SlideShare a Scribd company logo

Lesson 1

Download as PPT, PDF
M
MLG College of Learning, Inc

This document discusses laws, regulations, ethics, and professional organizations related to information security. It covers the differences between laws and ethics, types of laws, relevant US laws including the Computer Fraud and Abuse Act and laws around privacy like HIPAA. Organizational liability, policies versus laws, and the need for legal counsel are also addressed. The goal is to help information security practitioners understand the legal environment and minimize risks.

Education
1 of 15
Principles of Information Security, Fifth Edition Chapter 3 Legal, Ethical, and Professional Issues in Information Security Lesson 1 – Laws and Ethics
Learning Objectives • Upon completion of this material, you should be able to: – Describe the functions of and relationships among laws, regulations, and professional organizations in information security – Explain the differences between laws and ethics Principles of Information Security, Fifth Edition 2
Introduction • You must understand the scope of an organization’s legal and ethical responsibilities. • To minimize liabilities/reduce risks, the information security practitioner must: – Understand the current legal environment – Stay current with laws and regulations – Watch for new and emerging issues Principles of Information Security, Fifth Edition 3
Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain behavior and are enforced by the state • Ethics: regulate and define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group • Laws carry the authority of a governing authority; ethics do not. Principles of Information Security, Fifth Edition 4
Organizational Liability and the Need for Counsel • Liability: the legal obligation of an entity extending beyond criminal or contract law; includes the legal obligation to make restitution • Restitution: the legal obligation to compensate an injured party for wrongs committed • Due care: the legal standard requiring a prudent organization to act legally and ethically and know the consequences of actions • Due diligence: the legal standard requiring a prudent organization to maintain the standard of due care and ensure actions are effective Principles of Information Security, Fifth Edition 5
Organizational Liability and the Need for Counsel (cont’d) • Jurisdiction: court’s right to hear a case if the wrong was committed in its territory or involved its citizenry • Long-arm jurisdiction: application of laws to those residing outside a court’s normal jurisdiction; usually granted when a person acts illegally within the jurisdiction and leaves Principles of Information Security, Fifth Edition 6
Policy Versus Law • Policies: managerial directives that specify acceptable and unacceptable employee behavior in the workplace • Policies function as organizational laws; must be crafted and implemented with care to ensure they are complete, appropriate, and fairly applied to everyone • Difference between policy and law: Ignorance of a policy is an acceptable defense. Principles of Information Security, Fifth Edition 7
Policy Versus Law (cont’d) • Criteria for policy enforcement: – Dissemination (distribution) – Review (reading) – Comprehension (understanding) – Compliance (agreement) – Uniform enforcement Principles of Information Security, Fifth Edition 8
Types of Law • Civil: governs nation or state; manages relationships/conflicts between organizations and people • Criminal: addresses activities and conduct harmful to society; actively enforced by the state • Private: family/commercial/labor law; regulates relationships between individuals and organizations • Public: regulates structure/administration of government agencies and their relationships with citizens, employees, and other governments Principles of Information Security, Fifth Edition 9
Relevant U.S. Laws • The United States has been a leader in the development and implementation of information security legislation. • Information security legislation contributes to a more reliable business environment and a stable economy. • The United States has demonstrated understanding of the importance of securing information and has specified penalties for individuals and organizations that breach civil and criminal law. Principles of Information Security, Fifth Edition 10
General Computer Crime Laws • Computer Fraud and Abuse Act of 1986 (CFA Act): Cornerstone of many computer-related federal laws and enforcement efforts • National Information Infrastructure Protection Act of 1996: – Modified several sections of the previous act and increased the penalties for selected crimes – Severity of the penalties was judged on the value of the information and the purpose • For purposes of commercial advantage • For private financial gain • In furtherance of a criminal act Principles of Information Security, Fifth Edition 11
General Computer Crime Laws (cont’d) • USA PATRIOT Act of 2001: Provides law enforcement agencies with broader latitude in order to combat terrorism-related activities • USA PATRIOT Improvement and Reauthorization Act: Made permanent fourteen of the sixteen expanded powers of the Department of Homeland Security and the FBI in investigating terrorist activity • Computer Security Act of 1987: One of the first attempts to protect federal computer systems by establishing minimum acceptable security practices. Principles of Information Security, Fifth Edition 12
Privacy • One of the hottest topics in information security • Right of individuals or groups to protect themselves and personal information from unauthorized access • Ability to aggregate data from multiple sources allows creation of information databases previously impossible • The number of statutes addressing an individual’s right to privacy has grown. Principles of Information Security, Fifth Edition 13
Principles of Information Security, Fifth Edition 14
Privacy (cont’d) • U.S. Regulations – Privacy of Customer Information Section of the common carrier regulation – Federal Privacy Act of 1974 – Electronic Communications Privacy Act of 1986 – Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act – Financial Services Modernization Act, or Gramm- Leach-Bliley Act of 1999 Principles of Information Security, Fifth Edition 15

