LECTURE 10
This lecture is about Legal and Ethical Issues in Computer Security. This lecture covers information security law and ethics.
LAW
A rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority. Implies imposition by a sovereign authority and the obligation of obedience on the part of all subject to that authority
Category of law
Civil law: represents a wide variety of laws that govern a nation or state
Criminal law: addresses violations harmful to society and is actively enforced through prosecution by the state
The categories of laws that affect the individual in the workplace are private law and public law.
Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law.
Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments, providing careful checks and balances. Examples of public law include criminal, administrative, and constitutional law
ETHICS
A set of moral principles or values. The principles of conduct governing an individual or a group. An objectively defined standard of right and wrong
Ethics Concept
Ethical Differences Across Cultures
-Cultural differences can make it difficult to determine what is and is not ethical especially when considering the use of computers.
Software License Infringement
-the individuals surveyed understood what software license infringement was but felt either that their use was not piracy, or that their society permitted this piracy in some way
Illicit Use
-The individuals studied unilaterally condemned viruses, hacking, and other forms of system abuse as unacceptable behavior
Misuse of Corporate Resources
-Individuals displayed a rather lenient view of personal use of company equipment.
Ethics and Education
-Differences in the ethics of computer use are not exclusively international.
Deterrence to Unethical and Illegal Behavior
-It is the responsibility of information security personnel to do everything in their power to deter these acts and to use policy, education and training, and technology to protect information and systems
No comments:
Post a Comment