SlideShare ist ein Scribd-Unternehmen logo

whitman_ch04.ppt

Als PPT, PDF herunterladen
D
DEEPAK948083

ty

Internet
1 von 36
Principles of Information Security, 3rd Edition 2  Use this chapter as a guide for future reference on laws, regulations, and professional organizations  Differentiate between laws and ethics  Identify major national laws that relate to the practice of information security  Understand the role of culture as it applies to ethics in information security Learning Objectives Upon completion of this material, you should be able to:
Principles of Information Security, 3rd Edition 3 Introduction  You must understand scope of an organization’s legal and ethical responsibilities  To minimize liabilities/reduce risks, the information security practitioner must:  Understand current legal environment  Stay current with laws and regulations  Watch for new issues that emerge
Principles of Information Security, 3rd Edition 4 Law and Ethics in Information Security  Laws: rules that mandate or prohibit certain societal behavior  Ethics: define socially acceptable behavior  Cultural mores: fixed moral attitudes or customs of a particular group; ethics based on these  Laws carry sanctions of a governing authority; ethics do not
Principles of Information Security, 3rd Edition 5 Organizational Liability and the Need for Counsel  Liability: legal obligation of an entity extending beyond criminal or contract law; includes legal obligation to make restitution  Restitution: to compensate for wrongs committed by an organization or its employees  Due care: insuring that employees know what constitutes acceptable behavior and know the consequences of illegal or unethical actions  Due diligence: making a valid effort to protect others; continually maintaining level of effort
Principles of Information Security, 3rd Edition 6 Organizational Liability and the Need for Counsel (continued)  Jurisdiction: court's right to hear a case if the wrong was committed in its territory or involved its citizenry  Long arm jurisdiction: right of any court to impose its authority over an individual or organization if it can establish jurisdiction
Principles of Information Security, 3rd Edition 7 Policy versus Law  Policies: body of expectations that describe acceptable and unacceptable employee behaviors in the workplace  Policies function as laws within an organization; must be crafted carefully to ensure they are complete, appropriate, fairly applied to everyone  Difference between policy and law: ignorance of a policy is an acceptable defense  Criteria for policy enforcement: dissemination (distribution), review (reading), comprehension (understanding), compliance (agreement), uniform enforcement
Principles of Information Security, 3rd Edition 8 Types of Law  Civil: governs nation or state; manages relationships/conflicts between organizational entities and people  Criminal: addresses violations harmful to society; actively enforced by the state  Private: regulates relationships between individuals and organizations  Public: regulates structure/administration of government agencies and relationships with citizens, employees, and other governments
Principles of Information Security, 3rd Edition 9 Relevant U.S. Laws  United States has been a leader in the development and implementation of information security legislation  Implementation of information security legislation contributes to a more reliable business environment and a stable economy  EU vs. US on privacy  US vs. China on censureship  U.S. has specified penalties for individuals and organizations failing to follow requirements set forth in U.S. civil statutes
Principles of Information Security, 3rd Edition 10 General Computer Crime Laws  Computer Fraud and Abuse Act of 1986 (CFA Act)  National Information Infrastructure Protection Act of 1996  USA PATRIOT Act of 2001  USA PATRIOT Improvement and Reauthorization Act  Computer Security Act of 1987
Principles of Information Security, 3rd Edition 11 Privacy  One of the hottest topics in information security  Is a “state of being free from unsanctioned intrusion”  Ability to aggregate data from multiple sources allows creation of information databases previously unheard of
Principles of Information Security, 3rd Edition 12 Privacy of Customer Information  Privacy of Customer Information Section of the common carrier regulation  Federal Privacy Act of 1974  Electronic Communications Privacy Act of 1986  Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act  Financial Services Modernization Act, or Gramm-Leach- Bliley Act of 1999
Principles of Information Security, 3rd Edition 13 Identity Theft  Federal Trade Commission: “occurring when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes”  Fraud And Related Activity In Connection With Identification Documents, Authentication Features, And Information (Title 18, U.S.C. § 1028)
Principles of Information Security, 3rd Edition 14 Export and Espionage Laws  Economic Espionage Act of 1996 (EEA)  Security And Freedom Through Encryption Act of 1999 (SAFE)  No teeth…
Principles of Information Security, 3rd Edition 16 U.S. Copyright Law  Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats  With proper acknowledgment, permissible to include portions of others’ work as reference  U.S. Copyright Office Web site: www.copyright.gov
Principles of Information Security, 3rd Edition 17 Financial Reporting  Sarbanes-Oxley Act of 2002  Affects executive management of publicly traded corporations and public accounting firms  Seeks to improve reliability and accuracy of financial reporting and increase the accountability of corporate governance in publicly traded companies  Penalties for noncompliance range from fines to jail terms
Principles of Information Security, 3rd Edition 18 Freedom of Information Act of 1966 (FOIA)  Allows access to federal agency records or information not determined to be matter of national security  U.S. government agencies required to disclose any requested information upon receipt of written request  Some information protected from disclosure
Principles of Information Security, 3rd Edition 19 Digital Millennium Copyright Act (DMCA)  U.S. contribution to international effort to reduce impact of copyright, trademark, and privacy infringement  A response to European Union Directive 95/46/EC, which adds protection to individuals with regard to processing and free movement of personal data
