2. Legal, Social & Ethical Aspects: information security & privacy Flashcards
What are the different categories of legal laws?
Privacy oriented laws
Security oriented laws
Describe the possible different types of legal laws for each category
Privacy Oriented laws:
European convention on human rights (incorporated into UK domestic law by the Human Rights Act 1998)
Data Protection law (GDPR 2018, no actual privacy laws)
Security Oriented laws:
Computer Misuse Act 1990 (offences, jurisdiction)
Security / terrorist laws - Anti-terrorism, crime & security act 2001 (after 911 terrorists attack, pressure from Patriot Act in US)
Describe the social & ethical aspects
Social:
Social practices affects the security & privacy activity (e.g. the social environment)
Influence of social events (e.g. banking fraud case, terrorism act)
Ethical:
What’s right for security & privacy
Personal stance
What are the Legal, Social, and Ethical responses?
Protect & manage privacy:
Existing Google model collect everything
All info & use (marketing, reselling, monitoring, analytics)
Questions of ‘trust’ in big business
Copyright / IP laws & norms alternative model:
3rd party to manage personal data
Similar copyright obligations / protections to publishing
Similar service model to cloud computing
What are the evolving security questions?
What information do you want to own?
What personal information do you want to keep private?
What business information do companies / organisations want to keep private?
What are the things you want to protect?
Who is the risk owner of those things?
What are the issues for changes in technology?
Addressing security issues
Raising further technology management issues
Patches coming out very soon after new technology launch
What are there likely to be issues with when looking at the issues for changes in technology?
IOT
IOT / automated driving
Personal health systems
