SlideShare una empresa de Scribd logo

Chapter 1 Law & Ethics

Descargar como PPTX, PDF
K
Karthikeyan Dhayalan

This document discusses various categories of law including criminal law, civil law, administrative law, customary law, religious law, mixed law, computer specific law, and intellectual property law. It provides definitions and key aspects of different types of intellectual property including copyright, patents, trademarks, trade secrets, industrial designs, geographical indications, and licensing. Major computer laws discussed include the Computer Fraud and Abuse Act, Computer Security Act, Federal Sentencing Guidelines, Government Information Security Reform Act, Federal Information Security Management Act, Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act, Payment Card Industry Data Security Standard, and Digital Millennium Copyright Act.

Educación
1 de 29
Law and Ethics Predict – Preempt – Protect Karthikeyan Dhayalan
Categories of Law Code Law •Rule-based law not precedence based • Focused on codified law – or written law •Lower courts are not compelled to follow the decisions made by the higher courts •Most widespread legal system in the world and most common in Europe
Common Law •It is based on previous interpretations of law •Developed in England •It reflects the community’s morals and expectations •Uses judges and juries of peers •Broken down into civil, criminal, and administrative
Criminal Law • It is based on common law • Addresses behavior harmful to society • Punishment involves a loss of freedom, monetary fines, community service • Responsibility is on the prosecution to prove guilt • Govt, through law enforcement agencies, brings about charges against the individual/organization that is accused of violation • Penalties include, jail term, community service, monetary fines
Civil/Tort Law •It is based on common law •Defendant owes a legal duty to the victim •Designed to provide for an orderly society and govern matters that are not crimes •Incumbent on the person wronged to file a law suit •Damages can be financial penalties
Administrative Law •Policies, procedures and regulations that govern the daily operations of the agency •Administrative law does not require an act of legislation but must comply with all existing civil and criminal laws
Customary Law •Deals mainly with personal conduct and patterns of behavior •Based on traditions and customs of the region •Mainly used in regions that have mixed law system •Penalty include monetary fine or service
Religious Law •Based on religious beliefs of the region •Covers all aspects of human life •Knowledge and rules are defined by god •Scholars attempt to discover truth of law
Mixed Law •2 or more legal systems are used together •Consists of civil and common law
Computer specific Law
• Exclusively covers computer crimes that crosses state boundaries • It is a crime to perform the following • Unauthorized access of classified information in a federal system • Unauthorized access to a federal government system • Causing malicious damage to the federal system Computer Fraud and Abuse Act
• Mandates baseline security requirement for all federal agencies • 4 main purposes of the Act • Provide NIST responsibility for developing standards and guidelines for federal computer systems • Provide for enactment of such standard and guidelines • Require establishment of security plans by all operators • Require mandatory periodic training for all people Computer Security Act of 1987
• Provides punishment guidelines to help federal judges to interpret computer crime laws • 3 Major provisions of the law are • Prudent man rule – requires senior executives to take personal responsibility for ensuring due care • Allowed executives and organizations to reduce punishment by demonstrating that they used due diligence in the conduct of their information security duties • Outlines 3 burdens of proof for negligence • Person accused of negligence must have legally recognized obligation • Person must have failed to comply with recognized standard • There must be casual relationship between the act of negligence and subsequent damages – proximate causation Federal Sentencing Guidelines
• Provide comprehensive framework for establishing and ensuring the effectiveness of controls over information resources that support federal operations • Places burden of maintaining security and integrity of government systems on individual agency leaders • Established mission-critical system category • Provides specific evaluation and auditing authority for mission-critical systems to the secretary of defense and the director of CIA Government Information Security Reform Act
• FISMA requires agencies implement an information security program that covers the agencies operations • Requires contractors are also included part of the scope • NIST is responsible for building FISMA guidelines Federal Information Security Management Act
• Provides a framework and guideline to ensure security, integrity and privacy when handling confidential medical records • It outlines how security should be managed for any facility that creates, accesses, shares or destroys medical information • Mandates steep penalties for noncompliance HIPAA
• Mandates financial institution develop privacy notices and give customers option to prohibit sharing their information with non-affiliated parties • BoD is responsible, all employee should be trained and security controls should be tested • Major components • Financial privacy rule: provide each customer with privacy notice. Provide opt-out clause • Safeguards rule: develop written information security plan • Pretexting Protection: Implement safeguards against social engineering Gramm-Leach-Bliley Act (GLBA)
• Canadian law that deals with protection of personal information • Oversees how private sector collect, use, disclose PII • Some requirements of the law • Obtain consent when they collect PII • Collect information in fair and lawful means • Have personal information policies that are clear, understandable and readily available Personal Information Protection and Electronic Documents Act
• Applies to any entity that processes, stores, transmits or accepts credit card data • It is a private industry initiative, it is not a law. • Made up of 12 main requirements broken into 6 major categories • Non-compliance may result in financial penalties or possible revocation of merchant status within the credit card industry Payment card industry Data Security Standard (PCI DSS)
