This document discusses laws and ethics related to information security. It provides an overview of relevant US laws, such as the Computer Fraud and Abuse Act, and international laws like the European Union's Directive on data privacy. The document also covers ethics topics, distinguishing between laws and ethics. It discusses concepts like privacy, copyright and fair use. The intended learning objectives are to differentiate laws from ethics, identify major information security laws, and discuss the role of culture in ethical issues.
This document discusses laws and ethics related to information security. It begins with an overview of the differences between laws and ethics. It then provides details on several relevant US and international laws, such as the Computer Fraud and Abuse Act, Sarbanes-Oxley Act, and various privacy and copyright laws. The document also discusses ethics, fair use, and how culture influences conceptions of ethical behavior.
This document discusses legal and ethical aspects of computer security. It covers topics like cybercrime and types of computer crimes. It also discusses challenges in cybercrime law enforcement and profiles of cybercriminals and victims. Intellectual property issues related to software, algorithms, databases and digital content are examined. The document also covers privacy issues and common criteria for privacy classification. Finally, it discusses professional responsibilities and codes of conduct in computing.
This document contains slides from a chapter on principles of information security. It discusses how laws are based on ethics, and different types of relevant laws in the US and other countries. These include privacy laws, copyright laws, and export/espionage laws. It also discusses ethics in information security, cultural differences, and professional organizations that promote ethics through codes of conduct and certifications. The role of education and deterrence to promote ethical behavior is covered.
Itechlaw conferene presentation 15th feb 2013 the quest over identity the iss...Prof. (Dr.) Tabrez Ahmad
The document discusses the concept of privacy in relation to social media and technology. It covers several topics related to privacy rights in India and other countries, the threats to privacy posed by new technologies, and initiatives by industry and governments to protect privacy. It also discusses how personal information is increasingly being collected and used online through social networks and digital footprints, posing risks to individual privacy that laws and regulations aim to address.
This document is a slide presentation for an introduction to information security course at Illinois Institute of Technology. It begins with an overview of the course objectives and policies. It then provides a history of information security, defining key terms. It discusses approaches to implementing security through a systems development life cycle and the roles of security professionals.
This document discusses ethics in IT security. It covers laws and ethics, codes of ethics from professional organizations like ACM and ISSA, relevant US laws on topics like privacy and copyright, and the importance of education and training in developing an ethical approach to information security. Overall it emphasizes the responsibility of security practitioners to understand legal/regulatory issues and act ethically.
The document summarizes issues around intellectual property, privacy and social media based on a presentation given to the Sydney University Ethics Committee. It discusses how social media like Facebook are now a major forum for online conversations but content is published more permanently without security. Key issues covered include which laws govern new media, risks of evidence recovery from social media data, legal standards for electronic documents, and jurisdictional challenges for social media cases. It also outlines relevant Australian privacy and copyright legislation as well as recent social media controversies around data collection and privacy settings.
The document summarizes several key Malaysian laws relating to cyber law and electronic government. It discusses laws such as the Digital Signature Act 1997, Copyright (Amendment) Act 1997, Telemedicine Act 1997, Computer Crimes Act 1997, Communications and Multimedia Act 1998, and the Electronic Government Act. These laws were created to address issues like online transactions, intellectual property rights, healthcare regulation, computer crimes, telecommunications regulation, and the development of electronic government services. The document also lists several electronic government databases and discusses the objectives of regulating the converged ICT industry for the benefit of end users.
This document discusses laws and ethics related to information security. It begins with an overview of the differences between laws and ethics. It then provides details on several relevant US and international laws, such as the Computer Fraud and Abuse Act, Sarbanes-Oxley Act, and various privacy and copyright laws. The document also discusses ethics, fair use, and how culture influences conceptions of ethical behavior.
This document discusses legal and ethical aspects of computer security. It covers topics like cybercrime and types of computer crimes. It also discusses challenges in cybercrime law enforcement and profiles of cybercriminals and victims. Intellectual property issues related to software, algorithms, databases and digital content are examined. The document also covers privacy issues and common criteria for privacy classification. Finally, it discusses professional responsibilities and codes of conduct in computing.
This document contains slides from a chapter on principles of information security. It discusses how laws are based on ethics, and different types of relevant laws in the US and other countries. These include privacy laws, copyright laws, and export/espionage laws. It also discusses ethics in information security, cultural differences, and professional organizations that promote ethics through codes of conduct and certifications. The role of education and deterrence to promote ethical behavior is covered.
Itechlaw conferene presentation 15th feb 2013 the quest over identity the iss...Prof. (Dr.) Tabrez Ahmad
The document discusses the concept of privacy in relation to social media and technology. It covers several topics related to privacy rights in India and other countries, the threats to privacy posed by new technologies, and initiatives by industry and governments to protect privacy. It also discusses how personal information is increasingly being collected and used online through social networks and digital footprints, posing risks to individual privacy that laws and regulations aim to address.
This document is a slide presentation for an introduction to information security course at Illinois Institute of Technology. It begins with an overview of the course objectives and policies. It then provides a history of information security, defining key terms. It discusses approaches to implementing security through a systems development life cycle and the roles of security professionals.
