Principles of Information Security

Chapter 3 – Legal, Ethical, and Professional Issues in

Information Security

Based on the Fourth Edition of:

M. E. Whitman, H. J. Mattord:. Principles of Information Security

School of Business, Department of Information Technology

Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

In civilized life, law floats in a sea of ethics.

Earl Warren
Chief Justice, U.S. Supreme Court, 12 Nov. 1962

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 2
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Learning Objectives

Describe the functions of and relationships among laws,

regulations, and professional organizations in information
security

Differentiate between laws and ethics

Identify major national laws that relate to the practice of

information security

Understand the role of culture as it applies to ethics in

information security

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 3
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Outline

1 Introduction

2 Law and Ethics in Information Security

3 Relevant U.S. Laws

4 International Laws and Legal Bodies

5 Ethics and Information Security

6 Codes of Ethics and Professional Organizations

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 4
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Introduction

As a future information security professional, you must

understand the scope of an organization’s legal and ethical
responsibilities.

To minimize liabilities and reduce risks, the information

security practitioner must:
Understand current legal environment
Stay current with laws and regulations
Watch for new issues that emerge

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 5
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Law and Ethics in Information Security

Laws: rules that mandate or prohibit certain societal behavior

Ethics: define socially acceptable behavior

Cultural mores: fixed moral attitudes or customs of a

particular group; ethics based on these

Laws carry sanctions of a governing authority; ethics do not

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 6
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Organizational Liability and the Need for Counsel

Liability is the legal obligation of an entity that extends

beyond criminal or contract law; it includes the legal
obligation to make restitution –to compensate for wrongs
committed by an organization or its employees.

Due care: insuring that employees know what constitutes

acceptable behavior and know the consequences of illegal or
unethical actions.

Due diligence: making a valid effort to protect others;

continually maintaining level of effort.

Jurisdiction: court’s right to hear a case if the wrong was

committed in its territory or involved its citizenry.

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 7
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Policy versus Law

Policies: body of expectations that describe acceptable and

unacceptable employee behaviors in the workplace.

Policies function as organizational laws; must be crafted

carefully to ensure they are complete, appropriate, and fairly
applied to everyone in the workplace.

Difference between policy and law: ignorance of a policy is an

acceptable defense.

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 8
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Policy versus Law (cont.)

For a policy become enforceable, it must meet the following five

criteria:

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 9
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Policy versus Law (cont.)

For a policy become enforceable, it must meet the following five

criteria:
1 Dissemination (distribution),
2 Review (reading),
3 Comprehension (understanding),
4 Compliance (agreement), and
5 Uniform enforcement

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 9
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Types of Law

Civil law that govern a nation or state; manages conflicts and

relationships between organizational entities and people.

Criminal law addresses violations harmful to society and is

actively enforced by the state.

Private law regulates the relationship between the individual

and the organization, and encompasses family law,
commercial law, and labor law.

Public law: regulates structure and administration of

government agencies and their relationships with citizens,
employees, and other governments.

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 10
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 define socially acceptable behaviors.

Answer:

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 11
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 define socially acceptable behaviors.

Answer: Ethics

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 11
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 define socially acceptable behaviors.

Answer: Ethics

2 define rules that mandate or prohibit certain behavior.

Answer:

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 11
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 define socially acceptable behaviors.

Answer: Ethics

2 define rules that mandate or prohibit certain behavior.

Answer: Laws

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 11
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 define socially acceptable behaviors.

Answer: Ethics

2 define rules that mandate or prohibit certain behavior.

Answer: Laws

3 is the legal obligation of an entity that extends

beyond criminal or cultural law.
Answer:

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 11
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 define socially acceptable behaviors.

Answer: Ethics

2 define rules that mandate or prohibit certain behavior.

Answer: Laws

3 is the legal obligation of an entity that extends

beyond criminal or cultural law.
Answer: Liability

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 11
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 define socially acceptable behaviors.

Answer: Ethics

2 define rules that mandate or prohibit certain behavior.

Answer: Laws

3 is the legal obligation of an entity that extends

beyond criminal or cultural law.
Answer: Liability

4 is a body of expectations that describe acceptable and

unacceptable employee behaviors in the workplace.
Answer:

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 11
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 define socially acceptable behaviors.

Answer: Ethics

2 define rules that mandate or prohibit certain behavior.

