SlideShare a Scribd company logo

Ethics in IT Security

Download as PPT, PDF
M
mtvvvv

This document discusses ethics in IT security. It covers laws and ethics, codes of ethics from professional organizations like ACM and ISSA, relevant US laws on topics like privacy and copyright, and the importance of education and training in developing an ethical approach to information security. Overall it emphasizes the responsibility of security practitioners to understand legal/regulatory issues and act ethically.

Internet
1 of 31
Downloaded 124 times
1
2
Most read
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
ISE 542: IT Security Chapter – 10 Ethics in IT Security
Outline  Law and Ethics in Information Security  Codes of Ethics and Professional Organizations
Introduction  To minimize liabilities/reduce risks, the information security practitioner must:  Understand current legal environment  Stay current with laws and regulations  Watch for new issues that emerge
Law and Ethics in Information Security  Laws: rules that mandate or prohibit certain societal behavior  Ethics: define socially acceptable behavior  Laws carry sanctions of a governing authority; ethics do not
What is Computer Ethics? computer ethics is the analysis of the nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such technology It is a study, an analysis of the values of human actions influenced by computer technology.
Why study computer and information ethics  Apply ethical point of view to real-world computing context  Identify and solve ethical problems in specific fields of computing
Why study computer and information ethics doing so will make us behave like responsible professionals doing so will teach us how to avoid computer abuse and catastrophes the advance of computing technology will continue to create temporary policy vacuums the use of computing permanently transforms certain ethical issues to the degree that their alterations require independent study the use of computing technology creates, and will continue to create, novel ethical issues that require special study.
Anatomy of the Problem Recent terrorist attacks and the raise in cyber attacks have raised concern about the security of information, security of individuals, and a need to protect the nation’s cyber infrastructure US Patriot Act of 2001 defined critical infrastructure as those "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters."
Ethics in IT Security
What are the causes?  Revenge  Joke  The Hacker's Ethics • All information should be free  Terrorism  Political and Military Espionage  Business (Competition) Espionage  Hate (national origin, gender, and race)  Personal gain/Fame/Fun  Ignorance
Social and Ethical Consequences  Psychological effects – these include hate and joke especially on an individual.  may lead to individual reclusion,  increasing isolation  Moral decay – There is a moral imperative in all our actions. When human actions, whether bad or good, become so frequent, they create a level of familiarity that leads to acceptance as “normal”. This type of acceptance of actions formerly viewed as immoral and bad by society lead to moral decay.
Social and Ethical Consequences  Loss of privacy – After an attack, there is usually an over reaction and a resurgence in the need for quick solutions to the problem that seems to have hit home. Many businesses are responding with patches, filters, ID tools, and a whole list of “solutions”.  Trust – Along with privacy lost, is trust lost. Individuals once attacked, lose trust in a person, group, company or anything else believed to be the source of the attack or believed to be unable to stop the attack.
Relevant U.S. Laws (General)  Computer Fraud and Abuse Act of 1986 (CFA Act)  National Information Infrastructure Protection Act of 1996  USA Patriot Act of 2001  Telecommunications Deregulation and Competition Act of 1996  Computer Security Act of 1987
Privacy  One of the hottest topics in information security  Privacy of Customer Information Section of common carrier regulation  Federal Privacy Act of 1974  Electronic Communications Privacy Act of 1986  Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act  Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999
Export and Espionage Laws  Economic Espionage Act of 1996 (EEA)  attempts to prevent trade secrets from being illegally shared.  Security And Freedom Through Encryption Act of 1999 (SAFE)  to provide guidance on the use of encryption, and provided measures of public protection from government intervention.
