Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
35 views17 pages

Week#04 Lecture #01

Uploaded by

graphicsra41
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
35 views17 pages

Week#04 Lecture #01

Uploaded by

graphicsra41
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Information Security

SE-308
Week #04 Lecture
#01
Legal, ethical, and professional issues
in information security

– Introduction
– Law and Ethics in Information Security
– International Laws and Legal Bodies
– Pakistan Cyber Crime Law
– Ethics and Information Security
– Codes of Ethics and Professional Organizations
Introduction
• Information security is very important for both
companies and people.

• As technology grows and changes, it becomes


harder to keep data safe from threats.

• To make sure data is protected properly, it's


essential to know the rules, behave ethically, and
follow professional standards in the field of
information security.

• This helps build trust, ensures legal compliance,


and maintains a good reputation in today's digital
world.
Laws
• The law is a set of rules put in place to
protect citizens’ rights.

• Laws are usually divided into two categories:


criminal law and civil law.

• Criminal law is the worst kind of crime,


those which impose some kind of harm or
damage onto society, like murder, robbery,
violence, or vandalism.

• Meanwhile, civil law is about settlement of


arguments or debates between individuals,
like divorce or the division of assets.
Law in information security
• Law in information security refers to the legal
principles, regulations, and standards that govern
the protection of digital information, data privacy,
and cybersecurity practices that are required to
protect that information, data privacy, and
information systems from unauthorized access.

Examples:
• General Data Protection Regulation (GDPR), for
data protection, data transfers in the European
Union,
• Computer Fraud and Abuse Act (CFAA) for
cybercrimes in the US
• Health Insurance Portability and Accountability
Act (HIPAA) for healthcare data
Ethic
• Ethics refers to a set of moral principles or values that
guide behavior and help the difference between right
and wrong.

• It can be divided into two key categories: personal


ethics, and professional ethics.

• Personal ethics encourage us to think about


character attitudes such as respect, honesty, integrity,
and kindness for others.

• Professional ethics relate to our role in the context


of professional business, like respecting people’s
privacy and working in the best interests of a client or
colleague.
Ethic in Information Security
• Ethics in Information Security refers to the
specific moral guidelines that individuals or
professionals should follow in their
organization or fields.

• Ethics in information security guide how


people and organizations behave and make
decisions. Being honest, responsible, and
respectful helps to build trust and protect
sensitive data.

• In general, ethical behavior is important for


reliable and secure systems for cybersecurity.
International Laws and Legal Bodies

• International laws and legal bodies play an


important role in governing information
security, especially as organizations
conduct business globally.

 Council of Europe Convention on


Cybercrime
• The Council of Europe Convention on
Cybercrime was adopted in 2001 to create
international standards for technology
laws and enhance global cooperation in
investigating tech-related crimes.
ISO/IEC 27001
• ISO/IEC 27001 is an international standard
for managing information security.

• It outlines a framework for establishing,


implementing, maintaining, and continually
improving an Information Security
Management System (ISMS).

• The standard is designed to help


organizations protect their information
through a systematic approach that
manages people, processes, and
technology.
NIST Cybersecurity Framework

• The NIST Cybersecurity Framework


(CSF), developed by the National
Institute of Standards and Technology
(NIST), provides guidelines for managing
and reducing cybersecurity risks.

• It’s widely adopted in the U.S. and


internationally, and is designed for
organizations of all sizes.
Pakistan Cyber Crime Law

• Pakistan's Prevention of Electronic Crimes Act (PECA)


is the main law addressing cybercrimes in Pakistan.

• Since 2016, PECA has covered unauthorized access to


data, data theft, cyberstalking, cyberterrorism, online
privacy, electronic fraud, and financial crimes.

• It aims to protect people online, give power to law


enforcement to investigate these crimes, and set
rules for online behavior.

• However, enforcing the law and dealing with cyber


threats can still be challenging in Pakistan.
Code Of Ethics
• A Code of Ethics is a set of principles and
guidelines that govern the professional
conduct of individuals within a specific
field or organization.

• It outlines the moral and ethical


responsibilities that professionals are
expected to uphold in their work, ensuring
integrity, fairness, and accountability.
Key Elements of a Code of
Ethics:
• Integrity: Professionals are expected to be honest and maintain
strong moral principles.

• Confidentiality: Respecting the privacy and confidentiality of


sensitive information.

• Fairness: Treating everyone equally and without bias.

• Accountability: Taking responsibility for actions and decisions, and


understanding the consequences.

• Respect for the Law: Compliance with applicable laws and


regulations in all professional activities.

• Protection of Public Interest: Ensuring that actions do not harm


society, the environment, or individuals.

• Avoiding Conflicts of Interest: Acting in the best interest of the


Codes of Ethics and Professional
Organizations
• Professional organizations in the IT and
information security sectors have
established codes of ethics that members
must follow to.

Some major IT professional organizations


include:
 Association of Computing Machinery
(ACM): Focuses on education and provides a
code of ethics emphasizing confidentiality,
avoiding harm, protecting privacy, and
respecting intellectual property.
Codes of Ethics and Professional
Organizations (Cont’d)
 International Information Systems
Security Certification Consortium
(ISC)²:

• Manages certifications and credentials in


information security.

• Their code of ethics requires protection of


society and infrastructure, honorable and
legal conduct, and advancement of the
profession.
Codes of Ethics and Professional Organizations
(Cont’d)

 Information Systems Audit and Control


Association (ISACA):
• Focuses on auditing, control, and security,
providing IT control practices, standards, and
a code of ethics.

 Information Systems Security


Association (ISSA):
• Promoting information security awareness
and education, with a focus on ensuring the
confidentiality, integrity, and availability of
organizational information resources
Thank you

You might also like