SlideShare a Scribd company logo

lesson333.ppt

Download as PPT, PDF
D
DEEPAK948083

sad

Internet
1 of 33
In civilized life, law floats in a sea of ethics. - Earl Warren, Chief Justice, US Supreme Court, November 12, 1962 CMPS 319 Legal, Ethical & Professional Issues in Information Security Chapter 3
Principles of Information Security - Chapter 3 Slide # 2 Learning Objectives Upon completion of this chapter the student should be able to: Use this chapter as a guide for future reference on laws, regulations, and professional organizations. Differentiate between laws and ethics. Identify major national laws that relate to the practice of information security. Understand the role of culture as it applies to ethics in information security.
Principles of Information Security - Chapter 3 Slide # 3 Law and Ethics in Information Security Laws - rules adopted for determining expected behavior Laws are drawn from ethics Ethics define socially acceptable behaviors Ethics in turn are based on cultural mores: fixed moral attitudes or customs of a particular group
Principles of Information Security - Chapter 3 Slide # 4 Types of Law Civil law Criminal law Tort law Private law Public law
Principles of Information Security - Chapter 3 Slide # 5 Relevant U.S. Laws - General Computer Fraud and Abuse Act of 1986 National Information Infrastructure Protection Act of 1996 USA Patriot Act of 2001 Telecommunications Deregulation and Competition Act of 1996 Communications Decency Act (CDA) Computer Security Act of 1987
Principles of Information Security - Chapter 3 Slide # 6 Privacy The issue of privacy has become one of the hottest topics in information The ability to collect information on an individual, combine facts from separate sources, and merge it with other information has resulted in databases of information that were previously impossible to set up The aggregation of data from multiple sources permits unethical organizations to build databases of facts with frightening capabilities
Principles of Information Security - Chapter 3 Slide # 7 Diagram of the Clipper Chip
Principles of Information Security - Chapter 3 Slide # 8 Privacy of Customer Information Privacy of Customer Information Section of Common Carrier Regulations Federal Privacy Act of 1974 The Electronic Communications Privacy Act of 1986 The Health Insurance Portability & Accountability Act Of 1996 (HIPAA) also known as the Kennedy- Kassebaum Act The Financial Services Modernization Act or Gramm-Leach-Bliley Act of 1999
Principles of Information Security - Chapter 3 Slide # 9 US Copyright Office
Principles of Information Security - Chapter 3 Slide # 10 Export and Espionage Laws Economic Espionage Act (EEA) of 1996 Security and Freedom Through Encryption Act of 1997 (SAFE)
Principles of Information Security - Chapter 3 Slide # 11 US Copyright Law Intellectual property is recognized as a protected asset in the US US copyright law extends this right to the published word, including electronic formats Fair use of copyrighted materials includes the use to support news reporting, teaching, scholarship, and a number of other related permissions the purpose of the use has to be for educational or library purposes, not for profit, and should not be excessive
Principles of Information Security - Chapter 3 Slide # 12 EU Law Portal
Principles of Information Security - Chapter 3 Slide # 13 Freedom of Information Act of 1966 (FOIA) The Freedom of Information Act provides any person with the right to request access to federal agency records or information, not determined to be of national security US Government agencies are required to disclose any requested information on receipt of a written request There are exceptions for information that is protected from disclosure, and the Act does not apply to state or local government agencies or to private businesses or individuals, although many states have their own version of the FOIA
Principles of Information Security - Chapter 3 Slide # 14 State & Local Regulations In addition to the national and international restrictions placed on an organization in the use of computer technology, each state or locality may have a number of laws and regulations that impact operations It is the responsibility of the information security professional to understand state laws and regulations and insure the organization’s security policies and procedures comply with those laws and regulations