U.S. Copyright Law  Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats  With proper acknowledgement, permissible to include portions of others’ work as reference  U.S. Copyright Office Web site: www.copyright.gov
International Laws and Legal Bodies  European Council Cyber-Crime Convention:  Establishes international task force overseeing Internet security functions for standardized international technology laws  Attempts to improve effectiveness of international investigations into breaches of technology law  Well received by intellectual property rights advocates due to emphasis on copyright infringement prosecution  Lacks realistic provisions for enforcement
Digital Millennium Copyright Act (DMCA)  U.S. contribution to international effort to reduce impact of copyright, trademark, and privacy infringement  A response to European Union Directive 95/46/EC, which adds protection to individuals with regard to processing and free movement of personal data
United Nations Charter  Makes provisions, to a degree, for information security during information warfare (IW)  IW involves use of information technology to conduct organized and lawful military operations  IW is relatively new type of warfare, although military has been conducting electronic warfare operations for decades
Ethics and Information Security
Ethics and Education  Overriding factor in leveling ethical perceptions within a small population is education  Employees must be trained in expected behaviors of an ethical employee, especially in areas of information security  Proper ethical training vital to creating informed, well prepared, and low-risk system user
Codes of Ethics and Professional Organizations  Several professional organizations have established codes of conduct/ethics  Codes of ethics can have positive effect; unfortunately, many employers do not encourage joining of these professional organizations  Responsibility of security professionals to act ethically and according to policies of employer, professional organization, and laws of society
Association of Computing Machinery (ACM)  ACM established in 1947 as “the world's first educational and scientific computing society”  Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property
International Information Systems Security Certification Consortium, Inc. (ISC)2  Non-profit organization focusing on development and implementation of information security certifications and credentials  Code primarily designed for information security professionals who have certification from (ISC)2
System Administration, Networking, and Security Institute (SANS)  Professional organization with a large membership dedicated to protection of information and systems  SANS offers set of certifications called Global Information Assurance Certification (GIAC)
Information Systems Audit and Control Association (ISACA)  Professional association with focus on auditing, control, and security  Concentrates on providing IT control practices and standards  ISACA has code of ethics for its professionals
Computer Security Institute (CSI)  Provides information and training to support computer, networking, and information security professionals  Though without a code of ethics, has argued for adoption of ethical behavior among information security professionals
Information Systems Security Association (ISSA)  Nonprofit society of information security (IS) professionals  Primary mission to bring together qualified IS practitioners for information exchange and educational development  Promotes code of ethics similar to (ISC)2 , ISACA and ACM
Other Security Organizations  Internet Society (ISOC): promotes development and implementation of education, standards, policy and education to promote the Internet  Computer Security Division (CSD): division of National Institute for Standards and Technology (NIST); promotes industry best practices and is important reference for information security professionals
Other Security Organizations (continued)  CERT (Computer Emergency Response Team) Coordination Center (CERT/CC): center of Internet security expertise operated by Carnegie Mellon University
Key U.S. Federal Agencies  Department of Homeland Security (DHS)  Federal Bureau of Investigation’s National Infrastructure Protection Center (NIPC)  National Security Agency (NSA)  U.S. Secret Service

