SlideShare uma empresa Scribd logo

Ethics in IT Security

Transferir como PPT, PDF
M
mtvvvv

Ethics in IT Security

Internet
1 de 31
ISE 542: IT Security Chapter – 10 Ethics in IT Security
Outline  Law and Ethics in Information Security  Codes of Ethics and Professional Organizations
Introduction  To minimize liabilities/reduce risks, the information security practitioner must:  Understand current legal environment  Stay current with laws and regulations  Watch for new issues that emerge
Law and Ethics in Information Security  Laws: rules that mandate or prohibit certain societal behavior  Ethics: define socially acceptable behavior  Laws carry sanctions of a governing authority; ethics do not
What is Computer Ethics? computer ethics is the analysis of the nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such technology It is a study, an analysis of the values of human actions influenced by computer technology.
Why study computer and information ethics  Apply ethical point of view to real-world computing context  Identify and solve ethical problems in specific fields of computing
Why study computer and information ethics doing so will make us behave like responsible professionals doing so will teach us how to avoid computer abuse and catastrophes the advance of computing technology will continue to create temporary policy vacuums the use of computing permanently transforms certain ethical issues to the degree that their alterations require independent study the use of computing technology creates, and will continue to create, novel ethical issues that require special study.
Anatomy of the Problem Recent terrorist attacks and the raise in cyber attacks have raised concern about the security of information, security of individuals, and a need to protect the nation’s cyber infrastructure US Patriot Act of 2001 defined critical infrastructure as those "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters."
What are the causes?  Revenge  Joke  The Hacker's Ethics • All information should be free  Terrorism  Political and Military Espionage  Business (Competition) Espionage  Hate (national origin, gender, and race)  Personal gain/Fame/Fun  Ignorance
Social and Ethical Consequences  Psychological effects – these include hate and joke especially on an individual.  may lead to individual reclusion,  increasing isolation  Moral decay – There is a moral imperative in all our actions. When human actions, whether bad or good, become so frequent, they create a level of familiarity that leads to acceptance as “normal”. This type of acceptance of actions formerly viewed as immoral and bad by society lead to moral decay.
Social and Ethical Consequences  Loss of privacy – After an attack, there is usually an over reaction and a resurgence in the need for quick solutions to the problem that seems to have hit home. Many businesses are responding with patches, filters, ID tools, and a whole list of “solutions”.  Trust – Along with privacy lost, is trust lost. Individuals once attacked, lose trust in a person, group, company or anything else believed to be the source of the attack or believed to be unable to stop the attack.
Relevant U.S. Laws (General)  Computer Fraud and Abuse Act of 1986 (CFA Act)  National Information Infrastructure Protection Act of 1996  USA Patriot Act of 2001  Telecommunications Deregulation and Competition Act of 1996  Computer Security Act of 1987
Privacy  One of the hottest topics in information security  Privacy of Customer Information Section of common carrier regulation  Federal Privacy Act of 1974  Electronic Communications Privacy Act of 1986  Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act  Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999
Export and Espionage Laws  Economic Espionage Act of 1996 (EEA)  attempts to prevent trade secrets from being illegally shared.  Security And Freedom Through Encryption Act of 1999 (SAFE)  to provide guidance on the use of encryption, and provided measures of public protection from government intervention.
U.S. Copyright Law  Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats  With proper acknowledgement, permissible to include portions of others’ work as reference  U.S. Copyright Office Web site: www.copyright.gov
International Laws and Legal Bodies  European Council Cyber-Crime Convention:  Establishes international task force overseeing Internet security functions for standardized international technology laws  Attempts to improve effectiveness of international investigations into breaches of technology law  Well received by intellectual property rights advocates due to emphasis on copyright infringement prosecution  Lacks realistic provisions for enforcement
Digital Millennium Copyright Act (DMCA)  U.S. contribution to international effort to reduce impact of copyright, trademark, and privacy infringement  A response to European Union Directive 95/46/EC, which adds protection to individuals with regard to processing and free movement of personal data
United Nations Charter  Makes provisions, to a degree, for information security during information warfare (IW)  IW involves use of information technology to conduct organized and lawful military operations  IW is relatively new type of warfare, although military has been conducting electronic warfare operations for decades
Ethics and Information Security
Ethics and Education  Overriding factor in leveling ethical perceptions within a small population is education  Employees must be trained in expected behaviors of an ethical employee, especially in areas of information security  Proper ethical training vital to creating informed, well prepared, and low-risk system user
Codes of Ethics and Professional Organizations  Several professional organizations have established codes of conduct/ethics  Codes of ethics can have positive effect; unfortunately, many employers do not encourage joining of these professional organizations  Responsibility of security professionals to act ethically and according to policies of employer, professional organization, and laws of society
Association of Computing Machinery (ACM)  ACM established in 1947 as “the world's first educational and scientific computing society”  Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property
International Information Systems Security Certification Consortium, Inc. (ISC)2  Non-profit organization focusing on development and implementation of information security certifications and credentials  Code primarily designed for information security professionals who have certification from (ISC)2
System Administration, Networking, and Security Institute (SANS)  Professional organization with a large membership dedicated to protection of information and systems  SANS offers set of certifications called Global Information Assurance Certification (GIAC)
Information Systems Audit and Control Association (ISACA)  Professional association with focus on auditing, control, and security  Concentrates on providing IT control practices and standards  ISACA has code of ethics for its professionals
Computer Security Institute (CSI)  Provides information and training to support computer, networking, and information security professionals  Though without a code of ethics, has argued for adoption of ethical behavior among information security professionals
Information Systems Security Association (ISSA)  Nonprofit society of information security (IS) professionals  Primary mission to bring together qualified IS practitioners for information exchange and educational development  Promotes code of ethics similar to (ISC)2 , ISACA and ACM
Other Security Organizations  Internet Society (ISOC): promotes development and implementation of education, standards, policy and education to promote the Internet  Computer Security Division (CSD): division of National Institute for Standards and Technology (NIST); promotes industry best practices and is important reference for information security professionals
Other Security Organizations (continued)  CERT (Computer Emergency Response Team) Coordination Center (CERT/CC): center of Internet security expertise operated by Carnegie Mellon University
Key U.S. Federal Agencies  Department of Homeland Security (DHS)  Federal Bureau of Investigation’s National Infrastructure Protection Center (NIPC)  National Security Agency (NSA)  U.S. Secret Service

