Deck 3: Legal, Ethical, and Professional Issues in Information Security

The difference between a policy and a law is that ignorance of a law is an acceptable defense.

Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality's ethical behavior violates the ethics of another national group.

Since it was established in January 2001, every FBI field office has started an InfraGard program to collaborate with public and private organizations and the academic community.

In the context of information security, confidentiality is the right of individuals or groups to protect themselves and their information from unauthorized access.

The key difference between laws and ethics is that ethics carry the authority of a governing body and laws do not.

Due care and due diligence require that an organization make a valid effort to protect others and continually maintain this level of effort, ensuring these actions are effective.

The Computer Security Act of 1987 is the cornerstone of many computer-related federal laws and enforcement efforts; it was originally written as an extension and clarification of the Comprehensive Crime Control Act of 1984.

The United States has implemented a version of the DMCA law called the Database Right, in order to comply with Directive 95/46/EC.

The Council of Europe Convention on Cybercrime has not been well received by advocates of intellectual property rights because it de-emphasizes prosecution for copyright infringement, but it has been well received by supporters of individual rights in the United States.

Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident.

Laws, policies, and their associated penalties only provide deterrence if offenders fear the penalty, expect to be caught, and expect the penalty to be applied if they are caught.

The Department of Homeland Security is the only U.S. federal agency charged with the protection of American information resources and the investigation of threats to, or attacks on, those resources.

Cultural differences can make it difficult to determine what is ethical and not ethical between cultures, except when it comes to the use of computers, where ethics are considered universal.

The Secret Service is charged with safeguarding the nation's financial infrastructure and payments systems to preserve the integrity of the economy.

Criminal laws address activities and conduct harmful to society and is categorized as private or public.

Employees are not deterred by the potential loss of certification or professional accreditation resulting from a breach of a code of conduct, because this loss has no effect on employees' marketability and earning power.

For policy to become enforceable, it only needs to be distributed, read, understood, and agreed to.

The NSA is responsible for signal intelligence, information assurance products and services, and enabling computer network operations to gain a decision advantage for the United States and its allies under all circumstances.

Unethical and illegal behavior is generally caused by ignorance (of policy and/or the law), by accident, and by inadequate protection mechanisms.

In a study on software license infringement, licenses from the United States were significantly more permissive than those from the Netherlands and other countries. _________________________

The communications networks of the United States carry(ies) more funds than all of the armored cars in the world combined. _________________________

The Digital Millennium Copyright Act is the American law created in response to Directive 95/46/EC, adopted in 1995 by the European Union. _________________________

Privacy is the right of individuals or groups to protect themselves and their information from unauthorized access, providing confidentiality._________________________

The U.S. Secret Service is currently within the Department of the Treasury. _________________________

The Federal Privacy Act of 1974 regulates government agencies and holds them accountable if they release information about national security without permission. _________________________

Civil law addresses activities and conduct harmful to society and is actively enforced by the state. _________________________

Intellectual privacy is recognized as a protected asset in the United States. _________________________

Laws, policies, and their associated penalties only provide deterrence if, among other things, potential offenders fear the probability of a penalty being applied. _________________________

The Graham-Leach-Bliley Act is a critical piece of legislation that affects the executive management of publicly traded corporations and public accounting firms. _________________________

​The FTC recommends that people place an initial fraud alert (among other things) when they suspect they are victims of identity theft.

The code of ethics put forth by (ISC)2 focuses on four mandatory canons: "Protect society, the commonwealth, and the infrastructure; act honorably, honestly, justly, responsibly, and legally; provide diligent and competent service to principals; and advance and protect the profession." _________________________

The Economic Espionage Act of 1996 protects American ingenuity, intellectual property, and competitive advantage. _________________________

Ethics are the moral attitudes or customs of a particular group. _________________________

The Federal Bureau of Investigation's National InfraGard Program serves its members in four basic ways: Maintains an intrusion alert network using encrypted e-mail; maintains a secure Web site for communication about suspicious activity or intrusions; sponsors local chapter activities; and operates a help desk for questions. _________________________

The Department of Homeland Security was created in 2003 by the 9/11 Memorial Act of 2002. _________________________

__________ are rules that mandate or prohibit certain behavior and are enforced by the government.

__________ is the legal obligation of an entity that extends beyond criminal or contract law.

__________ are the fixed moral attitudes or customs of a particular group.

"Long arm __________" refers to the long arm of the law reaching across the country or around the world to draw an accused individual into its court systems whenever it can establish jurisdiction.

The __________ is a respected professional society that was established in 1947 as "the world's first educational and scientific computing society."

Guidelines that dictate certain behavior within an organization are known as __________.

The __________ is the American contribution to an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures.

List the five fundamental principles of HIPAA.

__________ information is a form of collective data that relates to a group or category of people and thathas been altered to remove characteristics or components that make it possible to identify individuals within the group.

__________ is the unauthorized taking of personally identifiable information with the intent of committing fraud or another illegal or unethical purpose.

Family law, commercial law, and labor law are all encompassed by __________ law.

Key studies reveal that the overriding factor in leveling the ethical perceptions within a small population is __________.

Software license infringement is also often called software __________.

The __________ Act seeks to improve the reliability and accuracy of financial reporting, as well as increase the accountability of corporate governance, in publicly traded companies.

The __________ Act of 1986 is a collection of statutes that regulates the interception of wire, electronic, and oral communications.

The __________ Act of 1996 attempts to prevent trade secrets from being illegally shared.

The __________ Act of 1999 contains a number of provisions focusing on facilitating affiliation among banks, securities firms, and insurance companies.

The __________ Act of 2001 provides law enforcement agencies with broader latitude in order to combat terrorism-related activities.

The Payment Card Industry Data Security Standards (PCI DSS) are designed to enhance the __________ of customers' account data.

The __________ Act of 1966 allows any person to request access to federal agency records or information not determined to be a matter of national security.

The __________ is a nonprofit organization that focuses on the development and implementation of information security certifications and credentials.

The low overall degree of tolerance for __________ system use may be a function of the easy association between the common crimes of breaking and entering, trespassing, theft, and destruction of property to their computer-related counterparts.

The _________ is a professional association that focuses on auditing, control, and security and whose membership comprises both technical and managerial professionals.