Please enable JavaScript.
Coggle requires JavaScript to display documents.
ASM655 CHAPTER 2 COMPLIANCE: LAW & ETHICS (JULIZA JOHARI - 2020618656)…
ASM655 CHAPTER 2 COMPLIANCE: LAW & ETHICS (JULIZA JOHARI - 2020618656) BA232 5B
Ethics in InfoSec
organized study of how humans ought to act. Others define it as a set of rules we should live by.
The foundations and frameworks of ethics include:
Normative ethics
Meta-ethics
Descriptive ethics
Applied ethics
Deontological ethics
From these fairly well-defined and agreed-upon ethical frameworks come a series of ethical standards as follows:
Utilitarian approach
Rights approach
Fairness or justice approach
Common good approach
Virtue approach
Deterring Unethical and Illegal Behavior
There are three general categories of unethical behavior that organizations and society should seek to eliminate:
Ignorance
Accident
Intent
Laws, policies, and technical controls are all examples of
deterrents
Professional Organizations and
Their Codes of Ethics
Codes of ethics can have a positive effect on an individual’s judgment regarding computer use
Codes of ethics can have a positive effect on an individual’s judgment regarding computer use
Association of
Computing Machinery
originally established in 1947, as the world's first educational and scientific computing society
ACM is one of the few organizations that strongly promotes education and provides discounted membership for students
International Information Systems Security
Certification Consortium, Inc. (ISC)2.
This code includes four mandatory canons:
Protect society, the commonwealth, and the infrastructure
Act honorably, honestly, justly, responsibly, and legally
Provide diligent and competent service to principals
Advance and protect the profession
SANS - Founded in 1989, SANS is a professional research and education cooperative organization with a large membership, dedicated to the protection of information and systems.
ISACA - The membership comprises
both technical and managerial professionals
ISSA - a nonprofit society
of information security professionals
Types of Law can be categorized based on their origins:
Constitutional law
Statutory law
Civil law including contract law, employment law, family law
and tort law
Criminal law
Regulatory or administrative law
Common law, case law, and precedent
General Computer Crime Laws
Computer Fraud and Abuse (CFA) Act of 1986 is the cornerstone of many computer-related federal laws.
amended by the National Information
Infrastructure Protection Act of 1996
Privacy Laws
Federal Privacy Act of 1974 regulates the government’s use of private information and was created to ensure that government agencies protect the privacy of individuals’ and businesses’ information.
ARRA and HITECH
Enacted in 2009, the American Recovery and Reinvestment Act (ARRA) was designed to provide a response to the economic crisis in the United States
Gramm-Leach-Bliley (GLB) Act of 1999
The Financial Services Modernization Act or Gramm-Leach-Bliley (GLB) Act of 1999 contains a number of provisions that affect banks, securities firms, and insurance companies
Export and Espionage Laws
This law attempts to protect trade secrets
The act prohibits the federal government from requiring the use of encryption for contracts, grants, and other official documents, and correspondence.
Breach Laws
specifies a requirement for organizations to notify affected parties when they have experienced a specified type of loss of information
Policy Versus Law
The key difference between policy and law is that while ignorance of the law is not an excuse (ignorantia juris non excusat),ignorance of policy is a viable defense,
Digital Forensics
To investigate allegations of digital malfeasance—a crime against or using digital media, computer technology,