More Related Content

PPTX
Introduction to Cyber Crime
Dr Raghu Khimani
 
PPTX
Cyber crime
Jayant Raj
 
PPSX
Security policies
Nishant Pahad
 
PPTX
Cyber Security in Society
Rubal Sagwal
 
PPTX
Cyber Crime
Mazhar Nazik
 
PPTX
Cyber Crime PPT
AnandKaGe
 
PPT
Information security
LJ PROJECTS
 
PDF
Chapter 11 laws and ethic information security
Syaiful Ahdan
 
Introduction to Cyber Crime
Dr Raghu Khimani
 
Cyber crime
Jayant Raj
 
Security policies
Nishant Pahad
 
Cyber Security in Society
Rubal Sagwal
 
Cyber Crime
Mazhar Nazik
 
Cyber Crime PPT
AnandKaGe
 
Information security
LJ PROJECTS
 
Chapter 11 laws and ethic information security
Syaiful Ahdan
 

What's hot (20)

PPTX
Cyber crime and security
Akash Dhiman
 
PPTX
cyber security presentation.pptx
kishore golla
 
PPTX
Data Security - English
Data Security
 
PDF
Cybersecurity Employee Training
Paige Rasid
 
PPTX
Ethics in-information-security
Milinda Wickramasinghe
 
PPTX
Computer security
Ayesha Arshad
 
PPTX
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
PPTX
Cyber Security Best Practices
Evolve IP
 
PPT
Cyber Crime and Security
Sanguine_Eva
 
PPTX
Introduction to information security
jayashri kolekar
 
PPTX
Hacking & its types
Sai Sakoji
 
PPTX
Cyber Crime
Avinash Rajput
 
PDF
1. introduction to cyber security
Animesh Roy
 
PPTX
Introduction to cyber security
Self-employed
 
PPTX
Social engineering
Vishal Kumar
 
PPT
Introduction To Information Security
belsis
 
PPTX
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Qazi Anwar
 
PPT
Chapter 5
sivadnolram
 
PDF
Overview on data privacy
Amiit Keshav Naik
 
PPTX
Cyber security
Aman Pradhan
 
Cyber crime and security
Akash Dhiman
 
cyber security presentation.pptx
kishore golla
 
Data Security - English
Data Security
 
Cybersecurity Employee Training
Paige Rasid
 
Ethics in-information-security
Milinda Wickramasinghe
 
Computer security
Ayesha Arshad
 
Information security
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Cyber Security Best Practices
Evolve IP
 
Cyber Crime and Security
Sanguine_Eva
 
Introduction to information security
jayashri kolekar
 
Hacking & its types
Sai Sakoji
 
Cyber Crime
Avinash Rajput
 
1. introduction to cyber security
Animesh Roy
 
Introduction to cyber security
Self-employed
 
Social engineering
Vishal Kumar
 
Introduction To Information Security
belsis
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Qazi Anwar
 
Chapter 5
sivadnolram
 
Overview on data privacy
Amiit Keshav Naik
 
Cyber security
Aman Pradhan
 
Ad

Viewers also liked (14)

PPT
Information ethics
STCC Library
 
PPTX
Digital Law Powerpoint
lydneat
 
PPTX
Digital law powerpoint
DLRUDO01
 
PPTX
Unauthorized access and use
chrispaul8676
 
PPT
Illegal downloading
pacificengineer
 
PDF
Ethics for IT Professionals
Prof. Erwin Globio
 
PDF
Chapter 4 Computer Science :: Computer Ethics and Security
Fizaril Amzari Omar
 
PPTX
Chapter 4 Computer Ethics and Security
Fizaril Amzari Omar
 
PPTX
3.2.1 The Internet
Fizaril Amzari Omar
 
PPTX
Ethics in Information Technology
Atul Kumar Pandey
 
PPT
The 10 Commandments of Computer Ethics
smartinson
 
PPTX
Ethical hacking presentation
Suryansh Srivastava
 
PPTX
Hacking ppt
giridhar_sadasivuni
 
PPTX
Cyber crime and security ppt
Lipsita Behera
 
Information ethics
STCC Library
 
Digital Law Powerpoint
lydneat
 
Digital law powerpoint
DLRUDO01
 
Unauthorized access and use
chrispaul8676
 
Illegal downloading
pacificengineer
 
Ethics for IT Professionals
Prof. Erwin Globio
 
Chapter 4 Computer Science :: Computer Ethics and Security
Fizaril Amzari Omar
 
Chapter 4 Computer Ethics and Security
Fizaril Amzari Omar
 
3.2.1 The Internet
Fizaril Amzari Omar
 
Ethics in Information Technology
Atul Kumar Pandey
 
The 10 Commandments of Computer Ethics
smartinson
 
Ethical hacking presentation
Suryansh Srivastava
 
Hacking ppt
giridhar_sadasivuni
 
Cyber crime and security ppt
Lipsita Behera
 
Ad

Similar to Ethics in IT Security (20)

