Legal, Ethical, and Professional Issues in Information Security

Author Topic: Legal, Ethical, and Professional Issues in Information Security  (Read 2386 times)

Offline Raisa

  • Hero Member
  • *****
  • Posts: 908
  • Sky is the limit
    • View Profile
Legal, Ethical, and Professional Issues in Information Security
« on: October 03, 2017, 04:12:21 PM »
You must understand scope of an organization’s legal and ethical responsibilities
To minimize liabilities/reduce risks, the information security practitioner must:

Understand current legal environment
Stay current with laws and regulations
Watch for new issues that emerge

Laws: rules that mandate or prohibit certain societal behavior
Ethics: define socially acceptable behavior
Cultural mores: fixed moral attitudes or customs of a particular group; ethics based on these
Laws carry sanctions of a governing authority; ethics do not
Ethical   
   1. pertaining to or dealing with morals or the principles of morality; pertaining to right and wrong in conduct.
   2. in accordance with the rules or standards for right conduct or practice, esp., the standards of a profession.

Examples:
Should companies collect and/or sell customer data?
Should IT specialists monitor and report employee computer use?
Ethical   
   1. pertaining to or dealing with morals or the principles of morality; pertaining to right and wrong in conduct.
   2. in accordance with the rules or standards for right conduct or practice, esp., the standards of a profession.

Examples:
Should companies collect and/or sell customer data?
Should IT specialists monitor and report employee computer use?
Ethical   
   1. pertaining to or dealing with morals or the principles of morality; pertaining to right and wrong in conduct.
   2. in accordance with the rules or standards for right conduct or practice, esp., the standards of a profession.

Examples:
Should companies collect and/or sell customer data?
Should IT specialists monitor and report employee computer use?
Civil law represents a wide variety of laws that are recorded in volumes of legal “code
Criminal law addresses violations harmful to society and is actively enforced through prosecution by the state.
Tort law allows individuals to seek recourse against others in the event of personal, physical, or financial injury.
Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law.
Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments, providing careful checks and balances.  Examples of public law include criminal, administrative, and constitutional law.
Types of law: civil, criminal, tort law, private, public
Relevant Nepalese Acts/Regulation/Policies:
Electronic Transaction Act 2063 B.S.
Telecommunication Act 2053 B.S.
National Broadcasting Act 2049 B.S.
Copyright Act 2059 B.S.
Patent Design and Trademark Act 2022 B.S.
IT Policy 2067
Date of Authentication and Publication: 22 Mansir 2063 ( December 8, 2006)
Consider as landmark law for the development of Nepalese IT sector.
Provision for any person to authenticate to any electronic record by his/her personal digital signature.
Provision of IT tribunal
consisting of one member each of law (Chairman), Information Technology and Commerce
To Pirate, Destroy or Alter computer source code
 Unauthorized Access in Computer Materials
Damage to any Computer and Information System
Publication of illegal materials in electronic form
Confidentiality to Divulge (disclose)
To commit computer fraud
Punishment in an offence committed outside Nepal
One of the hottest topics in information security
Is a “state of being free from unsanctioned intrusion”
Ability to aggregate data from multiple sources allows creation of information databases previously unheard of
:)