Uploaded byakbarshah9596
PPTX, PDF20 views

Laws and ethics in information assurance

Law and ethics in information assurance

Law

Embed presentation

Download to read offline
Laws and Ethics in Information Assurance
Law and Ethics in Information Security Laws: Rules adopted and enforced by governments to codify expected behavior in modern society Ethics: Relatively fixed moral attitudes or customs of a societal group (based on cultural mores) The key difference between law and ethics is that law carries the sanction of a governing authority and ethics do not.
Types of Law Civil law: Pertains to relationships between and among individuals and organizations Criminal law: Addresses violations harmful to society. Actively enforced and prosecuted by the state Tort law: A subset of civil law that allows individuals to seek redress in the event of personal, physical, or financial injury.
Civil lawsuits In a civil law problem, ‘victim’ must take action to get a legal remedy (adequate compensation). ● ‘victim’ must hire a private lawyer & pay expenses of pursuing the matter ● the police does not get involved, beyond the point of restoring the order In Civil Law, to convict someone, the guilt must be proven on ‘balance of probabilities’. In Civil Law, monetary remedies (damages) are most common.
Criminal cases In a criminal law problem, ‘victim’ (may) report the case to the police and they have the responsibility to investigate. If charge has been properly laid and there is supporting evidence, the Crown Prosecutor (not person who complains of incident) prosecutes in the courts – public funds finance these services Even if a ‘victim’ starts a prosecution privately, the Attorney General has the power to take over the prosecution.
Criminal cases II ● In Criminal Law, to convict someone, the guilt must be proven ‘beyond reasonable doubt’. ● In Criminal Law, the sentence to the offender may include one or a combination of the following: Fine, restitution (compensate for victim’s loss or damages), probation, community service, imprisonment
Types of Law Private law: ● Regulates the relationships among individuals and among individuals and organizations. e.g Family law, commercial law, and labor law. Public law: ● Regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. e.g Criminal, administrative, and constitutional law.
Policy Policies are expectations that describe acceptable and unacceptable employee behaviors in the workplace-function as organizational laws, complete with penalties, judicial practices, and sanctions to require compliance. Policies function as laws, they must be crafted with the same care, to ensure that they are complete, appropriate, and fairly applied to everyone in the workplace
Policy Versus Law Difference between policy and law: Ignorance of policy is an acceptable defense Policies must be: ● Distributed to all individuals who are expected to comply with them. ● Readily available for employee reference. ● Easily understood, with multilingual, visually impaired and low-literacy translations. ● Acknowledged by employee with consent form. ● Uniformly enforced for all employees.
General Computer Crime Laws The Computer Fraud and Abuse Act of 1986 (CFA Act) is the cornerstone of many computer-related federal laws and enforcement efforts. It was amended in October 1996 by the National Information Infrastructure Protection Act of 1996, which modified several sections of the previous act and increased the penalties for selected crimes
Key Provisions of CFA The CFAA criminalizes a range of activities, including: Unauthorized Access: Accessing a computer without authorization (or exceeding authorized access) to obtain information from: Financial institutions, U.S. government computers, Protected computers. Fraud: Committing fraud via computer systems. e.g., phishing, identity theft, or other schemes using computers to defraud. Damage to Computers: Knowingly causing the transmission of a program, information, or code that intentionally damages a protected computer (e.g., viruses, ransomware).
Computer Security Act of 1987 It was one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices. The National Bureau of Standards, in cooperation with the National Security Agency, became responsible for developing these security standards and guidelines. Required federal agencies to identify sensitive computer systems, develop and maintain security plans, and conduct periodic reviews. Assigned NIST to develop security standards and collaborate with the NSA for technical assistance.
The USA Patriot Act of 2001 The USA PATRIOT Act of 2001 granted broader authority to law enforcement agencies, enhancing their ability to monitor, investigate, and respond to terrorism-related activities. The 2006 USA PATRIOT Improvement and Reauthorization Act made 14 of the 16 expanded powers permanent and extended certain FISA wiretap provisions by resetting their sunset clause expiration dates.
Key Provisions of Patriot Act Enhanced Surveillance Powers: Enabled broader wiretaps, email monitoring, and access to personal records; authorized roving wiretaps across multiple devices. Section 215 – Business Records: Allowed the FBI to obtain business records relevant to terrorism investigations, sparking criticism for bulk data collection without specific suspicion. Information Sharing: Facilitated easier information exchange between law enforcement and intelligence agencies. Detention of Immigrants: Authorized detention and deportation of non-citizens suspected of terrorism links.
Privacy Privacy is the right of individuals to control access to their personal information. It involves the ability to decide what data is collected, how it is used, and with whom it is shared. Encourages collecting only the necessary personal information required for a specific purpose, reducing exposure and misuse risks.
