Chapter 3 Laws and Ethics – Flashcards
Unlock all answers in this set
Unlock answersquestion
Define laws
answer
Rules that mandate or prohibit certain behavior and are enforced by the state
question
Define Policies
answer
Managerial directives that specify acceptable and unacceptable employee behavior in the workplace
question
Civil Law
answer
Comprises a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizations and people.
question
Criminal Law
answer
Addresses activities and conduct harmful to society, and is actively enforced by the state. Law can also be categorized as private or public.
question
Public law
answer
Regulates the structure and the administration of government agencies and their relationships with citizens, employees, and other governments. Public law includes criminal, administrative, and constitutional law.
question
What is the Computer Fraud and Abuse Act of 1986?
answer
The Computer Fraud and Abuse Act of 1986 (CFA Act or CFAA) is the cornerstone of many computer-related federal laws and enforcement efforts. It was originally written as an extension and clarification to the Comprehensive Crime Control Act of 1984.
question
Who was the CFAA amended by?
answer
The National Information Infrastructure Protection Act of 1996, which modified several sections of the previous act and increased the penalties for selected crimes.
question
What did the penalties of the National Information Infrastructure Protection Act of 1996 depend on?
answer
• For the purpose of commercial advantage • For private financial gain • In furtherance of a criminal act
question
The Privacy of Customer Information Section
answer
The Privacy of Customer Information Section of the common carrier regulations states that any proprietary information shall be used explicitly for providing services, and not for marketing purposes.
question
The Electronic Communications Privacy Act (ECPA) of 1986
answer
Informally referred to as the wiretapping acts, is a collection of statutes that regulates the interception of wire, electronic, and oral communications.
question
The Health Insurance Portability and Accountability Act of 1996 (HIPPA)
answer
Also know as the Kennedy-Kassebaum Act, protects the confidentiality and security of healthcare data by establishing and enforcing standards and by standardizing electronic data interchange.
question
The Financial Services Modernization Act or Gramm-Leach Bliley Act of 1999
answer
Contains many provisions that focus on facilitating affiliation among banks, securities firms, and insurance companies. This act requires all financial institutions to disclose their privacy policies on the sharing of nonpublic personal information.
question
Computer Fraud and Abuse Act (also known as Fraud and Related Activity in Connection with Computer; 18 USC 1030) Define and formalizes laws to counter threats from computer related acts and offenses (amended in 1996, 2001, 2006)
answer
Threats to Computers
question
The Computer Security Act of 1987
answer
Requires all federal computer systems that contain classified information to have security plans in place, and requires periodic security training for all people who operate, design or manage such systems
question
Terrorism PATRIOTS ACT
answer
USA PATRIOTS Act of 2001 (update to 18 USC 1030) Defines stiffer penalties for prosecution of terrorist crimes
question
3 causes of unethical and illegal behavior
answer
Ignorance, Accident, Intent
question
Describe Ignorance and how to prevent it?
answer
Ignorance of the law is no excuse, however, ignorance of policy and procedures is. The first method of deterrence is education, which is accomplished by designing, publishing, and disseminating an organizations policies and relevant laws.
question
Describe Accident and how to prevent?
answer
People who have authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident. Planning and control can help prevent this.
question
Describe Intent and how to prevent?
answer
Criminal or unethical intent goes to the state of mind of the person performing the act; it is often necessary to establish criminal intent to successfully prosecute offenders. Need technical controls, and vigorous litigation or prosecution if these controls fail.
question
3 conditions must be present to secure information?
answer
Fear of Penalty, Probability of being apprehended, Probability of penalty being applied
question
Define Fear of Penalty
answer
Potential offenders must fear the penalty. Threats of informal reprimand or verbal warning do not have the same impact as the threat of imprisonment or forfeiture of pay.
question
Probability of being apprehended?
answer
Potential offenders must believe there is a strong possibility of being caught.
question
Probability of penalty being applied?
answer
Potential offenders must believe that the penalty will be administered.
question
Ethical differences between cultures?
answer
Cultural differences can make it difficult to determine what is ethical and what is not-especially when it comes to the use of computers. Studies on ethic and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality's ethical behavior violates the ethics of another national group
question
The Digital Mill Copyright Act (DMCA)
answer
The American contribution to an international effort by the Word Intellectual Properties Organization (WIPO) to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures. This law was created in response to the 1995 adoption of Directive 95/46/EC by the European Union, which added protection for individual citizens with regard to the processing of personal data and its use and movement. The United Kingdom has implemented a version of this law called the Database Right to comply with Directive 95/46/EC.
question
The Council of Europe adopted the Convention on Cybercrime in 2001
answer
It created an international task force to oversee a range of security functions associated with Internet activities and standardized technology law across international borders.
question
International Laws
answer
IT professionals and information security practitioners must realize that when their organization do business on the Internet, they do business globally. As a result, these professionals must be sensitive to the laws and ethical values of many different cultures, societies, and countries.
question
The Sarbanes-Oxley Act of 2002
answer
Also known as SOX or the Corporate and Auditing Accountability and Responsibility Act, is a critical piece of legislation that affects the executive management of publicly traded corporations and public accounting firms. The law seeks to improve reliability and accuracy of financial reporting as well as increase the accountability of corporate governance, in publicly traded companies.
question
The Economic Espionage Act in 1996
answer
To protect American ingenuity, intellectual property, and competitive advantage, Congress passed the Economic Espionage Act in 1996. This law attempts to prevent trade secrets from being illegally shared.
question
The Security and Freedom through Encryption Act of 1999
answer
Provides guidance for the use of encryption and provides protection from government intervention. The acts included include provisions that: 1. Reinforce a person right to use or sell encryption algorithms without concern for regulations requiring some form of key registration 2. Prohibit the federal government from requiring the use of encryption for contracts, grants, and other official documents and correspondence. 3. State that the use of encryption is not probable cause to suspect criminal activity. 4. Provide additional penalties for the use of encryption in the commission of a criminal act.
question
Misuse of Corporate Resources
answer
Communicate, Educate, and Execute seeks to inform all corporate stakeholders about ethically motived actions and then implement programs to achieve its stated value in practice.