IST 456 Quiz 2 Review

Computer Security Act (CSA)

A U.S. law designed to improve security of federal information systems. It charged the National Bureau of Standards, now NIST, with the development of standards, guidelines, and associated methods and techniques for computer systems, among other responsibilities.

Electronic Communications Privacy Act of 1986

A collection of statutes that regulate the interception of wire, electronic, and oral communications. These statutes are frequently referred to as the "federal wiretapping acts."

International Information Systems Security Certification Consortium, Inc. (ISC)^2

A nonprofit organization that focuses on the development and implementation of InfoSec certifications and credentials. Their code of ethics includes: protect society, the common good, necessary public trust and confidence, and the infrastructure; act honorably, honestly, justly, responsibly, and legally; provide diligent and competent service to principals; advance and protect the profession

Information Systems Security Association (ISSA)

A nonprofit society of InfoSec professionals with the primary mission of bringing together qualified practitioners of InfoSec for information exchange and educational development.

Information Systems Audit and Control Association (ISACA)

A professional organization with a focus on auditing, control, and security. It focuses on providing IT control practices and standards.

SANS

A professional research and education cooperative organization that is dedicated to the protection of information and systems. Their core IT code of ethics for certificate holders includes: I will strive to know myself and be honest about my capability; I will conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism; I respect privacy and confidentiality

Private Law

A subset of civil law that regulates the relationships among individuals as well as relationships between individuals and organizations; it encompasses family law, commercial law, and labor law

Virtue Approach

A very ancient ethical model postulating that ethical actions ought to be consistent with so-called ideal virtues that is, those virtues that all of humanity finds most worthy and that when present, indicate a fully developed humanity.

Health Information Technology for Economic and Clinical Health Act (HITECH)

Addresses privacy and security concerts associated with the electronic transmission of PHI, in part, through several provisions that strengthen HIPAA rules for civil and criminal enforcement

Criminal law

Addresses violations harmful to society and and is actively enforced and prosecuted by the state. Addresses statutes associated with traffic law, public order, property damage, and personal damage, where the stake takes on the responsibility of seeking retribution on behalf of the plaintiff, or injured party.

Health Insurance Portability and Accountability Act (HIPAA)

Also known as the Kennedy-Kassebaum Act, this law attempts to protect the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange.

Applied Ethics

An approach that applies moral codes to actions drawn from realistic situations; it seeks to define how we might use ethics in practice

National Information Infrastructure Protection Act of 1996

Categorizes crimes based on a defendant's authority to access a protected computer system and criminal intent

Intent

Criminal or unethical intent refers to the state of mind of the individual committing the infraction. A legal defense can be built on whether the accused acted out of ignorance, by accident, or with the intent to cause harm or damage.

Civil Law

Embodies a wide variety of pertaining to relationships between and among individuals and organizations. Includes contract law, employment law, family law, and tort law

Utilitarian Approach

Emphasizes that an ethical actions is one that results in the most good, or the least harm; this approach seeks to link consequences to choices

Laws and policies and their associated penalties only deter if which of the following conditions is present?

Fear of penalty, probability of being caught, and probability of penalty being administered

Fairness or Justice Approach

Founded on the work of Aristotle and other Greek philosophers who contributed the idea that all persons who are equal should be treated equally; today, this approach defines ethical actions as those that have outcomes that regard all human beings equally, or that incorporate a degree of fairness based on some defensible standard.

Ignorance

Ignorance of the law is no excuse, but ignorance of policies and procedures is. The first method of deterrence is the security education training and awareness (SETA) program. Organizations must design, publish, and disseminate organizational policies and relevant laws, and employees must explicitly agree to abide by them.

Three categories of unethical behavior that organizations and society should seek to eliminate

Ignorance, Accident, Intent

Accident

Individuals with authorization and privileges to manage information within the organization have the greatest opportunity to cause harm or damage by accident. Careful placement of controls can help prevent accidental modification or damage to systems and data.

Common law, case law, and precedent

Originates from a judicial branch or oversight board and involves the interpretation of law based on the actions of a previous and/or higher court or board

Statutory Law

Originates from a legislative branch specifically tasked with the creation and publication of laws and statutes

Regulatory or administrative Law

Originates from an executive branch or authorized regulatory agency, and includes executive orders and regulations

Constitutional Law

Originates with the US Constitution, a state constitution, or a local constitution, bylaws, or charter

Economic Espionage Act

Prevents abuse of information gained while employed elsewhere

U.S. Copyright Law

Protects Intellectual property, including publications and software

Public Law

Regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments; includes criminal, administrative, and constitutional law.

Gramm-Leach-Bliley Act (GLB)

Repeals the restrictions on banks affiliating with insurance and securities firms; has significant impact on the privacy of personal information used by these industries

Rights Approach

Suggests that the ethical action is the one that best protects and respects the moral rights of those affected by that action; it begins with a belief that humans have an innate dignity based on their ability to make choices. The list of moral rights is usually thought to include the right to make one's own choices about what kind of life to lead, the right to be told the truth, the right not to be injured, and the right to a degree of privacy. These rights imply certain duties- specifically, the duty to respect the rights of others.

Association for Computing Machinery (ACM)

The ACM's code of ethics requires members to perform their duties in a manner befitting an ethical computing professional.

Deterrence

The best method for preventing an illegal or unethical activity. Laws, policies, and technical controls are all examples of deterrents.

Common Good Approach

The notion that life in community yields a positive outcome for the individual, and therefore each individual should contribute to that community. This approach argues that the complex relationships found in a society are the basis of a process founded on ethical reasoning that respects and has compassion for all others, most particularly the most vulnerable members of a society.

Probability of penalty being administered

The organization must be willing and able to impose the penalty

Descriptive Ethics

The study of the choices that have been made by individuals in the past that is, what do others think is right?

Meta-ethics

The study of the meaning of ethical judgements and properties that is, what is right?

Deontological Ethics

The study of the rightness or wrongness of intentions and motives as opposed to the rightness or wrongness of the consequences; also known as duty-based or obligation-based ethics. This approach seeks to define a person's ethical duty.

Normative ethics

The study of what makes actions right or wrong, also known as moral theory that is, how should people act?

Tort Law

The subset of civil law that allows individuals to seek redress in the event of personal, physical, or financial injury

Probability of being caught

There must be a strong possibility that perpetrators of illegal or unethical acts will be caught

Fear of Penalty

Threats of informal reprimand or verbal warnings may not have the same impact as the threat of termination, imprisonment, or forfeiture of pay

Digital Millennium Copyright Act (DCMA)

U.S.-based international effort to reduce the impact of copyright, trademark, and privacy infringement, especially via the removal of technological copyright protection measures