SlideShare a Scribd company logo

Law and Ethics in Information Security.pptx

Download as PPTX, PDF
E
EdFeranil

This document discusses laws and ethics related to information security. It begins by defining laws and ethics, noting that laws carry sanctions while ethics do not. It discusses how ethics are based on cultural norms and provides examples of universally accepted ethics. It then discusses organizational liability if an organization does not encourage or model strong ethical behavior. It notes that liability extends beyond criminal law and includes obligations to compensate for wrongs. It emphasizes the need for due care, due diligence, and counsel. The document also discusses policy versus law, types of law, general computer crime laws, privacy laws, identity theft laws, export/espionage laws, copyright law, codes of ethics, and why ethics are significant for information security. It poses ethical questions

1 of 27
Law and Ethics in Information Security
Law and Ethics  Laws are rules that mandate or prohibit certain behavior in society; they are drawn from ethics, which define socially acceptable behaviors.  The key difference between laws and ethics is that laws carry the sanctions of a governing authority and ethics do not.  Ethics in turn are based on cultural mores: the fixed moral attitudes or customs of a particular group. Some ethics are recognized as universal.  For example, murder, theft, assault, and arson are commonly accepted as actions that deviate from ethical and legal codes in the civilized world.
Organizational Liability and the Need for Counsel  What if an organization does not demand or even encourage strong ethical behavior from its employees?  What if an organization does not behave ethically? Even if there is no breach of criminal law, there can still be liability.
Organizational Liability and the Need for Counsel  Liability is the legal obligation of an entity that extends beyond criminal or contract law; it includes the legal obligation to make restitution, or to compensate for wrongs committed by an organization or its employees.  Due care has been taken when an organization makes sure that every employee knows what is acceptable or unacceptable behavior, and knows the consequences of illegal or unethical actions
Organizational Liability and the Need for Counsel  Due diligence requires that an organization make a valid effort to protect others and continually maintain this level of effort.  Given the Internet’s global reach, those who could be injured or wronged by an organization’s members could be anywhere, in any state, any country around the world.
Organizational Liability and the Need for Counsel  Under the U.S. legal system, any court can impose its authority over an individual or organization if it can establish jurisdiction—that is, the court’s right to hear a case if the wrong was committed in its territory or involving its citizenry.  This is sometimes referred to as long arm jurisdiction—the long arm of the law reaching across the country or around the world to pull an accused individual into its court systems.  Trying a case in the injured party’s home area is usually favorable to the injured party.
Policy versus Law  These policies—a body of expectations that describe acceptable and unacceptable employee behaviors in the workplace—function as organizational laws, complete with penalties, judicial practices, and sanctions to require compliance.  policies function as laws, they must be crafted with the same care, to ensure that they are complete, appropriate, and fairly applied to everyone in the workplace
Policy versus Law Thus, for a policy to become enforceable, it must meet the following five criteria:  Dissemination (distribution)  Review (reading)  Comprehension (understanding.  Compliance (agreement)  Uniform enforcement  Only when all of these conditions are met can an organization penalize employees who violate the policy, without fear of legal retribution.
Types of Law  Civil law represents a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizational entities and people  Criminal law addresses violations harmful to society and is actively enforced by the state. The categories of laws that affect the individual in the workplace are private law and public law  Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law.  Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments.  Examples of public law include criminal, administrative, and constitutional law.
General Computer Crime Laws  The Computer Fraud and Abuse Act of 1986 (CFA Act) is the cornerstone of many computer-related federal laws and enforcement efforts.  It was amended in October 1996 by the National Information Infrastructure Protection Act of 1996, which modified several sections of the previous act and increased the penalties for selected crimes
General Computer Crime Laws  The Computer Fraud and Abuse Act of 1986 (CFA Act) is the cornerstone of many computer-related federal laws and enforcement efforts.  It was amended in October 1996 by the National Information Infrastructure Protection Act of 1996, which modified several sections of the previous act and increased the penalties for selected crimes
General Computer Crime Laws  USA PATRIOT Act of 2001 modified a wide range of existing laws to provide law enforcement agencies with broader latitude in order to combat terrorism- related activities.  In 2006, this act was amended further with the USA PATRIOT Improvement and Reauthorization Act, which made permanent 14 of the 16 expanded powers of the Department of Homeland Security, and the FBI in investigating terrorist activity. The act also reset the date of expiration written into the law as a so called sunset clause for certain wiretaps under the Foreign Intelligence Surveillance Act of 1978 (FISA)