Recomendados

Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-security
Milinda Wickramasinghe
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Computer security privacy and ethics
Computer security privacy and ethicsComputer security privacy and ethics
Computer security privacy and ethics
geneveve_
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
Carl Ceder
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 

Recomendados

Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-security
Milinda Wickramasinghe
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 
Information security
Information securityInformation security
Information security
avinashbalakrishnan2
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
Computer security privacy and ethics
Computer security privacy and ethicsComputer security privacy and ethics
Computer security privacy and ethics
geneveve_
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
Carl Ceder
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Information security management
Information security managementInformation security management
Information security management
UMaine
 
Information security
Information securityInformation security
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
vishnukp34
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
Mostafa Elgamala
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
gangadhar9989166446
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
Syaiful Ahdan
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
priya_trehan
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
idingolay
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Dheeraj Kataria
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
Faheem Ul Hasan
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
Shauna_Cox
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
jayashri kolekar
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
Amos Oyoo
 
Information ethics
Information ethicsInformation ethics
Information ethics
STCC Library
 
Digital Law Powerpoint
Digital Law PowerpointDigital Law Powerpoint
Digital Law Powerpoint
lydneat
 

Mais conteúdo relacionado

Mais procurados

Information security management
Information security managementInformation security management
Information security management
UMaine
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
priya_trehan
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
idingolay
 
Information security threats
Information security threatsInformation security threats
Information security threats
complianceonline123
 

Mais procurados (20)

Cia security model
Cia security modelCia security model
Cia security model
 
Information security management
Information security managementInformation security management
Information security management
 
Information security
Information securityInformation security
Information security
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
Information Security Principles - Access Control
Information Security Principles - Access ControlInformation Security Principles - Access Control
Information Security Principles - Access Control
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Information security threats
Information security threatsInformation security threats
Information security threats
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 

Destaque

Information ethics
Information ethicsInformation ethics
Information ethics
STCC Library
 
Unauthorized access and use
Unauthorized access and useUnauthorized access and use
Unauthorized access and use
chrispaul8676
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
Lipsita Behera
 

Destaque (14)

Information ethics
Information ethicsInformation ethics
Information ethics
 
Digital Law Powerpoint
Digital Law PowerpointDigital Law Powerpoint
Digital Law Powerpoint
 
Digital law powerpoint
Digital law powerpointDigital law powerpoint
Digital law powerpoint
 
Unauthorized access and use
Unauthorized access and useUnauthorized access and use
Unauthorized access and use
 
Illegal downloading
Illegal downloadingIllegal downloading
Illegal downloading
 
Ethics for IT Professionals
Ethics for IT ProfessionalsEthics for IT Professionals
Ethics for IT Professionals
 
Chapter 4 Computer Science :: Computer Ethics and Security
Chapter 4 Computer Science :: Computer Ethics and SecurityChapter 4 Computer Science :: Computer Ethics and Security
Chapter 4 Computer Science :: Computer Ethics and Security
 