Intellectual Property Rights Intellectual property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce. Types of intellectual property • Copyright • Patent • Trade secret • Trade mark • Industrial design • Geographical Identification
Copyright • Copyright (or author’s right) is a legal term used to describe the rights that creators have over their literary and artistic works • Works covered by copyright range from books, music, paintings, sculpture, and films, to computer programs, databases, advertisements, maps, and technical drawings. • Copyright protection extends only to expressions, and not to ideas, procedures, methods of operation or mathematical concepts as such. • There are two types of rights under copyright: • economic rights, which allow the rights owner to derive financial reward from the use of his works by others; and • moral rights, which protect the non-economic interests of the author • Copyright protection is obtained automatically without the need for registration or other formalities • Works by one or more authors are protected until 70 years after the death of the last surviving author • Work for hire and anonymous works are provided protection for 95 years from the date of first publishing or 120 years from the date of creation, whichever is shorter
Digital Millennium Copyright Act (DMCA) • The Digital Millennium Copyright Act (DMCA) is a controversial United States digital rights management ( DRM ) law. The intent behind DMCA was to create an updated version of copyright laws to deal with the special challenges of regulating digital material. • It prohibits attempts to circumvent copyright protection mechanisms • Non-profit organizations are exempted from this Act • A DMCA takedown notice is a notification to a company, usually a web host or a search engine, that they are either hosting or linking to copyright-infringing material. It provides them notice to remove the copyrighted works.
Patent • A patent is an exclusive right granted for an invention • To get a patent, technical information about the invention must be disclosed to the public in a patent application. • 3 requirements to be satisfied are: • The invention should be new and original idea • The invention must be useful • The invention must not be obvious. • The patent owner has the exclusive right to prevent or stop others from commercially exploiting the patented invention • The exclusive rights are only applicable in the country or region in which a patent has been filed and granted, in accordance with the law of that country or region. • The protection is granted for a limited period, generally 20 years from the filing date of the application.
Trademark • A trademark is a sign capable of distinguishing the goods or services of one enterprise from those of other enterprises. Trademarks are protected by intellectual property rights. • The main objective is to avoid confusion in the marketplace of a product or service • Trademarks are generally not needed to be official registered to gain protection under law • Acceptance of Trademark registration in US has two major considerations • The trademark must not be similar to another trademark • The trademark should not be descriptive of the goods or service that you will offer • In US Trademarks are provided for 10 years with renewals for unlimited successive 10-year period
Trade Secret • Any confidential business information which provides an enterprise a competitive edge may be considered a trade secret • Trade secrets encompass manufacturing or industrial secrets and commercial secrets • Trade secrets are protected without registration • Conditions for the information to be considered a trade secret • The information must be secret • It must have commercial value because it is a secret • It must have been subject to reasonable steps by the rightful holder of the information to keep it secret
Industrial Design • An industrial design constitutes the ornamental or aesthetic aspect of an article • may consist of three dimensional features, such as the shape of an article, or two dimensional features, such as patterns, lines or colour • the owner of a registered industrial design or of a design patent has the right to prevent third parties from making, selling or importing articles bearing or embodying a design which is a copy, or substantially a copy, of the protected design, when such acts are undertaken for commercial purposes. • Industrial designs are applied to a wide variety of products of industry and handicraft items: from packages and containers to furnishing and household goods, from lighting equipment to jewelry, and from electronic devices to textiles. • an industrial design needs to be registered in order to be protected under industrial design law as a “registered design”
Geographical Indications • A geographical indication (GI) is a sign used on products that have a specific geographical origin and possess qualities or a reputation that are due to that origin. • There is a clear link between the product and its original place of production • A geographical indication right enables those who have the right to use the indication to prevent its use by a third party whose product does not conform to the applicable standards. • A protected geographical indication does not enable the holder to prevent someone from making a product using the same techniques as those set out in the standards for that indication. • Geographical indications are typically used for agricultural products, foodstuffs, wine and spirit drinks, handicrafts, and industrial products.
Licensing • 4 major types of license requirements • Contractual license agreement: written contract between the software vendor and the customer • Shrink-wrap License: A shrink wrap license is an end user agreement (EULA) that is enclosed with software in plastic-wrapped packaging. Once the end user opens the packaging, the EULA is considered to be in effect. • Clickwrap License: Type of agreement often used in connection with software licenses. Most clickwrap agreements require the end-user to manifest his or her assent by clicking an "ok" or "agree" button on a dialog box or pop-up window. • Cloud services license agreement: similar to Clickwrap agreement, mainly concentrated on the services provided by cloud vendors
Karthikeyan Dhayalan

