...Ethics in Information Security The Gramm-Leach-Bliley Act of 1999 (GLBA) The Gramm-Leach-Bliley Act requires financial institutions that offer consumers financial products or services like loans, financial or investment advice, or insurance to explain their information sharing practices to their customers and to safeguard sensitive data. Strengths: * Allow customers to know how confidential information will be treated. Instead of hoping a financial services company will treat their personal data as confidential, consumers will receive an explicit disclosure of how such information will be used by the firm. Weakness: * GLBA notices are confusing and limit the transparency of information practices. GLBA assumes a company will explain a complex set of legal definitions added to numerous exceptions to the law in a way that will allow for an informed choice and in transparent language. There are reservations about a company's desire to do this. Health Insurance Portability and Accountability Act (HIPAA) The Health Insurance Portability and Accountability Act of 1996 protect the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data exchange. Strengths: * Allows patients the legal right to see, copy, and correct their personal medical information. Also it enabled patients with pre-existing conditions to change jobs without worrying that their conditions would not be covered under a new...
Words: 629 - Pages: 3
...Principles of Information Security, Fourth Edition Chapter 3 Legal, Ethical, and Professional Issues in Information Security Learning Objectives • Upon completion of this material, you should be able to: – Describe the functions of and relationships among laws, regulations, and professional organizations in information security – Differentiate between laws and ethics – Identify major national laws that affect the practice of information security – Explain the role of culture as it applies to ethics in information security Principles of Information Security, 4th Edition 2 Introduction • You must understand scope of an organization’s legal and ethical responsibilities • To minimize liabilities/reduce risks, the information security practitioner must: – Understand current legal environment – Stay current with laws and regulations – Watch for new issues that emerge Principles of Information Security, 4th Edition 3 Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain societal behavior • Ethics: define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group; ethics based on these • Laws carry sanctions of a governing authority; ethics do not Principles of Information Security, 4th Edition 4 Organizational Liability and the Need for Counsel • Liability: legal obligation of an entity extending beyond criminal or contract law; includes legal obligation to make restitution...
Words: 2389 - Pages: 10
...Chapter 11 Law and Ethics Chapter Overview Chapter 11 covers the topics of law and ethics. In this chapter readers will learn to identify major national and international laws that relate to the practice of information security as well as come to understand the role of culture as it applies to ethics in information security. Chapter Objectives When you complete this chapter, you will be able to: Differentiate between law and ethics Identify major national and international laws that relate to the practice of information security Understand the role of culture as it applies to ethics in information security Access current information on laws, regulations, and relevant professional organizations Set-up Notes This chapter could be completed in a single class session, if there is sufficient time to cover the material. Unless the students have not had the opportunity to read the material in advance (in some settings, the textbooks are not made available until the first class meeting), it may be prudent to have a general discussion of the topic, with detailed lecture to follow at the next class meeting. The subject matter can be covered in 1.25 to 2.5 hours. Lecture Notes and Teaching Tips with Quick Quizzes Introduction As a future information security professional, it is vital that you understand the scope of an organization’s legal and ethical responsibilities. To minimize the organization’s liabilities the information security practitioner must understand...
Words: 4470 - Pages: 18
...Introduction As a future information security professional, it is vital that you understand the scope of an organization’s legal and ethical responsibilities. To minimize liabilities and reduce risks from electronic, physical threats and reduce the losses from legal action, the information security practitioner must understand the current legal environment, stay current as new laws and regulations emerge, and watch for issues that need attention. Law and Ethics in Information Security As individuals we elect to trade some aspects of personal freedom for social order. Laws are rules adopted for determining expected behavior in modern society and are drawn from ethics, which define socially acceptable behaviors. Ethics in turn are based on cultural mores: fixed moral attitudes or customs of a particular group. Some ethics are recognized as universal among cultures. Slides 9 Types of Law Civil law represents a wide variety of laws that are recorded in volumes of legal “code” available for review by the average citizen. Criminal law addresses violations harmful to society and is actively enforced through prosecution by the state. Tort law allows individuals to seek recourse against others in the event of personal, physical, or financial injury. Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law. Public law regulates the structure and administration of government agencies...
