LAWS AND CYBERCRIME

avatar
Created by
GIYOsome

Cards (45)

  • Laws
    Rules that mandate or prohibit certain behavior, drawn from ethics, formally adopted rules for acceptable behavior in modern society, carries the authority of a governing body
  • Ethics
    Socially acceptable behaviors, does not carry the authority of a governing body, based on cultural mores
  • Actions that deviate from ethical and legal codes
    • Murder
    • Theft
    • Assault
    • Arson
  • Liability
    The legal obligation of an entity that extends beyond criminal or contract law, includes the legal obligation to make restitution, or to compensate for wrongs committed
  • Due care
    Organization makes sure that every employee knows what is acceptable or unacceptable, knows the consequences of illegal or unethical actions
  • Laws
    Set standards, principles, and procedures that must be followed in society, mainly made for implementing justice, framed for bringing justice, for the people, administered through the courts, enforceable in which the policies comply
  • Policy
    Outlines what a government is going to do and what it can achieve for society as a whole, framed for achieving certain goals, made in the name of the people, set of rules that guide any government or any organization
  • Five criteria of policy
    • Dissemination (distribution)
    • Review (reading)
    • Comprehension (understanding)
    • Compliance (agreement)
    • Uniform enforcement
  • Civil law
    Governs a nation or state and deals with the relationships and conflicts between organizational entities and people
  • Criminal law
    Addresses activities and conduct harmful to society and is actively enforced by the state
  • Private law
    Encompasses family law, commercial law, and labor law, regulates the relationship between individuals and organizations
  • Public law
    Regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments, includes criminal, administrative, and constitutional law
  • Council of Europe Convention on Cybercrime
    Adopted in 2001, created an international task force to oversee a range of security functions associated with Internet, activities for standardized technology laws across international borders, emphasizes prosecution for copyright infringement
  • Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS)

    Created by the World Trade Organization and negotiated over the years 1986-1994, introduced intellectual property rules into the multilateral trade system, first significant effort to protect intellectual property rights, outlines requirements for governmental oversight and legislation of WTO member countries to provide minimum levels of protection for intellectual property
  • Digital Millennium Copyright Act (DMCA)
    American contribution to an international effort by the World Intellectual Properties Organization (WIPO) to reduce the impact of copyright, trademark, and privacy infringement, prohibits the circumvention of technological copyright protection measures, prohibits the manufacture and trafficking of devices to circumvent protections, prohibits the altering of information attached or imbedded into copyrighted material, excludes Internet service providers from certain forms of contributory copyright infringement
  • The Ten Commandments of Computer Ethics
    • Thou shalt not use a computer to harm other people
    • Thou shalt not interfere with other people's computer work
    • Thou shalt not snoop around in other people's computer files
    • Thou shalt not use a computer to steal
    • Thou shalt not use a computer to bear false witness
    • Thou shalt not copy or use proprietary software for which you have not paid
    • Thou shalt not use other people's computer resources without authorization or proper compensation
    • Thou shalt not appropriate other people's intellectual output
    • Thou shalt think about the social consequences of the program you are writing or the system you are designing
    • Thou shalt always use a computer in ways that ensure consideration and respect for your fellow human
  • Ethics in education is important in information security, as many employees may not have the formal technical training to understand that their behavior is unethical or even illegal
  • Proper ethical and legal training is vital to creating an informed, well prepared, and low-risk system user
  • Three general causes of unethical and illegal behavior
    • Ignorance
    • Accident
    • Intent
  • Deterring unethical and illegal behavior

    Fear of penalty, probability of being caught, probability of penalty being administered
  • Cybercrime
    Any criminal activity that involves a computer, networked device or a network, illegal activity committed on the internet
  • The first cybercrime was in France in 1820, when Joseph-Marie Jacquard, a textile manufacturer, invented looms that could store design
  • The first spam email was in 1978, and the first virus in an Apple computer was in 1982
  • Cybercrime Prevention Act of the Philippines
    Republic Act No. 10175 or Cybercrime Prevention Act of 2012, signed by Benigno Aquino on September 12, 2012, penalizes acts like cybersex and child pornography
  • Being caught
    Potential offenders must believe there is a strong possibility of being caught
  • Probability of penalty being administered
    Potential offenders must believe that the penalty will in fact be administered
  • Cybercrime
    Any criminal activity that involves a computer, networked device or a network<|>Illegal activity committed on the internet
  • First cybercrime in France
    1820
  • Joseph-Marie Jacquard
    • Textile manufacturer who invented looms that can store design
    • The device allowed the repetition of a series of steps in the weaving of special fabrics
  • First spam email
    1978
  • First virus in apple computer
    1982
  • Cybercrime Prevention Act of Philippines
    Republic Act No. 101175 or Cybercrime Prevention Act of 2012<|>Signed by Benigno Aquino on September 12, 2012<|>Penalize acts like cybersex, child pornography, identity theft, etc.
  • Key Provisions of the Cybercrime Prevention Act of 2012
    • Illegal Access
    • Illegal Interception (Interruption)
    • Data Interfence
    • System Interference
    • Misuse of devices
    • Computer related Forgery
    • Computer-related Fraud
    • Computer-related Identity Theft
    • Cybersex
    • Child Pornography
    • Libel
  • Information Security Policy
    Governs the protection of information, which is one of the many assets a corporation needs to protect<|>Includes basic policies such as a Disaster Recovery Policy, Data Backup Policy, or Risk Assessment Policy<|>Provides clarity for employees, direction for proper security procedures, and proof that you're doing your due diligence to protect your organization against security threats
  • Effective Information Security Policy
    • Covers end-to-end security processes across the organization
    • Be enforceable and practical
    • Be regularly updated in response to business needs and evolving threats
    • Be focused on the business goals of your organization
  • Elements of an Information Security Policy
    • Purpose
    • Audience
    • Information security objectives
    • Authority and access control policy
    • Data classification
    • Data support and operations
    • Security awareness and behavior
    • Responsibilities, rights, and duties of personnel
    • References to regulations and compliance standards
  • Purpose of Information Security Policy
    To establish a general approach to information security<|>To detect and predict the compromise of information security such as misuse of data, networks, computer systems and applications<|>To observe the rights of the customers<|>Providing effective mechanisms for responding to complaints and queries concerning real or perceived non-compliances with the policy
  • Audience of Information Security Policy
    Define the audience to whom the information security policy applies<|>Specify which audiences are out of the scope of the policy
  • Information Security Objectives
    • Confidentiality — Only individuals with authorization can/should access data and information assets
    • Integrity — Data should be intact, accurate and complete, and IT systems must be kept operational
    • Availability — Users should be able to access information or systems when needed
  • Authority and Access Control Policy
    Hierarchical pattern – higher ups have the authority to decide what data can be shared and with whom<|>Network security policy - Users are only able to access company networks and servers via unique logins that demand authentication, including passwords, biometrics, ID cards, or tokens