This document discusses ethics in IT security. It covers laws and ethics, codes of ethics from professional organizations like ACM and ISSA, relevant US laws on topics like privacy and copyright, and the importance of education and training in developing an ethical approach to information security. Overall it emphasizes the responsibility of security practitioners to understand legal/regulatory issues and act ethically.
The document summarizes issues around intellectual property, privacy and social media based on a presentation given to the Sydney University Ethics Committee. It discusses how social media like Facebook are now a major forum for online conversations but content is published more permanently without security. Key issues covered include which laws govern new media, risks of evidence recovery from social media data, legal standards for electronic documents, and jurisdictional challenges for social media cases. It also outlines relevant Australian privacy and copyright legislation as well as recent social media controversies around data collection and privacy settings.
The document summarizes several key Malaysian laws relating to cyber law and electronic government. It discusses laws such as the Digital Signature Act 1997, Copyright (Amendment) Act 1997, Telemedicine Act 1997, Computer Crimes Act 1997, Communications and Multimedia Act 1998, and the Electronic Government Act. These laws were created to address issues like online transactions, intellectual property rights, healthcare regulation, computer crimes, telecommunications regulation, and the development of electronic government services. The document also lists several electronic government databases and discusses the objectives of regulating the converged ICT industry for the benefit of end users.
This document provides an overview of intellectual property, including the main types (patents, copyrights, trademarks), how they are protected and enforced, and recent developments. It covers the purpose of intellectual property rights to promote innovation and dissemination of ideas. Key topics include patent applications and examination processes, copyright ownership and infringement, trademark definitions and protection, and dispute resolution mechanisms like litigation, arbitration and mediation. Newer areas discussed are computer program protections under patents and copyright, as well as international treaties governing intellectual property.
This presentation is about the societal impacts. It is strictly based on CLASS 12 Informatics Practices Book aiming to help students and teachers to make learning easy .
CREDITS : pythonmykvs.in
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfssuserceaa40
This document discusses laws, regulations, ethics, and professional organizations related to information security. It provides an overview of relevant US laws, such as the Computer Fraud and Abuse Act, and international agreements. The document also discusses how ethics can differ across cultures and the role of professional organizations in promoting codes of ethics for information security practitioners. Organizations are advised to understand applicable laws and regulations to minimize liability and adopt policies to deter unethical behavior.
LLM Masters in Information Technology and Intellectual Property Law - SussexChris Marsden
This document provides information about the LLM in IT & IP program offered by the University of Sussex. It describes the following key details:
- The program is designed and taught by Professor Chris Marsden and Dr. Andres Guadamuz to train students to become "digital lawyers" capable of working in law firms, government, or regulatory roles.
- Core modules include Critical Approaches to Information Law and Digital Intellectual Property Law. Optional modules cover topics like Cyberlaw, International Aspects of IP and Technology Regulation, and Communications Law and Regulation.
- Students complete advanced research skills training, take core and optional modules, and write a 15,000 word dissertation under individual supervision. The program is
This document discusses several topics related to intellectual property rights (IPR) and their impact in India. It begins by providing historical context on technological developments before discussing India's pre-1991 mindset of protected markets and dependency on government. It then addresses challenges around implementing the TRIPS agreement and protecting intellectual capital. Specific issues discussed include patenting life forms, traditional knowledge, compulsory licensing provisions, and options for implementing TRIPS patent requirements in India. Overall, the document analyzes considerations around strengthening IPR protections in India as required by international agreements.
The document summarizes copyright law in Sri Lanka. It discusses that copyright is governed by the Intellectual Property Act No. 36 of 2003. Copyright protects literary and artistic works and provides economic and moral rights to authors. Works are automatically protected upon creation without registration. Copyright lasts for the life of the author plus 70 years. Fair use provisions allow limited use for purposes like research and education. Infringement of copyright is a criminal offense punishable by fines and imprisonment.
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
Laws define prohibited and mandated behaviors while ethics define socially acceptable behaviors based on cultural mores. Relevant US laws include the Computer Fraud and Abuse Act, National Information Infrastructure Protection Act, USA Patriot Act, and others. Organizations can establish codes of ethics and reduce liability by exercising due care and due diligence in protecting information.
3 Understand the ethical and legislative environment relating to ITMark Anthony Kavanagh
1) When making online financial transactions or payments, it is important to ensure the website is secure to prevent personal and banking details from being obtained by unauthorized parties.
2) Common tips for secure online financial transactions include checking a website's privacy policy, logging out after use, keeping electronic receipts, and verifying security indicators like the padlock symbol and green address bar.
3) The Health and Safety at Work Act 1974 is the primary UK legislation for occupational health and safety. It requires employers to provide appropriate personal protective equipment (PPE) depending on the nature of the work, such as ballistic armor for soldiers or ergonomic chairs for call center workers, to protect employee health and safety.
The briefing discusses the need for new cybersecurity legislation to address gaps unaddressed by existing policies like PPD21. It argues that legislation is necessary to give authorities like the NSA and FBI new proactive powers to prevent cyber attacks, and to apply jurisdiction over both military and civilian cyber attacks. It suggests new laws should address transparency, privacy protections from government and private sector surveillance, and encourage more collaboration between government and private sector on critical infrastructure protection.