Answer: Laws

3 is the legal obligation of an entity that extends

beyond criminal or cultural law.
Answer: Liability

4 is a body of expectations that describe acceptable and

unacceptable employee behaviors in the workplace.
Answer: Policy

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 11
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

5 What is a type of law that represents all of the laws that

apply to a citizen (or subject) of a jurisdiction?
Answer:

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 12
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

5 What is a type of law that represents all of the laws that

apply to a citizen (or subject) of a jurisdiction?
Answer: Civil law

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 12
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

5 What is a type of law that represents all of the laws that

apply to a citizen (or subject) of a jurisdiction?
Answer: Civil law

6 What is a type of law that addresses violations harmful to

society and that is enforced by prosecution by the state?
Answer:

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 12
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

5 What is a type of law that represents all of the laws that

apply to a citizen (or subject) of a jurisdiction?
Answer: Civil law

6 What is a type of law that addresses violations harmful to

society and that is enforced by prosecution by the state?
Answer: Criminal law

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 12
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

5 What is a type of law that represents all of the laws that

apply to a citizen (or subject) of a jurisdiction?
Answer: Civil law

6 What is a type of law that addresses violations harmful to

society and that is enforced by prosecution by the state?
Answer: Criminal law

7 is a type of law that regulates the relationship

between an individual and an organization.
Answer:

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 12
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

5 What is a type of law that represents all of the laws that

apply to a citizen (or subject) of a jurisdiction?
Answer: Civil law

6 What is a type of law that addresses violations harmful to

society and that is enforced by prosecution by the state?
Answer: Criminal law

7 is a type of law that regulates the relationship

between an individual and an organization.
Answer: Private law

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 12
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

5 What is a type of law that represents all of the laws that

apply to a citizen (or subject) of a jurisdiction?
Answer: Civil law

6 What is a type of law that addresses violations harmful to

society and that is enforced by prosecution by the state?
Answer: Criminal law

7 is a type of law that regulates the relationship

between an individual and an organization.
Answer: Private law

8 is a type of law that regulates the structure and

administration of government agencies.
Answer:
Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles
Security of Information Security 12
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

5 What is a type of law that represents all of the laws that

apply to a citizen (or subject) of a jurisdiction?
Answer: Civil law

6 What is a type of law that addresses violations harmful to

society and that is enforced by prosecution by the state?
Answer: Criminal law

7 is a type of law that regulates the relationship

between an individual and an organization.
Answer: Private law

8 is a type of law that regulates the structure and

administration of government agencies.
Answer: Public law
Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles
Security of Information Security 12
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Relevant U.S. Laws

United States has been a leader in the development and

implementation of information security legislation

Implementation of information security legislation contributes

to a more reliable business environment and a stable economy

U.S. has demonstrated understanding of problems facing the

information security field

U.S. has specified penalties for individuals and organizations

failing to follow requirements set forth in U.S. civil statutes

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 13
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

General Computer Crime Laws

The Computer Fraud and Abuse Act of 1986 (CFA Act) is the
cornerstone of many computer-related federal laws and
enforcement efforts.

The CFA Act was amended in October 1996 with the National
Information Infrastructure Protection Act of 1996.

The USA PATRIOT Act of 2001 modified a wide range of

existing laws to provide law enforcement agencies with
broader latitude of actions in order to combat
terrorism-related activities.

In 2006, this act was amended with the USA PATRIOT

Improvement and Reauthorization Act.

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 14
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Relevant U.S. Laws – Privacy

The issue of privacy has become one of the hottest topics in

information security at the beginning of the 21st century.

In response to pressure for privacy protection, the number of

statutes addressing an individual’s right to privacy has grown.

It must be understood, however, that privacy in this context is

not absolute freedom from observation, but rather is a more
precise state of being free from unsanctioned intrusion.

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 15
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Relevant U.S. Laws – Privacy

US Regulations
Privacy of Customer Information Section of the common
carrier regulation

Federal Privacy Act of 1974

Electronic Communications Privacy Act of 1986

Health Insurance Portability and Accountability Act of 1996

(HIPAA), aka Kennedy-Kassebaum Act

Financial Services Modernization Act, or Gramm-Leach-Bliley

Act of 1999

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 16
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Relevant U.S. Laws – Identity Theft

Identity theft occurs when someone uses your personally

identifying information, like your name, Social Security
number, or credit card number, without your permission, to
commit fraud or other crimes.

If someone suspects identity theft

Report to the three dominant consumer reporting companies
that your identity is threatened
Register your concern with the Federal Trade Commission
(FTC)
Report the incident to either your local police or police in the
location where the identity theft occurred

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 17
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Relevant U.S, Laws (cont.)

Export and Espionage Laws
Economic Espionage Act of 1996 (EEA)

Security And Freedom Through Encryption Act of 1999

(SAFE)

The acts include provisions about encryption that:

Reinforce the right to use or sell encryption algorithms,
without concern of key registration
Prohibit the federal government from requiring it
Make it not probable cause in criminal activity
Relax export restrictions
Additional penalties for using it in a crime

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 18
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Relevant U.S. Laws (cont.)

