Law and Ethics in Information Security.pptx

2,712 views 27 slides Nov 13, 2023
Slide 1
Slide 1 of 27
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27

About This Presentation

Information security

Size: 760.94 KB
Language: en
Added: Nov 13, 2023
Slides: 27 pages

Slide Content

Law and Ethics in Information Security

Law and Ethics Laws are rules that mandate or prohibit certain behavior in society; they are drawn from ethics, which define socially acceptable behaviors. The key difference between laws and ethics is that laws carry the sanctions of a governing authority and ethics do not. Ethics in turn are based on cultural mores : the fixed moral attitudes or customs of a particular group. Some ethics are recognized as universal. For example, murder, theft, assault, and arson are commonly accepted as actions that deviate from ethical and legal codes in the civilized world.

Organizational Liability and the Need for Counsel What if an organization does not demand or even encourage strong ethical behavior from its employees? What if an organization does not behave ethically? Even if there is no breach of criminal law, there can still be liability.

Organizational Liability and the Need for Counsel Liability is the legal obligation of an entity that extends beyond criminal or contract law; it includes the legal obligation to make restitution, or to compensate for wrongs committed by an organization or its employees. Due care has been taken when an organization makes sure that every employee knows what is acceptable or unacceptable behavior, and knows the consequences of illegal or unethical actions

Organizational Liability and the Need for Counsel Due diligence requires that an organization make a valid effort to protect others and continually maintain this level of effort. Given the Internet’s global reach, those who could be injured or wronged by an organization’s members could be anywhere, in any state, any country around the world.

Organizational Liability and the Need for Counsel Under the U.S. legal system, any court can impose its authority over an individual or organization if it can establish jurisdiction —that is, the court’s right to hear a case if the wrong was committed in its territory or involving its citizenry. This is sometimes referred to as long arm jurisdiction —the long arm of the law reaching across the country or around the world to pull an accused individual into its court systems. Trying a case in the injured party’s home area is usually favorable to the injured party.

Policy versus Law These policies —a body of expectations that describe acceptable and unacceptable employee behaviors in the workplace—function as organizational laws, complete with penalties, judicial practices, and sanctions to require compliance. policies function as laws , they must be crafted with the same care, to ensure that they are complete, appropriate, and fairly applied to everyone in the workplace

Policy versus Law Thus, for a policy to become enforceable, it must meet the following five criteria: Dissemination (distribution) Review (reading) Comprehension (understanding. Compliance (agreement) Uniform enforcement Only when all of these conditions are met can an organization penalize employees who violate the policy, without fear of legal retribution.

Types of Law Civil law represents a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizational entities and people Criminal law addresses violations harmful to society and is actively enforced by the state. The categories of laws that affect the individual in the workplace are private law and public law Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law. Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. Examples of public law include criminal, administrative, and constitutional law.

General Computer Crime Laws The Computer Fraud and Abuse Act of 1986 (CFA Act ) is the cornerstone of many computer-related federal laws and enforcement efforts. It was amended in October 1996 by the National Information Infrastructure Protection Act of 1996 , which modified several sections of the previous act and increased the penalties for selected crimes

General Computer Crime Laws The Computer Fraud and Abuse Act of 1986 (CFA Act ) is the cornerstone of many computer-related federal laws and enforcement efforts. It was amended in October 1996 by the National Information Infrastructure Protection Act of 1996 , which modified several sections of the previous act and increased the penalties for selected crimes

General Computer Crime Laws USA PATRIOT Act of 2001 modified a wide range of existing laws to provide law enforcement agencies with broader latitude in order to combat terrorism-related activities. In 2006, this act was amended further with the USA PATRIOT Improvement and Reauthorization Act , which made permanent 14 of the 16 expanded powers of the Department of Homeland Security, and the FBI in investigating terrorist activity. The act also reset the date of expiration written into the law as a so called sunset clause for certain wiretaps under the Foreign Intelligence Surveillance Act of 1978 (FISA)

General Computer Crime Laws Another key law is the Computer Security Act of 1987 . It was one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices. The National Bureau of Standards, in cooperation with the National Security Agency, became responsible for developing these security standards and guidelines.