Principles of Information Security, 3rd Edition 20 State and Local Regulations  Restrictions on organizational computer technology use exist at international, national, state, local levels  Information security professional responsible for understanding state regulations and ensuring organization is compliant with regulations
Principles of Information Security, 3rd Edition 21 International Laws and Legal Bodies  IT professionals and IS practitioners should realize that when organizations do business on the Internet, they do business globally  Professionals must be sensitive to laws and ethical values of many different cultures, societies, and countries  Because of political complexities of relationships among nations and differences in culture, there are few international laws relating to privacy and information security  These international laws are important but are limited in their enforceability
Principles of Information Security, 3rd Edition 24 Agreement on Trade-Related Aspects of Intellectual Property Rights  Created by World Trade Organization (WTO)  First significant international effort to protect intellectual property rights  Agreement covers five issues:  Application of basic principles of trading system and international intellectual property agreements  Giving adequate protection to intellectual property rights  Enforcement of those rights by countries in their own territories  Settling intellectual property disputes  Transitional arrangements while new system is being introduced
Principles of Information Security, 3rd Edition 25 United Nations Charter  Makes provisions, to a degree, for information security during information warfare (IW)  IW involves use of information technology to conduct organized and lawful military operations  IW is relatively new type of warfare, although military has been conducting electronic warfare operations for decades
Principles of Information Security, 3rd Edition 26 Ethics and Information Security
Principles of Information Security, 3rd Edition 27 Ethical Differences Across Cultures  Cultural differences create difficulty in determining what is and is not ethical  Difficulties arise when one nationality’s ethical behavior conflicts with ethics of another national group  Example: many of the ways in which Asian cultures use computer technology is considered software piracy by other nations
Principles of Information Security, 3rd Edition 28 Ethics and Education  Overriding factor in leveling ethical perceptions within a small population is education  Employees must be trained in expected behaviors of an ethical employee, especially in areas of information security  Proper ethical training vital to creating informed, well prepared, and low-risk system user
Principles of Information Security, 3rd Edition 29 Deterrence to Unethical and Illegal Behavior  Three general causes of unethical and illegal behavior: ignorance, accident, intent  Deterrence: best method for preventing an illegal or unethical activity; e.g., laws, policies, technical controls  Laws and policies only deter if three conditions are present:  Fear of penalty  Probability of being caught  Probability of penalty being administered
Principles of Information Security, 3rd Edition 30 Codes of Ethics and Professional Organizations  Several professional organizations have established codes of conduct/ethics  Codes of ethics can have positive effect; unfortunately, many employers do not encourage joining these professional organizations  Responsibility of security professionals to act ethically and according to policies of employer, professional organization, and laws of society
Principles of Information Security, 3rd Edition 31 Association of Computing Machinery (ACM)  ACM established in 1947 as “the world's first educational and scientific computing society”  Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property
Principles of Information Security, 3rd Edition 32 International Information Systems Security Certification Consortium, Inc. (ISC)2  Nonprofit organization focusing on development and implementation of information security certifications and credentials  Code primarily designed for information security professionals who have certification from (ISC)2  Code of ethics focuses on four mandatory canons
Principles of Information Security, 3rd Edition 33 System Administration, Networking, and Security Institute (SANS)  Professional organization with a large membership dedicated to protection of information and systems  SANS offers set of certifications called Global Information Assurance Certification (GIAC)
Principles of Information Security, 3rd Edition 34 Information Systems Audit and Control Association (ISACA)  Professional association with focus on auditing, control, and security  Concentrates on providing IT control practices and standards  ISACA has code of ethics for its professionals
Principles of Information Security, 3rd Edition 35 Information Systems Security Association (ISSA)  Nonprofit society of information security (IS) professionals  Primary mission to bring together qualified IS practitioners for information exchange and educational development  Promotes code of ethics similar to (ISC)2, ISACA, and ACM
Principles of Information Security, 3rd Edition 36 Key U.S. Federal Agencies  Department of Homeland Security (DHS)  Federal Bureau of Investigation’s National InfraGard Program  National Security Agency (NSA)  U.S. Secret Service
Principles of Information Security, 3rd Edition 37 Summary  Laws: rules that mandate or prohibit certain behavior in society; drawn from ethics  Ethics: define socially acceptable behaviors; based on cultural mores (fixed moral attitudes or customs of a particular group)  Types of law: civil, criminal, private, public
Principles of Information Security, 3rd Edition 38 Summary (continued)  Relevant U.S. laws:  Computer Fraud and Abuse Act of 1986 (CFA Act)  National Information Infrastructure Protection Act of 1996  USA PATRIOT Act of 2001  USA PATRIOT Improvement and Reauthorization Act  Computer Security Act of 1987
Principles of Information Security, 3rd Edition 39 Summary (continued)  Many organizations have codes of conduct and/or codes of ethics  Organization increases liability if it refuses to take measures known as due care  Due diligence requires that organization make valid effort to protect others and continually maintain that effort