This document discusses censorship, intellectual property, and privacy in relation to the internet. It begins by defining censorship as the attempt to suppress material deemed offensive. It then discusses challenges of internet censorship due to its decentralized nature. Issues around privacy and intellectual property like peer-to-peer file sharing are also examined. Various organizations that advocate for internet freedom and openness are mentioned. Ethical views on these topics from philosophers like John Stuart Mill are referenced.
The document discusses identity theft and provides information on how to respond if identity theft is suspected. It defines identity theft as occurring when someone steals a victim's personally identifiable information and poses as the victim to conduct actions or make purchases. If identity theft is suspected, actions include reporting it to credit bureaus, ordering credit reports, filing an identity theft report with the FTC, and documenting communications. The document also discusses several laws and regulations related to information security, intellectual property, privacy, and ethics.
Regulating Data: The Implications of Informatics on International LawJon Garon
Description: Because of the increasing ease of digitization, all information has the potential to be digitized and as such, all information is becoming part of a single, incomprehensibly large, multinational, multicultural data system. The resulting data ecosystem is subject to local regulation by state and national laws which have often been drafted to address a conflicting set of jurisdictional rules and normative expectations regarding the creation, ownership, collection, storage and dissemination of information. The laws vary from country to country, resisting efforts at bringing international harmony because of deeply rooted historical differences. The presentation is an overview of the steps necessary for developing a comprehensive informatics regulatory system that protects privacy, telecom policy and copyright.
This document discusses identity theft and provides information on what to do if someone suspects they are a victim. It also discusses several US laws related to information security and ethics, such as the Identity Theft and Assumption Deterrence Act, Sarbanes-Oxley Act, and various international agreements. Additionally, it covers the challenges of developing global ethics standards due to differing cultural views, and emphasizes the importance of education in promoting ethical behavior.
This document discusses identity theft and provides information on what to do if someone suspects they are a victim. It also discusses several US laws related to information security and ethics, such as the Digital Millennium Copyright Act, Sarbanes-Oxley Act, and various international agreements. Additionally, it covers the challenges of developing global ethical standards given differences in cultural views, and stresses the importance of education in promoting consistent ethical behavior.
This document discusses identity theft and provides information on what to do if someone suspects they are a victim. It also discusses several US laws related to information security and ethics, such as the Identity Theft and Assumption Deterrence Act, Sarbanes-Oxley Act, and various cybercrime laws. Additionally, it covers some international laws and agreements around intellectual property and privacy, including the Agreement on Trade-Related Aspects of Intellectual Property Rights and the Digital Millennium Copyright Act.
The document discusses drone surveillance at Kansas State University football games. It notes that over 50,000 fans attend games, making it difficult for law enforcement to monitor everything. Drones could help by providing aerial surveillance to spot issues like medical emergencies or criminal activity. However, drone surveillance also raises privacy concerns due to their ability to record details and identify individuals. The document examines both the potential benefits of drone surveillance for public safety as well as the privacy issues it presents.
Legal and ethical issues associated with modern technologiesSheila Mable
The document discusses several key legal and ethical issues that organizations may encounter when implementing new technologies: privacy laws like the Privacy Act of 1974 and laws around consumer privacy; freedom of information laws like the Freedom of Information Act; the need for an Acceptable Use Policy; and laws regarding children's internet safety like the Children's Internet Protection Act. It emphasizes the importance of evaluating new technologies to ensure they comply with existing policies and procedures regarding these legal and ethical issues.
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
This document provides an overview of intellectual property, including the main types (patents, copyrights, trademarks), how they are protected and enforced, and recent developments. It covers the purpose of intellectual property rights to promote innovation and dissemination of ideas. Key topics include patent applications and examination processes, copyright ownership and infringement, trademark definitions and protection, and dispute resolution mechanisms like litigation, arbitration and mediation. Newer areas discussed are computer program protections under patents and copyright, as well as international treaties governing intellectual property.
This presentation is about the societal impacts. It is strictly based on CLASS 12 Informatics Practices Book aiming to help students and teachers to make learning easy .
CREDITS : pythonmykvs.in
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfssuserceaa40
This document discusses laws, regulations, ethics, and professional organizations related to information security. It provides an overview of relevant US laws, such as the Computer Fraud and Abuse Act, and international agreements. The document also discusses how ethics can differ across cultures and the role of professional organizations in promoting codes of ethics for information security practitioners. Organizations are advised to understand applicable laws and regulations to minimize liability and adopt policies to deter unethical behavior.
LLM Masters in Information Technology and Intellectual Property Law - SussexChris Marsden
This document provides information about the LLM in IT & IP program offered by the University of Sussex. It describes the following key details:
- The program is designed and taught by Professor Chris Marsden and Dr. Andres Guadamuz to train students to become "digital lawyers" capable of working in law firms, government, or regulatory roles.
- Core modules include Critical Approaches to Information Law and Digital Intellectual Property Law. Optional modules cover topics like Cyberlaw, International Aspects of IP and Technology Regulation, and Communications Law and Regulation.
