Lecture 10 ~ Legal And Ethical Issues In Computer Security ~
Assalamualaikum w.b.t...
Lecture 10 nie last lecture.. sukernyer... yippiieee.... last lecture musti lg semangatt nk abes.. hihihihii... Legal And Ethical Issues In Computer Security yg kami blajar lecture last neh... Topics covered in dis lecture:-
•Introduction
•Legal and Ethical
•Categories of law
•Differences between legal and Ethic
•Ethics concept in Information Security
•Protecting programs and Data
•Information and Law
Introduction
•This chapter covers information security law and ethics
•First part of this chapter focuses on relevant legislation and regulation
concerning the management of information in an organization
•The second part of the chapter presents ethical issues for information security as
well as a summary of professional organizations with established ethical codes
•This chapter use both as a reference to the legal aspects of information security
and as an aide in planning your professional career
Legal & Ethical
~Law
•a rule of conduct or action prescribed or formally recognized as binding or
enforced by a controlling authority
•implies imposition by a sovereign authority and the obligation of obedience on the
part of all subject to that authority
~Ethics
•a set of moral principles or values
•the principles of conduct governing an individual or a group
•an objectively defined standard of right and wrong
Categories Of Law
•Civil law: represents a wide variety of laws that govern a nation or state
•Criminal law: addresses violations harmful to society and is actively enforced
through prosecution by the state
•Tort law enables individuals to seek recourse against others in the event of
personal, physical, or financial injury.
-Torts are enforced via individual lawsuits rather than criminal prosecutions by
the state. When someone brings a legal action under tort law, personal attorneys
present the evidence and argue the details rather than representatives of the
state, who prosecute criminal cases.
•The categories of laws that affect the individual in the workplace are private law
and public law.
-Private law regulates the relationship between the individual and the
organization, and encompasses family law, commercial law, and labor law.
-Public law regulates the structure and administration of government agencies and
their relationships with citizens, employees, and other governments, providing
careful checks and balances. Examples of public law include criminal,
administrative, and constitutional law
Law And Ethics
•Laws are rules that mandate or prohibit certain behavior in society
•ethics, which define socially acceptable behaviors.
•The key difference between laws and ethics is that laws carry the sanctions of a
governing authority and ethics do not. Ethics in turn are based on cultural mores:
the fixed moral attitudes or customs of a particular group.
•Some ethics are recognized as universal. For example,murder, theft, assault, and
arson are commonly accepted as actions that deviate from ethical and legal codes in
the civilized world.
Differences Between Laws And Ethics
LAW
•Formal, documented
•Interpreted by courts
•Established by legislature representing everyone
•Applicable to everyone
•Priority determined by courts if two laws conflict
•Enforceable by police and courts
ETHIC
•Described by unwritten principles
•Interpreted by individuals
•Presented by philosophers, religions, professional group
•Personal choice
•Priority determined by individual if two principles conflict
Ethics Concept In Information Security
~Ethical Differences Across Cultures
•Cultural differences can make it difficult to determine what is and is not ethical
especially when considering the use of computers.
•individuals of different nationalities have different perspectives; difficulties
arise when one nationality’s ethical behavior conflicts with the ethics of another
national group
•For example, to Western cultures, many of the ways in which Asian cultures use
computer technology is software piracy. This ethical conflict arises out of Asian
traditions of collective ownership, which clash with the protection of
intellectual property
~Software License Infringement
•the individuals surveyed understood what software license infringement was but
felt either that their use was not piracy, or that their society permitted this
piracy in some way
•the lack of legal disincentives, the lack of punitive measures, or any one of a
number of other reasons could also explain why these alleged piracy centers were
not oblivious to intellectual property laws
~Illicit Use
•The individuals studied unilaterally condemned viruses, hacking, and other forms
of system abuse as unacceptable behavior
•The low overall degree of tolerance for illicit system use may be a function of
the easy association between the common crimes of breaking and entering,
trespassing, theft, and destruction of property to their computer-related
counterparts
~Misuse of Corporate Resources
•Individuals displayed a rather lenient view of personal use of company equipment.
•A range of views within the acknowledgement of ethical versus unethical behavior
as to whether or not some actions are moderately or highly acceptable
~Ethics and Education
•Differences in the ethics of computer use are not exclusively international.
•Differences are found among individuals within the same country, within the same
social class, and within the same company
~Deterrence to Unethical and Illegal Behavior
•It is the responsibility of information security personnel to do everything in
their power to deter these acts and to use policy, education and training, and
technology to protect information and systems
•Three general categories of unethical and illegal behavior:
~Ignorance
~Accident
~Intent
~Three general categories of unethical and illegal behavior:
•Ignorance
~ignorance of the law is no excuse, however ignorance of policy and procedures is
•Accident
~Individuals with authorization and privileges to manage information within the
organization are most likely to cause harm or damage by accident
•Intent
~Intent is often the cornerstone of legal defense, when it becomes necessary to
determine whether or not the offender acted out of ignorance, by accident, or
with specific intent to cause harm or damage
~Deterrence
•Deterrence is the best method for preventing an illegal or unethical activity.
Laws, policies, and technical controls are all examples of deterrents. However, it
is generally agreed that laws and policies and their associated penalties only
deter if three conditions are present
~Fear of penalty: The individual intending to commit the act must fear the
penalty. Threats of informal reprimand or verbal warnings may not have the same
impact as the threat of imprisonment or forfeiture of pay.