Words: 2358 - Pages: 10
...WebopediaURL:www.webopedia.com | AOL Search | EXCITE | SOSIG | The following reports are related to cyber ethics: Sudi, V. (2011, March 25). Safer internet: Cyber Ethics. Retrieved Nov 11, 2013, from http://cyberethics.info/cyethics1/ Marshall University. (2011, Feb 11). Information Security: Cyber Ethics. Retrieved from Nov 11, 2013, from http://www.marshall.edu/infosec/resources/cyber-security-tips-newsletter/cyber-ethics/ Marshall University. (2011, Feb 11). Information Security: Cyber Ethics. Retrieved from Nov 11, 2013, from http://www.marshall.edu/infosec/resources/cyber-security-tips-newsletter/cyber-ethics/ The Web page above displays information about what entails cyber ethics. The information relayed in the site is relevant to the reader in the sense that it cautions them to use the internet safely and responsibly while conducting themselves online. It intended to inform the general public or the internet users to learn the need of navigating safely on the internet. In the broader sense the user is being informed on the basics that they should be aware of in the event they access the internet. The reader is cautioned on the dangers that arise from the use of the internet and the limits to which they can go. The consequences that arise from the wrongful use of the internet are also highlighted. The information in the report is well cited. The information is well sourced from genuine sources and well cited. I used Bing with the query, “cyberethics.” Radnofsky...
Words: 803 - Pages: 4
...code-of-ethics: IT challenges Geraldetta Lovelace Northcentral University The development of a code-of-ethics: IT challenges The problem to be investigated is the development of a relevant and effective code of ethics to address the ethical use of and the ethical issues related to the use of Information Technology (IT). The use of IT, like every innovation that has the potential to change lives for good, also has the potential for harm, however IT “seems to create more ethical challenges than other kinds of technology” (Brooks, 2010, p. 2). To be proactive, ethical issues involving IT need to be addressed by educational programs as well as businesses and professional IT organizations. Discussed herein are ethical challenges presented by the four issues of concern identified by technology managers: security, privacy, intellectual property and electronic monitoring of employees (Brooks, 2010, pp. 1, 2). Security In this context, security refers to maintaining the integrity and confidentiality of data by putting protective measures in place to prevent destruction and/or unauthorized use. Security issues involve internal as well as external forces. Hacking is usually thought of as being an external force, but can be an internal force as well. Any act of accessing a computer system and/or information without the authority to do so is considered hacking. Whether the information attained is used for good or evil, is another issue and does not negate that the information was obtained...
Words: 1691 - Pages: 7
...Ethical Issues for IT and Information Security Professionals Sandra J. Crossin Information Security Management- MGMT 394 Embry Riddle Aeronautical University Abstract This paper summarizes and evaluates an article addressing the ethical issues involved with being information security personnel. It will attempt to show several areas where ethics can become an issue and stimulate questions regarding activities that are not illegal, but in most cases are not ethical either. The Information Security industry does not have a specific and regulate “code of ethics” to the extent which physicians, attorneys, accountants or other professionals who have access to personal information do. This paper will attempt to evaluate whether or not such a code and its ensuing regulations should be developed. Keyword: Information Security Personnel Professionals such as doctors, lawyers, accountants and so forth, have jobs which allows them to have access to other individual’s private information and whose duties can affect the lives of others. These professionals receive training and take courses that instruct them regarding the ethical issues involved in their respective professions. Most established professions have confronted their ethical issues, which have then been “codified” by law and are strictly monitored and regulated [ (Schinder, 2005) ]. In the IT industry, security personnel weld a certain amount of power due to the access they have to confidential...