Key Concepts Personal Data: Any information that can identify an individual (e.g., name, email, location). Consent: Users must be informed and agree to how their data is used. Control: Individuals should have tools to manage their data visibility.
Privacy as a core Principle of IA Confidentiality: IA ensures that personal/private data is accessed only by authorized users. Privacy protection depends on confidentiality being maintained in digital systems.
Supporting Legal & Ethical Responsibilities GDPR(General Data Protection Regulation): Protects personal data of individuals in the EU and gives them more control over how their data is collected, stored, and used. HIPAA(Health Insurance Portability and Accountability Act): Protects sensitive health information from being disclosed without the patient’s consent or knowledge. CCPA(California Consumer Privacy Act): Gives California residents more control over their personal information.
Privacy of Consumer Information Federal Privacy Act of 1974: The Federal Privacy Act of 1974 regulates government agencies and holds them accountable if they release private information about individuals or businesses without permission. Electronic Communications Privacy Act of 1986: It is a collection of statutes that regulate the interception of wire, electronic, and oral communications. These statutes work in conjunction with the Fourth Amendment of the U.S. Constitution, which protects individuals from unlawful search and seizure.
Identity Theft Occurs when someone uses your personally identifying information, like your name, CNIC number, or debit card number, without your permission. Typically used to commit financial fraud, open accounts, make purchases, or engage in illegal activities under someone else’s identity. Victims may face legal challenges, including disputes over fraudulent transactions and efforts to clear their name from criminal activity committed by the thief.
Export and Espionage Laws Economic Espionage Act (EEA) of 1996: An attempt to protect intellectual property and competitive advantage. It also attempts to protect trade secrets from the foreign government, another company or a disgruntled former employee that uses its classic espionage apparatus to spy on a company
The SAFE Act of 1997 Security and Freedom through Encryption Act of 1997: ● Provides guidance on the use of encryption ● Institutes measures of public protection from government intervention ● Reinforces an individual’s right to use or sell encryption algorithms ● Prohibits the federal government from requiring the use of encryption for contracts, grants, and other official documents, and correspondence
U.S. Copyright Law - Extends protection to intellectual property, including words published in electronic formats - ‘Fair use’ allows material to be quoted so long as the purpose is educational and not for profit, and the usage is not excessive - Proper acknowledgement must be provided to the author and/or copyright holder of such works
Ethics in Information Assurance Ethics can be defined as a moral code by which a person lives. For corporations, ethics can also include the framework you develop for what is or isn't acceptable behavior within your organization. In computer security, cyber-ethics is what separates security personnel from the hackers. It's the knowledge of right and wrong, and the ability to adhere to ethical principles while on the job.
Ten Commandments of Computer Ethics From the Computer Ethics Institute. Thou shalt not: 1. Use a computer to harm other people 2. Interfere with other people's computer work 3. Snoop around in other people's computer files 4. Use a computer to steal 5. Use a computer to bear false witness 6. Copy or use proprietary software (w/o paying) 7. Use other people's computer resources without authorization or proper compensation
Ten Commandments of Computer Ethics 8. Appropriate other people's intellectual output 9. Think about the social consequences of the program you are writing or the system you are designing 10. Always use a computer in ways that ensure consideration and respect for fellow humans
Deterring Unethical and Illegal Behavior • InfoSec personnel should do everything in their power to deter unethical and illegal acts – Using policy, education and training, and technology as controls to protect information • Categories of unethical behavior – Ignorance – Accident – Intent
Deterring Unethical and Illegal Behavior • Deterrence – Best method for preventing an illegal or unethical activity – Examples: laws, policies, and technical controls – Laws and policies and their associated penalties only deter if three conditions are present: • Fear of penalty • Probability of being caught • Probability of penalty being administered
Ethics and Education • Differences in computer use ethics: – Not exclusively cultural. – Found among individuals within the same country, within the same social class, and within the same company. • Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is education. • Employees must be trained on the expected behaviors of an ethical employee.
Why is ethics significant to information security? ❖ The data targeted in cyber attacks is often personal and sensitive. ❖ Loss of that sensitive data can be potentially devastating for your customers, and it's crucial that you have the full trust of the individuals you've hired to protect it. ❖ Cybersecurity professionals have access to the sensitive personal data they were hired to protect. ❖ So it's imperative that employees in these fields have a strong sense of ethics and respect for the privacy of your customers.
Any Questions ?? Thank You!