Empfohlen

Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.pptHaiderAli424102
 
lesson333.ppt
lesson333.pptlesson333.ppt
lesson333.pptDEEPAK948083
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityGamentortc
 
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfssuserceaa40
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docxhyacinthshackley2629
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityCarl Ceder
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
4482LawEthics.ppt
4482LawEthics.ppt4482LawEthics.ppt
4482LawEthics.pptLAXMIPRASANNA565999
 

Empfohlen

Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.pptHaiderAli424102
 
lesson333.ppt
lesson333.pptlesson333.ppt
lesson333.pptDEEPAK948083
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityGamentortc
 
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfssuserceaa40
 
1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docx1ITC358ICT Management and Information SecurityChapter 12.docx
1ITC358ICT Management and Information SecurityChapter 12.docxhyacinthshackley2629
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityCarl Ceder
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
4482LawEthics.ppt
4482LawEthics.ppt4482LawEthics.ppt
4482LawEthics.pptLAXMIPRASANNA565999
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxEdFeranil
 
E-Commerce 10
E-Commerce 10E-Commerce 10
E-Commerce 10Zarrar Siddiqui
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Chapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxChapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxJhaiJhai6
 
Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1MLG College of Learning, Inc
 
Lesson 1- Laws and Ethics
Lesson 1- Laws and EthicsLesson 1- Laws and Ethics
Lesson 1- Laws and EthicsMLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdfabdukadirabdullahuad
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdfMeshalALshammari12
 
Talking about Privacy
Talking about PrivacyTalking about Privacy
Talking about Privacymbattagl
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoJoel A. Gómez Treviño
 
Links Associated with Privacy Death of privacy ‘Your ce.docx
Links Associated with Privacy Death of privacy ‘Your ce.docxLinks Associated with Privacy Death of privacy ‘Your ce.docx
Links Associated with Privacy Death of privacy ‘Your ce.docxsmile790243
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf503SaranyaS
 
Ronit Mathur Cyber Security assesment.pptx
Ronit Mathur Cyber Security assesment.pptxRonit Mathur Cyber Security assesment.pptx
Ronit Mathur Cyber Security assesment.pptxManuGupta344215
 