Chapter 4 Computer Ethics and Security
Chapter 4 Computer Ethics and Security Chapter 4 Computer Ethics and Security
Chapter 4 Computer Ethics and Security
 
3.2.1 The Internet
3.2.1 The Internet3.2.1 The Internet
3.2.1 The Internet
 
Ethics in Information Technology
Ethics in Information TechnologyEthics in Information Technology
Ethics in Information Technology
 
The 10 Commandments of Computer Ethics
The 10 Commandments of Computer EthicsThe 10 Commandments of Computer Ethics
The 10 Commandments of Computer Ethics
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Semelhante a Ethics in IT Security

ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ssuserceaa40
 
Stallings ch18 privacy
Stallings ch18 privacyStallings ch18 privacy
Stallings ch18 privacy
salehnia
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
padler01
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and Challenges
Tam Nguyen
 
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docxBCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
JASS44
 
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
PECB
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
soulscout02
 

Semelhante a Ethics in IT Security (20)

Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
 
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdfch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
 
Lecture 8.pdf
Lecture 8.pdfLecture 8.pdf
Lecture 8.pdf
 
3999779.ppt
3999779.ppt3999779.ppt
3999779.ppt
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf
 
Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8Cisco cybersecurity essentials chapter 8
Cisco cybersecurity essentials chapter 8
 
lesson333.ppt
lesson333.pptlesson333.ppt
lesson333.ppt
 
Ethics in Cyber Crime_will be helpful for ethics presentation.pptx
Ethics in Cyber Crime_will be helpful for ethics presentation.pptxEthics in Cyber Crime_will be helpful for ethics presentation.pptx
Ethics in Cyber Crime_will be helpful for ethics presentation.pptx
 
Chapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdfChapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdf
 
Review questions
Review questionsReview questions
Review questions
 
Stallings ch18 privacy
Stallings ch18 privacyStallings ch18 privacy
Stallings ch18 privacy
 
Introduction to Hacking (101) Fundamentals
Introduction to Hacking (101) FundamentalsIntroduction to Hacking (101) Fundamentals
Introduction to Hacking (101) Fundamentals
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and Challenges
 
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docxBCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
ISO/IEC 27001, ISO/IEC 27701, and Data Privacy Laws: Key threats in 2022
 
SHAILENDRA.ppt
SHAILENDRA.pptSHAILENDRA.ppt
SHAILENDRA.ppt
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
 

Último

Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
SUHANI PANDEY
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
SUHANI PANDEY
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
SUHANI PANDEY
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
soniya singh
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
SUHANI PANDEY
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Escorts Call Girls
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
nilamkumrai
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
tanu pandey
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 

Último (20)