More Related Content

PPTX
Whitman_Ch03.pptx
bySiphamandla9
 
PPTX
Law and Order in PK in a country is most important
byAssadLeo1
 
PPTX
egal, Ethical, and Professional Issues in Information Security.pptx
bysania82678
 
PPTX
Legal-Ethical-Professionalin-IS.pptx
byShruthi48
 
PPTX
539547533-Law-and-Ethics-in-Information-Security-1.pptx
bySuvedha8
 
PDF
541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
byubaidullah75790
 
PPTX
Law and Ethics in Information Security.pptx
byEdFeranil
 
PPT
4482LawEthics 3333333333333333333333333333333333333333333333333...
bybahawalofficial218
 
Whitman_Ch03.pptx
bySiphamandla9
 
Law and Order in PK in a country is most important
byAssadLeo1
 
egal, Ethical, and Professional Issues in Information Security.pptx
bysania82678
 
Legal-Ethical-Professionalin-IS.pptx
byShruthi48
 
539547533-Law-and-Ethics-in-Information-Security-1.pptx
bySuvedha8
 
541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
byubaidullah75790
 
Law and Ethics in Information Security.pptx
byEdFeranil
 
4482LawEthics 3333333333333333333333333333333333333333333333333...
bybahawalofficial218
 

Similar to Laws and ethics in information assurance

PPT
4482LawEthics.pptwhich you should learns
byfillformadarsh
 
PPTX
Chapter1 Cyber security Law & policy.pptx
byNargis Parveen
 
PPT
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
byamiable_indian
 
PPT
4482 Law Ethics for Every Steps in Life and Business.ppt
byAlifahadHussain
 
PPT
Law & Ethics.pptx - B.COM [Business Law]
bykaibinni5
 
PPT
4482LawEthics.ppt
byLAXMIPRASANNA565999
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 2)
bySam Bowne
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 2)
bySam Bowne
 
PPT
10. law invest & ethics
by7wounders
 
PPTX
law_and_ethics_polocies_and_security.pptx
bysyedatoobaaftab1
 
PPTX
Chapter 3 - Lesson 1.pptx
byJhaiJhai6
 
PPTX
02 Legal, Ethical, and Professional Issues in Information Security
bysappingtonkr
 
PPTX
Legal, Ethical, and Professional Issues In Information Security
byCarl Ceder
 
PPT
Ethics in IT Security
bymtvvvv
 
PDF
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
bySam Bowne
 
PPT
Information Assurance And Security - Chapter 3 - Lesson 1
byMLG College of Learning, Inc
 
