Lecture 3 Flashcards

1
Q

?

rules that mandate or prohibit certain societal behavior

Law and Ethics in Information Security

Legal, Ethical, and Professional Issues in Information Security

A

Laws

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

?

define socially acceptable behavior

Law and Ethics in Information Security

Legal, Ethical, and Professional Issues in Information Security

A

Ethics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

?

fixed moral attitudes or customs of a particular group; ethics based on these

Law and Ethics in Information Security

Legal, Ethical, and Professional Issues in Information Security

A

Cultural mores

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

?

fixed moral attitudes or customs of a particular group; ethics based on these

Law and Ethics in Information Security

Legal, Ethical, and Professional Issues in Information Security

A

Cultural mores

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

? carry sanctions of a governing authority; ?? do not

Law and Ethics in Information Security

Legal, Ethical, and Professional Issues in Information Security

A
  • Laws
  • Ethics
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

?, ??, ???, ????, ?????

(5) Types of Law

Legal, Ethical, and Professional Issues in Information Security

A
  • Civil
  • Criminal
  • Tort
  • Private
  • Public
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

?, ??, ???, ????, ?????, ??????

(6) Relevant U.S. Laws (General)

Legal, Ethical, and Professional Issues in Information Security

A
  • Computer Fraud and Abuse Act of 1986 (CFA Act)
  • National Information Infrastructure Protection Act of 1996
  • USA Patriot Act of 2001
  • Telecommunications Deregulation and Competition Act of 1996
  • Communications Decency Act of 1996 (CDA)
  • Computer Security Act of 1987
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

?

One of the hottest topics in information security

Legal, Ethical, and Professional Issues in Information Security

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

?

Is a “state of being free from unsanctioned intrusion”

Legal, Ethical, and Professional Issues in Information Security

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

?

Ability to aggregate data from multiple sources allows creation of information databases previously unheard of

Legal, Ethical, and Professional Issues in Information Security

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

?

Ability to aggregate data from multiple sources allows creation of information databases previously unheard of

Legal, Ethical, and Professional Issues in Information Security

A

Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

?, ??, ???, ????, ?????

(5) Privacy of Customer Information

Legal, Ethical, and Professional Issues in Information Security

A
  • Privacy of Customer Information Section of common carrier regulation
  • Federal Privacy Act of 1974
  • Electronic Communications Privacy Act of 1986
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act
  • Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

?, ??

(2) Export and Espionage Laws

Legal, Ethical, and Professional Issues in Information Security

A
  • Economic Espionage Act of 1996 (EEA)
  • Security And Freedom Through Encryption Act of 1999 (SAFE)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

?, ??

Intellectual property recognized as protected asset in the U.S.; ?? extends to electronic formats

Legal, Ethical, and Professional Issues in Information Security

A
  • U.S. Copyright Law
  • copyright law
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

?

With proper acknowledgement, permissible to include portions of others’ work as reference

Legal, Ethical, and Professional Issues in Information Security

A

U.S. Copyright Law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

?

Allows access to federal agency records or information not determined to be matter of national security

Legal, Ethical, and Professional Issues in Information Security

A

Freedom of Information Act of 1966 (FOIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

?

U.S. government agencies required to disclose any requested information upon receipt of written request. Some information protected from disclosure

Legal, Ethical, and Professional Issues in Information Security

A

Freedom of Information Act of 1966 (FOIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

?

Restrictions on organizational computer technology use exist at international, national, state, local levels

Legal, Ethical, and Professional Issues in Information Security

A

State and Local Regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

? responsible for understanding state regulations and ensuring organization is compliant with regulations

State and Local Regulations

Legal, Ethical, and Professional Issues in Information Security

A

Information security professional

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Establishes international task force overseeing Internet security functions for standardized international technology laws

International Laws and Legal Bodies

Legal, Ethical, and Professional Issues in Information Security

A

European Council Cyber-Crime Convention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Attempts to improve effectiveness of international investigations into breaches of technology law

International Laws and Legal Bodies

Legal, Ethical, and Professional Issues in Information Security

A

European Council Cyber-Crime Convention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Well received by intellectual property rights advocates due to emphasis on copyright infringement prosecution

International Laws and Legal Bodies

Legal, Ethical, and Professional Issues in Information Security

A

European Council Cyber-Crime Convention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Lacks realistic provisions for enforcement

International Laws and Legal Bodies

Legal, Ethical, and Professional Issues in Information Security

A

European Council Cyber-Crime Convention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

U.S. contribution to international effort to reduce impact of copyright, trademark, and privacy infringement