Chap 4 (1)
Chap 4 (1)Chap 4 (1)
Chap 4 (1)UNIVERSITAS TEKNOKRAT INDONESIA
 
Dan l. Burk on privacy.
Dan l. Burk on privacy.Dan l. Burk on privacy.
Dan l. Burk on privacy.Renelio
 
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.pptturban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.pptDEEPAK948083
 
introAdhocRoutingRoutingRoutingRouting-new.ppt
introAdhocRoutingRoutingRoutingRouting-new.pptintroAdhocRoutingRoutingRoutingRouting-new.ppt
introAdhocRoutingRoutingRoutingRouting-new.pptDEEPAK948083
 

Weitere ähnliche Inhalte

Ähnlich wie whitman_ch04.ppt

Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxEdFeranil
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Securitymtvvvv
 
Chapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxChapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxJhaiJhai6
 
Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1MLG College of Learning, Inc
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdfMeshalALshammari12
 
Talking about Privacy
Talking about PrivacyTalking about Privacy
Talking about Privacymbattagl
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoJoel A. Gómez Treviño
 
Links Associated with Privacy Death of privacy ‘Your ce.docx
Links Associated with Privacy Death of privacy ‘Your ce.docxLinks Associated with Privacy Death of privacy ‘Your ce.docx
Links Associated with Privacy Death of privacy ‘Your ce.docxsmile790243
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf503SaranyaS
 
Ronit Mathur Cyber Security assesment.pptx
Ronit Mathur Cyber Security assesment.pptxRonit Mathur Cyber Security assesment.pptx
Ronit Mathur Cyber Security assesment.pptxManuGupta344215
 
Dan l. Burk on privacy.
Dan l. Burk on privacy.Dan l. Burk on privacy.
Dan l. Burk on privacy.Renelio
 

Ähnlich wie whitman_ch04.ppt (20)

Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
 
E-Commerce 10
E-Commerce 10E-Commerce 10
E-Commerce 10
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Ethics in IT Security
Ethics in IT SecurityEthics in IT Security
Ethics in IT Security
 
Chapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptxChapter 3 - Lesson 1.pptx
Chapter 3 - Lesson 1.pptx
 
Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1
 
Lesson 1- Laws and Ethics
Lesson 1- Laws and EthicsLesson 1- Laws and Ethics
Lesson 1- Laws and Ethics
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
Talking about Privacy
Talking about PrivacyTalking about Privacy
Talking about Privacy
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
 
Links Associated with Privacy Death of privacy ‘Your ce.docx
Links Associated with Privacy Death of privacy ‘Your ce.docxLinks Associated with Privacy Death of privacy ‘Your ce.docx
Links Associated with Privacy Death of privacy ‘Your ce.docx
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf
 
Ronit Mathur Cyber Security assesment.pptx
Ronit Mathur Cyber Security assesment.pptxRonit Mathur Cyber Security assesment.pptx
Ronit Mathur Cyber Security assesment.pptx
 
Chap 4 (1)
Chap 4 (1)Chap 4 (1)
Chap 4 (1)
 
Dan l. Burk on privacy.
Dan l. Burk on privacy.Dan l. Burk on privacy.
Dan l. Burk on privacy.
 

Mehr von DEEPAK948083

turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.pptturban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.pptDEEPAK948083
 
introAdhocRoutingRoutingRoutingRouting-new.ppt
introAdhocRoutingRoutingRoutingRouting-new.pptintroAdhocRoutingRoutingRoutingRouting-new.ppt
introAdhocRoutingRoutingRoutingRouting-new.pptDEEPAK948083
 
SensorSensorSensorSensorSensorSensor.ppt
SensorSensorSensorSensorSensorSensor.pptSensorSensorSensorSensorSensorSensor.ppt
SensorSensorSensorSensorSensorSensor.pptDEEPAK948083
 
