Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Slides:



Advertisements
Similar presentations
Lesson 24-Security and Law
Advertisements

11 Section D: SQL  SQL Basics  Adding Records  Searching for Information  Updating Fields  Joining Tables Chapter 11: Databases1.
Principles of Information Security, 3rd Edition2 Introduction  You must understand scope of an organization’s legal and ethical responsibilities  To.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
Security Controls – What Works
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.
Chapter 1 Introduction to Security
Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
OVERVIEW OF COMPUTER CRIME LEGISLATION IN HAWAII
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property.
Copyright © 2009 by Pearson Prentice Hall. All rights reserved. PowerPoint Slides to Accompany CONTEMPORARY BUSINESS AND ONLINE COMMERCE LAW 6 th Edition.
© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
E-Commerce: Regulatory, Ethical, and Social Environments
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.
The Realities and Challenges of Cyber Crime and Cyber Security in Africa Prof Raymond Akwule President/CEO Digital Bridge Institute 2011 Workshop on Cyber.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Copyright © 2008 by West Legal Studies in Business A Division of Thomson Learning Chapter 11 Cyberlaw Twomey Jennings Anderson’s Business Law and the Legal.
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
1 Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears, click a blue triangle to move to the next slide.
HIPAA PRIVACY AND SECURITY AWARENESS.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.
Computer Legislation The need for computer laws Go to Contents.
Unethical use of Computers and Networks
Privacy, Confidentiality, Security, and Integrity of Electronic Data
Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.
Cybersecurity Governance in Ethiopia
Class Discussion Notes MKT April 10, 2001.
COMPUTER ETHICS Owda Shaqalih Hussam Hamada Nedal ALshorafa.
Internet Fraud Complaint. Internet fraud refers to any type of frauds that take place due to the use of internet.
Lecture 11: Law and Ethics
Lesson 5-Legal Issues in Information Security. Overview U.S. criminal law. State laws. Laws of other countries. Issues with prosecution. Civil issues.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
COPYRIGHT © 2011 South-Western/Cengage Learning. 1 Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears,
A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.
1 Policy Types l Program l Issue Specific l System l Overall l Most Generic User Policies should be publicized l Internal Operations Policies should be.
Chapter 11.  Electronic commerce (e-commerce)  The sale of goods and services by computer over the Internet  Internet (Net)  A collection of millions.
Computer Forensics Law & Privacy © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU.
Cybercrime What is it, what does it cost, & how is it regulated?
Finance & Finance Law. What is finance? Finance describes the act of providing money, capital or other financial resources to assist in facilitating a.
Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor.
© 2010 Pearson Education, Inc., publishing as Prentice-Hall 1 INTERNET LAW AND E-COMMERCE © 2010 Pearson Education, Inc., publishing as Prentice-Hall CHAPTER.
Chapter 11 CYBERLAW. 2 Cyberlaw is not a new body of laws. Cyberlaw is not a new body of laws. Cyberlaw is the application of existing laws and legal.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Chapter 1: Information Security Fundamentals Security+ Guide to Network Security Fundamentals Second Edition.
Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.
Protecting Yourself from Fraud including Identity Theft Personal Finance.
Cyberlaw. “The moving finger writes; and, having writ Moves on: nor all thy piety nor wit Shall lure it back to cancel half a line. Nor all thy tears.
Chapter 4: Laws, Regulations, and Compliance
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Protecting Yourself from Fraud including Identity Theft Advanced Level.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Principles of Computer Security, Fourth Edition Copyright © 2016 by McGraw-Hill Education. All rights reserved. Legal Issues and Ethics Chapter 24.
MGMT 452 Corporate Social Responsibility
Chapter 10 Cyberlaw, Social Media, and Privacy
E-Commerce: Regulatory, Ethical, and Social Environments
Chapter 4 Law, Regulations, and Compliance
CompTIA Security+ Study Guide (SY0-401)
Essentials of the legal environment today, 5e
Chapter 1: Information Security Fundamentals
Presentation transcript:

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Legal Issues and Ethics Chapter 24

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionObjectives Explain the laws and rules concerning importing and exporting encryption software. Identify the laws that govern computer access and trespass. Identify the laws that govern encryption and digital rights management. Describe the laws that govern digital signatures Explore ethical issues associated with information security.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms Administrative law Click fraud Common law Computer Fraud and Abuse Act (CFAA) Computer trespass Digital Millennium Copyright Act (DMCA) Electronic Communications Privacy Act (ECPA) Gramm-Leach-Bliley Act (GLBA)

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms (continued) Payment Card Industry Data Security Standard (PCI DSS) Sarbanes-Oxley Act (SOX) Section 404 Statutory law Stored Communications Act (SCA) Wassenaar Arrangement

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionCybercrime Characteristics –Technology is constantly changing –Sophistication of computer crimes has increased –Generally focused on financial gain –Often run by organized crime –Low risk of being caught –Difficult to prosecute

