Act of 2001  USA PATRIOT Improvement and Reauthorization Act
Principles of Information Security, 3rd Edition 7 Identity Theft  Federal Trade Commission: “occurring when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes”  Fraud And Related Activity In Connection With Identification Documents, Authentication Features, And Information (Title 18, U.S.C. § 1028)
Principles of Information Security, 3rd Edition 8 Export and Espionage Laws  Economic Espionage Act of 1996 (EEA)  Security And Freedom Through Encryption Act of 1999 (SAFE)
Principles of Information Security, 3rd Edition 9 U.S. Copyright Law  Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats  With proper acknowledgment, it is permissible to include portions of others’ work as reference  U.S. Copyright Office Web site: www.copyright.gov
Principles of Information Security, 3rd Edition 10 Financial Reporting  Sarbanes-Oxley Act of 2002  Affects executive management of publicly traded corporations and public accounting firms  Seeks to improve reliability and accuracy of financial reporting and increase the accountability of corporate governance in publicly traded companies  Penalties for noncompliance range from fines to jail terms
Principles of Information Security, 3rd Edition 11 Freedom of Information Act of 1966 (FOIA)  Allows access to federal agency records or information not determined to be matter of national security  U.S. government agencies required to disclose any requested information upon receipt of written request  Some information protected from disclosure
Principles of Information Security, 3rd Edition 12 State and Local Regulations  Restrictions on organizational computer technology use exist at international, national, state, local levels  Information security professionals are responsible for understanding state regulations and ensuring organization is compliant with regulations
Principles of Information Security, 3rd Edition 13 International Laws and Legal Bodies  IT professionals and IS practitioners should realize that when organizations do business on the Internet, they do business globally  Professionals must be sensitive to laws and ethical values of many different cultures, societies, and countries  Because of political complexities of relationships among nations and differences in culture, there are few international laws relating to privacy and information security  These international laws are important but are limited in their enforceability
Principles of Information Security, 3rd Edition 14 European Council Cyber-Crime Convention  Establishes international task force overseeing Internet security functions for standardized international technology laws  Attempts to improve the effectiveness of international investigations into breaches of technology law  Well received by intellectual property rights advocates due to emphasis on copyright infringement prosecution  Lacks realistic provisions for enforcement
Principles of Information Security, 3rd Edition 15 Agreement on Trade-Related Aspects of Intellectual Property Rights  Created by World Trade Organization (WTO)  First significant international effort to protect intellectual property rights  Agreement covers five issues:  Application of basic principles of trading system and international intellectual property agreements  Giving adequate protection to intellectual property rights  Enforcement of those rights by countries in their own territories  Settling intellectual property disputes  Transitional arrangements while new system is being introduced
Principles of Information Security, 3rd Edition 16 Digital Millennium Copyright Act (DMCA)  U.S. contribution to international effort to reduce impact of copyright, trademark, and privacy infringement  A response to European Union Directive 95/46/EC, which adds protection to individuals with regard to processing and free movement of personal data
Principles of Information Security, 3rd Edition 17 Ethics and Information Security
Principles of Information Security, 3rd Edition 18 Ethical Differences Across Cultures  Cultural differences create difficulty in determining what is and is not ethical  Difficulties arise when one nationality’s ethical behavior conflicts with ethics of another national group  Example: many of the ways in which Asian cultures use computer technology is considered software piracy by other nations
Principles of Information Security, 3rd Edition 19 Ethics and Education  Overriding factor in leveling ethical perceptions within a small population is education  Employees must be trained in expected behaviors of an ethical employee, especially in areas of information security  Proper ethical training vital to creating informed, well prepared, and low-risk system users
Principles of Information Security, 3rd Edition 20 Deterrence to Unethical and Illegal Behavior  Three general causes of unethical and illegal behavior: ignorance, accident, intent  Deterrence: best method for preventing an illegal or unethical activity; e.g., laws, policies, technical controls  Laws, policies, and controls only deter if three conditions are present:  Fear of penalty  Probability of being caught  Probability of penalty being administered
Principles of Information Security, 3rd Edition 21 Codes of Ethics and Professional Organizations  Several professional organizations have established codes of conduct/ethics  Codes of ethics can have positive effect; unfortunately, many employers do not encourage joining these professional organizations  It is the responsibility of security professionals to act ethically and according to policies of employer, professional organization, and laws of society
Principles of Information Security, 3rd Edition 22 Professional Organizations with Codes of Ethics  Association of Computing Machinery (ACM)  International Information Systems Security Certification Consortium, Inc. (ISC)2  System Administration, Networking, and Security Institute (SANS)  Information Systems Audit and Control Association (ISACA)  Information Systems Security Association (ISSA)