Chapter1_IntroductionIntroductionIntroduction.ppt
Chapter1_IntroductionIntroductionIntroduction.pptChapter1_IntroductionIntroductionIntroduction.ppt
Chapter1_IntroductionIntroductionIntroduction.pptDEEPAK948083
 
introDMintroDMintroDMintroDMintroDMintroDM.ppt
introDMintroDMintroDMintroDMintroDMintroDM.pptintroDMintroDMintroDMintroDMintroDMintroDM.ppt
introDMintroDMintroDMintroDMintroDMintroDM.pptDEEPAK948083
 
lect1lect1lect1lect1lect1lect1lect1lect1.ppt
lect1lect1lect1lect1lect1lect1lect1lect1.pptlect1lect1lect1lect1lect1lect1lect1lect1.ppt
lect1lect1lect1lect1lect1lect1lect1lect1.pptDEEPAK948083
 
Chchchchchchchchchchchchchchchchc 11.pptx
Chchchchchchchchchchchchchchchchc 11.pptxChchchchchchchchchchchchchchchchc 11.pptx
Chchchchchchchchchchchchchchchchc 11.pptxDEEPAK948083
 
applicationapplicationapplicationapplication.ppt
applicationapplicationapplicationapplication.pptapplicationapplicationapplicationapplication.ppt
applicationapplicationapplicationapplication.pptDEEPAK948083
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
datastructureppt-190327174340 (1).pptx
datastructureppt-190327174340 (1).pptxdatastructureppt-190327174340 (1).pptx
datastructureppt-190327174340 (1).pptxDEEPAK948083
 
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptxDEEPAK948083
 
Lect no 13 ECC.ppt
Lect no 13 ECC.pptLect no 13 ECC.ppt
Lect no 13 ECC.pptDEEPAK948083
 
block ciphermodes of operation.pptx
block ciphermodes of operation.pptxblock ciphermodes of operation.pptx
block ciphermodes of operation.pptxDEEPAK948083
 
Lect no 13 ECC.ppt
Lect no 13 ECC.pptLect no 13 ECC.ppt
Lect no 13 ECC.pptDEEPAK948083
 
unit1Intro_final.pptx
unit1Intro_final.pptxunit1Intro_final.pptx
unit1Intro_final.pptxDEEPAK948083
 
ICS PPT Unit 4.ppt
ICS PPT Unit 4.pptICS PPT Unit 4.ppt
ICS PPT Unit 4.pptDEEPAK948083
 
prims and Kruskal 1.pdf
prims and Kruskal 1.pdfprims and Kruskal 1.pdf
prims and Kruskal 1.pdfDEEPAK948083
 

Mehr von DEEPAK948083 (20)

turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.pptturban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
turban_ch07ch07ch07ch07ch07ch07dss9e_ch07.ppt
 
introAdhocRoutingRoutingRoutingRouting-new.ppt
introAdhocRoutingRoutingRoutingRouting-new.pptintroAdhocRoutingRoutingRoutingRouting-new.ppt
introAdhocRoutingRoutingRoutingRouting-new.ppt
 
SensorSensorSensorSensorSensorSensor.ppt
SensorSensorSensorSensorSensorSensor.pptSensorSensorSensorSensorSensorSensor.ppt
SensorSensorSensorSensorSensorSensor.ppt
 
Chapter1_IntroductionIntroductionIntroduction.ppt
Chapter1_IntroductionIntroductionIntroduction.pptChapter1_IntroductionIntroductionIntroduction.ppt
Chapter1_IntroductionIntroductionIntroduction.ppt
 
introDMintroDMintroDMintroDMintroDMintroDM.ppt
introDMintroDMintroDMintroDMintroDMintroDM.pptintroDMintroDMintroDMintroDMintroDMintroDM.ppt
introDMintroDMintroDMintroDMintroDMintroDM.ppt
 
lect1lect1lect1lect1lect1lect1lect1lect1.ppt
lect1lect1lect1lect1lect1lect1lect1lect1.pptlect1lect1lect1lect1lect1lect1lect1lect1.ppt
lect1lect1lect1lect1lect1lect1lect1lect1.ppt
 