Principles of Information Security - Chapter 3 Slide # 15 International Laws and Legal Bodies Recently the Council of Europe drafted the European Council Cyber-Crime Convention, designed to create an international task force to oversee a range of security functions associated with Internet activities, to standardize technology laws across international borders It also attempts to improve the effectiveness of international investigations into breaches of technology law This convention is well received by advocates of intellectual property rights with its emphasis on copyright infringement prosecution
Principles of Information Security - Chapter 3 Slide # 16 UN International Law
Principles of Information Security - Chapter 3 Slide # 17 Digital Millennium Copyright Act (DMCA) The Digital Millennium Copyright Act (DMCA) is the US version of an international effort to reduce the impact of copyright, trademark, and privacy infringement The European Union Directive 95/46/EC increases protection of individuals with regard to the processing of personal data and limits the free movement of such data The United Kingdom has already implemented a version of this directive called the Database Right
Principles of Information Security - Chapter 3 Slide # 18 United Nations Charter To some degree the United Nations Charter provides provisions for information security during Information Warfare Information Warfare (IW) involves the use of information technology to conduct offensive operations as part of an organized and lawful military operation by a sovereign state IW is a relatively new application of warfare, although the military has been conducting electronic warfare and counter-warfare operations for decades, jamming, intercepting, and spoofing enemy communications
Principles of Information Security - Chapter 3 Slide # 19 Policy Versus Law Most organizations develop and formalize a body of expectations called policy Policies function in an organization like laws For a policy to become enforceable, it must be: Distributed to all individuals who are expected to comply with it Readily available for employee reference Easily understood with multi-language translations and translations for visually impaired, or literacy-impaired employees Acknowledged by the employee, usually by means of a signed consent form Only when all conditions are met, does the organization have a reasonable expectation of effective policy
Principles of Information Security - Chapter 3 Slide # 20 Ethical Concepts in Information Security The Ten Commandments of Computer Ethics from The Computer Ethics Institute I. Thou shalt not use a computer to harm other people. II. Thou shalt not interfere with other people's computer work. III. Thou shalt not snoop around in other people's computer files. IV. Thou shalt not use a computer to steal. V. Thou shalt not use a computer to bear false witness. VI. Thou shalt not copy or use proprietary software for which you have not paid. VII. Thou shalt not use other people's computer resources without authorization or proper compensation. VIII. Thou shalt not appropriate other people's intellectual output. IX. Thou shalt think about the social consequences of the program you are writing or the system you are designing. X. Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans.
Principles of Information Security - Chapter 3 Slide # 21 Cultural Differences in Ethical Concepts Differences in cultures cause problems in determining what is ethical and what is not ethical Studies of ethical sensitivity to computer use reveal different nationalities have different perspectives Difficulties arise when one nationality’s ethical behavior contradicts that of another national group
Principles of Information Security - Chapter 3 Slide # 22 Ethics and Education Employees must be trained and kept aware of a number of topics related to information security, not the least of which is the expected behaviors of an ethical employee This is especially important in areas of information security, as many employees may not have the formal technical training to understand that their behavior is unethical or even illegal Proper ethical and legal training is vital to creating an informed, well prepared, and low-risk system user
Principles of Information Security - Chapter 3 Slide # 23 Deterrence to Unethical and Illegal Behavior Deterrence - preventing an illegal or unethical activity Laws, policies, and technical controls are all examples of deterrents Laws and policies only deter if three conditions are present: Fear of penalty Probability of being caught Probability of penalty being administered
Principles of Information Security - Chapter 3 Slide # 24 Codes of Ethics, Certifications, and Professional Organizations Many organizations have codes of conduct and/or codes of ethics Codes of ethics can have a positive effect Unfortunately, having a code of ethics is not enough It is the responsibility of security professionals to act ethically and according to the policies and procedures of their employer, their professional organization, and the laws of society