Words: 581 - Pages: 3
...Introduction This manual sets forth the official compliance policies of Edward Jones. All individuals employed by or working at the firm are required to familiarize themselves with the content and review the manual at least annually. While the manual addresses policies of a compliance nature, individuals are expected to conform to the laws, rules and regulations of the industry and their particular jurisdiction regardless of whether they are covered in this manual. Standards of fairness and good business practice apply in all circumstances. Violations of laws, rules, regulations and firm policies can result in disciplinary or regulatory sanctions against an associate, as well as fines or responsibility for consequential losses resulting from the violation. References to "associate" or "associates" in this manual include general principals and financial advisors unless otherwise specified. Such references also include individuals working both in the home office and in a branch office. Please do not keep the printed manual as a reference as it will eventually be out-of-date. Commissions and Sales Background FINRA Rule 2121 requires prices and commissions charged to the client be fair and reasonable. Policy The firm and vendors with whom it has dealer agreements has either set commission amounts or a range of commissions that may be acceptably charged to a client. Individuals may not make any arrangements with clients outside the parameters set by the firm in its commission...
Words: 4057 - Pages: 17
...INDIVIDUAL ASSIGNMENT 1 By Suman Lectured by Prof. Siva ID No. 012014111647 Jeong Chun Phuoc BUSINESS LAW DLW 5013 A BUSINESS ETHICS CASE STUDY OF : FROM A CLIENT CONFIDENTIALITY PERSPECTIVE 1 BUSINESS LAW DLW 5013 Contents Executive Summary ................................................................................................................................ 3 Company Overview ............................................................................................................................ 3 Introduction ............................................................................................................................................. 4 Problem Statement in Censere ................................................................................................................ 5 Findings .................................................................................................................................................. 6 Data Storage .................................................................................................................................... 7 Level of Responsibility by Data User ............................................................................................. 7 Limitation........................................................................................................................................ 8 Recommendation .............................................................
Words: 5727 - Pages: 23
...Code of Ethics Teresa Sieck ETH/ 316 July 2, 2012 Ed McCullough Code of Ethics A code of ethics is a collection of principles practiced and followed by management of businesses and corporations around the world (Spiro, 2010). A businesses code of ethics works with a company’s mission statement and policies of conduct that gives employees, partners, venders, and outsiders an understanding of what the company stands for and believes in (Boylan, 2009). It should address the differences or variations in both company’s industry and its broader goals for social responsibility (How to create a company code of ethics, 2012). It should be strong enough to serve as a guide for employees with questions to resolve issues on their own if needed (Trevino & Nelson, 2007). Wal-Mart is one of the largest corporations in the United States. As one of the largest corporations the company has a social responsibility to their employees, customers, and the community. The code of ethics works with and around these principals. Wal-Mart has three basic principles, 1) respect for the individual, 2) service to the customer, and 3) striving for excellence (What is Wal-Mart’s Code of ethics, 2011). The following is an example of what a code of ethics could be and what values a business may have. Vision Statement: People are assets not possessions; employees, customers, and communities should be treated with fairness, respect, honesty and integrity. The corporation’s global vision is to...
Words: 1066 - Pages: 5
...1. What is the difference between law and ethics? In general, people elect to trade some aspects of personal freedom for social order. As Jean- Jacques Rousseau explains in The Social Contract, or Principles of Political Right, the rules the members of a society create to balance the individual rights to self-determination against the needs of the society as a whole are called laws. Laws are rules that mandate or prohibit certain behavior; they are drawn from ethics, which define socially acceptable behaviors. The key difference between laws and ethics is that laws carry the authority of a governing body, and ethics do not. Ethics in turn are based on cultural mores: the fixed moral attitudes or customs of a particular group. Some ethical standards are universal. For example, murder, theft, assault, and arson are actions that deviate from ethical and legal codes throughout the world. Whitman, Michael E., and Herbert J. Mattford. "The Need For Security." Principals Of Information Security, 4th Edition. CourseSmart/Cengage Learning, 2014. Web. 22 Mar. 2015. Chapter 3 Pages 90-91 2. What is civil law, and what does it accomplish? Civil: Governs nation or state; manages relationships/conflicts between organizational entities and people. Whitman, Michael E., and Herbert J. Mattford. "The Need For Security." Principals Of Information Security, 4th Edition. CourseSmart/Cengage Learning, 2014. Web. 22 Mar. 2015. Chapter 3 Pages 90-91 3. What are the primary examples of public...