- Students complete advanced research skills training, take core and optional modules, and write a 15,000 word dissertation under individual supervision. The program is
This document discusses several topics related to intellectual property rights (IPR) and their impact in India. It begins by providing historical context on technological developments before discussing India's pre-1991 mindset of protected markets and dependency on government. It then addresses challenges around implementing the TRIPS agreement and protecting intellectual capital. Specific issues discussed include patenting life forms, traditional knowledge, compulsory licensing provisions, and options for implementing TRIPS patent requirements in India. Overall, the document analyzes considerations around strengthening IPR protections in India as required by international agreements.
The document summarizes copyright law in Sri Lanka. It discusses that copyright is governed by the Intellectual Property Act No. 36 of 2003. Copyright protects literary and artistic works and provides economic and moral rights to authors. Works are automatically protected upon creation without registration. Copyright lasts for the life of the author plus 70 years. Fair use provisions allow limited use for purposes like research and education. Infringement of copyright is a criminal offense punishable by fines and imprisonment.
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
Laws define prohibited and mandated behaviors while ethics define socially acceptable behaviors based on cultural mores. Relevant US laws include the Computer Fraud and Abuse Act, National Information Infrastructure Protection Act, USA Patriot Act, and others. Organizations can establish codes of ethics and reduce liability by exercising due care and due diligence in protecting information.
3 Understand the ethical and legislative environment relating to ITMark Anthony Kavanagh
1) When making online financial transactions or payments, it is important to ensure the website is secure to prevent personal and banking details from being obtained by unauthorized parties.
2) Common tips for secure online financial transactions include checking a website's privacy policy, logging out after use, keeping electronic receipts, and verifying security indicators like the padlock symbol and green address bar.
3) The Health and Safety at Work Act 1974 is the primary UK legislation for occupational health and safety. It requires employers to provide appropriate personal protective equipment (PPE) depending on the nature of the work, such as ballistic armor for soldiers or ergonomic chairs for call center workers, to protect employee health and safety.
The briefing discusses the need for new cybersecurity legislation to address gaps unaddressed by existing policies like PPD21. It argues that legislation is necessary to give authorities like the NSA and FBI new proactive powers to prevent cyber attacks, and to apply jurisdiction over both military and civilian cyber attacks. It suggests new laws should address transparency, privacy protections from government and private sector surveillance, and encourage more collaboration between government and private sector on critical infrastructure protection.
This document discusses censorship, intellectual property, and privacy in relation to the internet. It begins by defining censorship as the attempt to suppress material deemed offensive. It then discusses challenges of internet censorship due to its decentralized nature. Issues around privacy and intellectual property like peer-to-peer file sharing are also examined. Various organizations that advocate for internet freedom and openness are mentioned. Ethical views on these topics from philosophers like John Stuart Mill are referenced.
The document discusses identity theft and provides information on how to respond if identity theft is suspected. It defines identity theft as occurring when someone steals a victim's personally identifiable information and poses as the victim to conduct actions or make purchases. If identity theft is suspected, actions include reporting it to credit bureaus, ordering credit reports, filing an identity theft report with the FTC, and documenting communications. The document also discusses several laws and regulations related to information security, intellectual property, privacy, and ethics.
Regulating Data: The Implications of Informatics on International LawJon Garon
Description: Because of the increasing ease of digitization, all information has the potential to be digitized and as such, all information is becoming part of a single, incomprehensibly large, multinational, multicultural data system. The resulting data ecosystem is subject to local regulation by state and national laws which have often been drafted to address a conflicting set of jurisdictional rules and normative expectations regarding the creation, ownership, collection, storage and dissemination of information. The laws vary from country to country, resisting efforts at bringing international harmony because of deeply rooted historical differences. The presentation is an overview of the steps necessary for developing a comprehensive informatics regulatory system that protects privacy, telecom policy and copyright.
This document discusses identity theft and provides information on what to do if someone suspects they are a victim. It also discusses several US laws related to information security and ethics, such as the Identity Theft and Assumption Deterrence Act, Sarbanes-Oxley Act, and various international agreements. Additionally, it covers the challenges of developing global ethics standards due to differing cultural views, and emphasizes the importance of education in promoting ethical behavior.
This document discusses identity theft and provides information on what to do if someone suspects they are a victim. It also discusses several US laws related to information security and ethics, such as the Digital Millennium Copyright Act, Sarbanes-Oxley Act, and various international agreements. Additionally, it covers the challenges of developing global ethical standards given differences in cultural views, and stresses the importance of education in promoting consistent ethical behavior.
This document discusses identity theft and provides information on what to do if someone suspects they are a victim. It also discusses several US laws related to information security and ethics, such as the Identity Theft and Assumption Deterrence Act, Sarbanes-Oxley Act, and various cybercrime laws. Additionally, it covers some international laws and agreements around intellectual property and privacy, including the Agreement on Trade-Related Aspects of Intellectual Property Rights and the Digital Millennium Copyright Act.
The document discusses drone surveillance at Kansas State University football games. It notes that over 50,000 fans attend games, making it difficult for law enforcement to monitor everything. Drones could help by providing aerial surveillance to spot issues like medical emergencies or criminal activity. However, drone surveillance also raises privacy concerns due to their ability to record details and identify individuals. The document examines both the potential benefits of drone surveillance for public safety as well as the privacy issues it presents.