Principles of Information Security - Chapter 3 Slide # 25 Association of Computing Machinery (ACM) The ACM (www.acm.org ) is a respected professional society originally established in 1947 as “the world's first educational and scientific computing society” The ACM’s code of ethics requires members to perform their duties in a manner befitting an ethical computing professional The code contains specific references to protecting the confidentiality of information, causing no harm, protecting the privacy of others, and respecting the intellectual property and copyrights of others
Principles of Information Security - Chapter 3 Slide # 26 International Information Systems Security Certification Consortium The (ISC)2 (www.isc2.org) is a non-profit organization focuses on the development and implementation of information security certifications and credentials The code of ethics put forth by (ISC)2 is primarily designed for information security professionals who have earned a certification from (ISC)2 This code focuses on four mandatory canons: Protect society, the commonwealth, and the infrastructure Act honorably, honestly, justly, responsibly, and legally Provide diligent and competent service to principals Advance and protect the profession
Principles of Information Security - Chapter 3 Slide # 27 System Administration, Networking, and Security Institute The System Administration, Networking, and Security Institute, or SANS (www.sans.org), is a professional organization with a large membership dedicated to the protection of information and systems SANS offers a set of certifications called the Global Information Assurance Certification or GIAC
Principles of Information Security - Chapter 3 Slide # 28 Information Systems Audit and Control Association The Information Systems Audit and Control Association or ISACA (www.isaca.org) is a professional association with a focus on auditing, control, and security Although it does not focus exclusively on information security, the Certified Information Systems Auditor or CISA certification does contain many information security components The ISACA also has a code of ethics for its professionals It requires many of the same high standards for ethical performance as the other organizations and certifications
Principles of Information Security - Chapter 3 Slide # 29 CSI - Computer Security Institute The Computer Security Institute (www.gocsi.com) provides information and certification to support the computer, networking, and information security professional While CSI does not promote a single certification certificate like the CISSP or GISO, it does provide a range of technical training classes in the areas of Internet Security, Intrusion Management, Network Security, Forensics, as well as technical networking
Principles of Information Security - Chapter 3 Slide # 30 Other Security Organizations Information Systems Security Association (ISSA)® (www.issa.org) Internet Society or ISOC (www.isoc.org) Computer Security Division (CSD) of the National Institute for Standards and Technology (NIST) contains a resource center known as the Computer Security Resource Center (csrc.nist.gov) housing one of the most comprehensive sets of publicly available information on the entire suite of information security topics CERT® Coordination Center or CERT/CC (www.cert.org) is a center of Internet security expertise operated by Carnegie Mellon University Computer Professionals for Social Responsibility (CPSR) promotes the development of ethical computing
Principles of Information Security - Chapter 3 Slide # 31 Key U.S. Federal Agencies The Federal Bureau of Investigation’s National Infrastructure Protection Center (NIPC) (www.nipc.gov) National InfraGard Program National Security Agency (NSA) The NSA is “the Nation's cryptologic organization” The U.S. Secret Service
Principles of Information Security - Chapter 3 Slide # 32 US Secret Service
Principles of Information Security - Chapter 3 Slide # 33 Organizational Liability and the Need for Counsel Liability is the legal obligation of an entity Liability extends beyond a legal obligation or contract to include liability for a wrongful act and the legal obligation to make restitution An organization increases its liability if it refuses to take strong measures known as due care Due diligence requires that an organization make a valid effort to protect others and continually maintain this level of effort