General Computer Crime Laws  Another key law is the Computer Security Act of 1987.  It was one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices.  The National Bureau of Standards, in cooperation with the National Security Agency, became responsible for developing these security standards and guidelines.
Privacy  privacy in this context is not absolute freedom from observation, but rather is a more precise “state of being free from unsanctioned intrusion.”  the state or condition of being free from being observed or disturbed by other people.  the state of being free from public attention.
Privacy of Customer Information  The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any marketing purposes, and that carriers cannot disclose this information except when necessary to provide their services.
Privacy of Customer Information  The Federal Privacy Act of 1974 regulates government agencies and holds them accountable if they release private information about individuals or businesses without permission.  Electronic Communications Privacy Act of 1986 is a collection of statutes that regulate the interception of wire, electronic, and oral communications. These statutes work in conjunction with the Fourth Amendment of the U.S. Constitution, which protects individuals from unlawful search and seizure
Privacy of Customer Information  The Financial Services Modernization Act or Gramm-Leach-Bliley Act of 1999 contains a number of provisions focusing on facilitating affiliation among banks, securities firms, and insurance companies
Identity Theft  “occurring when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes”
Export and Espionage Laws  This law attempts to prevent trade secrets from being illegally shared.  The Security And Freedom Through Encryption Act of 1999 provides guidance on the use of encryption, and provides measures of protection from government intervention
U.S. Copyright Law  The U.S. copyright laws extend this privilege to the published word, including electronic formats.  Fair use of copyrighted materials includes their use to support news reporting, teaching, scholarship, and a number of other related activities, so long as the use is for educational or library purposes, not for profit, and is not excessive.
Codes of Ethics and Professional Organizations  A code of ethics is a guide of principles designed to help professionals conduct business honestly and with integrity. ... A code of ethics, also referred to as an "ethical code," may encompass areas such as business ethics, a code of professional practice, and an employee code of conduct
Ethics and Information Security  Ethics can be defined as a moral code by which a person lives. For corporations, ethics can also include the framework you develop for what is or isn’t acceptable behavior within your organization.  In computer security, cyber-ethics is what separates security personnel from the hackers. It’s the knowledge of right and wrong, and the ability to adhere to ethical principles while on the job.
Why is ethics significant to information security?  The data targeted in cyber attacks is often personal and sensitive.  Loss of that sensitive data can be potentially devastating for your customers, and it’s crucial that you have the full trust of the individuals you’ve hired to protect it.  Cybersecurity professionals have access to the sensitive personal data they were hired to protect.  So it’s imperative that employees in these fields have a strong sense of ethics and respect for the privacy of your customers.
Questions  Is it okay to read campus users’ email?  What if you believe that university policies are being violated?  Would you tell the users that their email is being read?  Is it okay to look through files on a user's laptop when you're troubleshooting a problem?  What if the user is someone you think might be storing illegal content on the laptop?
What would you do?  You’re a system administrator with broad access to enterprise systems. Your supervisor has asked you to begin archiving all of the emails and web activity logs of one of your coworkers. Typically requests of this nature are initiated through a formal communication from your campus’s legal office. You feel that this request is inappropriate and possibly at odds with standard campus procedure and processes.  You raise your concerns with your supervisor, but are told that this is a sensitive matter, and details cannot be shared with you. After thinking more about the conversation you had with your supervisor, you are under the impression that you might lose your job if you persist in discussing the matter further or if you refuse to carry out the task.
 As IT professionals, what should we do when we encounter potentially unclear situations like the ones described? Sometimes existing laws or institutional policy will guide ethical behavior; sometimes they won't. What many people often do not understand is that what is legal is not always ethical.  I believe it is our responsibility as IT professionals to act in an ethical manner in the performance of our work duties. To inadvertently do otherwise risks losing the trust of our students, faculty, staff, communities, and the general public. Without such trust I have difficulty imagining how IT professionals can continue to perform their duties effectively.