Legal and ethical issues associated with modern technologiesSheila Mable
The document discusses several key legal and ethical issues that organizations may encounter when implementing new technologies: privacy laws like the Privacy Act of 1974 and laws around consumer privacy; freedom of information laws like the Freedom of Information Act; the need for an Acceptable Use Policy; and laws regarding children's internet safety like the Children's Internet Protection Act. It emphasizes the importance of evaluating new technologies to ensure they comply with existing policies and procedures regarding these legal and ethical issues.
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
Nordic Marketo Engage User Group_June 13_ 2024.pptx
ISC Chapter 3.pdf
1. Transform
ingL
ives. InventingtheF
uture. www.iit.edu
I E
LLINOIS T U
INS T
I T
OF TECHNOLOGY
ITM 478/578 1
Legal, Ethical & Professional Issues
Ray Trygstad
ITM 478 / IT 478 / ITM 578 Spring 2005
Information Technology & Management Programs
CenterforProfessional Development
Slides based on W
hitman, M. and Mattord, H., P
rinciples of Inform
ationS
ecurity; Thomson Course Technology 2003
2. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 2
ILLINOIS INSTITUTE OF TECHNOLOGY
Objectives
Upon completion of this lesson
students should be able to:
– Differentiate between laws and ethics
– Identify major national laws that relate
to the practice of information security
– Discuss the role of culture as it applies
to ethics in information security
3. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 3
ILLINOIS INSTITUTE OF TECHNOLOGY
Law and Ethics in Information Security
Laws - rules adopted for determining
expected behavior
– Laws drawn from ethics
Ethics define socially acceptable
behaviors
Ethics based on cultural mores:
fixed moral attitudes or customs of
a particular group
4. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 4
ILLINOIS INSTITUTE OF TECHNOLOGY
Types of Law
Civil law
Criminal law
Tort law
Private law
Public law
5. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 5
ILLINOIS INSTITUTE OF TECHNOLOGY
Relevant U.S. Laws - General
Computer Fraud and Abuse Act of 1986
National Information Infrastructure
Protection Act of 1996
USA Patriot Act of 2001
Telecommunications Deregulation and
Competition Act of 1996
Communications Decency Act (CDA)
Computer Security Act of 1987
Digital Millennium Copyright Act of 1998
Sarbanes-Oxley Act of 2002
6. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 6
ILLINOIS INSTITUTE OF TECHNOLOGY
Privacy
Privacy: one of the hottest topics in
information
Ability to collect information, combine facts
from separate sources, and merge with other
information results in collections of
information previously impossible to create
Aggregation of data from multiple sources
permits unethical organizations to build
databases of facts with frightening
capabilities
7. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 7
ILLINOIS INSTITUTE OF TECHNOLOGY
Privacy in the U.S.
Not a Constitutional right but has been
construed by the courts
– “Reasonable expectation” of privacy
Working definition:
– right not to be disturbed
– right to be anonymous
– right not to be monitored
– right not to have one’s identifying information
exploited
Construed Constitutional guarantees of
privacy apply only to the Federal
Government
8. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 8
ILLINOIS INSTITUTE OF TECHNOLOGY
Privacy of Customer Information
Privacy of Customer Information Section of
Common Carrier Regulations
Federal Privacy Act of 1974
The Electronic Communications Privacy Act
of 1986
The Health Insurance Portability &
Accountability Act Of 1996 (HIPAA) also
known as the Kennedy-Kassebaum Act
The Financial Services Modernization Act or
Gramm-Leach-Bliley Act of 1999
9. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 9
ILLINOIS INSTITUTE OF TECHNOLOGY
Freedom of Information Act of 1966 (FOIA)
The Freedom of Information Act
provides any person with the right to
request access to federal agency
records or information, not determined
to be in the interest of national security
– US Government agencies required to
disclose requested information on receipt
of a written request
10. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 10
ILLINOIS INSTITUTE OF TECHNOLOGY
Freedom of Information Act of 1966 (FOIA)
Exceptions for information protected
from disclosure
Act does not apply to
– Congress or Federal courts
– state or local government agencies
– private businesses or individuals
Many states have their own version
of the FOIA
11. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 11
ILLINOIS INSTITUTE OF TECHNOLOGY
Freedom of Information Act of 2000 (UK)
In 2000, the United Kingdom passed
their Freedom of Information Act
– Very similar in all respects to U.S. law
– More exceptions
12. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 12
ILLINOIS INSTITUTE OF TECHNOLOGY
European Union Model
European Union Directive 95/46/EC effective
October 1998 increases protection of
individuals in processing of personal data &
limits free movement of such data
– Strong consumer protection
– Only allows gathering of information necessary for
transaction
– Personal data cannot be transferred to another
company without permission
United Kingdom had implemented a version
of this directive called the Database Right
13. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 13
ILLINOIS INSTITUTE OF TECHNOLOGY
EU Law Portal
Figure 3-4
European Union
Law Web site
http://europa.eu.int/eur-lex/en/
14. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 14
ILLINOIS INSTITUTE OF TECHNOLOGY
International Laws and Legal Bodies
Council of Europe: European Council
Cyber-Crime Convention
– Creates an international task force to
oversee a range of security functions
associated with Internet activities,
– Standardizes technology laws across
international borders
15. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 15
ILLINOIS INSTITUTE OF TECHNOLOGY
International Laws and Legal Bodies
European Council Cyber-Crime
Convention
– Also attempts to improve effectiveness of
international investigations into breaches
of technology law
Well received by advocates of
intellectual property rights with
emphasis on copyright infringement
prosecution
16. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 16
ILLINOIS INSTITUTE OF TECHNOLOGY
UN International Law
Figure 3-46
United Nations
International
Law Web site
http://www.un.org/law/
17. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 17
ILLINOIS INSTITUTE OF TECHNOLOGY
Export and Espionage Laws
Economic Espionage Act (EEA)
of 1996
Security and Freedom Through
Encryption Act of 1997 (SAFE)
18. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 18
ILLINOIS INSTITUTE OF TECHNOLOGY
What is a Copyright?