Recommended

Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.pptHaiderAli424102
 
whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.pptDEEPAK948083
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityGamentortc
 
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfssuserceaa40
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdfMeshalALshammari12
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 

Recommended

Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.pptHaiderAli424102
 
whitman_ch04.ppt
whitman_ch04.pptwhitman_ch04.ppt
whitman_ch04.pptDEEPAK948083
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityGamentortc
 
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfssuserceaa40
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdfMeshalALshammari12
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityCarl Ceder
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
CYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal PerspectivesCYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal PerspectivesDrSamsonChepuri1
 
4482LawEthics.ppt
4482LawEthics.ppt4482LawEthics.ppt
4482LawEthics.pptLAXMIPRASANNA565999
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdfabdukadirabdullahuad
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxJaeKim165097
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docxhyacinthshackley2629
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxJhaiJhai6
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2MLG College of Learning, Inc
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify TheftMLG College of Learning, Inc
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoJoel A. Gómez Treviño
 
Chapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdfChapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdfEthioDotNetDeveloper
 
3999779.ppt
3999779.ppt3999779.ppt
3999779.pptpixvilx
 
Final projet
Final projetFinal projet
Final projetserge-parfait Goma
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics7wounders
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketinggaurav jain
 
Cyber laws
Cyber lawsCyber laws
Cyber lawsMukesh Tekwani
 
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.pptturban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.pptDEEPAK948083
 
introAdhocRoutingRoutingRoutingRouting-new.ppt
introAdhocRoutingRoutingRoutingRouting-new.pptintroAdhocRoutingRoutingRoutingRouting-new.ppt
introAdhocRoutingRoutingRoutingRouting-new.pptDEEPAK948083
 

More Related Content

Similar to lesson333.ppt

Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityCarl Ceder
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
CYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal PerspectivesCYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal PerspectivesDrSamsonChepuri1
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxJaeKim165097
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docxhyacinthshackley2629
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxJhaiJhai6
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2MLG College of Learning, Inc
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoJoel A. Gómez Treviño
 
3999779.ppt
3999779.ppt3999779.ppt
3999779.pptpixvilx
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics7wounders
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketinggaurav jain
 

Similar to lesson333.ppt (20)

Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 
CYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal PerspectivesCYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal Perspectives
 
4482LawEthics.ppt
4482LawEthics.ppt4482LawEthics.ppt
4482LawEthics.ppt
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptx
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
 
Chapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdfChapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdf
 
3999779.ppt
3999779.ppt3999779.ppt
3999779.ppt
 
Final projet
Final projetFinal projet
Final projet
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics
 
Ethics of electronic marketing
Ethics of electronic marketingEthics of electronic marketing
Ethics of electronic marketing
 
Cyber laws
Cyber lawsCyber laws
Cyber laws
 

More from DEEPAK948083

turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.pptturban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.pptDEEPAK948083
 
introAdhocRoutingRoutingRoutingRouting-new.ppt
introAdhocRoutingRoutingRoutingRouting-new.pptintroAdhocRoutingRoutingRoutingRouting-new.ppt
introAdhocRoutingRoutingRoutingRouting-new.pptDEEPAK948083
 
SensorSensorSensorSensorSensorSensor.ppt
SensorSensorSensorSensorSensorSensor.pptSensorSensorSensorSensorSensorSensor.ppt
SensorSensorSensorSensorSensorSensor.pptDEEPAK948083
 
Chapter1_IntroductionIntroductionIntroduction.ppt
Chapter1_IntroductionIntroductionIntroduction.pptChapter1_IntroductionIntroductionIntroduction.ppt
Chapter1_IntroductionIntroductionIntroduction.pptDEEPAK948083
 
introDMintroDMintroDMintroDMintroDMintroDM.ppt
introDMintroDMintroDMintroDMintroDMintroDM.pptintroDMintroDMintroDMintroDMintroDMintroDM.ppt
introDMintroDMintroDMintroDMintroDMintroDM.pptDEEPAK948083
 
lect1lect1lect1lect1lect1lect1lect1lect1.ppt
lect1lect1lect1lect1lect1lect1lect1lect1.pptlect1lect1lect1lect1lect1lect1lect1lect1.ppt
lect1lect1lect1lect1lect1lect1lect1lect1.pptDEEPAK948083
 
Chchchchchchchchchchchchchchchchc 11.pptx
Chchchchchchchchchchchchchchchchc 11.pptxChchchchchchchchchchchchchchchchc 11.pptx
Chchchchchchchchchchchchchchchchc 11.pptxDEEPAK948083
 
applicationapplicationapplicationapplication.ppt
applicationapplicationapplicationapplication.pptapplicationapplicationapplicationapplication.ppt
applicationapplicationapplicationapplication.pptDEEPAK948083
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
datastructureppt-190327174340 (1).pptx
datastructureppt-190327174340 (1).pptxdatastructureppt-190327174340 (1).pptx
datastructureppt-190327174340 (1).pptxDEEPAK948083
 
