Professional Issues in
Principles of Information
Security
Information
Security
Chapter 3
Chapter Objectives
Upon
Jean-Jacques Rousseau
The Social Contract or Principles of Political
Right (1762)
"The rules the members of a society create to balance
the right of the individual to self-determination with
the needs of the society as a whole are called laws."
Laws**
Rules that mandate or prohibit certain behavior in
society.
Carry the sanctions of governing authority.
Ethics**
Define socially acceptable behaviors.
Universally recognized examples include murder, theft,
assault, and arson.
Cultural Mores
The fixed moral attitudes or customs of a particular
group.
3
Organizational Liability
Liability**
Legal obligation of an entity that extends
beyond criminal or contract law.
Includes obligation to make restitution, or
compensate for, wrongs committed by an
organization or its employees.
Organization can be held financially liable
(responsible) for actions of employees.
Obligation increases if organization fails to take
due care.
Organizational Responsibilities
for
Due
Care and Due Diligence
Due care**
Must ensure that every employee knows
what is acceptable or unacceptable behavior
consequences of illegal or unethical actions.
Due diligence**
Requires organization to
make a valid effort to protect others
continually maintain this level of effort
Jurisdiction**
A court's right to hear a case if a wrong was committed in its
territory, or involves its citizenry --- long arm jurisdiction.
In U.S., any court can impose its authority over individuals
or organizations, if it can establish jurisdiction
5
Policy vs Law
Laws
External legal requirements
Types of Law
Civil law**
Laws that govern a nation or state.
Criminal law**
Violations harmful to society
Actively enforced by prosecution by the state.
Private law**
regulates relationship between individual and organization.
encompasses family law, commercial law, labor law.
Public law**
regulates structure and administration of government agencies and their
relationships with citizens, employees, and other governments, providing
careful checks and balances.
Includes criminal, administrative and constitutional law.
Privacy Issues
Collection of personal information
Clipper chip - never implemented
10
Financial Reporting
Sarbanes-Oxley
Act of 2002**
Affects
publicly traded corporations
public accounting firms
11
12
security.
13
Security Breaches
Punishment
If not caught: illegal to demand a payment in order to
AOL employees
http://www.connectedhomemag.com/HomeOffice/Articles/Index.cfm?ArticleID=43090
http://www.aolsucks.org/ccaol2.htm
http://www.cybercrime.gov/cases.htm
15
16
computer ethics
Asian tradition - collective ownership
Western tradition - intellectual property rights
Study of computer use ethics among students in 9 nations
Singapore, Hong Kong, U.S., England, Australia, Sweden,
Wales, Netherlands
Studied 3 categories of use
software license infringement
illicit use
misuse of corporate resources
17
Cultural Differences:
Software License Infringement
Most
Netherlands
most permissive
least likely to honor copyrights of content creators
lower piracy rate than Singapore/Hong Kong
18
Cultural Differences:
Illicit Use of Software
Singapore/Hong Kong
most tolerant
Sweden/Netherlands
in-between
19
Cultural Differences:
Misuse of Corporate Resources
Generally
Kong
countries
most lenient
20
Education
overriding factor in leveling the ethical perceptions
within a small population
Employees must be trained and kept aware of
topics related to information security, including
expected ethical behaviors..
Many employees may not have formal technical
training to understand that their behavior is
unethical or illegal.
21
Deterrence
Codes of Ethics
24
Major IT Professional
Organizations and Ethics
Other Security
Organizations
26
Secret Service