Figure 3-1 Export and Espionage

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 19
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Relevant U.S. Laws (cont.)

U.S. Copyright Law

Intellectual property recognized as protected asset in the U.S.;
copyright law extends to electronic formats.

With proper acknowledgment, permissible to include portions

of others work as reference

U.S. Copyright Office Web site: www.copyright.gov

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 20
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Relevant U.S. Laws – Privacy

Financial Reporting law affects executive management of

publicly traded corporations and public accounting firms
(seeks to improve reliability and accuracy of financial
reporting).

The Freedom of Information Act allows any person to request

access to federal agency records or information not
determined to be a matter of national security.

Restrictions on organizational computer technology use exist

at international, national, state, local levels. Information
security professional responsible for understanding state and
local regulations.

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 21
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 occurs when someone uses your personally identifying

information, like your name, Social Security number, or credit
card number, without your permission, to commit fraud or
other crimes.
Answer:

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 22
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 occurs when someone uses your personally identifying

information, like your name, Social Security number, or credit
card number, without your permission, to commit fraud or
other crimes.
Answer: Identity theft

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 22
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 occurs when someone uses your personally identifying

information, like your name, Social Security number, or credit
card number, without your permission, to commit fraud or
other crimes.
Answer: Identity theft

2 The generally recognized term for the government protection

afforded to intellectual property (written and electronic) is
.
Answer:

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 22
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 occurs when someone uses your personally identifying

information, like your name, Social Security number, or credit
card number, without your permission, to commit fraud or
other crimes.
Answer: Identity theft

2 The generally recognized term for the government protection

afforded to intellectual property (written and electronic) is
.
Answer: copyright law

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 22
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 occurs when someone uses your personally identifying

information, like your name, Social Security number, or credit
card number, without your permission, to commit fraud or
other crimes.
Answer: Identity theft

2 The generally recognized term for the government protection

afforded to intellectual property (written and electronic) is
.
Answer: copyright law

3 True or False: The law that regulates the role of the financial
services industry in protecting the privacy of individuals is the
Federal Privacy Act of 1974.
Answer:
Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles
Security of Information Security 22
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 occurs when someone uses your personally identifying

information, like your name, Social Security number, or credit
card number, without your permission, to commit fraud or
other crimes.
Answer: Identity theft

2 The generally recognized term for the government protection

afforded to intellectual property (written and electronic) is
.
Answer: copyright law

3 True or False: The law that regulates the role of the financial
services industry in protecting the privacy of individuals is the
Federal Privacy Act of 1974.
Answer: False
Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles
Security of Information Security 22
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

International Laws and Legal Bodies

When organizations do business on the Internet, they do

business globally

Professionals must be sensitive to laws and ethical values of

many different cultures, societies, and countries

Because of political complexities of relationships among

nations and differences in culture, there are few international
laws relating to privacy and information security

These international laws are important but are limited in their

enforceability

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 23
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

International Laws and Legal Bodies (cont.)

European Council Cyber-Crime Convention

Establishes international task force overseeing Internet security

functions for standardized international technology laws

Attempts to improve effectiveness of international

investigations into breaches of technology law.

Well received by intellectual property rights advocates due to

emphasis on copyright infringement prosecution.

Lacks realistic provisions for enforcement.

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 24
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

International Laws and Legal Bodies (cont.)

Agreement on Trade-Related Aspects of Intellectual Property

Rights (TRIPS); created by the World Trade Organization (WTO).
It covers five issues:
1 Application of basic principles of trading system and
international intellectual property agreements
2 Giving adequate protection to intellectual property rights
3 Enforcement of those rights by countries in their own
territories
4 Settling intellectual property disputes
5 Transitional arrangements while new system is being
introduced

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 25
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

International Laws and Legal Bodies (cont.)

Digital Millennium Copyright ACT (DMCA)

The Digital Millennium Copyright ACT (DMCA) is U.S.
contribution to international effort to reduce impact of
copyright, trademark, and privacy infringement.

It is a response to European Union Directive 95/46/EC, which

adds protection to individuals with regard to processing and
free movement of personal data.

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 26
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Ethics and Information Security

Many professional groups (such as doctors and lawyers) have

explicit rules governing ethical behavior in the workplace.

IT and IS fields do not have a binding code of ethics. Instead,

professional associations, such as the Association for
Computing Machinery (ACM) and the Information Systems
Security Association (ISSA) work to establish the profession’s
ethical codes of conduct.

