IST 456 Quiz 2 Review
Computer Security Act (CSA)
A U.S. law designed to improve security of federal information systems. It charged the National Bureau of Standards, now NIST, with the development of standards, guidelines, and associated methods and techniques for computer systems, among other responsibilities.
Electronic Communications Privacy Act of 1986
A collection of statutes that regulate the interception of wire, electronic, and oral communications. These statutes are frequently referred to as the "federal wiretapping acts."
International Information Systems Security Certification Consortium, Inc. (ISC)^2
A nonprofit organization that focuses on the development and implementation of InfoSec certifications and credentials. Their code of ethics includes: protect society, the common good, necessary public trust and confidence, and the infrastructure; act honorably, honestly, justly, responsibly, and legally; provide diligent and competent service to principals; advance and protect the profession
Information Systems Security Association (ISSA)
A nonprofit society of InfoSec professionals with the primary mission of bringing together qualified practitioners of InfoSec for information exchange and educational development.
Information Systems Audit and Control Association (ISACA)
A professional organization with a focus on auditing, control, and security. It focuses on providing IT control practices and standards.
SANS
A professional research and education cooperative organization that is dedicated to the protection of information and systems. Their core IT code of ethics for certificate holders includes: I will strive to know myself and be honest about my capability; I will conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism; I respect privacy and confidentiality
Private Law
A subset of civil law that regulates the relationships among individuals as well as relationships between individuals and organizations; it encompasses family law, commercial law, and labor law
Virtue Approach
A very ancient ethical model postulating that ethical actions ought to be consistent with so-called ideal virtues that is, those virtues that all of humanity finds most worthy and that when present, indicate a fully developed humanity.
Health Information Technology for Economic and Clinical Health Act (HITECH)
Addresses privacy and security concerts associated with the electronic transmission of PHI, in part, through several provisions that strengthen HIPAA rules for civil and criminal enforcement
Criminal law
Addresses violations harmful to society and and is actively enforced and prosecuted by the state. Addresses statutes associated with traffic law, public order, property damage, and personal damage, where the stake takes on the responsibility of seeking retribution on behalf of the plaintiff, or injured party.
Health Insurance Portability and Accountability Act (HIPAA)
Also known as the Kennedy-Kassebaum Act, this law attempts to protect the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange.
Applied Ethics
An approach that applies moral codes to actions drawn from realistic situations; it seeks to define how we might use ethics in practice
National Information Infrastructure Protection Act of 1996
Categorizes crimes based on a defendant's authority to access a protected computer system and criminal intent
Intent
Criminal or unethical intent refers to the state of mind of the individual committing the infraction. A legal defense can be built on whether the accused acted out of ignorance, by accident, or with the intent to cause harm or damage.
Civil Law
Embodies a wide variety of pertaining to relationships between and among individuals and organizations. Includes contract law, employment law, family law, and tort law
Utilitarian Approach
Emphasizes that an ethical actions is one that results in the most good, or the least harm; this approach seeks to link consequences to choices
Laws and policies and their associated penalties only deter if which of the following conditions is present?
Fear of penalty, probability of being caught, and probability of penalty being administered
Fairness or Justice Approach
Founded on the work of Aristotle and other Greek philosophers who contributed the idea that all persons who are equal should be treated equally; today, this approach defines ethical actions as those that have outcomes that regard all human beings equally, or that incorporate a degree of fairness based on some defensible standard.
Ignorance
Ignorance of the law is no excuse, but ignorance of policies and procedures is. The first method of deterrence is the security education training and awareness (SETA) program. Organizations must design, publish, and disseminate organizational policies and relevant laws, and employees must explicitly agree to abide by them.
Three categories of unethical behavior that organizations and society should seek to eliminate
Ignorance, Accident, Intent
Accident
Individuals with authorization and privileges to manage information within the organization have the greatest opportunity to cause harm or damage by accident. Careful placement of controls can help prevent accidental modification or damage to systems and data.
Common law, case law, and precedent
Originates from a judicial branch or oversight board and involves the interpretation of law based on the actions of a previous and/or higher court or board
Statutory Law
Originates from a legislative branch specifically tasked with the creation and publication of laws and statutes
Regulatory or administrative Law
Originates from an executive branch or authorized regulatory agency, and includes executive orders and regulations
Constitutional Law
Originates with the US Constitution, a state constitution, or a local constitution, bylaws, or charter
Economic Espionage Act
Prevents abuse of information gained while employed elsewhere
U.S. Copyright Law
Protects Intellectual property, including publications and software
Public Law
Regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments; includes criminal, administrative, and constitutional law.
Gramm-Leach-Bliley Act (GLB)
Repeals the restrictions on banks affiliating with insurance and securities firms; has significant impact on the privacy of personal information used by these industries
Rights Approach
Suggests that the ethical action is the one that best protects and respects the moral rights of those affected by that action; it begins with a belief that humans have an innate dignity based on their ability to make choices. The list of moral rights is usually thought to include the right to make one's own choices about what kind of life to lead, the right to be told the truth, the right not to be injured, and the right to a degree of privacy. These rights imply certain duties- specifically, the duty to respect the rights of others.
Association for Computing Machinery (ACM)
The ACM's code of ethics requires members to perform their duties in a manner befitting an ethical computing professional.
Deterrence
The best method for preventing an illegal or unethical activity. Laws, policies, and technical controls are all examples of deterrents.
Common Good Approach
The notion that life in community yields a positive outcome for the individual, and therefore each individual should contribute to that community. This approach argues that the complex relationships found in a society are the basis of a process founded on ethical reasoning that respects and has compassion for all others, most particularly the most vulnerable members of a society.
Probability of penalty being administered
The organization must be willing and able to impose the penalty
Descriptive Ethics
The study of the choices that have been made by individuals in the past that is, what do others think is right?
Meta-ethics
The study of the meaning of ethical judgements and properties that is, what is right?
Deontological Ethics
The study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences; also known as duty-based or obligation-based ethics. This approach seeks to define a person's ethical duty.
Normative ethics
The study of what makes actions right or wrong, also known as moral theory that is, how should people act?
Tort Law
The subset of civil law that allows individuals to seek redress in the event of personal, physical, or financial injury
Probability of being caught
There must be a strong possibility that perpetrators of illegal or unethical acts will be caught
Fear of Penalty
Threats of informal reprimand or verbal warnings may not have the same impact as the threat of termination, imprisonment, or forfeiture of pay
Digital Millennium Copyright Act (DCMA)
U.S.-based international effort to reduce the impact of copyright, trademark, and privacy infringement, especially via the removal of technological copyright protection measures