PPTX
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 
PPTX
Legal, Ethical, and Professional Issues In Information Security
Carl Ceder
 
PPT
Legal, Ethical and professional issues in Information Security
Gamentortc
 
PDF
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ssuserceaa40
 
PDF
Lecture 8.pdf
abdukadirabdullahuad
 
PPT
Introduction in Computer Science Ethics
fificoco
 
PPT
3999779.ppt
pixvilx
 
PDF
STUCOR_CS8792-LL.pdf
503SaranyaS
 
PDF
Cisco cybersecurity essentials chapter 8
Mukesh Chinta
 
PPT
lesson333.ppt
DEEPAK948083
 
PPTX
Ethics in Cyber Crime_will be helpful for ethics presentation.pptx
mohitsrivastavabtech
 
PDF
Chapter 1 - Introduction.pdf
EthioDotNetDeveloper
 
PPTX
CSE_Instructor_Materials22222222222222_Chapter8.pptx
ha5806058
 
DOCX
Review questions
Anura Kumara
 
DOCX
1.3. Legal Ethical Professional Aspects of security .docx
saranyacj1
 
PPT
Stallings ch18 privacy
salehnia
 
DOCX
chapter 3 AIS by james hall summarize in book
GenieMaeLopez1
 
PPTX
Introduction to Hacking (101) Fundamentals
Toño Herrera
 
PPT
Presentation on Law and Ethics in Information Security.ppt
Dawoodkhan980027
 
PPTX
Cyber Crime with basics and knowledge to cyber sphere
RISHIKCHAUDHARY2
 
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 
Legal, Ethical, and Professional Issues In Information Security
Carl Ceder
 
Legal, Ethical and professional issues in Information Security
Gamentortc
 
ch03-Legal- Ethica and Professional Issues in IS (7-8).pdf
ssuserceaa40
 
Lecture 8.pdf
abdukadirabdullahuad
 
Introduction in Computer Science Ethics
fificoco
 
3999779.ppt
pixvilx
 
STUCOR_CS8792-LL.pdf
503SaranyaS
 
Cisco cybersecurity essentials chapter 8
Mukesh Chinta
 
lesson333.ppt
DEEPAK948083
 
Ethics in Cyber Crime_will be helpful for ethics presentation.pptx
mohitsrivastavabtech
 
Chapter 1 - Introduction.pdf
EthioDotNetDeveloper
 
CSE_Instructor_Materials22222222222222_Chapter8.pptx
ha5806058
 
Review questions
Anura Kumara
 
1.3. Legal Ethical Professional Aspects of security .docx
saranyacj1
 
Stallings ch18 privacy
salehnia
 
chapter 3 AIS by james hall summarize in book
GenieMaeLopez1
 
Introduction to Hacking (101) Fundamentals
Toño Herrera
 
Presentation on Law and Ethics in Information Security.ppt
Dawoodkhan980027
 
Cyber Crime with basics and knowledge to cyber sphere
RISHIKCHAUDHARY2
 

Recently uploaded (20)

PDF
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
 
PPTX
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
PPTX
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
PDF
“Google Algorithm Updates in 2025 Guide”
soohhhnah
 
PPTX
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
 
PDF
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
 
PDF
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
 
PPTX
CSharp_Syntax_Basics.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxx
nhdqw45qfd
 
PPTX
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
PPTX
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
 
PDF
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
DOCX
Unit-3 cyber security network security of internet system
shivangisharma636228
 
PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
PDF
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
PPTX
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
PDF
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
PDF
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
PDF
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
 
PDF
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
 
Job_Card_System_Styled_lorem_ipsum_.pptx
Jeffkigen
 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
introduction about ICD -10 & ICD-11 ppt.pptx
naveenithkrishnan
 
“Google Algorithm Updates in 2025 Guide”
soohhhnah
 
CHE NAA, , b,mn,mblblblbljb jb jlb ,j , ,C PPT.pptx
sumodmjohn3
 
Triggering QUIC, presented by Geoff Huston at IETF 123
APNIC
 
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
 
CSharp_Syntax_Basics.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxx
nhdqw45qfd
 