Recomendados

CISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network TopologyCISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network TopologyKarthikeyan Dhayalan
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security FrameworkKarthikeyan Dhayalan
 
CISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureCISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureKarthikeyan Dhayalan
 
CISSP - Security Assessment
CISSP - Security AssessmentCISSP - Security Assessment
CISSP - Security AssessmentKarthikeyan Dhayalan
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
CISSP Prep: Ch 5. Communication and Network Security (Part 1)CISSP Prep: Ch 5. Communication and Network Security (Part 1)
CISSP Prep: Ch 5. Communication and Network Security (Part 1)Sam Bowne
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementKarthikeyan Dhayalan
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 

Recomendados

CISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network TopologyCISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network TopologyKarthikeyan Dhayalan
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security FrameworkKarthikeyan Dhayalan
 
CISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureCISSP - Chapter 3 - CPU Architecture
CISSP - Chapter 3 - CPU ArchitectureKarthikeyan Dhayalan
 
CISSP - Security Assessment
CISSP - Security AssessmentCISSP - Security Assessment
CISSP - Security AssessmentKarthikeyan Dhayalan
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
CISSP Prep: Ch 5. Communication and Network Security (Part 1)CISSP Prep: Ch 5. Communication and Network Security (Part 1)
CISSP Prep: Ch 5. Communication and Network Security (Part 1)Sam Bowne
 
CISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementCISSP Chapter 1 Risk Management
CISSP Chapter 1 Risk ManagementKarthikeyan Dhayalan
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
CISSP - Software Development Security
CISSP - Software Development SecurityCISSP - Software Development Security
CISSP - Software Development SecurityKarthikeyan Dhayalan
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureKarthikeyan Dhayalan
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityMaganathin Veeraragaloo
 
CISSP - Chapter 4 - Network Fundamental
CISSP - Chapter 4 - Network FundamentalCISSP - Chapter 4 - Network Fundamental
CISSP - Chapter 4 - Network FundamentalKarthikeyan Dhayalan
 
CISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranetsCISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranetsKarthikeyan Dhayalan
 
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)Sam Bowne
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security EngineeringSam Bowne
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
CISSP Chapter 1 BCP
CISSP Chapter 1 BCPCISSP Chapter 1 BCP
CISSP Chapter 1 BCPKarthikeyan Dhayalan
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset SecurityMaganathin Veeraragaloo
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
Information Security
Information SecurityInformation Security
Information SecurityDhilsath Fathima
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityCarl Ceder
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxNargis Parveen
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 

Más contenido relacionado

La actualidad más candente

CISSP - Software Development Security
CISSP - Software Development SecurityCISSP - Software Development Security
CISSP - Software Development SecurityKarthikeyan Dhayalan
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureKarthikeyan Dhayalan
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityMaganathin Veeraragaloo
 
CISSP - Chapter 4 - Network Fundamental
CISSP - Chapter 4 - Network FundamentalCISSP - Chapter 4 - Network Fundamental
CISSP - Chapter 4 - Network FundamentalKarthikeyan Dhayalan
 
CISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranetsCISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranetsKarthikeyan Dhayalan
 
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)Sam Bowne
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security EngineeringSam Bowne
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityKarthikeyan Dhayalan
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityCarl Ceder
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011codka
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 

La actualidad más candente (20)

CISSP - Software Development Security
CISSP - Software Development SecurityCISSP - Software Development Security
CISSP - Software Development Security
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architecture
 
Domain 4 - Communications and Network Security
Domain 4 - Communications and Network SecurityDomain 4 - Communications and Network Security
Domain 4 - Communications and Network Security
 
CISSP - Chapter 4 - Network Fundamental
CISSP - Chapter 4 - Network FundamentalCISSP - Chapter 4 - Network Fundamental
CISSP - Chapter 4 - Network Fundamental
 
CISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranetsCISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranets
 
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security Engineering
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
CISSP Chapter 1 BCP
CISSP Chapter 1 BCPCISSP Chapter 1 BCP
CISSP Chapter 1 BCP
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.ppt
 
CISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical securityCISSP - Chapter 3 - Physical security
CISSP - Chapter 3 - Physical security
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security Operations
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset Security
 
Security policy
Security policySecurity policy
Security policy
 
Information Security
Information SecurityInformation Security
Information Security
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Legal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information SecurityLegal, Ethical, and Professional Issues In Information Security
Legal, Ethical, and Professional Issues In Information Security
 
Information security policy_2011
Information security policy_2011Information security policy_2011
Information security policy_2011
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 

Similar a Chapter 1 Law & Ethics

Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxNargis Parveen
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2MLG College of Learning, Inc
 
Topic 3 Current Legislation.pptx
Topic 3 Current Legislation.pptxTopic 3 Current Legislation.pptx
Topic 3 Current Legislation.pptxAmandaWeaver21
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxJhaiJhai6
 
Legal issues in international business
Legal issues in international businessLegal issues in international business
Legal issues in international businessJitin Kollamkudy
 
Privacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinPrivacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinWhitmeyerTuffin
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
Inventor boot camp 2010
Inventor boot camp 2010Inventor boot camp 2010
Inventor boot camp 2010dr2tom
 
Look Before You Leap: Unauthorized Practice of the Law, Supervision of Non-La...
Look Before You Leap: Unauthorized Practice of the Law, Supervision of Non-La...Look Before You Leap: Unauthorized Practice of the Law, Supervision of Non-La...
Look Before You Leap: Unauthorized Practice of the Law, Supervision of Non-La...Kevin O'Shea
 
Legal and regulatory challenges for entrepreneurial ventures
Legal and regulatory challenges for entrepreneurial venturesLegal and regulatory challenges for entrepreneurial ventures
Legal and regulatory challenges for entrepreneurial venturesTecnológico de Monterrey
 
Hanhai - Doing Business Internationally - Oct 2014 (3)
Hanhai - Doing Business Internationally - Oct 2014 (3)Hanhai - Doing Business Internationally - Oct 2014 (3)
Hanhai - Doing Business Internationally - Oct 2014 (3)Jim Chapman
 
GDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal EnvironmentGDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal EnvironmentAllen Woods
 

Similar a Chapter 1 Law & Ethics (20)

Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptx
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
 
Lesson 2-Identify Theft
Lesson 2-Identify TheftLesson 2-Identify Theft
Lesson 2-Identify Theft
 
Ppt
PptPpt
Ppt
 
Topic 3 Current Legislation.pptx
Topic 3 Current Legislation.pptxTopic 3 Current Legislation.pptx
Topic 3 Current Legislation.pptx
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New Regulations
 
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptxChapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
 
Legal issues in international business
Legal issues in international businessLegal issues in international business
Legal issues in international business
 
Privacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinPrivacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffin
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
 
Inventor boot camp 2010
Inventor boot camp 2010Inventor boot camp 2010
Inventor boot camp 2010
 
Whitman_Ch03.pptx
Whitman_Ch03.pptxWhitman_Ch03.pptx
Whitman_Ch03.pptx
 
Look Before You Leap: Unauthorized Practice of the Law, Supervision of Non-La...
Look Before You Leap: Unauthorized Practice of the Law, Supervision of Non-La...Look Before You Leap: Unauthorized Practice of the Law, Supervision of Non-La...
Look Before You Leap: Unauthorized Practice of the Law, Supervision of Non-La...
 
Legal and regulatory challenges for entrepreneurial ventures
Legal and regulatory challenges for entrepreneurial venturesLegal and regulatory challenges for entrepreneurial ventures
Legal and regulatory challenges for entrepreneurial ventures
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
Hanhai - Doing Business Internationally - Oct 2014 (3)
Hanhai - Doing Business Internationally - Oct 2014 (3)Hanhai - Doing Business Internationally - Oct 2014 (3)
Hanhai - Doing Business Internationally - Oct 2014 (3)
 
GDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal EnvironmentGDPR and EA Commissioning a web site part 2 - Legal Environment
GDPR and EA Commissioning a web site part 2 - Legal Environment
 

Último

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 

Último (20)