Words: 2320 - Pages: 10
...The privacy of personal information related to the data stored on the computer systems is termed as Information privacy. The information privacy is related to the privacy of personal data that is collected by various organizations for personal use. The private information can be stored in medical records, political records, criminal records, financial data, data on website or any information related to the business which needs to be protected and kept secured. The type of information that can be found is usually social security number, date and place of birth, and the place of domicile just to name of few. The invention of technology has caused many to lose sight of the definition of privacy . The advancement of technology is causing an increase in vulnerabilities in information privacy which is the reason why most companies had to adapt a code of ethics to protect consumers, employees and the company itself. According to (Ashurst, 2011) “Sensitive data in the right hands is vital, in the wrong hands it can cause offence, destroy reputations and cost businesses”. Thus to protect the personal data, information privacy can be applied in various ways such as encrypting the data, data masking and authentication by which only the people who are legitimate users can have access to the data of the organization with authorized access. When it comes to information Privacy the focus cannot be kept strictly on businesses, another major key player is Social media. Merriam Webster defines...
Words: 864 - Pages: 4
...Principles of Information Security Chapter 3 Review In: Computers and Technology Principles of Information Security Chapter 3 Review Chapter 3 Review 1. What is the difference between law and ethics? The difference between law and ethics is that law is a set of rules and regulations that are universal and should be accepted and followed by society and organizations. Ethics on the other hand was derived from the latin word mores and Greek word Ethos means the beliefs and customs that help shape the character of individuals and how people interact with one another 2. What is civil law, and what does it accomplish? A wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organisational and entities and people. 3. What are the primary examples of public law? Criminal, administrative and constitutional law. 4. Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change? The National Information Infrastructure Protection of 1996 amended the Computer Fraud and Abuse Act of 1986. It modified several sections of the CFA Act, and increased the penalties for selected crime. 5. Which law was specifically created to deal with encryption policy in the United States? The Security and Freedom through Encryption Act of 1999. 6. What is privacy in an information security context? Privacy is not absolute freedom from observation, but rather it is a more precise “State of being free from...
Words: 550 - Pages: 3
...1. INTRODUCTION In the period of fast industrialization, the significance of ethics has been expanding quickly. The ethics are morals, qualities and standards utilized by a person to perform one’s own decisions. These qualities are considered by the people for their basic leadership. This paper represents the case study of Edward Snowden who is a defense contractor Booz Allen Hamilton, leaked very confidential information about the activities of USA’s National Security Agency (NSA). In June 2013, Snowden confessed to passing characterized records to columnists at The Guardian and The Washington Post—revealing the details of NSA observation programs that gather and perform information mining on a huge number of U.S. telephone calls and Internet...
Words: 1308 - Pages: 6
...paper details the importance of cyber security in the face of evolving cyber threats and the ever-increasing attacks on government and businesses alike. We live in a globally connected world and globally distributed cyber threats. Not restricted by geographical boundaries these threats target all technologies, service providers, and consumers. The threats are at an all-time high, in terms of sophistication and volume, and continue to trend upwards. WHAT IS CYBERSECURITY? Twenty years ago businesses did not think twice about cyber security. In a world of mainframes and dumb terminals with no connectivity to anything outside, viruses, malware, and hacking was unheard of, however, with the introduction of the Internet things have now changed. The term cyber security is getting more and more mixed usage lately, so much so that it is almost as ambiguous as the term "cloud". Cyber security, referred to as information technology security, is the focus on protecting computers, networks, programs, and data from unintended or unauthorized access, change, or destruction. Cyber security also encompasses ten different security domains. The following domains provide a foundation for security practices and principles: • Access Control - to maintain information confidentiality, integrity, and availability, it is important to control access to information. Access controls prevent unauthorized users from retrieving, using, or altering information. They are determined by an organization's...
Words: 1611 - Pages: 7