Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
ISE 542: IT Security
Chapter – 10
Ethics in IT Security
Outline
 Law and Ethics in Information Security
 Codes of Ethics and Professional Organizations
Introduction
 To minimize liabilities/reduce risks, the
information security practitioner must:
 Understand current lega...
Law and Ethics in Information
Security
 Laws: rules that mandate or prohibit certain
societal behavior
 Ethics: define s...
What is Computer Ethics?
computer ethics is the analysis of the
nature and social impact of computer
technology and the c...
Why study computer and
information ethics
 Apply ethical point of view to real-world
computing context
 Identify and sol...
Why study computer and
information ethics
doing so will make us behave like responsible
professionals
doing so will teac...
Anatomy of the Problem
Recent terrorist attacks and the raise
in cyber attacks have raised concern
about the security of ...
What are the causes?
 Revenge
 Joke
 The Hacker's Ethics
• All information should be free
 Terrorism
 Political and M...
Social and Ethical Consequences
 Psychological effects – these include hate and
joke especially on an individual.
 may l...
Social and Ethical Consequences
 Loss of privacy – After an attack, there is usually
an over reaction and a resurgence in...
Relevant U.S. Laws (General)
 Computer Fraud and Abuse Act of 1986
(CFA Act)
 National Information Infrastructure
Protec...
Privacy
 One of the hottest topics in information
security
 Privacy of Customer Information Section of
common carrier re...
Export and Espionage Laws
 Economic Espionage Act of 1996 (EEA)
 attempts to prevent trade secrets from being
illegally ...
U.S. Copyright Law
 Intellectual property recognized as
protected asset in the U.S.; copyright law
extends to electronic ...
International Laws and Legal Bodies
 European Council Cyber-Crime Convention:
 Establishes international task force over...
Digital Millennium Copyright Act
(DMCA)
 U.S. contribution to international effort to
reduce impact of copyright, tradema...
United Nations Charter
 Makes provisions, to a degree, for
information security during information
warfare (IW)
 IW invo...
Ethics and Information Security
Ethics and Education
 Overriding factor in leveling ethical
perceptions within a small population is
education
 Employee...
Codes of Ethics and Professional
Organizations
 Several professional organizations have
established codes of conduct/ethi...
Association of Computing Machinery
(ACM)
 ACM established in 1947 as “the world's
first educational and scientific comput...
International Information
Systems Security Certification
Consortium, Inc. (ISC)2
 Non-profit organization focusing on
dev...
System Administration, Networking,
and Security Institute (SANS)
 Professional organization with a large
membership dedic...
Information Systems Audit and
Control Association (ISACA)
 Professional association with focus on
auditing, control, and ...
Computer Security Institute (CSI)
 Provides information and training to
support computer, networking, and
information sec...
Information Systems Security
Association (ISSA)
 Nonprofit society of information security
(IS) professionals
 Primary m...
Other Security Organizations
 Internet Society (ISOC): promotes
development and implementation of
education, standards, p...
Other Security Organizations
(continued)
 CERT (Computer Emergency Response Team)
Coordination Center (CERT/CC): center o...
Key U.S. Federal Agencies
 Department of Homeland Security (DHS)
 Federal Bureau of Investigation’s National
Infrastruct...
Ethics in IT Security
Nächste SlideShare
Wird geladen in …5
×

von

Ethics in IT Security Slide 1 Ethics in IT Security Slide 2 Ethics in IT Security Slide 3 Ethics in IT Security Slide 4 Ethics in IT Security Slide 5 Ethics in IT Security Slide 6 Ethics in IT Security Slide 7 Ethics in IT Security Slide 8 Ethics in IT Security Slide 9 Ethics in IT Security Slide 10 Ethics in IT Security Slide 11 Ethics in IT Security Slide 12 Ethics in IT Security Slide 13 Ethics in IT Security Slide 14 Ethics in IT Security Slide 15 Ethics in IT Security Slide 16 Ethics in IT Security Slide 17 Ethics in IT Security Slide 18 Ethics in IT Security Slide 19 Ethics in IT Security Slide 20 Ethics in IT Security Slide 21 Ethics in IT Security Slide 22 Ethics in IT Security Slide 23 Ethics in IT Security Slide 24 Ethics in IT Security Slide 25 Ethics in IT Security Slide 26 Ethics in IT Security Slide 27 Ethics in IT Security Slide 28 Ethics in IT Security Slide 29 Ethics in IT Security Slide 30 Ethics in IT Security Slide 31
Nächste SlideShare
Information ethics
Weiter
Herunterladen, um offline zu lesen und im Vollbildmodus anzuzeigen.

