Topics: Security, Information security, Computer security Pages: 14 (4498 words) Published: January 30, 2013
Chapter Three
Laws- are rules that mandate or prohibit certain behavior they are drawn from ethics.
The key differences between laws and ethics are that laws carry the authority of a governing body, and ethics do not. Ethics – define socially acceptable behaviors.
Liability- is the legal obligation of an entity that extends beyond criminal or contract law; it includes the legal obligation to make restitution. Restitution- to compensate for wrongs committed.

Due care – standards that are met when an organization male sure that every employee knows what is acceptable or unacceptable behavior, and know the consequences of illegal or unethical actions. Due diligence – requires that an organization make a valid effort to protect others and continually maintain this level of effort. Jurisdiction – that is, the court rights to hear a case if a wrong is committed in its territory or involves its citizenry. Long arm jurisdiction- the long arm of the law extending across the country or around the world to draw an accused individual into its court system. Policy versus Law

Policies-guidelines that describe acceptable and unacceptable employee behaviors in the workplace function as organizational laws complete with penalties, judicial practices, and sanctions to require compliance. Criteria a policy must meet before it can become enforceable Dissemination (distribution) – the organization must be able to demonstrate that the relevant policy has been made readily available for review by the employee. Common techniques: Hard copy and electronic distribution Review (reading) – The organization must be able to demonstrate that it disseminated the document in an intelligible form, including versions for illiterate, non-English reading, and reading-impaired employees. Techniques include : recordings of the policy in English and alternative languages. Comprehension (understanding) – The organization must be able to demonstrate that the employees understood the requirements and content of the policy. Common techniques: quizzes and assessments. Compliance (agreement) – the organization must be able to demonstrate that the employees agreed to the comply with the policy through act of affirmation. Common techniques include logon banners which require a specific action ( mouse click or keystroke) to acknowledge agreement, or a signed document. Uniform enforcement – The organization must be able to demonstrate that policy has been uniformly enforced, regardless of employee status or assignment. Types of Laws

Civil Laws – comprise a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizational entities and people. Criminal law – addresses activities and conduct harmful to society, and is actively enforced by the state Private laws- encompasses family law, commercial law, and labor law, and regulates the relationships between individuals and organizations. Public Laws – regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. Public Law Includes criminal, administrative, and constitutional law. Relevant U.S. Laws

The Computer Fraud and Abuse Act of 1986 (CFA ACT)- is the cornerstone of many computer related federal laws and enforcement efforts. It was amended in October 1996 by the National Information Infrastructure Protection Act of 1996, which modified several sections of the pervious act and increased the penalties for selected crimes. The punishment for offenses prosecuted under this statute varies from fines to imprisonment up to 20 years or both. The severity of the penalty depends on the value of the information obtained and whether the offense is judged to have been committed: 1. For the purpose of commercial advantage

2. For private financial gain
3. In furtherance of a criminal act

USA PATRIOT act of 2001 – provides law enforcement agencies with broader latitude in order to combat...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Privacy Laws And Security Measures Essay
  • National Security vs Individaul Privacy Research Paper
  • Essay about System Security
  • Cmgt 400 Week 2 Common Information Security Threats Essay
  • Security Program Essay
  • Essay about Data Security in Healthcare
  • Cyber Security and Privacy Techniques. Essay
  • Internal & External Security Paper for the Hospitality

Become a StudyMode Member

Sign Up - It's Free