~Probability of being caught: The individual has to believe there is a strong
possibility of being caught performing the illegal or unethical act. Penalties
can be severe, but the penalty will not deter the behavior unless there is an
expectation of being caught.
~Probability of penalty being administered: The individual must believe that the
penalty will in fact be administered.
Protecting Programs And Data
~Copyrights
•designed to protect the expression of ideas
•applies to a creative work such as a story and song.
•intended to allow regular and free exchange of ideas
•must apply to an original work and it must be in some tangible medium of
expression
•to cover works in the arts, literature and written scholarship
~Patents
•applies to the result of science, technology and engineering
•can protect a “new and useful process, machine, manufacture or composition of
matter”
•designed to protect the device or process for carrying out an idea, not the idea
itself
~Trade Secret
•must be kept a secret
•the owner must protect the secret by any means, such as by storing it in a safe,
encrypting it and by making employees sign a statement that they will not
disclose the secret
•trade secret protection can also vanish through reverse engineering
Open-Source Software Affected By Copyright Protection, How?
•Controls the right to copy the software
•Controls the right to distribute the software
•Subject to fair use
•Ease of filing
•Sue if copy sold
•Ownership of copyright
Information And The Law
~Information as an Object
•not depletable
-Information can be sold again and again without depleting stock or diminishing
quality
-Information has the value not the medium
•can be replicated
-Can use the information and sell it many times
•minimal margin cost
-The cost to produce another one after having produced others is small
•value is timely
-The value of information often depends on when you know it
•often transferred intangibly
-Information is being delivered as bits on a cable
~Legal Issues Related to Information
•information commerce
-Is the basis of some commerce
-Problem:
~how to ensure that the software developer or publisher receives just
compensation for use of the software?
-Several approaches:
~Copy protection
~Freeware
~Controlled distribution
~Legal Issues Related to Information
•electronic publishing
-Some news and information will be published and distributed on the Internet or
some other public network
-Problem:
~How to ensure that the publisher receives fair compensation for the work?
-By using cryptographic-based technical solutions and supported by a legal
structure
~Legal Issues Related to Information
•Database
-Problem:
~Difficult to determine that a set of data came from a particular database
so that the database can claim compensation
•electronic commerce
-Goods are ordered electronically
-Technical protection available:
~Digital signatures and other cryptographic protocols
•Problem:
-How to prove conditions of delivery
Rights Of Employees And Employers
~ownership of a patent
•The person who owns a work under patent and copyright law is inventor (producer)
~ownership of a copyright
•Similar to ownership of a patent
•The programmer is the presumed owner of the work
•The owner has all rights to an object
~work for hire
•The employer is considered the author of a work not the employee
~Licenses
•An alternative to ‘work for hire’ arrangement
•Programmer develops and retain full ownership of the software
•The programmer grants a license to a company to use the program
•License can be:
-For a copy or unlimited copies
-To be used at one location or many
-etc
~trade secret protection
•Trade secret is not registered
•The ownership must be established
•The information as confidential data
~employment contracts
•Will express the rights of ownership
•Specifies:
-The employee is hired to work as a programmer exclusively for the benefit of
the company
-The company states that it is a work for hire situation
-The company claims all rights to any programs developed including all
copyrights and the right to market
-The employee receives access to certain trade secrets as a part of employment
and the employees agrees not to reveal those secrets
-Sometimes an agreement not to compute is included such as the employee is not
to compete by working in the same field for a set period of time after
termination
Computer Crime
~A computer can be :
•attacked
•used to attack
•used as a means to commit crime
~Computer crime is hard to prosecute because:
•low computer literacy (lack of understanding)
•no physical clues (lack of physical evidence)
•intangible forms of assets
•considered as juvenile crime
•Lack of political impact
Ethical Issues In Computer Security
Examining A Case For Ethical Issues
1. Understand the situation. Determine the issues involved.
2. Know several theories of ethical reasoning
3. List the ethical principles involved
4. Determine which principles outweigh others.
Summary
~Laws are formally adopted rules for acceptable behavior in modern society. Ethics
are socially acceptable behaviors. The key difference between laws and ethics is
that laws carry the sanction of a governing authority and ethics do not.
~Organizations formalize desired behaviors in documents called policies. Policies
must be read and agreed to before they are binding.
~Civil law represents a wide variety of laws that are used to govern a nation or
state. Criminal law addresses violations that harm society and are enforced by
agents of the state or nation. Tort law is conducted by means of individual
lawsuits rather than criminal prosecution by the state.
~Private law focuses on individual relationships, public law addresses regulatory
agencies.
~Deterrence can prevent an illegal or unethical activity from occurring. Deterrence
requires significant penalties, a high probability of apprehension, and an
expectation of enforcement of penalties.
~As part of an effort to encourage positive ethics, a number of professional
organizations have established codes of conduct or codes of ethics that their
members are expected to follow.
Finally, abes gak lecture network security kiteorg... ermmm.. time to study n prepare for final exam lor.. uhukksss.... Gud Luck all...
alhamdulillah...
A cruel word may wreck a life
A timely word may level stress
A loving word may heal and bless"