Chchchchchchchchchchchchchchchchc 11.pptx
Chchchchchchchchchchchchchchchchc 11.pptxChchchchchchchchchchchchchchchchc 11.pptx
Chchchchchchchchchchchchchchchchc 11.pptx
 
applicationapplicationapplicationapplication.ppt
applicationapplicationapplicationapplication.pptapplicationapplicationapplicationapplication.ppt
applicationapplicationapplicationapplication.ppt
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
datastructureppt-190327174340 (1).pptx
datastructureppt-190327174340 (1).pptxdatastructureppt-190327174340 (1).pptx
datastructureppt-190327174340 (1).pptx
 
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
5virusandmaliciouscodechapter5-130716024935-phpapp02-converted.pptx
 
Lect no 13 ECC.ppt
Lect no 13 ECC.pptLect no 13 ECC.ppt
Lect no 13 ECC.ppt
 
block ciphermodes of operation.pptx
block ciphermodes of operation.pptxblock ciphermodes of operation.pptx
block ciphermodes of operation.pptx
 
Lect no 13 ECC.ppt
Lect no 13 ECC.pptLect no 13 ECC.ppt
Lect no 13 ECC.ppt
 
unit1Intro_final.pptx
unit1Intro_final.pptxunit1Intro_final.pptx
unit1Intro_final.pptx
 
ICS PPT Unit 4.ppt
ICS PPT Unit 4.pptICS PPT Unit 4.ppt
ICS PPT Unit 4.ppt
 
stack-Intro.pptx
stack-Intro.pptxstack-Intro.pptx
stack-Intro.pptx
 
BST.ppt
BST.pptBST.ppt
BST.ppt
 
Tree 11.ppt
Tree 11.pptTree 11.ppt
Tree 11.ppt
 
prims and Kruskal 1.pdf
prims and Kruskal 1.pdfprims and Kruskal 1.pdf
prims and Kruskal 1.pdf
 

Kürzlich hochgeladen

VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 

Kürzlich hochgeladen (20)

VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 

whitman_ch04.ppt

  • 1.
  • 2. Principles of Information Security, 3rd Edition 2  Use this chapter as a guide for future reference on laws, regulations, and professional organizations  Differentiate between laws and ethics  Identify major national laws that relate to the practice of information security  Understand the role of culture as it applies to ethics in information security Learning Objectives Upon completion of this material, you should be able to:
  • 3. Principles of Information Security, 3rd Edition 3 Introduction  You must understand scope of an organization’s legal and ethical responsibilities  To minimize liabilities/reduce risks, the information security practitioner must:  Understand current legal environment  Stay current with laws and regulations  Watch for new issues that emerge
  • 4. Principles of Information Security, 3rd Edition 4 Law and Ethics in Information Security  Laws: rules that mandate or prohibit certain societal behavior  Ethics: define socially acceptable behavior  Cultural mores: fixed moral attitudes or customs of a particular group; ethics based on these  Laws carry sanctions of a governing authority; ethics do not
  • 5. Principles of Information Security, 3rd Edition 5 Organizational Liability and the Need for Counsel  Liability: legal obligation of an entity extending beyond criminal or contract law; includes legal obligation to make restitution  Restitution: to compensate for wrongs committed by an organization or its employees  Due care: insuring that employees know what constitutes acceptable behavior and know the consequences of illegal or unethical actions  Due diligence: making a valid effort to protect others; continually maintaining level of effort
  • 6. Principles of Information Security, 3rd Edition 6 Organizational Liability and the Need for Counsel (continued)  Jurisdiction: court's right to hear a case if the wrong was committed in its territory or involved its citizenry  Long arm jurisdiction: right of any court to impose its authority over an individual or organization if it can establish jurisdiction
  • 7. Principles of Information Security, 3rd Edition 7 Policy versus Law  Policies: body of expectations that describe acceptable and unacceptable employee behaviors in the workplace  Policies function as laws within an organization; must be crafted carefully to ensure they are complete, appropriate, fairly applied to everyone  Difference between policy and law: ignorance of a policy is an acceptable defense  Criteria for policy enforcement: dissemination (distribution), review (reading), comprehension (understanding), compliance (agreement), uniform enforcement
  • 8. Principles of Information Security, 3rd Edition 8 Types of Law  Civil: governs nation or state; manages relationships/conflicts between organizational entities and people  Criminal: addresses violations harmful to society; actively enforced by the state  Private: regulates relationships between individuals and organizations  Public: regulates structure/administration of government agencies and relationships with citizens, employees, and other governments
  • 9. Principles of Information Security, 3rd Edition 9 Relevant U.S. Laws  United States has been a leader in the development and implementation of information security legislation  Implementation of information security legislation contributes to a more reliable business environment and a stable economy  EU vs. US on privacy  US vs. China on censureship  U.S. has specified penalties for individuals and organizations failing to follow requirements set forth in U.S. civil statutes
  • 10. Principles of Information Security, 3rd Edition 10 General Computer Crime Laws  Computer Fraud and Abuse Act of 1986 (CFA Act)  National Information Infrastructure Protection Act of 1996  USA PATRIOT Act of 2001  USA PATRIOT Improvement and Reauthorization Act  Computer Security Act of 1987
  • 11. Principles of Information Security, 3rd Edition 11 Privacy  One of the hottest topics in information security  Is a “state of being free from unsanctioned intrusion”  Ability to aggregate data from multiple sources allows creation of information databases previously unheard of
  • 12. Principles of Information Security, 3rd Edition 12 Privacy of Customer Information  Privacy of Customer Information Section of the common carrier regulation  Federal Privacy Act of 1974  Electronic Communications Privacy Act of 1986  Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act  Financial Services Modernization Act, or Gramm-Leach- Bliley Act of 1999
  • 13. Principles of Information Security, 3rd Edition 13 Identity Theft  Federal Trade Commission: “occurring when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes”  Fraud And Related Activity In Connection With Identification Documents, Authentication Features, And Information (Title 18, U.S.C. § 1028)
  • 14. Principles of Information Security, 3rd Edition 14 Export and Espionage Laws  Economic Espionage Act of 1996 (EEA)  Security And Freedom Through Encryption Act of 1999 (SAFE)  No teeth…
  • 15. Principles of Information Security, 3rd Edition 16 U.S. Copyright Law  Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats  With proper acknowledgment, permissible to include portions of others’ work as reference  U.S. Copyright Office Web site: www.copyright.gov
  • 16. Principles of Information Security, 3rd Edition 17 Financial Reporting  Sarbanes-Oxley Act of 2002  Affects executive management of publicly traded corporations and public accounting firms  Seeks to improve reliability and accuracy of financial reporting and increase the accountability of corporate governance in publicly traded companies  Penalties for noncompliance range from fines to jail terms
  • 17. Principles of Information Security, 3rd Edition 18 Freedom of Information Act of 1966 (FOIA)  Allows access to federal agency records or information not determined to be matter of national security  U.S. government agencies required to disclose any requested information upon receipt of written request  Some information protected from disclosure
  • 18. Principles of Information Security, 3rd Edition 19 Digital Millennium Copyright Act (DMCA)  U.S. contribution to international effort to reduce impact of copyright, trademark, and privacy infringement  A response to European Union Directive 95/46/EC, which adds protection to individuals with regard to processing and free movement of personal data