Recommended

Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
Syaiful Ahdan
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
Gamentortc
 
Information security
Information security Information security
Information security
razendar79
 
System and network administration network services
System and network administration network servicesSystem and network administration network services
System and network administration network services
Uc Man
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
university of education,Lahore
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
 
System Administration
System AdministrationSystem Administration
System Administration
Free Open Source Software Technology Lab
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 

Recommended

Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
Syaiful Ahdan
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
Gamentortc
 
Information security
Information security Information security
Information security
razendar79
 
System and network administration network services
System and network administration network servicesSystem and network administration network services
System and network administration network services
Uc Man
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
university of education,Lahore
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
 
System Administration
System AdministrationSystem Administration
System Administration
Free Open Source Software Technology Lab
 
Operating system security
Operating system securityOperating system security
Operating system securitySarmad Makhdoom
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Client server technology
Client server technologyClient server technology
Client server technology
Anwar Kamal
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
Historical social & economic context of computing
Historical social & economic context of computingHistorical social & economic context of computing
Historical social & economic context of computing
Burhan Ahmed
 
Program security
Program securityProgram security
Program security
G Prachi
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security Goals
Kabul Education University
 
06. security concept
06. security concept06. security concept
06. security concept
Muhammad Ahad
 
introduction to system administration
introduction to system administrationintroduction to system administration
introduction to system administration
gamme123
 
Chapter14
Chapter14Chapter14
Chapter14
Muhammad Ahad
 
Web Engineering
Web EngineeringWeb Engineering
Web Engineering
Muhammad Muzammal
 
Software Engineering Ethics
Software Engineering EthicsSoftware Engineering Ethics
Software Engineering Ethics
Kapil Rajpurohit
 
System security
System securitySystem security
System security
sommerville-videos
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
Amy McMullin
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
DrBasemMohamedElomda
 
Administering security
Administering securityAdministering security
Administering security
G Prachi
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
abdukadirabdullahuad
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 

More Related Content

What's hot

Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Client server technology
Client server technologyClient server technology
Client server technology
Anwar Kamal
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
Historical social & economic context of computing
Historical social & economic context of computingHistorical social & economic context of computing
Historical social & economic context of computing
Burhan Ahmed
 
Program security
Program securityProgram security
Program security
G Prachi
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security Goals
Kabul Education University
 
06. security concept
06. security concept06. security concept
06. security concept
Muhammad Ahad
 
introduction to system administration
introduction to system administrationintroduction to system administration
introduction to system administration
gamme123
 
Chapter14
Chapter14Chapter14
Chapter14
Muhammad Ahad
 
Web Engineering
Web EngineeringWeb Engineering
Web Engineering
Muhammad Muzammal
 
Software Engineering Ethics
Software Engineering EthicsSoftware Engineering Ethics
Software Engineering Ethics
Kapil Rajpurohit
 
System security
System securitySystem security
System security
sommerville-videos
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
Amy McMullin
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
DrBasemMohamedElomda
 
Administering security
Administering securityAdministering security
Administering security
G Prachi
 

What's hot (20)

Security policies
Security policiesSecurity policies
Security policies
 
Client server technology
Client server technologyClient server technology
Client server technology
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
 
Historical social & economic context of computing
Historical social & economic context of computingHistorical social & economic context of computing
Historical social & economic context of computing
 
Program security
Program securityProgram security
Program security
 
Network Security Goals
Network Security GoalsNetwork Security Goals
Network Security Goals
 
06. security concept
06. security concept06. security concept
06. security concept
 
introduction to system administration
introduction to system administrationintroduction to system administration
introduction to system administration
 
Chapter14
Chapter14Chapter14
Chapter14
 
Web Engineering
Web EngineeringWeb Engineering
Web Engineering
 
Software Engineering Ethics
Software Engineering EthicsSoftware Engineering Ethics
Software Engineering Ethics
 
System security
System securitySystem security
System security
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
 
Administering security
Administering securityAdministering security
Administering security
 

Similar to Law and Ethics in Information Security.pptx

Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
abdukadirabdullahuad
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf
503SaranyaS
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to Know
The Capital Network
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
hyacinthshackley2629
 
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Habib Ullah Qamar
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
Samir Jha
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
MeshalALshammari12
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
Carl Ceder
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Ethics in IT.pptx
Ethics in IT.pptxEthics in IT.pptx
Ethics in IT.pptx
SikanderAnsari4
 
What is HIPAA Compliance?
What is HIPAA Compliance?What is HIPAA Compliance?
What is HIPAA Compliance?
Power Admin LLC
 
oA1 2023 FALL BA 340 Pp.pptx
oA1 2023 FALL BA 340 Pp.pptxoA1 2023 FALL BA 340 Pp.pptx
oA1 2023 FALL BA 340 Pp.pptx
JohnCurtis42
 