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptxDEEPAK948083
 
Lect no 13 ECC.ppt
Lect no 13 ECC.pptLect no 13 ECC.ppt
Lect no 13 ECC.pptDEEPAK948083
 
block ciphermodes of operation.pptx
block ciphermodes of operation.pptxblock ciphermodes of operation.pptx
block ciphermodes of operation.pptxDEEPAK948083
 
Lect no 13 ECC.ppt
Lect no 13 ECC.pptLect no 13 ECC.ppt
Lect no 13 ECC.pptDEEPAK948083
 
unit1Intro_final.pptx
unit1Intro_final.pptxunit1Intro_final.pptx
unit1Intro_final.pptxDEEPAK948083
 
ICS PPT Unit 4.ppt
ICS PPT Unit 4.pptICS PPT Unit 4.ppt
ICS PPT Unit 4.pptDEEPAK948083
 
prims and Kruskal 1.pdf
prims and Kruskal 1.pdfprims and Kruskal 1.pdf
prims and Kruskal 1.pdfDEEPAK948083
 

More from DEEPAK948083 (20)

turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.pptturban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
 
introAdhocRoutingRoutingRoutingRouting-new.ppt
introAdhocRoutingRoutingRoutingRouting-new.pptintroAdhocRoutingRoutingRoutingRouting-new.ppt
introAdhocRoutingRoutingRoutingRouting-new.ppt
 
SensorSensorSensorSensorSensorSensor.ppt
SensorSensorSensorSensorSensorSensor.pptSensorSensorSensorSensorSensorSensor.ppt
SensorSensorSensorSensorSensorSensor.ppt
 
Chapter1_IntroductionIntroductionIntroduction.ppt
Chapter1_IntroductionIntroductionIntroduction.pptChapter1_IntroductionIntroductionIntroduction.ppt
Chapter1_IntroductionIntroductionIntroduction.ppt
 
introDMintroDMintroDMintroDMintroDMintroDM.ppt
introDMintroDMintroDMintroDMintroDMintroDM.pptintroDMintroDMintroDMintroDMintroDMintroDM.ppt
introDMintroDMintroDMintroDMintroDMintroDM.ppt
 
lect1lect1lect1lect1lect1lect1lect1lect1.ppt
lect1lect1lect1lect1lect1lect1lect1lect1.pptlect1lect1lect1lect1lect1lect1lect1lect1.ppt
lect1lect1lect1lect1lect1lect1lect1lect1.ppt
 
Chchchchchchchchchchchchchchchchc 11.pptx
Chchchchchchchchchchchchchchchchc 11.pptxChchchchchchchchchchchchchchchchc 11.pptx
Chchchchchchchchchchchchchchchchc 11.pptx
 
applicationapplicationapplicationapplication.ppt
applicationapplicationapplicationapplication.pptapplicationapplicationapplicationapplication.ppt
applicationapplicationapplicationapplication.ppt
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
datastructureppt-190327174340 (1).pptx
datastructureppt-190327174340 (1).pptxdatastructureppt-190327174340 (1).pptx
datastructureppt-190327174340 (1).pptx
 
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
 
Lect no 13 ECC.ppt
Lect no 13 ECC.pptLect no 13 ECC.ppt
Lect no 13 ECC.ppt
 
block ciphermodes of operation.pptx
block ciphermodes of operation.pptxblock ciphermodes of operation.pptx
block ciphermodes of operation.pptx
 
Lect no 13 ECC.ppt
Lect no 13 ECC.pptLect no 13 ECC.ppt
Lect no 13 ECC.ppt
 
unit1Intro_final.pptx
unit1Intro_final.pptxunit1Intro_final.pptx
unit1Intro_final.pptx
 
