Chapter 3 - Principles of Information Security, 3rd Edition...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Principles of Information Security, 3rd Edition 2 Use this chapter as a guide for future reference on laws, regulations, and professional organizations Differentiate between laws and ethics Identify major national laws that relate to the practice of information security Understand the role of culture as it applies to ethics in information security Learning Objectives Upon completion of this material, you should be able to: Principles of Information Security, 3rd Edition 3 Introduction You must understand scope of an organizations legal and ethical responsibilities To minimize liabilities/reduce risks, the information security practitioner must: Understand current legal environment Stay current with laws and regulations Watch for new issues that emerge Principles of Information Security, 3rd Edition 4 Law and Ethics in Information Security Laws: rules that mandate or prohibit certain societal behavior Ethics: define socially acceptable behavior Cultural mores: fixed moral attitudes or customs of a particular group; ethics based on these Laws carry sanctions of a governing authority; ethics do not Principles of Information Security, 3rd Edition 5 Organizational Liability and the Need for Counsel Liability: legal obligation of an entity extending beyond criminal or contract law; includes legal obligation to make restitution Restitution: to compensate for wrongs committed by an organization or its employees Due care: insuring that employees know what constitutes acceptable behavior and know the consequences of illegal or unethical actions Due diligence: making a valid effort to protect others; continually maintaining level of Principles of Information Security, 3rd Edition 6 Organizational Liability and the Need for Counsel (continued) N Jurisdiction: court's right to hear a case if the wrong was committed in its territory or involved its citizenry Long arm jurisdiction: right of any court to impose its authority over an individual or organization if it can establish jurisdiction Principles of Information Security, 3rd Edition 7 Policy versus Law Policies: body of expectations that describe acceptable and unacceptable employee behaviors in the workplace Policies function as laws within an organization; must be crafted carefully to ensure they are complete, appropriate, fairly applied to everyone Difference between policy and law: ignorance of a policy is an acceptable defense Criteria for policy enforcement: dissemination (distribution), review (reading), comprehension (understanding), compliance (agreement), Principles of Information Security, 3rd Edition 8 Types of Law Civil: governs nation or state; manages relationships/conflicts between organizational entities and people Criminal: addresses violations harmful to society; actively enforced by the state Private: regulates relationships between individuals and organizations Public: regulates structure/administration of government agencies and relationships with citizens, employees, and other governments Principles of Information Security, 3rd Edition...
View Full Document

This note was uploaded on 03/31/2010 for the course IS 425 taught by Professor Lemon during the Spring '10 term at University of Maryland Baltimore.

Page1 / 40

Chapter 3 - Principles of Information Security, 3rd Edition...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online