Set of exclusive legal rights authors
have over their works for a limited
period of time; these rights include
– copying the works (including parts of the
works)
– making derivative works
– distributing the works
– performing the works (showing a movie or
playing an audio recording, as well as
performing a dramatic work)
19. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 19
ILLINOIS INSTITUTE OF TECHNOLOGY
What is a Copyright?
Copyright exists upon creation
– Author’s rights begin when an original
work of authorship is fixed in a tangible
medium
A work does not have to bear a
copyright notice or be registered to
be copyrighted
20. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 20
ILLINOIS INSTITUTE OF TECHNOLOGY
US Copyright Law
Intellectual property is recognized as a
protected asset in the US
US copyright law extends this right to
the published word, including electronic
formats
21. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 21
ILLINOIS INSTITUTE OF TECHNOLOGY
US Copyright Law: Fair Use
Fair use of copyrighted materials
includes
– the use to support news reporting,
teaching, scholarship, and a number of
other related permissions
– the purpose of the use has to be for
educational or library purposes, not for
profit, and should not be excessive
DMCA (more on this in a minute)
22. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 22
ILLINOIS INSTITUTE OF TECHNOLOGY
What is Fair Use?
Allow for limited copying or
distribution of published works
without author’s permission
– Examples:
•Quotation of excerpts in a review or critique
•copying of a small part of a work by a teacher
or student to illustrate a lesson
23. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 23
ILLINOIS INSTITUTE OF TECHNOLOGY
What is Fair Use?
Determination of fair use based on:
– Purpose and nature of the use
– Nature of the copyrighted work
– Nature and substantiality of the material
used
– Effect of use on the potential market for or
value of the work
24. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 24
ILLINOIS INSTITUTE OF TECHNOLOGY
What is Fair Use?
As Kerry Konrad, co-lead litigation
counsel for Lotus Development
Corporation, succinctly said, “if your
use is private, limited, and for the
purpose of reference and illustration
only, it’s likely to be fair.”
25. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 25
ILLINOIS INSTITUTE OF TECHNOLOGY
Licensing of Copyrights
If fair use does not apply, using
another’s intellectual property
requires a license
A license is not a given—the owner
does not have to grant a license nor
give any explanation when they don’t
26. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 26
ILLINOIS INSTITUTE OF TECHNOLOGY
Licensing of Copyrights
Placing materials on the Web does NOT
place them in the Public Domain unless
such assignment is specifically made
– Some Web sites contain content such as clipart,
buttons, bars, backgrounds, photos, where either
the items have been placed in the public domain
or a license for their use is clearly granted
– Otherwise all works online—graphic arts as well
as text—are protected by copyright, and your
reuse requires a license
27. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 27
ILLINOIS INSTITUTE OF TECHNOLOGY
US Copyright Office
Figure 3-3
U.S. Copyright
Office Web site
http://www.loc.gov/copyright/
28. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 28
ILLINOIS INSTITUTE OF TECHNOLOGY
Digital Millennium Copyright Act (DMCA)
The Digital Millennium Copyright Act
(DMCA) is the US version of an
international effort to reduce the
impact of copyright, trademark, and
privacy infringement
Many legal experts feel DMCA
illegally infringes on Fair Use and has
other adverse effects
29. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 29
ILLINOIS INSTITUTE OF TECHNOLOGY
Impact of DMCA
Critics claim DCMA has had the
following impacts (among others):
– DMCA is being used to silence researchers,
computer scientists and critics
– Corporations are using it against the
public
– Public/College radio stations can no longer
afford to webcast
30. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 30
ILLINOIS INSTITUTE OF TECHNOLOGY
Impact of DMCA
Also has had a stifling effect on
computer security research as
prohibits the circumvention of copy
protection and the distribution of
devices that can be used to circumvent
copyrights
– In doing so it treats publishing of security
vulnerabilities as a violation of the law
31. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 31
ILLINOIS INSTITUTE OF TECHNOLOGY
Sarbanes-Oxley Act
Created to address accounting
“irregularities” (Enron, etc.)