522797556-Unit-2-Temperature-measurement-1-1.pptx
msar8888
 
Introuction about WHO-FIC in ICD-10.pptx
naveenithkrishnan
 
APNIC Update, presented at PHNOG 2025 by Shane Hermoso
APNIC
 
Unit-3 cyber security network security of internet system
shivangisharma636228
 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
INTERNET------BASICS-------UPDATED PPT PRESENTATION
poonam62133
 
RPKI Status Update, presented by Makito Lay at IDNOG 10
APNIC
 
Automated vs Manual WooCommerce to Shopify Migration_ Pros & Cons.pdf
CartCoders
 
LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1
LABUAN 4D
 
The Internet -By the Numbers, Sri Lanka Edition
APNIC
 

Ethics in IT Security

  • 1. ISE 542: IT Security Chapter – 10 Ethics in IT Security
  • 2. Outline  Law and Ethics in Information Security  Codes of Ethics and Professional Organizations
  • 3. Introduction  To minimize liabilities/reduce risks, the information security practitioner must:  Understand current legal environment  Stay current with laws and regulations  Watch for new issues that emerge
  • 4. Law and Ethics in Information Security  Laws: rules that mandate or prohibit certain societal behavior  Ethics: define socially acceptable behavior  Laws carry sanctions of a governing authority; ethics do not
  • 5. What is Computer Ethics? computer ethics is the analysis of the nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such technology It is a study, an analysis of the values of human actions influenced by computer technology.
  • 6. Why study computer and information ethics  Apply ethical point of view to real-world computing context  Identify and solve ethical problems in specific fields of computing
  • 7. Why study computer and information ethics doing so will make us behave like responsible professionals doing so will teach us how to avoid computer abuse and catastrophes the advance of computing technology will continue to create temporary policy vacuums the use of computing permanently transforms certain ethical issues to the degree that their alterations require independent study the use of computing technology creates, and will continue to create, novel ethical issues that require special study.
  • 8. Anatomy of the Problem Recent terrorist attacks and the raise in cyber attacks have raised concern about the security of information, security of individuals, and a need to protect the nation’s cyber infrastructure US Patriot Act of 2001 defined critical infrastructure as those "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters."
  • 10. What are the causes?  Revenge  Joke  The Hacker's Ethics • All information should be free  Terrorism  Political and Military Espionage  Business (Competition) Espionage  Hate (national origin, gender, and race)  Personal gain/Fame/Fun  Ignorance
  • 11. Social and Ethical Consequences  Psychological effects – these include hate and joke especially on an individual.  may lead to individual reclusion,  increasing isolation  Moral decay – There is a moral imperative in all our actions. When human actions, whether bad or good, become so frequent, they create a level of familiarity that leads to acceptance as “normal”. This type of acceptance of actions formerly viewed as immoral and bad by society lead to moral decay.
  • 12. Social and Ethical Consequences  Loss of privacy – After an attack, there is usually an over reaction and a resurgence in the need for quick solutions to the problem that seems to have hit home. Many businesses are responding with patches, filters, ID tools, and a whole list of “solutions”.  Trust – Along with privacy lost, is trust lost. Individuals once attacked, lose trust in a person, group, company or anything else believed to be the source of the attack or believed to be unable to stop the attack.
  • 13. Relevant U.S. Laws (General)  Computer Fraud and Abuse Act of 1986 (CFA Act)  National Information Infrastructure Protection Act of 1996  USA Patriot Act of 2001  Telecommunications Deregulation and Competition Act of 1996  Computer Security Act of 1987
  • 14. Privacy  One of the hottest topics in information security  Privacy of Customer Information Section of common carrier regulation  Federal Privacy Act of 1974  Electronic Communications Privacy Act of 1986  Health Insurance Portability and Accountability Act of 1996 (HIPAA), aka Kennedy-Kassebaum Act  Financial Services Modernization Act, or Gramm-Leach-Bliley Act of 1999
  • 15. Export and Espionage Laws  Economic Espionage Act of 1996 (EEA)  attempts to prevent trade secrets from being illegally shared.  Security And Freedom Through Encryption Act of 1999 (SAFE)  to provide guidance on the use of encryption, and provided measures of public protection from government intervention.
