IS3350 Security Issues in Legal Context

IS3350 Security Issues in Legal Context Unit 1 Information Systems Security Overview

Learning Objective Recognize the legal aspects of the information security triad: • Availability • Integrity • Confidentiality

Key Concepts • Availability, Integrity, and Confidentiality (AIC Triad) • Basic information system security concepts • Risk analysis and mitigation • Mechanisms for organizational information security • Data classifications requiring specialized legal consideration

EXPLORE: CONCEPTS

CIA Triad Confidentiality Information Security Integrity Availability

Information Security Common Concerns • Shoulder Surfing • Social Engineering • Spear Phishing • Malware • Spyware • Logic Bomb • Back Door Denial of Service

Data Classification

Legal Mechanisms to Ensure Information Security • Laws • Gramm-Leach-Bliley Act, HIPPA, Sarbanes-Oxley (SOX), and others • Information Regulations • Financial, credit card, health, etc. • Agencies • FTC, Banks, DHHS, SEC, DOE, etc.

Risk Management Concepts • Vulnerability ~ asset weaknesses • Mitigation ~ safeguard assets • Threat Agent ~ hacker or malware • Exploits ~ threats carried out • Risks ~ minimized by asset owner

EXPLORE: PROCESS

Owner Safeguard Vulnerability Threat Agent Risk Threat Asset Risk Management Process

EXPLORE: ROLES

Roles in Risk Management Senior Management Chief Information Security Officer Information Technology Department Legal Department

EXPLORE: CONTEXT

Information Security in Different Contexts

Access Control Models • Discretionary Access Control (DAC): • discretion of the owner • Mandatory Access Control (MAC): • security labels & classifications • Role-Based Access Control (RBAC): • job function or role

EXPLORE: RATIONALE

Law and Information Security • Cyberspace theft • Internet extortion • Online pedophilia • Jurisdiction issues • Electronic signature issues

Summary • Availability, Integrity, and Confidentiality (AIC Triad) • Basic information system security concepts • Risk analysis and mitigation • Mechanisms for organizational information security • Data classifications requiring specialized legal consideration

IS3350 Security Issues in Legal Context

IS3350 Security Issues in Legal Context

Presentation Transcript

Legal Issues in Jail

Legal Issues in Parole

HOMELAND SECURITY AND RELATED LEGAL ISSUES

Legal Issues in Assessment

Legal issues in p.a.p.a.

Legal Issues in ILP

Legal Issues in Parole

Legal Issues in Regulation

The Information Security Legal Context

Legal Issues in Selection

Global Issues in Context

Legal Issues in Jail

Legal Issues in EMS

Global Issues In Context

IS3350 Security Issues in Legal Context Unit 5 Security and Privacy Involving

IS3350 Security Issues in Legal Context Unit 6 Federal and State Laws on Privacy,

IS3350 Security Issues in Legal Context Unit 10

LEGAL ISSUES IN ASSESSMENT

IS3350 Security Issues in Legal Context Unit 8 Cyberspace and the Law

IS3350 Security Issues in Legal Context

Global Issues In Context

Legal Issues in EMS