PPT
Lesson 1
byMLG College of Learning, Inc
 
PPT
Lesson 1- Laws and Ethics
byMLG College of Learning, Inc
 
PPTX
Ethical Issues and Relevant Laws on Computing
byLaguna State Polytechnic University
 
PPT
Chapter 3 Principles of Info Security.ppt
byEstherBaguma
 
4482LawEthics.pptwhich you should learns
byfillformadarsh
 
Chapter1 Cyber security Law & policy.pptx
byNargis Parveen
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
byamiable_indian
 
4482 Law Ethics for Every Steps in Life and Business.ppt
byAlifahadHussain
 
Law & Ethics.pptx - B.COM [Business Law]
bykaibinni5
 
4482LawEthics.ppt
byLAXMIPRASANNA565999
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
bySam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
bySam Bowne
 
10. law invest & ethics
by7wounders
 
law_and_ethics_polocies_and_security.pptx
bysyedatoobaaftab1
 
Chapter 3 - Lesson 1.pptx
byJhaiJhai6
 
02 Legal, Ethical, and Professional Issues in Information Security
bysappingtonkr
 
Legal, Ethical, and Professional Issues In Information Security
byCarl Ceder
 
Ethics in IT Security
bymtvvvv
 
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
bySam Bowne
 
Information Assurance And Security - Chapter 3 - Lesson 1
byMLG College of Learning, Inc
 
Lesson 1
byMLG College of Learning, Inc
 
Lesson 1- Laws and Ethics
byMLG College of Learning, Inc
 
Ethical Issues and Relevant Laws on Computing
byLaguna State Polytechnic University
 
Chapter 3 Principles of Info Security.ppt
byEstherBaguma
 

Recently uploaded

PPTX
When Did DUI Become Illegal: A Complete Guide
byJosh Mcdowell
 
PDF
DEVELOPMENT OF CHEMICAL AND PHARMACEUTICAL DOCUMENTATION
bylingher1
 
PPTX
Week-15--ICT-in-Daily-Life-Smart-Homes--Banking--Online-Shopping-20092025-111...
byomamanouman4
 
PDF
ADR. Part one Definition and Basic features
byyusufwerkineh4
 
PDF
Inheritance: How to Avoid Family Disputes
byDr Edgar Paltzer
 
PPTX
Women Security society and cyber security concentrating on legal provisions a...
byjaykumar39894
 
PPTX
POSH Training Rignaya and Associates LLP for training employees
byaabha35
 
PDF
Crimes_Against_Women_PSU_Training (1).pdf
byPrashansa Srivastava
 
PDF
For-Website-251218-CJP-complaint-to-NCM-on-hate-speech-vigilantism-etc-target...
bysabranghindi
 
PDF
The Architecture of Sovereignty: A Comprehensive Analysis of Recognition unde...
by Judge Nazmul Hasan.
 
PDF
Final Judgment Angelina Martinz v Isabel Maria Aguilar Broward Case No. CACE-...
byRaymond R. Dieppa
 
PPTX
volenti non fit injuria .pptx dsjbf v d s sdj w
byajbjsba724
 
PDF
Cases penned by Justice-Zalameda 2019-2025
byGenpsyPacada
 
PDF
122392022_2024-11-13-bulldozer-justice-judgment-1.pdf
bysabranghindi
 
PDF
The Difference Between Criminal and Civil Wrongful Death Cases
byPeach Firm
 
PDF
Cecilia Alvarez v Supreme Rent a Car jury verdict $5,643,981.00 (Miami-Dade 2...
byRaymond R. Dieppa
 
PDF
EMMANUEL MOUKA FOOD POISONING CAUGHT ON CCTV PETITION
byMouka Emmanuel
 
PDF
Verdict Form - Glen Blanco v Paul Jerome Miami-Dade Case No. 2018-034632-CA-01
byRaymond R. Dieppa
 
PPTX
Labour Codes 2025, ppt on new labour codes
byYASHJAIN886310
 
PDF
Final Judgement - Glen Blanco v Paul Jerome Case No. 2018-034632-CA-01
byRaymond R. Dieppa
 