Recommended

whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.ppt
DEEPAK948083
 
lesson333.ppt
lesson333.pptlesson333.ppt
lesson333.ppt
DEEPAK948083
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
Gamentortc
 
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ssuserceaa40
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
hyacinthshackley2629
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
abdukadirabdullahuad
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
Carl Ceder
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 

Recommended

whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.ppt
DEEPAK948083
 
lesson333.ppt
lesson333.pptlesson333.ppt
lesson333.ppt
DEEPAK948083
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
Gamentortc
 
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ssuserceaa40
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
hyacinthshackley2629
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
abdukadirabdullahuad
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
Carl Ceder
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
MeshalALshammari12
 
E-Commerce 10
E-Commerce 10E-Commerce 10
E-Commerce 10
Zarrar Siddiqui
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
EdFeranil
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketing
gaurav jain
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
Joel A. Gómez Treviño
 
3999779.ppt
3999779.ppt3999779.ppt
3999779.ppt
pixvilx
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
mtvvvv
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics
7wounders
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..
home based
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptx
Nargis Parveen
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
Anushka Perera
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
JhaiJhai6
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
Syaiful Ahdan
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf
503SaranyaS
 
Chapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxChapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptx
JhaiJhai6
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
adampcarr67227
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
MLG College of Learning, Inc
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
Grant Fritchey
 
Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...
Paul Brebner
 

More Related Content

Similar to Chapter3.ppt

Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
MeshalALshammari12
 
E-Commerce 10
E-Commerce 10E-Commerce 10
E-Commerce 10
Zarrar Siddiqui
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
EdFeranil
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketing
gaurav jain
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
Joel A. Gómez Treviño
 
3999779.ppt
3999779.ppt3999779.ppt
3999779.ppt
pixvilx
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
mtvvvv
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics
7wounders
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..
home based
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptx
Nargis Parveen
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
Anushka Perera
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
JhaiJhai6
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
Syaiful Ahdan
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf
503SaranyaS
 
Chapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxChapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptx
JhaiJhai6
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
adampcarr67227
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
MLG College of Learning, Inc
 

Similar to Chapter3.ppt (20)

Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
E-Commerce 10
E-Commerce 10E-Commerce 10
E-Commerce 10
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketing
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
 
3999779.ppt
3999779.ppt3999779.ppt
3999779.ppt
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptx
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf
 
Chapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxChapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptx
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
 

Recently uploaded

Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
Grant Fritchey
 
Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...
Paul Brebner
 
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
The Third Creative Media
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
safelyiotech
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
ervikas4
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
brainerhub1
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 
42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert
vaishalijagtap12
 
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISDECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
Tier1 app
 
Boost Your Savings with These Money Management Apps
Boost Your Savings with These Money Management AppsBoost Your Savings with These Money Management Apps
Boost Your Savings with These Money Management Apps
Jhone kinadey
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
The Rising Future of CPaaS in the Middle East 2024
The Rising Future of CPaaS in the Middle East 2024The Rising Future of CPaaS in the Middle East 2024
The Rising Future of CPaaS in the Middle East 2024
Yara Milbes
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Paul Brebner
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
Bert Jan Schrijver
 
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio, Inc.
 