Requires internal controls & internal
controls reporting
– As part of this, general computer controls
must be implemented and documented
Information security controls are a key
component of general computer controls
32. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 32
ILLINOIS INSTITUTE OF TECHNOLOGY
Sarbanes-Oxley Act
Section 404 -- Management Assessment
of Internal Controls
Rules Required. The [Securities and
Exchange] Commission shall prescribe rules
requiring each annual report…to contain an
internal control report, which shall--
– state the responsibility of management for
establishing and maintaining an adequate
internal control structure and procedures for
financial reporting; and
– contain an assessment, as of the end of the most
recent fiscal year of the issuer, of the
effectiveness of the internal control structure and
procedures of the issuer for financial reporting
33. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 33
ILLINOIS INSTITUTE OF TECHNOLOGY
Sarbanes-Oxley Act
Access controls, authorization,
auditability, data integrity and
availability (disaster recovery) are
key elements of controls to ensure
compliance with section 404
Because there is external financial
auditor involvement in assuring
rules compliance, this draws audit
firms into IT security auditing or at
least verification of IT security audits
34. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 34
ILLINOIS INSTITUTE OF TECHNOLOGY
State & Local Regulations
Each state or locality may have laws
and regulations that impact the use of
computer technology
Information security professionals have
a responsibility to understand state
laws and regulations and insure
organization’s security policies and
procedures comply
35. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 35
ILLINOIS INSTITUTE OF TECHNOLOGY
United Nations Charter
To some degree the United Nations
Charter provides provisions for
information security during
Information Warfare
Information Warfare (IW) involves use
of information technology to conduct
offensive operations as part of an
organized and lawful military operation
by a sovereign state
36. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 36
ILLINOIS INSTITUTE OF TECHNOLOGY
Information Warfare
IW is a relatively new application of
warfare, although the military has been
conducting electronic warfare and
counter-warfare operations for decades,
jamming, intercepting, and spoofing
enemy communications
37. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 37
ILLINOIS INSTITUTE OF TECHNOLOGY
Policy Versus Law
Most organizations develop and formalize
a body of expectations called policy
Policies function in an organization like
laws
For a policy to become enforceable, it
must meet certain standards
Only when all conditions are met, does
the organization have a reasonable
expectation of effective policy
38. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 38
ILLINOIS INSTITUTE OF TECHNOLOGY
Standards for Enforceable Policy
Enforceable policy must be:
– Distributed to all individuals who are
expected to comply
– Readily available for employee reference
– Easily understood with multi-language
translations and translations for visually
impaired, or literacy-impaired employees
– Acknowledged by the employee, usually by
means of a signed consent form
39. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 39
ILLINOIS INSTITUTE OF TECHNOLOGY
Content of Corporate Use Policies
Rights
Responsibilities
Privileges
Prohibitions
– Activities
– Uses
• “business only” (strict)
or “business and
reasonable personal use”
(loose)
• Similar to telephone use
policies
– Harassment
– Overloading resources
Tracking
– What tracking will be
done
– Who will do it
– What circumstances
– How will the information
will be stored
– Who will have access to it
Communicating
information
Virus detection
Export restrictions
Waiver of Privacy
Disclaimers
40. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 40
ILLINOIS INSTITUTE OF TECHNOLOGY
Ethical Concepts in Information Security
10 Commandments of Computer Ethics
from The Computer Ethics Institute
1. Thou shalt not use a computer to harm other
people.
2. Thou shalt not interfere with other people’s
computer work.
3. Thou shalt not snoop around in other
people’s computer files.
4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false
witness [lie].
41. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 41
ILLINOIS INSTITUTE OF TECHNOLOGY
Ethical Concepts in Information Security
10 Commandments of Computer Ethics
from The Computer Ethics Institute
6. Thou shalt not copy or use proprietary software for
which you have not paid.
7. Thou shalt not use other people’s computer resources
without authorization or proper compensation.
8. Thou shalt not appropriate other people’s
intellectual output.
9. Thou shalt think about the social consequences of
the program you are writing or the system you are
designing.
10. Thou shalt always use a computer in ways that
insure consideration and respect for your fellow
humans.
42. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 42
ILLINOIS INSTITUTE OF TECHNOLOGY
Cultural Differences in Ethical Concepts
Differences in cultures cause problems in
determining what is ethical and what is not
ethical
Studies of ethical sensitivity to computer use
reveal different nationalities have different
perspectives
Difficulties arise when one nationality’s
ethical behavior contradicts that of another
national group
43. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 43
ILLINOIS INSTITUTE OF TECHNOLOGY
Ethics and Education
Employees must be trained in topics related
to information security, including expected
behaviors of an ethical employee
Especially important in areas of information
security; many employees may not have the
formal technical training to understand what
behavior is unethical or illegal
Proper ethical and legal training is vital to
creating an informed, well prepared, and
low-risk system user
44. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 44
ILLINOIS INSTITUTE OF TECHNOLOGY
Deterrence to Unethical and Illegal Behavior
Deterrence - preventing an illegal or
unethical activity
– Examples of deterrents: Laws, policies,
technical controls
Laws and policies only deter if three
conditions are present:
– Fear of penalty
– Probability of being caught
– Probability of penalty being administered
45. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 45
ILLINOIS INSTITUTE OF TECHNOLOGY
Codes of Ethics, Certifications, and Professional Organizations
Many organizations have codes of conduct
and/or codes of ethics
– Codes of ethics can have a positive effect
– Unfortunately, having a code of ethics is not
enough
Security professionals must act ethically
and according to the policies and
procedures of their employer, their
professional organization, and the laws of
society
46. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 46
ILLINOIS INSTITUTE OF TECHNOLOGY
Association of Computing Machinery
The ACM (www.acm.org) is a respected
professional society
– originally established in 1947 as “the
world’s first educational and scientific
computing society”
Their code of ethics requires members
to perform their duties in a manner
befitting an ethical computing
professional
47. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 47
ILLINOIS INSTITUTE OF TECHNOLOGY
Association of Computing Machinery
The code contains specific references to
protecting the confidentiality of
information, causing no harm,
protecting the privacy of others, and
respecting the intellectual property and
copyrights of others
48. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 48
ILLINOIS INSTITUTE OF TECHNOLOGY
International Information Systems Security Certification Consortium
The (ISC)2
(www.isc2.org) is a non-profit
organization
– focuses on the development and
implementation of information security
certifications and credentials
The code of ethics put forth by (ISC)2
is
primarily designed for information
security professionals who have earned
a certification from (ISC)2
49. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 49
ILLINOIS INSTITUTE OF TECHNOLOGY
(ISC)2
Code
(ISC)2
code focuses on four mandatory
canons:
– Protect society, the commonwealth, and
the infrastructure
– Act honorably, honestly, justly,
responsibly, and legally
– Provide diligent and competent service to
principals
– Advance and protect the profession
50. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 50
ILLINOIS INSTITUTE OF TECHNOLOGY
System Administration, Networking, and Security Institute
The System Administration,
Networking, and Security Institute, or
SANS (www.sans.org), is a professional
organization with a large membership
dedicated to the protection of
information and systems
SANS offers a certifications called the
Global Information Assurance
Certification or GIAC
51. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 51
ILLINOIS INSTITUTE OF TECHNOLOGY
Information Systems Audit and Control Association
The Information Systems Audit and
Control Association or ISACA
(www.isaca.org) is a professional
association with a focus on auditing,
control, and security
Although it does not focus exclusively
on information security, the Certified
Information Systems Auditor or CISA
certification does contain many
information security components
52. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 52
ILLINOIS INSTITUTE OF TECHNOLOGY
Information Systems Audit and Control Association
The ISACA also has a code of ethics
for professionals
Requires many of the same high
standards for ethical performance as
the other organizations and
certifications
53. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 53
ILLINOIS INSTITUTE OF TECHNOLOGY
CSI - Computer Security Institute
The Computer Security Institute
(www.gocsi.com) provides information and
certification to support the computer,
networking, and information security
professional
While CSI does not promote a single
certification certificate like the CISSP or
GISO, it does provide a range of technical
training classes in the areas of Internet
Security, Intrusion Management, Network
Security, Forensics, as well as technical
networking
54. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 54
ILLINOIS INSTITUTE OF TECHNOLOGY
Other Security Organizations
Information Systems Security Association
(ISSA)® (www.issa.org)
Internet Society or ISOC (www.isoc.org)
Computer Security Division (CSD) of the
National Institute for Standards and
Technology (NIST)
– contains a resource center known as the Computer
Security Resource Center (csrc.nist.gov) housing
one of the most comprehensive sets of publicly
available information on the entire suite of
information security topics
55. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 55
ILLINOIS INSTITUTE OF TECHNOLOGY
Other Security Organizations
CERT® Coordination Center or
CERT/CC (www.cert.org) is a center of
Internet security expertise operated by
Carnegie Mellon University
Computer Professionals for Social
Responsibility (CPSR) promotes the
development of ethical computing
56. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 56
ILLINOIS INSTITUTE OF TECHNOLOGY
Key U.S. Federal Agencies
The Department of Homeland
Security’s National Infrastructure
Protection Center (NIPC)
(www.nipc.gov)
– National InfraGard Program
National Security Agency (NSA)
– The NSA is “the Nation’s cryptologic
organization”
– NSA Information Assurance Directorate
57. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 57
ILLINOIS INSTITUTE OF TECHNOLOGY
Other Key Federal Agencies
Figure 3-14
U.S. Secret
Service Web site
http://www.secretservice.gov/
58. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 58
ILLINOIS INSTITUTE OF TECHNOLOGY
Organizational Liability and the Need for Counsel
Liability is the legal obligation of an entity
– Liability extends beyond legal obligation or
contract to include liability for a wrongful act and
the legal obligation to make restitution
– An organization increases its liability if it refuses
to take strong measures known as due care
Due diligence requires that an organization
make a valid effort to protect others and
continually maintain this level of effort
59. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 59
ILLINOIS INSTITUTE OF TECHNOLOGY
Our Private Directory for this Course
Answers to chapter review questions
InfoSec Library as self-extracting .zip
file (distributed on CD to live students)
Can only be accessed from Blackboard
60. Transfo rm ing Live s. I
nve nting the Future .
www.iit.edu
ITM 478/578 60
ILLINOIS INSTITUTE OF TECHNOLOGY
The End…
Questions?