When Did DUI Become Illegal: A Complete Guide
byJosh Mcdowell
 
DEVELOPMENT OF CHEMICAL AND PHARMACEUTICAL DOCUMENTATION
bylingher1
 
Week-15--ICT-in-Daily-Life-Smart-Homes--Banking--Online-Shopping-20092025-111...
byomamanouman4
 
ADR. Part one Definition and Basic features
byyusufwerkineh4
 
Inheritance: How to Avoid Family Disputes
byDr Edgar Paltzer
 
Women Security society and cyber security concentrating on legal provisions a...
byjaykumar39894
 
POSH Training Rignaya and Associates LLP for training employees
byaabha35
 
Crimes_Against_Women_PSU_Training (1).pdf
byPrashansa Srivastava
 
For-Website-251218-CJP-complaint-to-NCM-on-hate-speech-vigilantism-etc-target...
bysabranghindi
 
The Architecture of Sovereignty: A Comprehensive Analysis of Recognition unde...
by Judge Nazmul Hasan.
 
Final Judgment Angelina Martinz v Isabel Maria Aguilar Broward Case No. CACE-...
byRaymond R. Dieppa
 
volenti non fit injuria .pptx dsjbf v d s sdj w
byajbjsba724
 
Cases penned by Justice-Zalameda 2019-2025
byGenpsyPacada
 
122392022_2024-11-13-bulldozer-justice-judgment-1.pdf
bysabranghindi
 
The Difference Between Criminal and Civil Wrongful Death Cases
byPeach Firm
 
Cecilia Alvarez v Supreme Rent a Car jury verdict $5,643,981.00 (Miami-Dade 2...
byRaymond R. Dieppa
 
EMMANUEL MOUKA FOOD POISONING CAUGHT ON CCTV PETITION
byMouka Emmanuel
 
Verdict Form - Glen Blanco v Paul Jerome Miami-Dade Case No. 2018-034632-CA-01
byRaymond R. Dieppa
 
Labour Codes 2025, ppt on new labour codes
byYASHJAIN886310
 
Final Judgement - Glen Blanco v Paul Jerome Case No. 2018-034632-CA-01
byRaymond R. Dieppa
 