ICS PPT Unit 4.ppt
ICS PPT Unit 4.pptICS PPT Unit 4.ppt
ICS PPT Unit 4.ppt
 
stack-Intro.pptx
stack-Intro.pptxstack-Intro.pptx
stack-Intro.pptx
 
BST.ppt
BST.pptBST.ppt
BST.ppt
 
Tree 11.ppt
Tree 11.pptTree 11.ppt
Tree 11.ppt
 
prims and Kruskal 1.pdf
prims and Kruskal 1.pdfprims and Kruskal 1.pdf
prims and Kruskal 1.pdf
 

Recently uploaded

VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 

Recently uploaded (20)

VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 

lesson333.ppt

  • 1. In civilized life, law floats in a sea of ethics. - Earl Warren, Chief Justice, US Supreme Court, November 12, 1962 CMPS 319 Legal, Ethical & Professional Issues in Information Security Chapter 3
  • 2. Principles of Information Security - Chapter 3 Slide # 2 Learning Objectives Upon completion of this chapter the student should be able to: Use this chapter as a guide for future reference on laws, regulations, and professional organizations. Differentiate between laws and ethics. Identify major national laws that relate to the practice of information security. Understand the role of culture as it applies to ethics in information security.
  • 3. Principles of Information Security - Chapter 3 Slide # 3 Law and Ethics in Information Security Laws - rules adopted for determining expected behavior Laws are drawn from ethics Ethics define socially acceptable behaviors Ethics in turn are based on cultural mores: fixed moral attitudes or customs of a particular group
  • 4. Principles of Information Security - Chapter 3 Slide # 4 Types of Law Civil law Criminal law Tort law Private law Public law
  • 5. Principles of Information Security - Chapter 3 Slide # 5 Relevant U.S. Laws - General Computer Fraud and Abuse Act of 1986 National Information Infrastructure Protection Act of 1996 USA Patriot Act of 2001 Telecommunications Deregulation and Competition Act of 1996 Communications Decency Act (CDA) Computer Security Act of 1987
  • 6. Principles of Information Security - Chapter 3 Slide # 6 Privacy The issue of privacy has become one of the hottest topics in information The ability to collect information on an individual, combine facts from separate sources, and merge it with other information has resulted in databases of information that were previously impossible to set up The aggregation of data from multiple sources permits unethical organizations to build databases of facts with frightening capabilities
  • 7. Principles of Information Security - Chapter 3 Slide # 7 Diagram of the Clipper Chip
  • 8. Principles of Information Security - Chapter 3 Slide # 8 Privacy of Customer Information Privacy of Customer Information Section of Common Carrier Regulations Federal Privacy Act of 1974 The Electronic Communications Privacy Act of 1986 The Health Insurance Portability & Accountability Act Of 1996 (HIPAA) also known as the Kennedy- Kassebaum Act The Financial Services Modernization Act or Gramm-Leach-Bliley Act of 1999
  • 9. Principles of Information Security - Chapter 3 Slide # 9 US Copyright Office
  • 10. Principles of Information Security - Chapter 3 Slide # 10 Export and Espionage Laws Economic Espionage Act (EEA) of 1996 Security and Freedom Through Encryption Act of 1997 (SAFE)
  • 11. Principles of Information Security - Chapter 3 Slide # 11 US Copyright Law Intellectual property is recognized as a protected asset in the US US copyright law extends this right to the published word, including electronic formats Fair use of copyrighted materials includes the use to support news reporting, teaching, scholarship, and a number of other related permissions the purpose of the use has to be for educational or library purposes, not for profit, and should not be excessive
  • 12. Principles of Information Security - Chapter 3 Slide # 12 EU Law Portal
  • 13. Principles of Information Security - Chapter 3 Slide # 13 Freedom of Information Act of 1966 (FOIA) The Freedom of Information Act provides any person with the right to request access to federal agency records or information, not determined to be of national security US Government agencies are required to disclose any requested information on receipt of a written request There are exceptions for information that is protected from disclosure, and the Act does not apply to state or local government agencies or to private businesses or individuals, although many states have their own version of the FOIA
  • 14. Principles of Information Security - Chapter 3 Slide # 14 State & Local Regulations In addition to the national and international restrictions placed on an organization in the use of computer technology, each state or locality may have a number of laws and regulations that impact operations It is the responsibility of the information security professional to understand state laws and regulations and insure the organization’s security policies and procedures comply with those laws and regulations