  • 16. U.S. Copyright Law  Intellectual property recognized as protected asset in the U.S.; copyright law extends to electronic formats  With proper acknowledgement, permissible to include portions of others’ work as reference  U.S. Copyright Office Web site: www.copyright.gov
  • 17. International Laws and Legal Bodies  European Council Cyber-Crime Convention:  Establishes international task force overseeing Internet security functions for standardized international technology laws  Attempts to improve effectiveness of international investigations into breaches of technology law  Well received by intellectual property rights advocates due to emphasis on copyright infringement prosecution  Lacks realistic provisions for enforcement
  • 18. Digital Millennium Copyright Act (DMCA)  U.S. contribution to international effort to reduce impact of copyright, trademark, and privacy infringement  A response to European Union Directive 95/46/EC, which adds protection to individuals with regard to processing and free movement of personal data
  • 19. United Nations Charter  Makes provisions, to a degree, for information security during information warfare (IW)  IW involves use of information technology to conduct organized and lawful military operations  IW is relatively new type of warfare, although military has been conducting electronic warfare operations for decades
  • 21. Ethics and Education  Overriding factor in leveling ethical perceptions within a small population is education  Employees must be trained in expected behaviors of an ethical employee, especially in areas of information security  Proper ethical training vital to creating informed, well prepared, and low-risk system user
  • 22. Codes of Ethics and Professional Organizations  Several professional organizations have established codes of conduct/ethics  Codes of ethics can have positive effect; unfortunately, many employers do not encourage joining of these professional organizations  Responsibility of security professionals to act ethically and according to policies of employer, professional organization, and laws of society
  • 23. Association of Computing Machinery (ACM)  ACM established in 1947 as “the world's first educational and scientific computing society”  Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others’ privacy, and respecting others’ intellectual property
  • 24. International Information Systems Security Certification Consortium, Inc. (ISC)2  Non-profit organization focusing on development and implementation of information security certifications and credentials  Code primarily designed for information security professionals who have certification from (ISC)2
  • 25. System Administration, Networking, and Security Institute (SANS)  Professional organization with a large membership dedicated to protection of information and systems  SANS offers set of certifications called Global Information Assurance Certification (GIAC)
  • 26. Information Systems Audit and Control Association (ISACA)  Professional association with focus on auditing, control, and security  Concentrates on providing IT control practices and standards  ISACA has code of ethics for its professionals
  • 27. Computer Security Institute (CSI)  Provides information and training to support computer, networking, and information security professionals  Though without a code of ethics, has argued for adoption of ethical behavior among information security professionals
  • 28. Information Systems Security Association (ISSA)  Nonprofit society of information security (IS) professionals  Primary mission to bring together qualified IS practitioners for information exchange and educational development  Promotes code of ethics similar to (ISC)2 , ISACA and ACM
  • 29. Other Security Organizations  Internet Society (ISOC): promotes development and implementation of education, standards, policy and education to promote the Internet  Computer Security Division (CSD): division of National Institute for Standards and Technology (NIST); promotes industry best practices and is important reference for information security professionals
  • 30. Other Security Organizations (continued)  CERT (Computer Emergency Response Team) Coordination Center (CERT/CC): center of Internet security expertise operated by Carnegie Mellon University
  • 31. Key U.S. Federal Agencies  Department of Homeland Security (DHS)  Federal Bureau of Investigation’s National Infrastructure Protection Center (NIPC)  National Security Agency (NSA)  U.S. Secret Service