Laws and ethics in information assurance

  • 1.
    Laws and Ethics inInformation Assurance
  • 2.
    Law and Ethicsin Information Security Laws: Rules adopted and enforced by governments to codify expected behavior in modern society Ethics: Relatively fixed moral attitudes or customs of a societal group (based on cultural mores) The key difference between law and ethics is that law carries the sanction of a governing authority and ethics do not.
  • 3.
    Types of Law Civillaw: Pertains to relationships between and among individuals and organizations Criminal law: Addresses violations harmful to society. Actively enforced and prosecuted by the state Tort law: A subset of civil law that allows individuals to seek redress in the event of personal, physical, or financial injury.
  • 4.
    Civil lawsuits In acivil law problem, ‘victim’ must take action to get a legal remedy (adequate compensation). ● ‘victim’ must hire a private lawyer & pay expenses of pursuing the matter ● the police does not get involved, beyond the point of restoring the order In Civil Law, to convict someone, the guilt must be proven on ‘balance of probabilities’. In Civil Law, monetary remedies (damages) are most common.
  • 5.
    Criminal cases In acriminal law problem, ‘victim’ (may) report the case to the police and they have the responsibility to investigate. If charge has been properly laid and there is supporting evidence, the Crown Prosecutor (not person who complains of incident) prosecutes in the courts – public funds finance these services Even if a ‘victim’ starts a prosecution privately, the Attorney General has the power to take over the prosecution.
  • 6.
    Criminal cases II ●In Criminal Law, to convict someone, the guilt must be proven ‘beyond reasonable doubt’. ● In Criminal Law, the sentence to the offender may include one or a combination of the following: Fine, restitution (compensate for victim’s loss or damages), probation, community service, imprisonment
  • 7.
    Types of Law Privatelaw: ● Regulates the relationships among individuals and among individuals and organizations. e.g Family law, commercial law, and labor law. Public law: ● Regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. e.g Criminal, administrative, and constitutional law.
  • 8.
    Policy Policies are expectationsthat describe acceptable and unacceptable employee behaviors in the workplace-function as organizational laws, complete with penalties, judicial practices, and sanctions to require compliance. Policies function as laws, they must be crafted with the same care, to ensure that they are complete, appropriate, and fairly applied to everyone in the workplace
  • 9.
    Policy Versus Law Differencebetween policy and law: Ignorance of policy is an acceptable defense Policies must be: ● Distributed to all individuals who are expected to comply with them. ● Readily available for employee reference. ● Easily understood, with multilingual, visually impaired and low-literacy translations. ● Acknowledged by employee with consent form. ● Uniformly enforced for all employees.
  • 10.
    General Computer CrimeLaws The Computer Fraud and Abuse Act of 1986 (CFA Act) is the cornerstone of many computer-related federal laws and enforcement efforts. It was amended in October 1996 by the National Information Infrastructure Protection Act of 1996, which modified several sections of the previous act and increased the penalties for selected crimes
  • 11.
    Key Provisions ofCFA The CFAA criminalizes a range of activities, including: Unauthorized Access: Accessing a computer without authorization (or exceeding authorized access) to obtain information from: Financial institutions, U.S. government computers, Protected computers. Fraud: Committing fraud via computer systems. e.g., phishing, identity theft, or other schemes using computers to defraud. Damage to Computers: Knowingly causing the transmission of a program, information, or code that intentionally damages a protected computer (e.g., viruses, ransomware).
  • 12.
    Computer Security Actof 1987 It was one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices. The National Bureau of Standards, in cooperation with the National Security Agency, became responsible for developing these security standards and guidelines. Required federal agencies to identify sensitive computer systems, develop and maintain security plans, and conduct periodic reviews. Assigned NIST to develop security standards and collaborate with the NSA for technical assistance.
  • 13.
    The USA PatriotAct of 2001 The USA PATRIOT Act of 2001 granted broader authority to law enforcement agencies, enhancing their ability to monitor, investigate, and respond to terrorism-related activities. The 2006 USA PATRIOT Improvement and Reauthorization Act made 14 of the 16 expanded powers permanent and extended certain FISA wiretap provisions by resetting their sunset clause expiration dates.
  • 14.
    Key Provisions ofPatriot Act Enhanced Surveillance Powers: Enabled broader wiretaps, email monitoring, and access to personal records; authorized roving wiretaps across multiple devices. Section 215 – Business Records: Allowed the FBI to obtain business records relevant to terrorism investigations, sparking criticism for bulk data collection without specific suspicion. Information Sharing: Facilitated easier information exchange between law enforcement and intelligence agencies. Detention of Immigrants: Authorized detention and deportation of non-citizens suspected of terrorism links.
  • 15.
    Privacy Privacy is theright of individuals to control access to their personal information. It involves the ability to decide what data is collected, how it is used, and with whom it is shared. Encourages collecting only the necessary personal information required for a specific purpose, reducing exposure and misuse risks.