The Ten Commandments of Computer Ethics are:

1 Thou shall not use a computer to harm other people.
2 Thou shall not interfere with other people’s computer work.
3 Thou shall not snoop around in other people’s computer files.

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 27
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Ethics and Information Security (cont.)

4 Thou shall not use a computer to steal.
5 Thou shall not use a computer to bear false witness.
6 Thou shall not copy or use proprietary software for which you
have not paid.

7 Thou shall not use other people’s computer resources without

authorization or proper compensation.
8 Thou shall not appropriate other peoples intellectual output.
9 Thou shall think about the social consequences of the
program you are writing or the system you are designing.
10 Thou shall always use a computer in a way that ensure
consideration and respect for your fellow humans.
Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles
Security of Information Security 28
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Ethics and Information Security (cont.)

Ethical Differences Across Cultures

Cultural differences create difficulty in determining what is
and is not ethical.

Difficulties arise when one nationality’s ethical behavior

conflicts with ethics of another national group.

For example, Many of the ways in which Asian cultures use

computer technology is considered software piracy by other
nations.

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 29
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Ethics and Information Security (cont.)

Ethics and Education

Overriding factor in leveling ethical perceptions within a small
population is education.

Employees must be trained in expected behaviors of an ethical

employee, especially in areas of information security.

Proper ethical training vital to creating informed, well

prepared, and low-risk system user.

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 30
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Ethics and Information Security (cont.)

Deterrence to Unethical and Illegal Behavior

Three general causes of unethical and illegal behavior: (i)
ignorance, (ii) accident, and (iii) intent.

Deterrence is the best method for preventing an illegal or

unethical activity. Laws, policies, and technical controls are all
examples of deterrents.

Laws and policies only deter if three conditions are present:

1 fear of penalty
2 probability of being caught
3 probability of penalty being administered

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 31
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Codes of Ethics and Professional Organizations

Several professional organizations have established codes of

conduct or codes of ethics.

Codes of ethics can have positive effect; unfortunately, many

employers do not encourage joining these professional
organizations.

It is the responsibility of security professionals to act ethically

and according to the policies and procedures of their employer,
their professional organizations, and the laws of society.

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 32
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Codes of Ethics and Professional Organizations

Major Professional Organizations for IT
The Association of Computing Machinery (ACM) established
in 1947 as the world’s first educational and scientific
computing society –(www.acm.org)

International Information Systems Security Certification

Consortium, Inc. (ISC)2 –(www.isc2.org)

System Administration, Networking, and Security Institute

(SANS) –(www.sans.org)

Information Systems Audit and Control Association (ISACA)

–(www.isaca.org)

Information Systems Security Association (ISSA)

–(www.issa.org)
Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles
Security of Information Security 33
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Codes of Ethics and Professional Organizations

Key U.S. Federal Agencies

There are a number of key U.S. federal agencies charged with
the protection of American information resources and the
investigation of threats to, or attacks on, these resources.
These include:
Department of Homeland Security (DHS)
Federal Bureau of Investigation’s (FBI) National Infrastructure
Protection Center (NIPC)
National Security Administration (NSA), and
U.S. Secret Service.

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 34
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 Which of the following is more appropriate:

(a) The Federal Bureau of Investigation (FBI) is responsible for
signal intelligence and information system security of classified
systems.
(b) The National Security Agency (NSA) is responsible for signal
intelligence and information system security of classified
systems.
(c) The National Security Agency (NSA) is responsible for the
security of all national critical infrastructure.
(d) Both (a) and (b) are correct.
(e) Both (a) and (c) are correct.
Answer:

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 35
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Quick Quiz

1 Which of the following is more appropriate:

(a) The Federal Bureau of Investigation (FBI) is responsible for
signal intelligence and information system security of classified
systems.
(b) The National Security Agency (NSA) is responsible for signal
intelligence and information system security of classified
systems.
(c) The National Security Agency (NSA) is responsible for the
security of all national critical infrastructure.
(d) Both (a) and (b) are correct.
(e) Both (a) and (c) are correct.
Answer: (b)

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 35
Introduction Law and Ethics U.S. Laws International Laws Ethics & IS Codes of Ethics

Additional Resources

1 Electronic Frontier Foundation

http://www.eff.org/

2 Privacy ans Security: An Overview

http://www.educause.edu/EDUCAUSE+Review/EDUCAUSERe
viewMagazineVolume41/PrivacySecurityAnOverview/158077

3 State of Florida “Sunshine” Law

http://www.myflsunshine.com/sun.nsf/Pages/Law

4 Elcomsoft Verdict: No Guilty

http://news.cnet.com/2100-1023-978176.html

Chapter 3 – Legal, Ethical, and Professional Issues in Information Principles

Security of Information Security 36