Lecture 9 is covered in today’s lecture which is about Legal and Ethical Issues In Computer Security. This lecture is going to discuss about information security law and ethic.
First and foremost, law is a rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority while ethics is a set of moral principles. The difference between laws and ethics is that laws carry the sanctions of a governing authority while ethics in turn are based on cultural mores.
Law can be categorized in several types which are civil law, criminal law, tort law and etc. In a wider range, law can be classified into private law and public law. Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law while public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments, providing careful checks and balances. Examples of public law include criminal, administrative, and constitutional law.
There are few ethics concept in information system. For instance, Asians culture is different from western culture where software piracy issues are popular among Asians. Next, software license infringement is also a popular issue. The lack of disincentives and punitive measures, this issue is increasingly extended. The illicit use and misuse of corporate resources also ethics issues in information security. To solve these problems, deterrence to unethical and illegal behavior should be done. It is the responsibility of information security personnel to do everything in their power to deter these acts and to use policy, education and training, and technology to protect information and system.
To protect programs and data, several methods can be used. The first is copyrights. Copyrights is designed to protect the expression of ideas applies to a creative work such as a story and song. Its primary intent was to allow regular and free exchange of ideas. Next, patents can be used. Patents is a set of exclusive rights granted by a state (national government) to an inventor or their assignee for a limited period of time in exchange for a public disclosure of an invention. The third method is trade secret. A trade secret is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known or reasonably ascertainable, by which a business can obtain an economic advantage over competitors or customers. In some jurisdictions, such secrets are referred to as "confidential information" or "classified information".
The next section covered in this lecture is about computer crime. Computer crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud. Computer crimes must be taken serious as it is becoming serious nowadays.