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 

Chapter 1 Law & Ethics

  • 1. Law and Ethics Predict – Preempt – Protect Karthikeyan Dhayalan
  • 2. Categories of Law Code Law •Rule-based law not precedence based • Focused on codified law – or written law •Lower courts are not compelled to follow the decisions made by the higher courts •Most widespread legal system in the world and most common in Europe
  • 3. Common Law •It is based on previous interpretations of law •Developed in England •It reflects the community’s morals and expectations •Uses judges and juries of peers •Broken down into civil, criminal, and administrative
  • 4. Criminal Law • It is based on common law • Addresses behavior harmful to society • Punishment involves a loss of freedom, monetary fines, community service • Responsibility is on the prosecution to prove guilt • Govt, through law enforcement agencies, brings about charges against the individual/organization that is accused of violation • Penalties include, jail term, community service, monetary fines
  • 5. Civil/Tort Law •It is based on common law •Defendant owes a legal duty to the victim •Designed to provide for an orderly society and govern matters that are not crimes •Incumbent on the person wronged to file a law suit •Damages can be financial penalties
  • 6. Administrative Law •Policies, procedures and regulations that govern the daily operations of the agency •Administrative law does not require an act of legislation but must comply with all existing civil and criminal laws
  • 7. Customary Law •Deals mainly with personal conduct and patterns of behavior •Based on traditions and customs of the region •Mainly used in regions that have mixed law system •Penalty include monetary fine or service
  • 8. Religious Law •Based on religious beliefs of the region •Covers all aspects of human life •Knowledge and rules are defined by god •Scholars attempt to discover truth of law
  • 9. Mixed Law •2 or more legal systems are used together •Consists of civil and common law
  • 11. • Exclusively covers computer crimes that crosses state boundaries • It is a crime to perform the following • Unauthorized access of classified information in a federal system • Unauthorized access to a federal government system • Causing malicious damage to the federal system Computer Fraud and Abuse Act
  • 12. • Mandates baseline security requirement for all federal agencies • 4 main purposes of the Act • Provide NIST responsibility for developing standards and guidelines for federal computer systems • Provide for enactment of such standard and guidelines • Require establishment of security plans by all operators • Require mandatory periodic training for all people Computer Security Act of 1987
  • 13. • Provides punishment guidelines to help federal judges to interpret computer crime laws • 3 Major provisions of the law are • Prudent man rule – requires senior executives to take personal responsibility for ensuring due care • Allowed executives and organizations to reduce punishment by demonstrating that they used due diligence in the conduct of their information security duties • Outlines 3 burdens of proof for negligence • Person accused of negligence must have legally recognized obligation • Person must have failed to comply with recognized standard • There must be casual relationship between the act of negligence and subsequent damages – proximate causation Federal Sentencing Guidelines
  • 14. • Provide comprehensive framework for establishing and ensuring the effectiveness of controls over information resources that support federal operations • Places burden of maintaining security and integrity of government systems on individual agency leaders • Established mission-critical system category • Provides specific evaluation and auditing authority for mission-critical systems to the secretary of defense and the director of CIA Government Information Security Reform Act
  • 15. • FISMA requires agencies implement an information security program that covers the agencies operations • Requires contractors are also included part of the scope • NIST is responsible for building FISMA guidelines Federal Information Security Management Act
  • 16. • Provides a framework and guideline to ensure security, integrity and privacy when handling confidential medical records • It outlines how security should be managed for any facility that creates, accesses, shares or destroys medical information • Mandates steep penalties for noncompliance HIPAA
  • 17. • Mandates financial institution develop privacy notices and give customers option to prohibit sharing their information with non-affiliated parties • BoD is responsible, all employee should be trained and security controls should be tested • Major components • Financial privacy rule: provide each customer with privacy notice. Provide opt-out clause • Safeguards rule: develop written information security plan • Pretexting Protection: Implement safeguards against social engineering Gramm-Leach-Bliley Act (GLBA)
  • 18. • Canadian law that deals with protection of personal information • Oversees how private sector collect, use, disclose PII • Some requirements of the law • Obtain consent when they collect PII • Collect information in fair and lawful means • Have personal information policies that are clear, understandable and readily available Personal Information Protection and Electronic Documents Act
  • 19. • Applies to any entity that processes, stores, transmits or accepts credit card data • It is a private industry initiative, it is not a law. • Made up of 12 main requirements broken into 6 major categories • Non-compliance may result in financial penalties or possible revocation of merchant status within the credit card industry Payment card industry Data Security Standard (PCI DSS)
  • 20. Intellectual Property Rights Intellectual property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce. Types of intellectual property • Copyright • Patent • Trade secret • Trade mark • Industrial design • Geographical Identification