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and MoreManyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
narinav14
 

Recently uploaded (20)

Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
 
Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...
 
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 
42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert42 Ways to Generate Real Estate Leads - Sellxpert
42 Ways to Generate Real Estate Leads - Sellxpert
 
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISDECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
 
Boost Your Savings with These Money Management Apps
Boost Your Savings with These Money Management AppsBoost Your Savings with These Money Management Apps
Boost Your Savings with These Money Management Apps
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
The Rising Future of CPaaS in the Middle East 2024
The Rising Future of CPaaS in the Middle East 2024The Rising Future of CPaaS in the Middle East 2024
The Rising Future of CPaaS in the Middle East 2024
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
 
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
 
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio Webinar | 10x Faster Trino Queries on Your Data Platform
Alluxio Webinar | 10x Faster Trino Queries on Your Data Platform
 
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and MoreManyata Tech Park Bangalore_ Infrastructure, Facilities and More
Manyata Tech Park Bangalore_ Infrastructure, Facilities and More
 

Chapter3.ppt

  • 1.
  • 2. Principles of Information Security, 3rd Edition 2 Introduction  You must understand scope of an organization’s legal and ethical responsibilities  To minimize liabilities/reduce risks, the information security practitioner must:  Understand current legal environment  Stay current with laws and regulations  Watch for new issues that emerge
  • 3. Principles of Information Security, 3rd Edition 3 Law and Ethics in Information Security  Laws: rules that mandate or prohibit certain societal behavior  Ethics: define socially acceptable behavior  Laws carry sanctions of a governing authority; ethics do not  Cultural mores: fixed moral attitudes or customs of a particular group; ethics are based on these
  • 4. Principles of Information Security, 3rd Edition 4 Organizational Liability and the Need for Counsel  Liability: legal obligation of an entity extending beyond criminal or contract law; includes legal obligation to make restitution  Restitution: to compensate for wrongs committed by an organization or its employees  Due care: insuring that employees know what constitutes acceptable behavior and know the consequences of illegal or unethical actions  Due diligence: making a valid effort to protect others; continually maintaining level of effort
  • 5. Principles of Information Security, 3rd Edition 5 Relevant U.S. Laws  United States has been a leader in the development and implementation of information security legislation  Implementation of information security legislation contributes to a more reliable business environment and a stable economy  U.S. has demonstrated understanding of problems facing the information security field; has specified penalties for individuals and organizations failing to follow requirements set forth in U.S. civil statutes
  • 6. Principles of Information Security, 3rd Edition 6 General Computer Crime Laws  Computer Fraud and Abuse Act of 1986 (CFA Act)  Computer Security Act of 1987  National Information Infrastructure Protection Act of 1996  USA PATRIOT Act of 2001  USA PATRIOT Improvement and Reauthorization Act
  • 7. Principles of Information Security, 3rd Edition 7 Identity Theft  Federal Trade Commission: “occurring when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes”  Fraud And Related Activity In Connection With Identification Documents, Authentication Features, And Information (Title 18, U.S.C. § 1028)
  • 8. Principles of Information Security, 3rd Edition 8 Export and Espionage Laws  Economic Espionage Act of 1996 (EEA)  Security And Freedom Through Encryption Act of 1999 (SAFE)
  • 9. Principles of Information Security, 3rd Edition 9 U.S. Copyright Law  Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats  With proper acknowledgment, it is permissible to include portions of others’ work as reference  U.S. Copyright Office Web site: www.copyright.gov
  • 10. Principles of Information Security, 3rd Edition 10 Financial Reporting  Sarbanes-Oxley Act of 2002  Affects executive management of publicly traded corporations and public accounting firms  Seeks to improve reliability and accuracy of financial reporting and increase the accountability of corporate governance in publicly traded companies  Penalties for noncompliance range from fines to jail terms