4 Gefällt mir

Teilen

Herunterladen, um offline zu lesen

Ethics in IT Security

Herunterladen, um offline zu lesen

Ethics in IT Security

Ähnliche Bücher

Kostenlos mit einer 30-tägigen Testversion von Scribd

Alle anzeigen

Ethics in IT Security

  1. 1. ISE 542: IT Security Chapter – 10 Ethics in IT Security
  2. 2. Outline  Law and Ethics in Information Security  Codes of Ethics and Professional Organizations
  3. 3. Introduction  To minimize liabilities/reduce risks, the information security practitioner must:  Understand current legal environment  Stay current with laws and regulations  Watch for new issues that emerge
  4. 4. Law and Ethics in Information Security  Laws: rules that mandate or prohibit certain societal behavior  Ethics: define socially acceptable behavior  Laws carry sanctions of a governing authority; ethics do not
  5. 5. What is Computer Ethics? computer ethics is the analysis of the nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such technology It is a study, an analysis of the values of human actions influenced by computer technology.
  6. 6. Why study computer and information ethics  Apply ethical point of view to real-world computing context  Identify and solve ethical problems in specific fields of computing
  7. 7. Why study computer and information ethics doing so will make us behave like responsible professionals doing so will teach us how to avoid computer abuse and catastrophes the advance of computing technology will continue to create temporary policy vacuums the use of computing permanently transforms certain ethical issues to the degree that their alterations require independent study the use of computing technology creates, and will continue to create, novel ethical issues that require special study.
  8. 8. Anatomy of the Problem Recent terrorist attacks and the raise in cyber attacks have raised concern about the security of information, security of individuals, and a need to protect the nation’s cyber infrastructure US Patriot Act of 2001 defined critical infrastructure as those "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters."
  9. 9. What are the causes?  Revenge  Joke  The Hacker's Ethics • All information should be free  Terrorism  Political and Military Espionage  Business (Competition) Espionage  Hate (national origin, gender, and race)  Personal gain/Fame/Fun  Ignorance
  10. 10. Social and Ethical Consequences  Psychological effects – these include hate and joke especially on an individual.  may lead to individual reclusion,  increasing isolation  Moral decay – There is a moral imperative in all our actions. When human actions, whether bad or good, become so frequent, they create a level of familiarity that leads to acceptance as “normal”. This type of acceptance of actions formerly viewed as immoral and bad by society lead to moral decay.
  11. 11. Social and Ethical Consequences  Loss of privacy – After an attack, there is usually an over reaction and a resurgence in the need for quick solutions to the problem that seems to have hit home. Many businesses are responding with patches, filters, ID tools, and a whole list of “solutions”.  Trust – Along with privacy lost, is trust lost. Individuals once attacked, lose trust in a person, group, company or anything else believed to be the source of the attack or believed to be unable to stop the attack.
  12. 12. Relevant U.S. Laws (General)  Computer Fraud and Abuse Act of 1986 (CFA Act)  National Information Infrastructure Protection Act of 1996  USA Patriot Act of 2001  Telecommunications Deregulation and Competition Act of 1996  Computer Security Act of 1987
  13. 13. Privacy  One of the hottest topics in information security  Privacy of Customer Information Section of common carrier regulation  Federal Privacy Act of 1974  Electronic Communications Privacy Act of 1986  Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act  Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999
  14. 14. Export and Espionage Laws  Economic Espionage Act of 1996 (EEA)  attempts to prevent trade secrets from being illegally shared.  Security And Freedom Through Encryption Act of 1999 (SAFE)  to provide guidance on the use of encryption, and provided measures of public protection from government intervention.
  15. 15. U.S. Copyright Law  Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats  With proper acknowledgement, permissible to include portions of others’ work as reference  U.S. Copyright Office Web site: www.copyright.gov