  • 19. Principles of Information Security, 3rd Edition 20 State and Local Regulations  Restrictions on organizational computer technology use exist at international, national, state, local levels  Information security professional responsible for understanding state regulations and ensuring organization is compliant with regulations
  • 20. Principles of Information Security, 3rd Edition 21 International Laws and Legal Bodies  IT professionals and IS practitioners should realize that when organizations do business on the Internet, they do business globally  Professionals must be sensitive to laws and ethical values of many different cultures, societies, and countries  Because of political complexities of relationships among nations and differences in culture, there are few international laws relating to privacy and information security  These international laws are important but are limited in their enforceability
  • 21. Principles of Information Security, 3rd Edition 24 Agreement on Trade-Related Aspects of Intellectual Property Rights  Created by World Trade Organization (WTO)  First significant international effort to protect intellectual property rights  Agreement covers five issues:  Application of basic principles of trading system and international intellectual property agreements  Giving adequate protection to intellectual property rights  Enforcement of those rights by countries in their own territories  Settling intellectual property disputes  Transitional arrangements while new system is being introduced
  • 22. Principles of Information Security, 3rd Edition 25 United Nations Charter  Makes provisions, to a degree, for information security during information warfare (IW)  IW involves use of information technology to conduct organized and lawful military operations  IW is relatively new type of warfare, although military has been conducting electronic warfare operations for decades
  • 23. Principles of Information Security, 3rd Edition 26 Ethics and Information Security
  • 24. Principles of Information Security, 3rd Edition 27 Ethical Differences Across Cultures  Cultural differences create difficulty in determining what is and is not ethical  Difficulties arise when one nationality’s ethical behavior conflicts with ethics of another national group  Example: many of the ways in which Asian cultures use computer technology is considered software piracy by other nations
  • 25. Principles of Information Security, 3rd Edition 28 Ethics and Education  Overriding factor in leveling ethical perceptions within a small population is education  Employees must be trained in expected behaviors of an ethical employee, especially in areas of information security  Proper ethical training vital to creating informed, well prepared, and low-risk system user
  • 26. Principles of Information Security, 3rd Edition 29 Deterrence to Unethical and Illegal Behavior  Three general causes of unethical and illegal behavior: ignorance, accident, intent  Deterrence: best method for preventing an illegal or unethical activity; e.g., laws, policies, technical controls  Laws and policies only deter if three conditions are present:  Fear of penalty  Probability of being caught  Probability of penalty being administered
  • 27. Principles of Information Security, 3rd Edition 30 Codes of Ethics and Professional Organizations  Several professional organizations have established codes of conduct/ethics  Codes of ethics can have positive effect; unfortunately, many employers do not encourage joining these professional organizations  Responsibility of security professionals to act ethically and according to policies of employer, professional organization, and laws of society
  • 28. Principles of Information Security, 3rd Edition 31 Association of Computing Machinery (ACM)  ACM established in 1947 as “the world's first educational and scientific computing society”  Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property
  • 29. Principles of Information Security, 3rd Edition 32 International Information Systems Security Certification Consortium, Inc. (ISC)2  Nonprofit organization focusing on development and implementation of information security certifications and credentials  Code primarily designed for information security professionals who have certification from (ISC)2  Code of ethics focuses on four mandatory canons
  • 30. Principles of Information Security, 3rd Edition 33 System Administration, Networking, and Security Institute (SANS)  Professional organization with a large membership dedicated to protection of information and systems  SANS offers set of certifications called Global Information Assurance Certification (GIAC)
  • 31. Principles of Information Security, 3rd Edition 34 Information Systems Audit and Control Association (ISACA)  Professional association with focus on auditing, control, and security  Concentrates on providing IT control practices and standards  ISACA has code of ethics for its professionals
  • 32. Principles of Information Security, 3rd Edition 35 Information Systems Security Association (ISSA)  Nonprofit society of information security (IS) professionals  Primary mission to bring together qualified IS practitioners for information exchange and educational development  Promotes code of ethics similar to (ISC)2, ISACA, and ACM
  • 33. Principles of Information Security, 3rd Edition 36 Key U.S. Federal Agencies  Department of Homeland Security (DHS)  Federal Bureau of Investigation’s National InfraGard Program  National Security Agency (NSA)  U.S. Secret Service
  • 34. Principles of Information Security, 3rd Edition 37 Summary  Laws: rules that mandate or prohibit certain behavior in society; drawn from ethics  Ethics: define socially acceptable behaviors; based on cultural mores (fixed moral attitudes or customs of a particular group)  Types of law: civil, criminal, private, public
  • 35. Principles of Information Security, 3rd Edition 38 Summary (continued)  Relevant U.S. laws:  Computer Fraud and Abuse Act of 1986 (CFA Act)  National Information Infrastructure Protection Act of 1996  USA PATRIOT Act of 2001  USA PATRIOT Improvement and Reauthorization Act  Computer Security Act of 1987
  • 36. Principles of Information Security, 3rd Edition 39 Summary (continued)  Many organizations have codes of conduct and/or codes of ethics  Organization increases liability if it refuses to take measures known as due care  Due diligence requires that organization make valid effort to protect others and continually maintain that effort