  • 11. Principles of Information Security, 3rd Edition 11 Freedom of Information Act of 1966 (FOIA)  Allows access to federal agency records or information not determined to be matter of national security  U.S. government agencies required to disclose any requested information upon receipt of written request  Some information protected from disclosure
  • 12. Principles of Information Security, 3rd Edition 12 State and Local Regulations  Restrictions on organizational computer technology use exist at international, national, state, local levels  Information security professionals are responsible for understanding state regulations and ensuring organization is compliant with regulations
  • 13. Principles of Information Security, 3rd Edition 13 International Laws and Legal Bodies  IT professionals and IS practitioners should realize that when organizations do business on the Internet, they do business globally  Professionals must be sensitive to laws and ethical values of many different cultures, societies, and countries  Because of political complexities of relationships among nations and differences in culture, there are few international laws relating to privacy and information security  These international laws are important but are limited in their enforceability
  • 14. Principles of Information Security, 3rd Edition 14 European Council Cyber-Crime Convention  Establishes international task force overseeing Internet security functions for standardized international technology laws  Attempts to improve the effectiveness of international investigations into breaches of technology law  Well received by intellectual property rights advocates due to emphasis on copyright infringement prosecution  Lacks realistic provisions for enforcement
  • 15. Principles of Information Security, 3rd Edition 15 Agreement on Trade-Related Aspects of Intellectual Property Rights  Created by World Trade Organization (WTO)  First significant international effort to protect intellectual property rights  Agreement covers five issues:  Application of basic principles of trading system and international intellectual property agreements  Giving adequate protection to intellectual property rights  Enforcement of those rights by countries in their own territories  Settling intellectual property disputes  Transitional arrangements while new system is being introduced
  • 16. Principles of Information Security, 3rd Edition 16 Digital Millennium Copyright Act (DMCA)  U.S. contribution to international effort to reduce impact of copyright, trademark, and privacy infringement  A response to European Union Directive 95/46/EC, which adds protection to individuals with regard to processing and free movement of personal data
  • 17. Principles of Information Security, 3rd Edition 17 Ethics and Information Security
  • 18. Principles of Information Security, 3rd Edition 18 Ethical Differences Across Cultures  Cultural differences create difficulty in determining what is and is not ethical  Difficulties arise when one nationality’s ethical behavior conflicts with ethics of another national group  Example: many of the ways in which Asian cultures use computer technology is considered software piracy by other nations
  • 19. Principles of Information Security, 3rd Edition 19 Ethics and Education  Overriding factor in leveling ethical perceptions within a small population is education  Employees must be trained in expected behaviors of an ethical employee, especially in areas of information security  Proper ethical training vital to creating informed, well prepared, and low-risk system users
  • 20. Principles of Information Security, 3rd Edition 20 Deterrence to Unethical and Illegal Behavior  Three general causes of unethical and illegal behavior: ignorance, accident, intent  Deterrence: best method for preventing an illegal or unethical activity; e.g., laws, policies, technical controls  Laws, policies, and controls only deter if three conditions are present:  Fear of penalty  Probability of being caught  Probability of penalty being administered
  • 21. Principles of Information Security, 3rd Edition 21 Codes of Ethics and Professional Organizations  Several professional organizations have established codes of conduct/ethics  Codes of ethics can have positive effect; unfortunately, many employers do not encourage joining these professional organizations  It is the responsibility of security professionals to act ethically and according to policies of employer, professional organization, and laws of society
  • 22. Principles of Information Security, 3rd Edition 22 Professional Organizations with Codes of Ethics  Association of Computing Machinery (ACM)  International Information Systems Security Certification Consortium, Inc. (ISC)2  System Administration, Networking, and Security Institute (SANS)  Information Systems Audit and Control Association (ISACA)  Information Systems Security Association (ISSA)