  • 15. Principles of Information Security - Chapter 3 Slide # 15 International Laws and Legal Bodies Recently the Council of Europe drafted the European Council Cyber-Crime Convention, designed to create an international task force to oversee a range of security functions associated with Internet activities, to standardize technology laws across international borders It also attempts to improve the effectiveness of international investigations into breaches of technology law This convention is well received by advocates of intellectual property rights with its emphasis on copyright infringement prosecution
  • 16. Principles of Information Security - Chapter 3 Slide # 16 UN International Law
  • 17. Principles of Information Security - Chapter 3 Slide # 17 Digital Millennium Copyright Act (DMCA) The Digital Millennium Copyright Act (DMCA) is the US version of an international effort to reduce the impact of copyright, trademark, and privacy infringement The European Union Directive 95/46/EC increases protection of individuals with regard to the processing of personal data and limits the free movement of such data The United Kingdom has already implemented a version of this directive called the Database Right
  • 18. Principles of Information Security - Chapter 3 Slide # 18 United Nations Charter To some degree the United Nations Charter provides provisions for information security during Information Warfare Information Warfare (IW) involves the use of information technology to conduct offensive operations as part of an organized and lawful military operation by a sovereign state IW is a relatively new application of warfare, although the military has been conducting electronic warfare and counter-warfare operations for decades, jamming, intercepting, and spoofing enemy communications
  • 19. Principles of Information Security - Chapter 3 Slide # 19 Policy Versus Law Most organizations develop and formalize a body of expectations called policy Policies function in an organization like laws For a policy to become enforceable, it must be: Distributed to all individuals who are expected to comply with it Readily available for employee reference Easily understood with multi-language translations and translations for visually impaired, or literacy-impaired employees Acknowledged by the employee, usually by means of a signed consent form Only when all conditions are met, does the organization have a reasonable expectation of effective policy
  • 20. Principles of Information Security - Chapter 3 Slide # 20 Ethical Concepts in Information Security The Ten Commandments of Computer Ethics from The Computer Ethics Institute I. Thou shalt not use a computer to harm other people. II. Thou shalt not interfere with other people's computer work. III. Thou shalt not snoop around in other people's computer files. IV. Thou shalt not use a computer to steal. V. Thou shalt not use a computer to bear false witness. VI. Thou shalt not copy or use proprietary software for which you have not paid. VII. Thou shalt not use other people's computer resources without authorization or proper compensation. VIII. Thou shalt not appropriate other people's intellectual output. IX. Thou shalt think about the social consequences of the program you are writing or the system you are designing. X. Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans.
  • 21. Principles of Information Security - Chapter 3 Slide # 21 Cultural Differences in Ethical Concepts Differences in cultures cause problems in determining what is ethical and what is not ethical Studies of ethical sensitivity to computer use reveal different nationalities have different perspectives Difficulties arise when one nationality’s ethical behavior contradicts that of another national group
  • 22. Principles of Information Security - Chapter 3 Slide # 22 Ethics and Education Employees must be trained and kept aware of a number of topics related to information security, not the least of which is the expected behaviors of an ethical employee This is especially important in areas of information security, as many employees may not have the formal technical training to understand that their behavior is unethical or even illegal Proper ethical and legal training is vital to creating an informed, well prepared, and low-risk system user
  • 23. Principles of Information Security - Chapter 3 Slide # 23 Deterrence to Unethical and Illegal Behavior Deterrence - preventing an illegal or unethical activity Laws, policies, and technical controls are all examples of deterrents Laws and policies only deter if three conditions are present: Fear of penalty Probability of being caught Probability of penalty being administered