  16. 16. International Laws and Legal Bodies  European Council Cyber-Crime Convention:  Establishes international task force overseeing Internet security functions for standardized international technology laws  Attempts to improve effectiveness of international investigations into breaches of technology law  Well received by intellectual property rights advocates due to emphasis on copyright infringement prosecution  Lacks realistic provisions for enforcement
  17. 17. Digital Millennium Copyright Act (DMCA)  U.S. contribution to international effort to reduce impact of copyright, trademark, and privacy infringement  A response to European Union Directive 95/46/EC, which adds protection to individuals with regard to processing and free movement of personal data
  18. 18. United Nations Charter  Makes provisions, to a degree, for information security during information warfare (IW)  IW involves use of information technology to conduct organized and lawful military operations  IW is relatively new type of warfare, although military has been conducting electronic warfare operations for decades
  19. 19. Ethics and Information Security
  20. 20. Ethics and Education  Overriding factor in leveling ethical perceptions within a small population is education  Employees must be trained in expected behaviors of an ethical employee, especially in areas of information security  Proper ethical training vital to creating informed, well prepared, and low-risk system user
  21. 21. Codes of Ethics and Professional Organizations  Several professional organizations have established codes of conduct/ethics  Codes of ethics can have positive effect; unfortunately, many employers do not encourage joining of these professional organizations  Responsibility of security professionals to act ethically and according to policies of employer, professional organization, and laws of society
  22. 22. Association of Computing Machinery (ACM)  ACM established in 1947 as “the world's first educational and scientific computing society”  Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property
  23. 23. International Information Systems Security Certification Consortium, Inc. (ISC)2  Non-profit organization focusing on development and implementation of information security certifications and credentials  Code primarily designed for information security professionals who have certification from (ISC)2
  24. 24. System Administration, Networking, and Security Institute (SANS)  Professional organization with a large membership dedicated to protection of information and systems  SANS offers set of certifications called Global Information Assurance Certification (GIAC)
  25. 25. Information Systems Audit and Control Association (ISACA)  Professional association with focus on auditing, control, and security  Concentrates on providing IT control practices and standards  ISACA has code of ethics for its professionals
  26. 26. Computer Security Institute (CSI)  Provides information and training to support computer, networking, and information security professionals  Though without a code of ethics, has argued for adoption of ethical behavior among information security professionals
  27. 27. Information Systems Security Association (ISSA)  Nonprofit society of information security (IS) professionals  Primary mission to bring together qualified IS practitioners for information exchange and educational development  Promotes code of ethics similar to (ISC)2 , ISACA and ACM
  28. 28. Other Security Organizations  Internet Society (ISOC): promotes development and implementation of education, standards, policy and education to promote the Internet  Computer Security Division (CSD): division of National Institute for Standards and Technology (NIST); promotes industry best practices and is important reference for information security professionals
  29. 29. Other Security Organizations (continued)  CERT (Computer Emergency Response Team) Coordination Center (CERT/CC): center of Internet security expertise operated by Carnegie Mellon University
  30. 30. Key U.S. Federal Agencies  Department of Homeland Security (DHS)  Federal Bureau of Investigation’s National Infrastructure Protection Center (NIPC)  National Security Agency (NSA)  U.S. Secret Service
  • PoojaManjunath7

    Jul. 9, 2019
  • Gurpreetkaur838

    Oct. 26, 2018
  • TinotendaMasvimbo

    Oct. 17, 2017
  • ChristopherBeiring

    May. 11, 2015

Ethics in IT Security

Aufrufe

Aufrufe insgesamt

2.760

Auf Slideshare

0

Aus Einbettungen

0

Anzahl der Einbettungen

4

Befehle

Downloads

120

Geteilt

0

Kommentare

0

Likes

4

×