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Types of Cybercrime Computer-involved crimes can be classified as –Computer-assisted –Computer-targeted –Computer-incidental

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Internet Crime Most computer crime revolves around money. Internet Crime Complaint Center (IC3): –FBI, NW3C, and BJA partnership –Produces common Internet crimes list and descriptions –Provides advice on how to prevent becoming a victim of Internet crime

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Common Internet Crime Schemes Auction fraud Counterfeit cashier’s check Credit card fraud Debt elimination Parcel courier scheme Lotteries Escrow services fraud Identity theft Business opportunities Internet extortion Investment fraud Employment opportunities Nigerian Letter or “419” Phishing/spoofing Ponzi/pyramid Reshipping Spam Third-party receiver of funds

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Sources of Laws Statutory law –Laws set by legislative bodies like Congress Administrative law –Power granted to government agencies through legislation Common law –Laws derived from previous events or precedence

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Computer Trespass Unauthorized access of a computer system –Independent of access method Considered a crime in many countries –May warrant significant punishment –Treaties between countries regulate ways to deal with the cyber offenders

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Convention on Cybercrime First international treaty on Internet crimes –EU, U.S., Canada, Japan, and others Created common policies to handle cybercrime Focused on: –Copyright infringement –Computer-related fraud –Child pornography –Violations of network security

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Significant U.S. Laws Electronic Communications Privacy Act Stored Communications Act Computer Fraud and Abuse Act Controlling the Assault of Non-Solicited Pornography and Marketing Act USA Patriot Act Gramm-Leach-Bliley Act Sarbanes-Oxley Act

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Electronics Communications Privacy Act (ECPA) Addresses legal privacy issues related to computer use and telecommunications Warning Banners are common practice in: –Establishing the level of expected privacy –Serving notice of intent to monitor –Obtaining user’s consent to monitoring –Providing consent to law enforcement search

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Computer Fraud and Abuse Act (1986) Foundation of U.S. law on unauthorized access Criminalizes activities such as: –Accessing government or interstate commerce systems –Using a computer in interstate crime –Trafficking in passwords or access information –Transmitting code, commands, or programs that result in damage

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) Established spam regulations Provided rules of compliance –Unsubscribe, content, and sending behavior Has had a poor track record of convictions

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition USA Patriot Act Response to the 9/11 terrorist attacks Altered U.S. laws on Internet wiretaps and tracing –Requires ISPs to facilitate Internet monitoring –Provides for federal law enforcement investigation and adjudication of computer intrusions Supported changes in other supporting computer misuse laws –ECPA and CFAA

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Gramm-Leach-Bliley Act (GLBA) Financial industry legislation to protect individual privacy. –Created an opt-out method providing individual control over the use of personal information –Enforced by state, federal and securities laws –Restricts information sharing with third-party firms

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Sarbanes-Oxley Act (SOX) Overhaul of financial accounting standards –Targeted standards of publicly traded firms Section 404 controls –Internal controls on financial reporting processes –Audits required on a regular basis

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Payment Card Industry Data Security Standard (PCI DSS) Contractual rules governing exchange of credit card data between banks and merchants –Voluntary standard Noncompliance may result in: –Higher transaction fees –Expensive fines –Inability to process credit cards

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Import/Export Encryption Restrictions Includes use to secure network communications U.S. export control laws –Administered by the Bureau of Industry and Security –Encryption rules found in Export Administration Regulations (EAR) –Controls include presale product reviews, post-export reporting, and export license reviews.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Non-U.S. Laws Wassenaar Arrangement –International agreement on export controls dealing with dual-use goods and technologies. –Removed key length restrictions on encryption products. Cryptographic use restrictions –Many countries tightly restrict the use and possession of cryptographic technology.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition U.S. Digital Signature Laws Means to show approval for electronic records –Cryptography provides integrity and non- repudiation. –Enables e-commerce transactions Examples: –Electronic Signatures in Global and National Commerce Act –Uniform Electronic Transactions Act

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Other Digital Signature Laws United Nations –UN Commission on International Trade Law Model Law on Electronic Commerce Canada –Uniform Electronic Commerce Act European Union –Electronic Commerce Directive

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Digital Millennium Copyright Act (DMCA) Protects rights of recording artists. Identifies how new computer technology relates to copyright laws. Also regulates software and hardware designed to circumvent copyright protection controls.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionEthics Globalization blurs ethical lines. –Social norms vary among diverse principalities. Challenge for today’s businesses: –Code of ethics must be established. –Employees need to understand what is expected. SANS published a set of IT ethical guidelines.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Chapter Summary Explain the laws and rules concerning importing and exporting encryption software. Identify the laws that govern computer access and trespass. Identify the laws that govern encryption and digital rights management. Describe the laws that govern digital signatures. Explore ethical issues associated with information security.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.