Recommended

IS740 Chapter 14
IS740 Chapter 14IS740 Chapter 14
IS740 Chapter 14
iDocs
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
Gamentortc
 
Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Whitman_Ch03.pptx
Whitman_Ch03.pptxWhitman_Ch03.pptx
Whitman_Ch03.pptx
Siphamandla9
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
Zefren Edior
 
Chapter 1_dp-pertemuan 1
Chapter 1_dp-pertemuan 1 Chapter 1_dp-pertemuan 1
Chapter 1_dp-pertemuan 1
UNIVERSITAS TEKNOKRAT INDONESIA
 

Recommended

IS740 Chapter 14
IS740 Chapter 14IS740 Chapter 14
IS740 Chapter 14
iDocs
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
Gamentortc
 
Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Whitman_Ch03.pptx
Whitman_Ch03.pptxWhitman_Ch03.pptx
Whitman_Ch03.pptx
Siphamandla9
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
Zefren Edior
 
Chapter 1_dp-pertemuan 1
Chapter 1_dp-pertemuan 1 Chapter 1_dp-pertemuan 1
Chapter 1_dp-pertemuan 1
UNIVERSITAS TEKNOKRAT INDONESIA
 
Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3
MLG College of Learning, Inc
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
Syaiful Ahdan
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
Karwan Mustafa Kareem
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.ppt
Shruthi48
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3
MLG College of Learning, Inc
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
MLG College of Learning, Inc
 
Protection models
Protection modelsProtection models
Protection models
G Prachi
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
rajakhurram
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
Muhammad Zia
 
cyber security notes
cyber security notescyber security notes
cyber security notes
SHIKHAJAIN163
 
INFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdfINFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdf
EarlvonDeiparine1
 
Decision theory
Decision theoryDecision theory
Decision theory
JULIO GONZALEZ SANZ
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
G Prachi
 
Chapter 10. Cluster Analysis Basic Concepts and Methods.ppt
Chapter 10. Cluster Analysis Basic Concepts and Methods.pptChapter 10. Cluster Analysis Basic Concepts and Methods.ppt
Chapter 10. Cluster Analysis Basic Concepts and Methods.ppt
Subrata Kumer Paul
 
Chapter 09 classification advanced
Chapter 09 classification advancedChapter 09 classification advanced
Chapter 09 classification advanced
Houw Liong The
 
Powerpoint Women's Correctional Institution
Powerpoint Women's Correctional InstitutionPowerpoint Women's Correctional Institution
Powerpoint Women's Correctional Institution
lottesylvana
 
Chapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxChapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptx
JhaiJhai6
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptx
Shruthi48
 

More Related Content

What's hot

Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3
MLG College of Learning, Inc
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
Syaiful Ahdan
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
Karwan Mustafa Kareem
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.ppt
Shruthi48
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3
MLG College of Learning, Inc
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
MLG College of Learning, Inc
 
Protection models
Protection modelsProtection models
Protection models
G Prachi
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
rajakhurram
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
Muhammad Zia
 
cyber security notes
cyber security notescyber security notes
cyber security notes
SHIKHAJAIN163
 
INFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdfINFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdf
EarlvonDeiparine1
 
Decision theory
Decision theoryDecision theory
Decision theory
JULIO GONZALEZ SANZ
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
G Prachi
 
Chapter 10. Cluster Analysis Basic Concepts and Methods.ppt
Chapter 10. Cluster Analysis Basic Concepts and Methods.pptChapter 10. Cluster Analysis Basic Concepts and Methods.ppt
Chapter 10. Cluster Analysis Basic Concepts and Methods.ppt
Subrata Kumer Paul
 
Chapter 09 classification advanced
Chapter 09 classification advancedChapter 09 classification advanced
Chapter 09 classification advanced
Houw Liong The
 
Powerpoint Women's Correctional Institution
Powerpoint Women's Correctional InstitutionPowerpoint Women's Correctional Institution
Powerpoint Women's Correctional Institution
lottesylvana
 

What's hot (20)

Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3Information Assurance And Security - Chapter 2 - Lesson 3
Information Assurance And Security - Chapter 2 - Lesson 3
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.ppt
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
 
Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3Information Assurance And Security - Chapter 3 - Lesson 3
Information Assurance And Security - Chapter 3 - Lesson 3
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
 
Protection models
Protection modelsProtection models
Protection models
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
cyber security notes
cyber security notescyber security notes
cyber security notes
 
INFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdfINFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdf
 
Decision theory
Decision theoryDecision theory
Decision theory
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Security policies
Security policiesSecurity policies
Security policies
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
 
Chapter 10. Cluster Analysis Basic Concepts and Methods.ppt
Chapter 10. Cluster Analysis Basic Concepts and Methods.pptChapter 10. Cluster Analysis Basic Concepts and Methods.ppt
Chapter 10. Cluster Analysis Basic Concepts and Methods.ppt
 
Chapter 09 classification advanced
Chapter 09 classification advancedChapter 09 classification advanced
Chapter 09 classification advanced
 
Powerpoint Women's Correctional Institution
Powerpoint Women's Correctional InstitutionPowerpoint Women's Correctional Institution
Powerpoint Women's Correctional Institution
 

Similar to Lesson 1

Chapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxChapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptx
JhaiJhai6
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptx
Shruthi48
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
JhaiJhai6
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptx
Nargis Parveen
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
EdFeranil
 
4482LawEthics.ppt
4482LawEthics.ppt4482LawEthics.ppt
4482LawEthics.ppt
LAXMIPRASANNA565999
 
whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.ppt
DEEPAK948083
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
abdukadirabdullahuad
 
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Larry Catá Backer
 
Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.ppt
HaiderAli424102
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
Anil Yadav
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
Anil Yadav
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Financial Poise
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
hyacinthshackley2629
 
3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx
JohnLagman3
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
ghghghghgh
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
MeshalALshammari12
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
Samir Jha
 

Similar to Lesson 1 (20)

Chapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxChapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptx
 
Legal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptxLegal-Ethical-Professionalin-IS.pptx
Legal-Ethical-Professionalin-IS.pptx
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptx
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
 
4482LawEthics.ppt
4482LawEthics.ppt4482LawEthics.ppt
4482LawEthics.ppt
 
whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.ppt
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
Polycentricity in South Asian Human Rights Law: On the Strategic and Simultan...
 
Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.ppt
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
 
3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx3-Professional Ethics Issues.pptx
3-Professional Ethics Issues.pptx
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
 

More from MLG College of Learning, Inc

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
MLG College of Learning, Inc
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
MLG College of Learning, Inc
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
MLG College of Learning, Inc
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
MLG College of Learning, Inc
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
MLG College of Learning, Inc
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
MLG College of Learning, Inc
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
MLG College of Learning, Inc
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
MLG College of Learning, Inc
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
MLG College of Learning, Inc
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
MLG College of Learning, Inc
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
MLG College of Learning, Inc
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
MLG College of Learning, Inc
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
MLG College of Learning, Inc
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
MLG College of Learning, Inc
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
MLG College of Learning, Inc
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
MLG College of Learning, Inc
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
MLG College of Learning, Inc
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
MLG College of Learning, Inc
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
MLG College of Learning, Inc
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
MLG College of Learning, Inc
 

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
Celine George
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
Katrina Pritchard
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
Celine George
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
RAHUL
 
Community pharmacy- Social and preventive pharmacy UNIT 5
Community pharmacy- Social and preventive pharmacy UNIT 5Community pharmacy- Social and preventive pharmacy UNIT 5
Community pharmacy- Social and preventive pharmacy UNIT 5
sayalidalavi006
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
Nguyen Thanh Tu Collection
 
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
National Information Standards Organization (NISO)
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
heathfieldcps1
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
ak6969907
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
paigestewart1632
 
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
RitikBhardwaj56
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
Celine George
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
TechSoup
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 

Recently uploaded (20)

How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
 
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
 
Community pharmacy- Social and preventive pharmacy UNIT 5
Community pharmacy- Social and preventive pharmacy UNIT 5Community pharmacy- Social and preventive pharmacy UNIT 5
Community pharmacy- Social and preventive pharmacy UNIT 5
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
 
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
Pollock and Snow "DEIA in the Scholarly Landscape, Session One: Setting Expec...
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
 
