Lecture-45.pptxLecture-33 programming lacture notes.pptx

1
Information Security
Lecture # 44
Dr. Shafiq Hussain
Associate Professor & Chairperson
Department of Computer Science

2
Objectives
• Introduction to Law in Information Security.

3
Law in Information Security
• Information Security Law is the body of legal rules,
codes, and standards that require you to protect that
information and the information systems that process
it, from unauthorized access.
• The legal risks are potentially significant if you don’t
take a pragmatic approach.

4
Law in Information Security (Cont..)
Why is Information Security Law important?
• Securing information is about securing value. In the
same way that we secure physical stores of value
such as cash, gold, or jewelery against theft, loss, or
destruction, we must do the same with digital stores
of value – particularly information.

5
• We live in an information society, after all, where the
creation, use, and distribution of information is a
significant economic, political, and cultural activity.

6
• We are moving from the service economy into the
information economy, which emphasizes
informational activities that rely on information
technologies such as computers, mobile devices, and
the Internet.

7
Information Security Laws and Regulations
General Data Protection Regulation (GDPR):
• The GDPR is a European Union (EU) data protection
regulation that came into effect on May 25, 2018.
• It intends to protect the privacy and personal data of
EU residents by providing guidelines for data
processing and handling.

8
• Non-compliance with GDPR can lead to hefty fines
of up to 4% of a company's annual revenue or €20
million, whichever is higher.

9
• Created: May 25, 2018
• Intends to protect: the privacy and personal data of
EU residents

10
California Consumer Privacy Act (CCPA):
• The CCPA is a California state law that came into
effect on January 1, 2020.
• It intends to protect the privacy and personal
information of California residents by regulating how
businesses collect, store, and share consumer data.

11
• The law applies to businesses that meet certain
criteria and can lead to fines for non-compliance.

12
• Created: January 1, 2020
• Intends to protect: the privacy and personal
information of California residents

13
Health Insurance Portability and Accountability Act
(HIPAA):
• HIPAA is a federal law that sets standards for the
protection of personal health information (PHI).

14
(HIPAA):
• The law applies to healthcare providers, insurers, and
their business associates.
• HIPAA covers the confidentiality, integrity, and
availability of PHI and provides guidelines for its
protection.

15
(HIPAA):
• Created: 1996
• Intends to protect: personal health information (PHI)

16
Payment Card Industry Data Security Standard
(PCI DSS):
• PCI DSS is a set of cybersecurity standards created
by major credit card companies to protect credit card
data.

17
(PCI DSS):
• The standards apply to all organizations that process,
store, or transmit credit card information. Compliance
with PCI DSS is mandatory for businesses that accept
credit card payments.

18
(PCI DSS):
• Created: December 15, 2004
• Intends to protect: credit card data

19
Federal Information Security Management Act
(FISMA):
• FISMA is a federal law that requires federal agencies
to establish and maintain information security
programs.

20
(FISMA):
• The law aims to provide a comprehensive framework
for risk management and the protection of federal
information and information systems.
• FISMA compliance is mandatory for all federal
agencies and their contractors.

21
(FISMA):
• Created: December 2002
• Intends to protect: federal information and
information systems

22
Prevention of Electronic Crimes Act, 2016:
• In 2016, the National Assembly of Pakistan enacted
the Prevention of Electronic Crimes Act (“PECA”) to
provide a comprehensive legal framework to define
various kinds of electronic crimes, mechanisms for
investigation, prosecution and adjudication in relation
to electronic crimes.

23
• Section 21 provides that use of electronic means that
may result in reputational damage or breach of
privacy shall be punishable with imprisonment of up
to 7 years or with which may extend up to 5 million
rupees or both.

24
• Under Section 22, punishment of up to seven years or
fine up to 5 million rupees or both has been
prescribed for the offence of producing, distributing
or transmitting pornographic material showing
underage girls engaged in sexually explicit conduct.

25
How to comply with multiple cybersecurity
regulations?
• Here are 3 of the most known cybersecurity
regulations and the key steps to comply with them:

26
regulations?
GDPR:
• Identify the personal data you process and why you
process it.
• Obtain explicit consent from individuals to collect
and use their data.
• Appoint a Data Protection Officer (DPO) if
necessary.

27
regulations?
GDPR:
• Implement appropriate security measures to protect
personal data.
• Ensure that data processors comply with the GDPR.
• Conduct Data Protection Impact Assessments
(DPIAs) for high-risk processing activities.

28
regulations?
GDPR:
• Implement procedures for responding to data breaches.
• Educate employees on GDPR compliance.
• Maintain detailed records of data processing activities.
• Cooperate with data protection authorities in the event
of an investigation or audit.

29
regulations?
HIPAA:
• Implementing administrative, physical, and technical
safeguards to protect patient information.
• Appointing a HIPAA privacy officer to oversee
compliance.

30
regulations?
HIPAA:
• Conducting regular risk assessments to identify
potential vulnerabilities and areas for improvement.
• Developing and implementing policies and
procedures for data security and breach notification.

31
regulations?
HIPAA:
• Providing ongoing staff training on HIPAA
regulations and security best practices.
• Establishing a contingency plan for responding to
security incidents or breaches.
• Ensuring that business associates, such as vendors or
contractors, are also HIPAA compliant.

32
regulations?
PCI DSS:
• Build and maintain a secure network.
• Protect cardholder data.
• Maintain a vulnerability management program.
• Implement strong access control measures.
• Regularly monitor and test networks.
• Maintain an information security policy.

33
Questions
Any Question Please?
You can contact me at: drshafiq@uosahiwal.edu.pk
Your Query will be answered within one working day.

34
Further Readings
• Chapter No. 1
Computer_Security_Principles_and_Practice_(3rd_E
dition)
By William Stallings and Lawrie Brown

Lecture-45.pptxLecture-33 programming lacture notes.pptx

More Related Content

Similar to Lecture-45.pptxLecture-33 programming lacture notes.pptx (20)

More from MUHAMMADAHMAD173574 (16)

Recently uploaded (20)

Lecture-45.pptxLecture-33 programming lacture notes.pptx