Those employed in the area of cybersecurity are expected to conform to a higher level of ethical and legal performance than other professional fields. Cybersecurity professionals are trusted with the secrets of the organization, specifically information that the organization uses to do its work. This requires a level of trust that far exceeds that of an average employee. As a cybersecurity professional, if the organization can't trust you, then who can they trust? This requires a firm understanding of the ethical, legal, and regulatory environment.
Ethics, Laws and Regulations
Ethics are the general accepted behaviors of a society. Laws are those ethics that have been formalized so that the state may act on behalf of the people in enforcing desired behavior. Regulations, from our perspective, are those practices that are enforced by agencies of government or other entities that have the ability to force compliance.
There are several key laws that directly affect cybersecurity. The following is a brief overview of the most critical.
- The Computer Fraud and Abuse (CFA) Act of 1986 is one of the first federal computer laws, and established definitions and penalties for misuse of computer.
- The Computer Security Act (CSA) of 1987 protects federal computer systems by establishing minimum acceptable security practices for federal agencies.
- The Federal Privacy Act (FPA) of 1974 protects personal information, and restricts its use by the federal government.
- The Electronic Communications Privacy Act (ECPA) prohibits the interception and recording of communications except in certain circumstances.
- The Health Insurance Portability & Accountability Act of 1996, also known as HIPAA, requires the protection of personal medical information without that person's explicit permission.
- HITECH, the Health Information Technology for Economic and Clinical Health care, increased the scope of HIPAA to include all businesses related to the process of health care.
- Financial Services Modernization Act of 1999, also know as Gramm-Leach-Bliley or GLB, established clear requirements for the financial industry to protect your information and privacy.
- US Copyright Law protects intellectual property, restricting use by others to approved use and fair use as specifically defined.
- Sarbanes-Oxley (SOX) Act of 2002 requires executives of financial services companies to assume direct and personal accountability for the completeness and accuracy of financial reporting and record keeping.
- The Digital Millennium Copyright Act, also known as DMCA, is a US law passed in response to European Union laws restricting the use of intellectual property and combating copyright infringement.
- The payment card industry data security standards (PCI DSS) applies to organizations that accept payment cards or process the data used in payment card transactions. It includes requirements for required practices to secure the data from those transactions for firms that use them.
Deterring unethical behavior uses these tools, policy, education and training, and technology to protect information. Three categories of unethical behavior are usually targeted.- Ignorance,
- accident and
- intent.
- One, policy violators must fear the penalty.
- Two, they must expect that they have a higher probability of being caught.
- And three, they must expect there's a high probability that the penalty will be applied.
I am actually thankful to the writer of this site who has shared this wonderful article at here. Stay up the good work! You recognize, a lot of people are looking around for this info, you can aid them greatly.
ReplyDeleteISO 27001 Consultant
IT Compliance and Audit Vendor
Cyber Security Company