Professional Documents
Culture Documents
3600 Lecture3 Legal Ethical Professional Issues
3600 Lecture3 Legal Ethical Professional Issues
Professional Issues in
Information Security
Chapter 3
Law and Ethics in Information Security
Laws
Rules that mandate or prohibit certain behavior
Drawn from ethics
Ethics
Define socially acceptable behaviors
Key difference
Laws carry the authority of a governing body
Ethics do not carry the authority of a governing body
Based on cultural mores
Fixed moral attitudes or customs
Jurisdiction
Court’s right to hear a case if a wrong is committed
Term – long arm
Extends across the country or around the world
Policy Versus law
Policies
Guidelines that describe acceptable and unacceptable employee behaviors
Functions as organizational laws
Has penalties, judicial practices, and sanctions
Difference between policy and law
Ignorance of policy is acceptable
Ignorance of law is unacceptable
Keys for a policy to be enforceable
Dissemination
Review
Comprehension
Compliance
Uniform enforcement
Types of Law