Skip to content

Week 5 - Legal ethical and professional issues


  1. Laws, ethics and policy

    1. Laws/ethics: laws are mandate or prohibit, carry the governing authority, ethics are now
    2. Laws/policy: laws are enforceable, ignoring unacceptable, policies need to meet certain conditions, ignoring acceptable.
    3. Type of law
      • Civil law: governed a state and by the nation, deal with the relationships/conflicts between organizations/people.
      • Criminal law
      • Private law
      • Public law: Criminal, administrative, and constitutional law.
    4. Ethics: no governing authority
    5. Policies: organizational laws, organizational behavior directions, ignorance is acceptable.
  2. Computer crime law

    • CFAA: Computer Fraud and Abuse Act, 1986 → Cornerstone
      • First case: Morris worm, 1988.
    • Patriot Act, 911
      • Provides law enforcement agencies with broader latitude to combat terrorism. <!-- - Movie: WarGames
    • CCCA: Comprehensive Crime Control Act, 1984 →

    • Privacy

      • HIPAA: health insurance portability and accountability Act, 1996
    • Identity theft: unauthorized

      - PII: personally identifiable information, name add, ssn, etc

    • Copyright:

    • Financial:

      • SOX: Sarbanes-Oxley Act, 2002, reliability and accuracy
      • Freedom of Information Act, 1966, federal
      • CA consumer privacy act
  3. Ethical differences <!-- 1. Deterring:

    • Causes: ignorance, accident, intent
    • Deter: Penalty, apprehension, application →
  4. Agency

    1. NSA: national security agency
      • leader in cryptology, discover and protect
      • balance of information privacy and national security
    2. DHS: department of Homeland Security
      • protect citizens
      • US-CERT: report phishing malware
    3. U.S. Secret Service
      • safeguard nation's financial infrastructure and payments system, preserve the integrity of the economy
    4. FBI
      • traditional/cyber crimes: intrusion, id theft, fraud


Quiz 1

What is the difference between law and ethics?

Laws carry the authority of a governing body and ethics do not. Ethics, are based on cultural mores.

Quiz 2

What is civil law, and what does it accomplish?

  1. Civil law is governed by the state and by the nation.
  2. It deal with the relationships/conflicts between organizations/people.

Quiz 3

What are the primary examples of public law?

Criminal, administrative, and constitutional law.

Quiz 4

Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change?

  1. The National Information Infrastructure Protection Act of 1996.
  2. It modified several sections of the CFAA and increased the penalties for selected crimes.

Quiz 5

Which law was created specifically to deal with encryption policy in the United States?

Security and Freedom through Encryption Act of 1999

Quiz 6

What is privacy in an information security context?

Privacy is not absolute freedom from observation, but rather it is a more precise "state of being free from unsanctioned intrusion."

Quiz 7

What is another name for the Kennedy-Kassebaum Act (1996), and why is it important to organizations that are not in the healthcare industry?

  1. The Health Insurance Portability and Accountability Act of 1996 (HIPPA).
  2. If a company has healthcare data and doesn't comply with the laws, could be fined or get jail time

Quiz 8

If you work for a financial services organization such as a bank or credit union, which 1999 law affects your use of customer data? What other effects does it have?

  1. the Financial Services Modernization Act or Gramm-Leach-Bliley Act of 1999.

Quiz 9

What is the primary purpose of the USA PATRIOT Act and how has it been revised since its original passage?

  1. Combat terrorism-related activities.

Quiz 10

What is PCI DSS and why is it important for information security?

Quiz 11

What is intellectual property (IP)? Is it afforded the same protection in every country of the world? What laws currently protect IP in the United States and Europe?

Quiz 12

How does the Sarbanes-Oxley Act of 2002 affect information security managers?

Quiz 13

What is due care? Why should an organization make sure to exercise due care in its usual course of operations?

Quiz 14

How is due diligence different from due care? Why are both important?

Quiz 15

What is a policy? How is it different from a law?

Quiz 16

What are the three general categories of unethical and illegal behavior?

Ignorance, accident, intent

Quiz 17

What is the best method for preventing an illegal or unethical activity?

  1. Education for ignorance
  2. Careful planning for accident
  3. Policies and laws for intent
    • Fear of Penalty
    • Fear of being apprehended
    • Fear of penalty being applied

Quiz 18

Of the information security organizations listed in this chapter that have codes of ethics, which has been established for the longest time? When was it founded?

Quiz 19

Of the organizations listed in this chapter that have codes of ethics, which is focused on auditing and control?

Quiz 20

How do people from varying ethnic backgrounds differ in their views of computer ethics?