Legal, Ethical, and Professional Issues in Information Security

A

Digital Millennium Copyright Act (DMCA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
A response to European Union Directive 95/46/EC, which **adds protection to individuals with regard to processing and free movement of personal data** ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Digital Millennium Copyright Act (DMCA)
26
Makes provisions, to a degree, for information security during information warfare (IW) ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
United Nations Charter
27
# ? involves use of **information technology** to conduct organized and **lawful military operations** | United Nations Charter ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
IW (Information Warefare)
28
# ? is relatively **new type of warfare**, although military has been conducting electronic warfare operations for decades | United Nations Charter ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
IW (Information Warefare)
29
Most organizations develop and formalize a body of expectations called **?** | Policy Versus Law ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
policy
30
# ? serve as organizational laws | Policy Versus Law ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Policies
31
To be enforceable, **?** must be distributed, readily available, easily understood, and acknowledged by employees | Policy Versus Law ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
policy
32
To be enforceable, **?** must be distributed, readily available, easily understood, and acknowledged by employees | Policy Versus Law ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
policy
33
The ten commandments of Computer Ethics | Ethics and Information Security ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
1. Thou shalt **not** use a computer to **harm other people** 2. Thou shalt **not interfere with other people's computer work** 3. Thou shalt **not snoop around** in other people's computer files 4. Thou shalt **not** use a computer to **steal** 5. Thou shalt **not** use a computer to **bear false witness** 6. Thou shalt **not copy or use proprietary software** for which you have not paid 7. Thou shalt **not use other people's computer resource**s without authorization or proper compensation 8. Thou shalt **not appropriate other people's intellectual output** 9. Thou shalt **think about the social consequences of the program you are writing** or the system you are designing 10. Thou **shalt** always use a computer in ways that **ensure consideration and respect for your fellow humans**
34
# ? create difficulty in determining what is and is not ethical | Ethical Differences Across Cultures ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Cultural differences
35
# ? arise when one **nationality’s ethical behavior conflicts with ethics of another national group** | Ethical Differences Across Cultures ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Difficulties
36
Overriding factor in leveling ethical perceptions within a small population is **?** | Ethics and Education ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
education
37
Employees must be trained in expected behaviors of an ethical employee, especially in areas of **?** | Ethics and Education ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
information security
38
**?** vital to creating informed, well prepared, and low risk system user | Ethics and Education ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Proper ethical training
39
# ? best method for preventing an illegal or unethical activity; e.g., laws, policies, technical controls | Deterrence to Unethical and Illegal Behavior ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Deterrence
40
# ?, ??, ??? Laws and policies only deter if three conditions are present | Deterrence to Unethical and Illegal Behavior ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
* Fear of penalty * Probability of being caught * Probability of penalty being administered
41
Several professional organizations have established **?** | Codes of Ethics and Professional Organizations ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
codes of conduct/ethics
42
# ? can have positive effect; unfortunately, many employers do not encourage joining of these professional organizations | Codes of Ethics and Professional Organizations ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Codes of ethics
43
# ? to act ethically and according to policies of employer, professional organization, and laws of society | Codes of Ethics and Professional Organizations ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Responsibility of security professionals
44
# ? established in 1947 as “the world's first educational and scientific computing society” ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
ACM (Association of Computing Machinery)
45
# ? contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property | Association of Computing Machinery (ACM) ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Code of ethics
46
# ? Non-profit organization focusing on development and implementation of information security certifications and credentials ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
International Information Systems Security Certification Consortium, Inc. (ISC)^2
47
Code primarily designed for information security professionals who have certification from **?** | International Information Systems Security Certification Consortium, Inc ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
(ISC)^2 (International Information Systems Security Certification Consortium, Inc.
48
Code of ethics focuses on four **?** | International Information Systems Security Certification Consortium, Inc ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
mandatory canons
49
# ? Professional organization with a large membership dedicated to **protection of information and systems** ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
System Administration, Networking, and Security Institute (SANS)
50
SANS offers set of certifications called **?** | System Administration, Networking, and Security Institute (SANS) ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Global Information Assurance Certification (GIAC)
51
Professional association with focus on **auditing, control, and security** ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Information Systems Audit and Control Association (ISACA)
52
Concentrates on **providing IT control practices and standards** ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Information Systems Audit and Control Association (ISACA)
53
has code of ethics for its professionals ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Information Systems Audit and Control Association (ISACA)
54
**Provides information and training** to support computer, networking, and **information security professionals** ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Computer Security Institute (CSI)
55
Though without a code of ethics, has argued for adoption of ethical behavior among **information security professionals** ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Computer Security Institute (CSI)
56
Nonprofit society of **information security (IS) professionals** ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Information Systems Security Association (ISSA)
57
**Primary mission to bring together qualified IS practitioners** for information exchange and educational development ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Information Systems Security Association (ISSA)
58
Promotes code of ethics similar to (ISC)^2, ISACA and ACM ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Information Systems Security Association (ISSA)
59
promotes development and implementation of education, standards, policy and **education to promote the Internet** | Other Security Organizations ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Internet Society (ISOC)
60
**division of National Institute for Standards and Technology (NIST)**; promotes industry best practices and is important reference for **information security professionals** | Other Security Organizations ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Computer Security Division (CSD)
61
**center of Internet security expertise** operated by Carnegie Mellon University | Other Security Organizations(continued) ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
CERT Coordination Center (CERT/CC)
62
public organization for anyone concerned with **impact of computer technology on society** | Other Security Organizations(continued) ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Computer Professionals for Social Responsibility (CPSR)
63
# ?, ??, ???, ???? (4) Key U.S. Federal Agencies | Other Security Organizations(continued) ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
* Department of Homeland Security (DHS) * Federal Bureau of Investigation’s National Infrastructure Protection Center (NIPC) * National Security Agency (NSA) * U.S. Secret Service
64
# ? is **legal obligation of an entity**; includes legal obligation to make restitution for wrongs committed | Organizational Liability and the Need for Counsel ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Liability
65
**Organization increases liability** if it refuses to take measures known as **?** | Organizational Liability and the Need for Counsel ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
due care
66
# ? requires that an organization **make valid effort to protect others** and continually maintain that level of effort | Organizational Liability and the Need for Counsel ## Footnote **Legal, Ethical, and Professional Issues in Information Security**
Due diligence