Legal Environment - International Business - Manu Melwin Joy
Legal Environment - International Business - Manu Melwin JoyLegal Environment - International Business - Manu Melwin Joy
Legal Environment - International Business - Manu Melwin Joy
manumelwin
 
It industry regulations
It industry regulationsIt industry regulations
It industry regulationsNicholas Davis
 
It Industry Regulations
It Industry RegulationsIt Industry Regulations
It Industry RegulationsNicholas Davis
 
Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.ppt
HaiderAli424102
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
Lifeline Data Centers
 
whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.ppt
DEEPAK948083
 

Similar to Law and Ethics in Information Security.pptx (20)

Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to Know
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
 
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 
Review questions
Review questionsReview questions
Review questions
 
Ethics in IT.pptx
Ethics in IT.pptxEthics in IT.pptx
Ethics in IT.pptx
 
What is HIPAA Compliance?
What is HIPAA Compliance?What is HIPAA Compliance?
What is HIPAA Compliance?
 
oA1 2023 FALL BA 340 Pp.pptx
oA1 2023 FALL BA 340 Pp.pptxoA1 2023 FALL BA 340 Pp.pptx
oA1 2023 FALL BA 340 Pp.pptx
 
Legal Environment - International Business - Manu Melwin Joy
Legal Environment - International Business - Manu Melwin JoyLegal Environment - International Business - Manu Melwin Joy
Legal Environment - International Business - Manu Melwin Joy
 
It industry regulations
It industry regulationsIt industry regulations
It industry regulations
 
It Industry Regulations
It Industry RegulationsIt Industry Regulations
It Industry Regulations
 
Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.ppt
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 
whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.ppt
 

More from EdFeranil

The Contemporary World (Movement and Sys
The Contemporary World (Movement and SysThe Contemporary World (Movement and Sys
The Contemporary World (Movement and Sys
EdFeranil
 
Example quiz on sets laws discrete math
Example quiz on sets laws discrete mathExample quiz on sets laws discrete math
Example quiz on sets laws discrete math
EdFeranil
 
Mathematical Logic.pptx
Mathematical Logic.pptxMathematical Logic.pptx
Mathematical Logic.pptx
EdFeranil
 
Arrays in Reading.pptx
Arrays in Reading.pptxArrays in Reading.pptx
Arrays in Reading.pptx
EdFeranil
 
OOP -interface and objects.pptx
OOP -interface and objects.pptxOOP -interface and objects.pptx
OOP -interface and objects.pptx
EdFeranil
 
The Evolution of Computing.pptx
The Evolution of Computing.pptxThe Evolution of Computing.pptx
The Evolution of Computing.pptx
EdFeranil
 
Java Basics.pdf
Java Basics.pdfJava Basics.pdf
Java Basics.pdf
EdFeranil
 
ERD Activity.pptx
ERD Activity.pptxERD Activity.pptx
ERD Activity.pptx
EdFeranil
 
ASSEMBLY LANGUAGE.pptx
ASSEMBLY LANGUAGE.pptxASSEMBLY LANGUAGE.pptx
ASSEMBLY LANGUAGE.pptx
EdFeranil
 
Boolean Expression.pptx
Boolean Expression.pptxBoolean Expression.pptx
Boolean Expression.pptx
EdFeranil
 
intro to assembly language.pptx
intro to assembly language.pptxintro to assembly language.pptx
intro to assembly language.pptx
EdFeranil
 
lecture7.ppt
lecture7.pptlecture7.ppt
lecture7.ppt
EdFeranil
 

More from EdFeranil (12)

The Contemporary World (Movement and Sys
The Contemporary World (Movement and SysThe Contemporary World (Movement and Sys
The Contemporary World (Movement and Sys
 
Example quiz on sets laws discrete math
Example quiz on sets laws discrete mathExample quiz on sets laws discrete math
Example quiz on sets laws discrete math
 
Mathematical Logic.pptx
Mathematical Logic.pptxMathematical Logic.pptx
Mathematical Logic.pptx
 
Arrays in Reading.pptx
Arrays in Reading.pptxArrays in Reading.pptx
Arrays in Reading.pptx
 
OOP -interface and objects.pptx
OOP -interface and objects.pptxOOP -interface and objects.pptx
OOP -interface and objects.pptx
 
The Evolution of Computing.pptx
The Evolution of Computing.pptxThe Evolution of Computing.pptx
The Evolution of Computing.pptx
 
