B030710154

Legal and Ethical Issues in Computer Security

Law is a rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority. Ethics is a set of moral principles or values or the principles of conduct governing an individual or a group.

Differences between law and ethic:

LAW

· Formal, documented

· Interpreted by courts

· Established by legislature representing everyone

· Applicable to everyone

· Priority determined by courts if two laws conflict

· Enforceable by police and courts

ETHIC

· Described by unwritten principles

· Interpreted by individuals

· Presented by philosophers, religions, professional group

· Personal choice

· Priority determined by individual if two principles conflict

The key difference between laws and ethics is that laws carry the sanction of a governing authority and ethics do not. Organizations formalize desired behaviors in documents called policies. Policies must be read and agreed to before they are binding. Civil law represents a wide variety of laws that are used to govern a nation or state. Criminal law addresses violations that harm society and are enforced by agents of the state or nation. Tort law is conducted by means of individual lawsuits rather than criminal prosecution by the state.

Three general categories of unethical and illegal behavior:

o Ignorance

§ ignorance of the law is no excuse, however ignorance of policy and procedures is

o Accident

§ Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident

o Intent

§ Intent is often the cornerstone of legal defense, when it becomes necessary to determine whether or not the offender acted out of ignorance, by accident, or with specific intent to cause harm or damage

Ethic Concepts

Deterrence is the best method for preventing an illegal or unethical activity. Deterrence can prevent an illegal or unethical activity from occurring. Deterrence requires significant penalties, a high probability of apprehension, and an expectation of enforcement of penalties.