  • 24. Principles of Information Security - Chapter 3 Slide # 24 Codes of Ethics, Certifications, and Professional Organizations Many organizations have codes of conduct and/or codes of ethics Codes of ethics can have a positive effect Unfortunately, having a code of ethics is not enough It is the responsibility of security professionals to act ethically and according to the policies and procedures of their employer, their professional organization, and the laws of society
  • 25. Principles of Information Security - Chapter 3 Slide # 25 Association of Computing Machinery (ACM) The ACM (www.acm.org ) is a respected professional society originally established in 1947 as “the world's first educational and scientific computing society” The ACM’s code of ethics requires members to perform their duties in a manner befitting an ethical computing professional The code contains specific references to protecting the confidentiality of information, causing no harm, protecting the privacy of others, and respecting the intellectual property and copyrights of others
  • 26. Principles of Information Security - Chapter 3 Slide # 26 International Information Systems Security Certification Consortium The (ISC)2 (www.isc2.org) is a non-profit organization focuses on the development and implementation of information security certifications and credentials The code of ethics put forth by (ISC)2 is primarily designed for information security professionals who have earned a certification from (ISC)2 This code focuses on four mandatory canons: Protect society, the commonwealth, and the infrastructure Act honorably, honestly, justly, responsibly, and legally Provide diligent and competent service to principals Advance and protect the profession
  • 27. Principles of Information Security - Chapter 3 Slide # 27 System Administration, Networking, and Security Institute The System Administration, Networking, and Security Institute, or SANS (www.sans.org), is a professional organization with a large membership dedicated to the protection of information and systems SANS offers a set of certifications called the Global Information Assurance Certification or GIAC
  • 28. Principles of Information Security - Chapter 3 Slide # 28 Information Systems Audit and Control Association The Information Systems Audit and Control Association or ISACA (www.isaca.org) is a professional association with a focus on auditing, control, and security Although it does not focus exclusively on information security, the Certified Information Systems Auditor or CISA certification does contain many information security components The ISACA also has a code of ethics for its professionals It requires many of the same high standards for ethical performance as the other organizations and certifications
  • 29. Principles of Information Security - Chapter 3 Slide # 29 CSI - Computer Security Institute The Computer Security Institute (www.gocsi.com) provides information and certification to support the computer, networking, and information security professional While CSI does not promote a single certification certificate like the CISSP or GISO, it does provide a range of technical training classes in the areas of Internet Security, Intrusion Management, Network Security, Forensics, as well as technical networking
  • 30. Principles of Information Security - Chapter 3 Slide # 30 Other Security Organizations Information Systems Security Association (ISSA)® (www.issa.org) Internet Society or ISOC (www.isoc.org) Computer Security Division (CSD) of the National Institute for Standards and Technology (NIST) contains a resource center known as the Computer Security Resource Center (csrc.nist.gov) housing one of the most comprehensive sets of publicly available information on the entire suite of information security topics CERT® Coordination Center or CERT/CC (www.cert.org) is a center of Internet security expertise operated by Carnegie Mellon University Computer Professionals for Social Responsibility (CPSR) promotes the development of ethical computing
  • 31. Principles of Information Security - Chapter 3 Slide # 31 Key U.S. Federal Agencies The Federal Bureau of Investigation’s National Infrastructure Protection Center (NIPC) (www.nipc.gov) National InfraGard Program National Security Agency (NSA) The NSA is “the Nation's cryptologic organization” The U.S. Secret Service
  • 32. Principles of Information Security - Chapter 3 Slide # 32 US Secret Service
  • 33. Principles of Information Security - Chapter 3 Slide # 33 Organizational Liability and the Need for Counsel Liability is the legal obligation of an entity Liability extends beyond a legal obligation or contract to include liability for a wrongful act and the legal obligation to make restitution An organization increases its liability if it refuses to take strong measures known as due care Due diligence requires that an organization make a valid effort to protect others and continually maintain this level of effort