Java Basics.pdf
Java Basics.pdfJava Basics.pdf
Java Basics.pdf
 
ERD Activity.pptx
ERD Activity.pptxERD Activity.pptx
ERD Activity.pptx
 
ASSEMBLY LANGUAGE.pptx
ASSEMBLY LANGUAGE.pptxASSEMBLY LANGUAGE.pptx
ASSEMBLY LANGUAGE.pptx
 
Boolean Expression.pptx
Boolean Expression.pptxBoolean Expression.pptx
Boolean Expression.pptx
 
intro to assembly language.pptx
intro to assembly language.pptxintro to assembly language.pptx
intro to assembly language.pptx
 
lecture7.ppt
lecture7.pptlecture7.ppt
lecture7.ppt
 

Recently uploaded

Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

Law and Ethics in Information Security.pptx

  • 1. Law and Ethics in Information Security
  • 2. Law and Ethics  Laws are rules that mandate or prohibit certain behavior in society; they are drawn from ethics, which define socially acceptable behaviors.  The key difference between laws and ethics is that laws carry the sanctions of a governing authority and ethics do not.  Ethics in turn are based on cultural mores: the fixed moral attitudes or customs of a particular group. Some ethics are recognized as universal.  For example, murder, theft, assault, and arson are commonly accepted as actions that deviate from ethical and legal codes in the civilized world.
  • 3.
  • 4. Organizational Liability and the Need for Counsel  What if an organization does not demand or even encourage strong ethical behavior from its employees?  What if an organization does not behave ethically? Even if there is no breach of criminal law, there can still be liability.
  • 5. Organizational Liability and the Need for Counsel  Liability is the legal obligation of an entity that extends beyond criminal or contract law; it includes the legal obligation to make restitution, or to compensate for wrongs committed by an organization or its employees.  Due care has been taken when an organization makes sure that every employee knows what is acceptable or unacceptable behavior, and knows the consequences of illegal or unethical actions
  • 6. Organizational Liability and the Need for Counsel  Due diligence requires that an organization make a valid effort to protect others and continually maintain this level of effort.  Given the Internet’s global reach, those who could be injured or wronged by an organization’s members could be anywhere, in any state, any country around the world.
  • 7. Organizational Liability and the Need for Counsel  Under the U.S. legal system, any court can impose its authority over an individual or organization if it can establish jurisdiction—that is, the court’s right to hear a case if the wrong was committed in its territory or involving its citizenry.  This is sometimes referred to as long arm jurisdiction—the long arm of the law reaching across the country or around the world to pull an accused individual into its court systems.  Trying a case in the injured party’s home area is usually favorable to the injured party.
  • 8. Policy versus Law  These policies—a body of expectations that describe acceptable and unacceptable employee behaviors in the workplace—function as organizational laws, complete with penalties, judicial practices, and sanctions to require compliance.  policies function as laws, they must be crafted with the same care, to ensure that they are complete, appropriate, and fairly applied to everyone in the workplace
  • 9. Policy versus Law Thus, for a policy to become enforceable, it must meet the following five criteria:  Dissemination (distribution)  Review (reading)  Comprehension (understanding.  Compliance (agreement)  Uniform enforcement  Only when all of these conditions are met can an organization penalize employees who violate the policy, without fear of legal retribution.
  • 10. Types of Law  Civil law represents a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizational entities and people  Criminal law addresses violations harmful to society and is actively enforced by the state. The categories of laws that affect the individual in the workplace are private law and public law  Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law.  Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments.  Examples of public law include criminal, administrative, and constitutional law.
  • 11. General Computer Crime Laws  The Computer Fraud and Abuse Act of 1986 (CFA Act) is the cornerstone of many computer-related federal laws and enforcement efforts.  It was amended in October 1996 by the National Information Infrastructure Protection Act of 1996, which modified several sections of the previous act and increased the penalties for selected crimes
  • 12. General Computer Crime Laws  The Computer Fraud and Abuse Act of 1986 (CFA Act) is the cornerstone of many computer-related federal laws and enforcement efforts.  It was amended in October 1996 by the National Information Infrastructure Protection Act of 1996, which modified several sections of the previous act and increased the penalties for selected crimes
  • 13. General Computer Crime Laws  USA PATRIOT Act of 2001 modified a wide range of existing laws to provide law enforcement agencies with broader latitude in order to combat terrorism- related activities.  In 2006, this act was amended further with the USA PATRIOT Improvement and Reauthorization Act, which made permanent 14 of the 16 expanded powers of the Department of Homeland Security, and the FBI in investigating terrorist activity. The act also reset the date of expiration written into the law as a so called sunset clause for certain wiretaps under the Foreign Intelligence Surveillance Act of 1978 (FISA)