"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 

Ethics in IT Security

  • 1. ISE 542: IT Security Chapter – 10 Ethics in IT Security
  • 2. Outline  Law and Ethics in Information Security  Codes of Ethics and Professional Organizations
  • 3. Introduction  To minimize liabilities/reduce risks, the information security practitioner must:  Understand current legal environment  Stay current with laws and regulations  Watch for new issues that emerge
  • 4. Law and Ethics in Information Security  Laws: rules that mandate or prohibit certain societal behavior  Ethics: define socially acceptable behavior  Laws carry sanctions of a governing authority; ethics do not
  • 5. What is Computer Ethics? computer ethics is the analysis of the nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such technology It is a study, an analysis of the values of human actions influenced by computer technology.
  • 6. Why study computer and information ethics  Apply ethical point of view to real-world computing context  Identify and solve ethical problems in specific fields of computing
  • 7. Why study computer and information ethics doing so will make us behave like responsible professionals doing so will teach us how to avoid computer abuse and catastrophes the advance of computing technology will continue to create temporary policy vacuums the use of computing permanently transforms certain ethical issues to the degree that their alterations require independent study the use of computing technology creates, and will continue to create, novel ethical issues that require special study.
  • 8. Anatomy of the Problem Recent terrorist attacks and the raise in cyber attacks have raised concern about the security of information, security of individuals, and a need to protect the nation’s cyber infrastructure US Patriot Act of 2001 defined critical infrastructure as those "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters."
  • 9.
  • 10. What are the causes?  Revenge  Joke  The Hacker's Ethics • All information should be free  Terrorism  Political and Military Espionage  Business (Competition) Espionage  Hate (national origin, gender, and race)  Personal gain/Fame/Fun  Ignorance
  • 11. Social and Ethical Consequences  Psychological effects – these include hate and joke especially on an individual.  may lead to individual reclusion,  increasing isolation  Moral decay – There is a moral imperative in all our actions. When human actions, whether bad or good, become so frequent, they create a level of familiarity that leads to acceptance as “normal”. This type of acceptance of actions formerly viewed as immoral and bad by society lead to moral decay.
  • 12. Social and Ethical Consequences  Loss of privacy – After an attack, there is usually an over reaction and a resurgence in the need for quick solutions to the problem that seems to have hit home. Many businesses are responding with patches, filters, ID tools, and a whole list of “solutions”.  Trust – Along with privacy lost, is trust lost. Individuals once attacked, lose trust in a person, group, company or anything else believed to be the source of the attack or believed to be unable to stop the attack.
  • 13. Relevant U.S. Laws (General)  Computer Fraud and Abuse Act of 1986 (CFA Act)  National Information Infrastructure Protection Act of 1996  USA Patriot Act of 2001  Telecommunications Deregulation and Competition Act of 1996  Computer Security Act of 1987
  • 14. Privacy  One of the hottest topics in information security  Privacy of Customer Information Section of common carrier regulation  Federal Privacy Act of 1974  Electronic Communications Privacy Act of 1986  Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act  Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999
  • 15. Export and Espionage Laws  Economic Espionage Act of 1996 (EEA)  attempts to prevent trade secrets from being illegally shared.  Security And Freedom Through Encryption Act of 1999 (SAFE)  to provide guidance on the use of encryption, and provided measures of public protection from government intervention.
  • 16. U.S. Copyright Law  Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats  With proper acknowledgement, permissible to include portions of others’ work as reference  U.S. Copyright Office Web site: www.copyright.gov
  • 17. International Laws and Legal Bodies  European Council Cyber-Crime Convention:  Establishes international task force overseeing Internet security functions for standardized international technology laws  Attempts to improve effectiveness of international investigations into breaches of technology law  Well received by intellectual property rights advocates due to emphasis on copyright infringement prosecution  Lacks realistic provisions for enforcement
  • 18. Digital Millennium Copyright Act (DMCA)  U.S. contribution to international effort to reduce impact of copyright, trademark, and privacy infringement  A response to European Union Directive 95/46/EC, which adds protection to individuals with regard to processing and free movement of personal data
  • 19. United Nations Charter  Makes provisions, to a degree, for information security during information warfare (IW)  IW involves use of information technology to conduct organized and lawful military operations  IW is relatively new type of warfare, although military has been conducting electronic warfare operations for decades
  • 21. Ethics and Education  Overriding factor in leveling ethical perceptions within a small population is education  Employees must be trained in expected behaviors of an ethical employee, especially in areas of information security  Proper ethical training vital to creating informed, well prepared, and low-risk system user
  • 22. Codes of Ethics and Professional Organizations  Several professional organizations have established codes of conduct/ethics  Codes of ethics can have positive effect; unfortunately, many employers do not encourage joining of these professional organizations  Responsibility of security professionals to act ethically and according to policies of employer, professional organization, and laws of society
  • 23. Association of Computing Machinery (ACM)  ACM established in 1947 as “the world's first educational and scientific computing society”  Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property
  • 24. International Information Systems Security Certification Consortium, Inc. (ISC)2  Non-profit organization focusing on development and implementation of information security certifications and credentials  Code primarily designed for information security professionals who have certification from (ISC)2
  • 25. System Administration, Networking, and Security Institute (SANS)  Professional organization with a large membership dedicated to protection of information and systems  SANS offers set of certifications called Global Information Assurance Certification (GIAC)
  • 26. Information Systems Audit and Control Association (ISACA)  Professional association with focus on auditing, control, and security  Concentrates on providing IT control practices and standards  ISACA has code of ethics for its professionals
  • 27. Computer Security Institute (CSI)  Provides information and training to support computer, networking, and information security professionals  Though without a code of ethics, has argued for adoption of ethical behavior among information security professionals
  • 28. Information Systems Security Association (ISSA)  Nonprofit society of information security (IS) professionals  Primary mission to bring together qualified IS practitioners for information exchange and educational development  Promotes code of ethics similar to (ISC)2 , ISACA and ACM
  • 29. Other Security Organizations  Internet Society (ISOC): promotes development and implementation of education, standards, policy and education to promote the Internet  Computer Security Division (CSD): division of National Institute for Standards and Technology (NIST); promotes industry best practices and is important reference for information security professionals
  • 30. Other Security Organizations (continued)  CERT (Computer Emergency Response Team) Coordination Center (CERT/CC): center of Internet security expertise operated by Carnegie Mellon University
  • 31. Key U.S. Federal Agencies  Department of Homeland Security (DHS)  Federal Bureau of Investigation’s National Infrastructure Protection Center (NIPC)  National Security Agency (NSA)  U.S. Secret Service