Chapter 3

Chapter 3 - Learning Objectives Upon completion of this...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 2 Use this chapter as a guide for future reference on laws, regulations, and professional organizations Differentiate between laws and ethics Identify major national laws that relate to the practice of information security Understand the role of culture as it applies to ethics in information security Learning Objectives Upon completion of this material, you should be able to:
Background image of page 2
Principles of Information Security, 3rd Edition 3 Introduction You must understand scope of an organization’s legal and ethical responsibilities To minimize liabilities/reduce risks, the information security practitioner must: Understand current legal environment Stay current with laws and regulations Watch for new issues that emerge
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 4 Law and Ethics in Information Security Laws: rules that mandate or prohibit certain societal behavior Ethics: define socially acceptable behavior Cultural mores: fixed moral attitudes or customs of a particular group; ethics based on these Laws carry sanctions of a governing authority; ethics do not
Background image of page 4
Principles of Information Security, 3rd Edition 5 Organizational Liability and the Need for Counsel Liability: legal obligation of an entity extending beyond criminal or contract law; includes legal obligation to make restitution Restitution: to compensate for wrongs committed by an organization or its employees Due care: insuring that employees know what constitutes acceptable behavior and know the consequences of illegal or unethical actions Due diligence: making a valid effort to protect others; continually maintaining level of effort
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 6 Organizational Liability and the Need for Counsel (continued) Jurisdiction: court's right to hear a case if the wrong was committed in its territory or involved its citizenry Long arm jurisdiction: right of any court to impose its authority over an individual or organization if it can establish jurisdiction
Background image of page 6
Principles of Information Security, 3rd Edition 7 Policy versus Law Policies: body of expectations that describe acceptable and unacceptable employee behaviors in the workplace Policies function as laws within an organization; must be crafted carefully to ensure they are complete, appropriate, fairly applied to everyone Difference between policy and law: ignorance of a policy is an acceptable defense Criteria for policy enforcement: Dissemination (distribution), Review (reading), Comprehension (understanding), Compliance (agreement), Uniform enforcement
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Principles of Information Security, 3rd Edition 8 Types of Law Civil: laws that govern nation or state; manages relationships/conflicts between organizational entities and people Criminal: addresses violations harmful to society; actively enforced by the state Private: regulates relationships between individuals and
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 01/13/2012 for the course IS 3020 taught by Professor Staff during the Spring '08 term at Kennesaw.

Page1 / 41

Chapter 3 - Learning Objectives Upon completion of this...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online