  • 14. General Computer Crime Laws  Another key law is the Computer Security Act of 1987.  It was one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices.  The National Bureau of Standards, in cooperation with the National Security Agency, became responsible for developing these security standards and guidelines.
  • 15. Privacy  privacy in this context is not absolute freedom from observation, but rather is a more precise “state of being free from unsanctioned intrusion.”  the state or condition of being free from being observed or disturbed by other people.  the state of being free from public attention.
  • 16. Privacy of Customer Information  The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any marketing purposes, and that carriers cannot disclose this information except when necessary to provide their services.
  • 17. Privacy of Customer Information  The Federal Privacy Act of 1974 regulates government agencies and holds them accountable if they release private information about individuals or businesses without permission.  Electronic Communications Privacy Act of 1986 is a collection of statutes that regulate the interception of wire, electronic, and oral communications. These statutes work in conjunction with the Fourth Amendment of the U.S. Constitution, which protects individuals from unlawful search and seizure
  • 18. Privacy of Customer Information  The Financial Services Modernization Act or Gramm-Leach-Bliley Act of 1999 contains a number of provisions focusing on facilitating affiliation among banks, securities firms, and insurance companies
  • 19. Identity Theft  “occurring when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes”
  • 20. Export and Espionage Laws  This law attempts to prevent trade secrets from being illegally shared.  The Security And Freedom Through Encryption Act of 1999 provides guidance on the use of encryption, and provides measures of protection from government intervention
  • 21. U.S. Copyright Law  The U.S. copyright laws extend this privilege to the published word, including electronic formats.  Fair use of copyrighted materials includes their use to support news reporting, teaching, scholarship, and a number of other related activities, so long as the use is for educational or library purposes, not for profit, and is not excessive.
  • 22. Codes of Ethics and Professional Organizations  A code of ethics is a guide of principles designed to help professionals conduct business honestly and with integrity. ... A code of ethics, also referred to as an "ethical code," may encompass areas such as business ethics, a code of professional practice, and an employee code of conduct
  • 23. Ethics and Information Security  Ethics can be defined as a moral code by which a person lives. For corporations, ethics can also include the framework you develop for what is or isn’t acceptable behavior within your organization.  In computer security, cyber-ethics is what separates security personnel from the hackers. It’s the knowledge of right and wrong, and the ability to adhere to ethical principles while on the job.
  • 24. Why is ethics significant to information security?  The data targeted in cyber attacks is often personal and sensitive.  Loss of that sensitive data can be potentially devastating for your customers, and it’s crucial that you have the full trust of the individuals you’ve hired to protect it.  Cybersecurity professionals have access to the sensitive personal data they were hired to protect.  So it’s imperative that employees in these fields have a strong sense of ethics and respect for the privacy of your customers.
  • 25. Questions  Is it okay to read campus users’ email?  What if you believe that university policies are being violated?  Would you tell the users that their email is being read?  Is it okay to look through files on a user's laptop when you're troubleshooting a problem?  What if the user is someone you think might be storing illegal content on the laptop?
  • 26. What would you do?  You’re a system administrator with broad access to enterprise systems. Your supervisor has asked you to begin archiving all of the emails and web activity logs of one of your coworkers. Typically requests of this nature are initiated through a formal communication from your campus’s legal office. You feel that this request is inappropriate and possibly at odds with standard campus procedure and processes.  You raise your concerns with your supervisor, but are told that this is a sensitive matter, and details cannot be shared with you. After thinking more about the conversation you had with your supervisor, you are under the impression that you might lose your job if you persist in discussing the matter further or if you refuse to carry out the task.
  • 27.  As IT professionals, what should we do when we encounter potentially unclear situations like the ones described? Sometimes existing laws or institutional policy will guide ethical behavior; sometimes they won't. What many people often do not understand is that what is legal is not always ethical.  I believe it is our responsibility as IT professionals to act in an ethical manner in the performance of our work duties. To inadvertently do otherwise risks losing the trust of our students, faculty, staff, communities, and the general public. Without such trust I have difficulty imagining how IT professionals can continue to perform their duties effectively.