Privacy privacy in this context is not absolute freedom from observation, but rather is a more precise “state of being free from unsanctioned intrusion.” the state or condition of being free from being observed or disturbed by other people. the state of being free from public attention.

Privacy of Customer Information The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any marketing purposes, and that carriers cannot disclose this information except when necessary to provide their services.

Privacy of Customer Information The Federal Privacy Act of 1974 regulates government agencies and holds them accountable if they release private information about individuals or businesses without permission. Electronic Communications Privacy Act of 1986 is a collection of statutes that regulate the interception of wire, electronic, and oral communications. These statutes work in conjunction with the Fourth Amendment of the U.S. Constitution, which protects individuals from unlawful search and seizure

Privacy of Customer Information The Financial Services Modernization Act or Gramm-Leach-Bliley Act of 1999 contains a number of provisions focusing on facilitating affiliation among banks, securities firms, and insurance companies

Identity Theft “occurring when someone uses your personally identifying information, like your name, Social Security number , or credit card number , without your permission, to commit fraud or other crimes”

Export and Espionage Laws This law attempts to prevent trade secrets from being illegally shared. The Security And Freedom Through Encryption Act of 1999 provides guidance on the use of encryption, and provides measures of protection from government intervention

U.S. Copyright Law The U.S. copyright laws extend this privilege to the published word, including electronic formats. Fair use of copyrighted materials includes their use to support news reporting, teaching, scholarship, and a number of other related activities, so long as the use is for educational or library purposes, not for profit, and is not excessive.

Codes of Ethics and Professional Organizations A code of ethics is  a guide of principles designed to help professionals conduct business honestly and with integrity . ... A code of ethics, also referred to as an "ethical code," may encompass areas such as business ethics, a code of professional practice, and an employee code of conduct

Ethics and Information Security Ethics can be defined as a moral code by which a person lives. For corporations, ethics can also include the framework you develop for what is or isn’t acceptable behavior within your organization.  In computer security, cyber-ethics is what separates security personnel from the hackers. It’s the knowledge of right and wrong, and the ability to adhere to ethical principles while on the job. 

Why is ethics significant to information security? The data targeted in cyber attacks is often personal and sensitive. Loss of that sensitive data can be potentially devastating for your customers, and it’s crucial that you have the full trust of the individuals you’ve hired to protect it. Cybersecurity professionals have access to the sensitive personal data they were hired to protect. So it’s imperative that employees in these fields have a strong sense of ethics and respect for the privacy of your customers.   

Questions Is it okay to read campus users’ email? What if you believe that university policies are being violated? Would you tell the users that their email is being read? Is it okay to look through files on a user's laptop when you're troubleshooting a problem? What if the user is someone you think might be storing illegal content on the laptop?

What would you do? You’re a system administrator with broad access to enterprise systems. Your supervisor has asked you to begin archiving all of the emails and web activity logs of one of your coworkers. Typically requests of this nature are initiated through a formal communication from your campus’s legal office. You feel that this request is inappropriate and possibly at odds with standard campus procedure and processes. You raise your concerns with your supervisor, but are told that this is a sensitive matter, and details cannot be shared with you. After thinking more about the conversation you had with your supervisor, you are under the impression that you might lose your job if you persist in discussing the matter further or if you refuse to carry out the task.

As IT professionals, what should we do when we encounter potentially unclear situations like the ones described? Sometimes existing laws or institutional policy will guide ethical behavior; sometimes they won't. What many people often do not understand is that what is  legal  is not always  ethical . I believe it is our responsibility as IT professionals to act in an ethical manner in the performance of our work duties. To inadvertently do otherwise risks losing the trust of our students, faculty, staff, communities, and the general public. Without such trust I have difficulty imagining how IT professionals can continue to perform their duties effectively.
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 2,712
  • Slides 27
  • Age 752 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
30 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views
View More in This Category