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 

Lesson 1

  • 1. Principles of Information Security, Fifth Edition Chapter 3 Legal, Ethical, and Professional Issues in Information Security Lesson 1 – Laws and Ethics
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Describe the functions of and relationships among laws, regulations, and professional organizations in information security – Explain the differences between laws and ethics Principles of Information Security, Fifth Edition 2
  • 3. Introduction • You must understand the scope of an organization’s legal and ethical responsibilities. • To minimize liabilities/reduce risks, the information security practitioner must: – Understand the current legal environment – Stay current with laws and regulations – Watch for new and emerging issues Principles of Information Security, Fifth Edition 3
  • 4. Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain behavior and are enforced by the state • Ethics: regulate and define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group • Laws carry the authority of a governing authority; ethics do not. Principles of Information Security, Fifth Edition 4
  • 5. Organizational Liability and the Need for Counsel • Liability: the legal obligation of an entity extending beyond criminal or contract law; includes the legal obligation to make restitution • Restitution: the legal obligation to compensate an injured party for wrongs committed • Due care: the legal standard requiring a prudent organization to act legally and ethically and know the consequences of actions • Due diligence: the legal standard requiring a prudent organization to maintain the standard of due care and ensure actions are effective Principles of Information Security, Fifth Edition 5
  • 6. Organizational Liability and the Need for Counsel (cont’d) • Jurisdiction: court’s right to hear a case if the wrong was committed in its territory or involved its citizenry • Long-arm jurisdiction: application of laws to those residing outside a court’s normal jurisdiction; usually granted when a person acts illegally within the jurisdiction and leaves Principles of Information Security, Fifth Edition 6
  • 7. Policy Versus Law • Policies: managerial directives that specify acceptable and unacceptable employee behavior in the workplace • Policies function as organizational laws; must be crafted and implemented with care to ensure they are complete, appropriate, and fairly applied to everyone • Difference between policy and law: Ignorance of a policy is an acceptable defense. Principles of Information Security, Fifth Edition 7
  • 8. Policy Versus Law (cont’d) • Criteria for policy enforcement: – Dissemination (distribution) – Review (reading) – Comprehension (understanding) – Compliance (agreement) – Uniform enforcement Principles of Information Security, Fifth Edition 8
  • 9. Types of Law • Civil: governs nation or state; manages relationships/conflicts between organizations and people • Criminal: addresses activities and conduct harmful to society; actively enforced by the state • Private: family/commercial/labor law; regulates relationships between individuals and organizations • Public: regulates structure/administration of government agencies and their relationships with citizens, employees, and other governments Principles of Information Security, Fifth Edition 9
  • 10. Relevant U.S. Laws • The United States has been a leader in the development and implementation of information security legislation. • Information security legislation contributes to a more reliable business environment and a stable economy. • The United States has demonstrated understanding of the importance of securing information and has specified penalties for individuals and organizations that breach civil and criminal law. Principles of Information Security, Fifth Edition 10
  • 11. General Computer Crime Laws • Computer Fraud and Abuse Act of 1986 (CFA Act): Cornerstone of many computer-related federal laws and enforcement efforts • National Information Infrastructure Protection Act of 1996: – Modified several sections of the previous act and increased the penalties for selected crimes – Severity of the penalties was judged on the value of the information and the purpose • For purposes of commercial advantage • For private financial gain • In furtherance of a criminal act Principles of Information Security, Fifth Edition 11
  • 12. General Computer Crime Laws (cont’d) • USA PATRIOT Act of 2001: Provides law enforcement agencies with broader latitude in order to combat terrorism-related activities • USA PATRIOT Improvement and Reauthorization Act: Made permanent fourteen of the sixteen expanded powers of the Department of Homeland Security and the FBI in investigating terrorist activity • Computer Security Act of 1987: One of the first attempts to protect federal computer systems by establishing minimum acceptable security practices. Principles of Information Security, Fifth Edition 12
  • 13. Privacy • One of the hottest topics in information security • Right of individuals or groups to protect themselves and personal information from unauthorized access • Ability to aggregate data from multiple sources allows creation of information databases previously impossible • The number of statutes addressing an individual’s right to privacy has grown. Principles of Information Security, Fifth Edition 13
  • 14. Principles of Information Security, Fifth Edition 14
  • 15. Privacy (cont’d) • U.S. Regulations – Privacy of Customer Information Section of the common carrier regulation – Federal Privacy Act of 1974 – Electronic Communications Privacy Act of 1986 – Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act – Financial Services Modernization Act, or Gramm- Leach-Bliley Act of 1999 Principles of Information Security, Fifth Edition 15