  • 16.
    Key Concepts Personal Data:Any information that can identify an individual (e.g., name, email, location). Consent: Users must be informed and agree to how their data is used. Control: Individuals should have tools to manage their data visibility.
  • 17.
    Privacy as acore Principle of IA Confidentiality: IA ensures that personal/private data is accessed only by authorized users. Privacy protection depends on confidentiality being maintained in digital systems.
  • 18.
    Supporting Legal &Ethical Responsibilities GDPR(General Data Protection Regulation): Protects personal data of individuals in the EU and gives them more control over how their data is collected, stored, and used. HIPAA(Health Insurance Portability and Accountability Act): Protects sensitive health information from being disclosed without the patient’s consent or knowledge. CCPA(California Consumer Privacy Act): Gives California residents more control over their personal information.
  • 19.
    Privacy of ConsumerInformation Federal Privacy Act of 1974: The Federal Privacy Act of 1974 regulates government agencies and holds them accountable if they release private information about individuals or businesses without permission. Electronic Communications Privacy Act of 1986: It is a collection of statutes that regulate the interception of wire, electronic, and oral communications. These statutes work in conjunction with the Fourth Amendment of the U.S. Constitution, which protects individuals from unlawful search and seizure.
  • 20.
    Identity Theft Occurs whensomeone uses your personally identifying information, like your name, CNIC number, or debit card number, without your permission. Typically used to commit financial fraud, open accounts, make purchases, or engage in illegal activities under someone else’s identity. Victims may face legal challenges, including disputes over fraudulent transactions and efforts to clear their name from criminal activity committed by the thief.
  • 21.
    Export and EspionageLaws Economic Espionage Act (EEA) of 1996: An attempt to protect intellectual property and competitive advantage. It also attempts to protect trade secrets from the foreign government, another company or a disgruntled former employee that uses its classic espionage apparatus to spy on a company
  • 22.
    The SAFE Actof 1997 Security and Freedom through Encryption Act of 1997: ● Provides guidance on the use of encryption ● Institutes measures of public protection from government intervention ● Reinforces an individual’s right to use or sell encryption algorithms ● Prohibits the federal government from requiring the use of encryption for contracts, grants, and other official documents, and correspondence
  • 23.
    U.S. Copyright Law -Extends protection to intellectual property, including words published in electronic formats - ‘Fair use’ allows material to be quoted so long as the purpose is educational and not for profit, and the usage is not excessive - Proper acknowledgement must be provided to the author and/or copyright holder of such works
  • 24.
    Ethics in InformationAssurance Ethics can be defined as a moral code by which a person lives. For corporations, ethics can also include the framework you develop for what is or isn't acceptable behavior within your organization. In computer security, cyber-ethics is what separates security personnel from the hackers. It's the knowledge of right and wrong, and the ability to adhere to ethical principles while on the job.
  • 25.
    Ten Commandments ofComputer Ethics From the Computer Ethics Institute. Thou shalt not: 1. Use a computer to harm other people 2. Interfere with other people's computer work 3. Snoop around in other people's computer files 4. Use a computer to steal 5. Use a computer to bear false witness 6. Copy or use proprietary software (w/o paying) 7. Use other people's computer resources without authorization or proper compensation
  • 26.
    Ten Commandments ofComputer Ethics 8. Appropriate other people's intellectual output 9. Think about the social consequences of the program you are writing or the system you are designing 10. Always use a computer in ways that ensure consideration and respect for fellow humans
  • 27.
    Deterring Unethical andIllegal Behavior • InfoSec personnel should do everything in their power to deter unethical and illegal acts – Using policy, education and training, and technology as controls to protect information • Categories of unethical behavior – Ignorance – Accident – Intent
  • 28.
    Deterring Unethical andIllegal Behavior • Deterrence – Best method for preventing an illegal or unethical activity – Examples: laws, policies, and technical controls – Laws and policies and their associated penalties only deter if three conditions are present: • Fear of penalty • Probability of being caught • Probability of penalty being administered
  • 29.
    Ethics and Education •Differences in computer use ethics: – Not exclusively cultural. – Found among individuals within the same country, within the same social class, and within the same company. • Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is education. • Employees must be trained on the expected behaviors of an ethical employee.
  • 30.
    Why is ethicssignificant to information security? ❖ The data targeted in cyber attacks is often personal and sensitive. ❖ Loss of that sensitive data can be potentially devastating for your customers, and it's crucial that you have the full trust of the individuals you've hired to protect it. ❖ Cybersecurity professionals have access to the sensitive personal data they were hired to protect. ❖ So it's imperative that employees in these fields have a strong sense of ethics and respect for the privacy of your customers.
  • 31.