  • 21. Copyright • Copyright (or author’s right) is a legal term used to describe the rights that creators have over their literary and artistic works • Works covered by copyright range from books, music, paintings, sculpture, and films, to computer programs, databases, advertisements, maps, and technical drawings. • Copyright protection extends only to expressions, and not to ideas, procedures, methods of operation or mathematical concepts as such. • There are two types of rights under copyright: • economic rights, which allow the rights owner to derive financial reward from the use of his works by others; and • moral rights, which protect the non-economic interests of the author • Copyright protection is obtained automatically without the need for registration or other formalities • Works by one or more authors are protected until 70 years after the death of the last surviving author • Work for hire and anonymous works are provided protection for 95 years from the date of first publishing or 120 years from the date of creation, whichever is shorter
  • 22. Digital Millennium Copyright Act (DMCA) • The Digital Millennium Copyright Act (DMCA) is a controversial United States digital rights management ( DRM ) law. The intent behind DMCA was to create an updated version of copyright laws to deal with the special challenges of regulating digital material. • It prohibits attempts to circumvent copyright protection mechanisms • Non-profit organizations are exempted from this Act • A DMCA takedown notice is a notification to a company, usually a web host or a search engine, that they are either hosting or linking to copyright-infringing material. It provides them notice to remove the copyrighted works.
  • 23. Patent • A patent is an exclusive right granted for an invention • To get a patent, technical information about the invention must be disclosed to the public in a patent application. • 3 requirements to be satisfied are: • The invention should be new and original idea • The invention must be useful • The invention must not be obvious. • The patent owner has the exclusive right to prevent or stop others from commercially exploiting the patented invention • The exclusive rights are only applicable in the country or region in which a patent has been filed and granted, in accordance with the law of that country or region. • The protection is granted for a limited period, generally 20 years from the filing date of the application.
  • 24. Trademark • A trademark is a sign capable of distinguishing the goods or services of one enterprise from those of other enterprises. Trademarks are protected by intellectual property rights. • The main objective is to avoid confusion in the marketplace of a product or service • Trademarks are generally not needed to be official registered to gain protection under law • Acceptance of Trademark registration in US has two major considerations • The trademark must not be similar to another trademark • The trademark should not be descriptive of the goods or service that you will offer • In US Trademarks are provided for 10 years with renewals for unlimited successive 10-year period
  • 25. Trade Secret • Any confidential business information which provides an enterprise a competitive edge may be considered a trade secret • Trade secrets encompass manufacturing or industrial secrets and commercial secrets • Trade secrets are protected without registration • Conditions for the information to be considered a trade secret • The information must be secret • It must have commercial value because it is a secret • It must have been subject to reasonable steps by the rightful holder of the information to keep it secret
  • 26. Industrial Design • An industrial design constitutes the ornamental or aesthetic aspect of an article • may consist of three dimensional features, such as the shape of an article, or two dimensional features, such as patterns, lines or colour • the owner of a registered industrial design or of a design patent has the right to prevent third parties from making, selling or importing articles bearing or embodying a design which is a copy, or substantially a copy, of the protected design, when such acts are undertaken for commercial purposes. • Industrial designs are applied to a wide variety of products of industry and handicraft items: from packages and containers to furnishing and household goods, from lighting equipment to jewelry, and from electronic devices to textiles. • an industrial design needs to be registered in order to be protected under industrial design law as a “registered design”
  • 27. Geographical Indications • A geographical indication (GI) is a sign used on products that have a specific geographical origin and possess qualities or a reputation that are due to that origin. • There is a clear link between the product and its original place of production • A geographical indication right enables those who have the right to use the indication to prevent its use by a third party whose product does not conform to the applicable standards. • A protected geographical indication does not enable the holder to prevent someone from making a product using the same techniques as those set out in the standards for that indication. • Geographical indications are typically used for agricultural products, foodstuffs, wine and spirit drinks, handicrafts, and industrial products.
  • 28. Licensing • 4 major types of license requirements • Contractual license agreement: written contract between the software vendor and the customer • Shrink-wrap License: A shrink wrap license is an end user agreement (EULA) that is enclosed with software in plastic-wrapped packaging. Once the end user opens the packaging, the EULA is considered to be in effect. • Clickwrap License: Type of agreement often used in connection with software licenses. Most clickwrap agreements require the end-user to manifest his or her assent by clicking an "ok" or "agree" button on a dialog box or pop-up window. • Cloud services license agreement: similar to Clickwrap agreement, mainly concentrated on the services provided by cloud vendors