Legal & Ethical

Law
a rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority implies imposition by a sovereign authority and the obligation of obedience on the part of all subject to that authority

Ethics
a set of moral principles or values the principles of conduct governing an individual or a group an objectively defined standard of right and wrong

Categories of Law
Civil law: represents a wide variety of laws that govern a nation or state
Criminal law: addresses violations harmful to society and is actively enforced through prosecution by the state
Tort law enables individuals to seek recourse against others in the event of personal, physical, or financial injury.
Torts are enforced via individual lawsuits rather than criminal prosecutions by the state. When someone brings a legal action under tort law, personal attorneys present the evidence and argue the details rather than representatives of the state, who prosecute criminal cases.
The categories of laws that affect the individual in the workplace are private law and public law.
Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law.
Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments, providing careful checks and balances. Examples of public law include criminal, administrative, and constitutional law

Law and Ethics
Laws are rules that mandate or prohibit certain behavior in society
ethics, which define socially acceptable behaviors.
The key difference between laws and ethics is that laws carry the sanctions of a governing authority and ethics do not. Ethics in turn are based on cultural mores: the fixed moral attitudes or customs of a particular group.
Some ethics are recognized as universal. For example,murder, theft, assault, and arson are commonly accepted as actions that deviate from ethical and legal codes in the civilized world.

Differences between Laws and Ethics
LAW
+Formal, documented
+Interpreted by courts
+Established by legislature representing everyone
+Applicable to everyone
+Priority determined by courts if two laws conflict
+Enforceable by police and courts

ETHIC
+Described by unwritten principles
+Interpreted by individuals
+Presented by philosophers, religions, professional group
+Personal choice
+Priority determined by individual if two principles conflict

Ethics Concept in Information Security

Ethical Differences Across Cultures
Cultural differences can make it difficult to determine what is and is not ethical especially when considering the use of computers.
individuals of different nationalities have different perspectives; difficulties arise when one nationality’s ethical behavior conflicts with the ethics of another national group

For example, to Western cultures, many of the ways in which Asian cultures use computer technology is software piracy. This ethical conflict arises out of Asian traditions of collective ownership, which clash with the protection of intellectual property

Software License Infringement
the individuals surveyed understood what software license infringement was but felt either that their use was not piracy, or that their society permitted this piracy in some way the lack of legal disincentives, the lack of punitive measures, or any one of a number of other reasons could also explain why these alleged piracy centers were not oblivious to intellectual property laws

Illicit Use
The individuals studied unilaterally condemned viruses, hacking, and other forms of system abuse as unacceptable behavior
The low overall degree of tolerance for illicit system use may be a function of the easy association between the common crimes of breaking and entering, trespassing, theft, and destruction of property to their computer-related counterparts

Misuse of Corporate Resources
Individuals displayed a rather lenient view of personal use of company equipment.
A range of views within the acknowledgement of ethical versus unethical behavior as to whether or not some actions are moderately or highly acceptable

Ethics and Education
Differences in the ethics of computer use are not exclusively international.
Differences are found among individuals within the same country, within the same social class, and within the same company

Deterrence to Unethical and Illegal Behavior
It is the responsibility of information security personnel to do everything in their power to deter these acts and to use policy, education and training, and technology to protect information and systems
Three general categories of unethical and illegal behavior:
Ignorance
Accident
Intent

Three general categories of unethical and illegal behavior:
Ignorance
ignorance of the law is no excuse, however ignorance of policy and procedures is
Accident
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident
Intent
Intent is often the cornerstone of legal defense, when it becomes necessary to determine whether or not the offender acted out of ignorance, by accident, or with specific intent to cause harm or damage

Deterrence
Deterrence is the best method for preventing an illegal or unethical activity. Laws, policies, and technical controls are all examples of deterrents. However, it is generally agreed that laws and policies and their associated penalties only deter if three conditions are present
Fear of penalty: The individual intending to commit the act must fear the penalty. Threats of informal reprimand or verbal warnings may not have the same impact as the threat of imprisonment or forfeiture of pay.
Probability of being caught: The individual has to believe there is a strong possibility of being caught performing the illegal or unethical act. Penalties can be severe, but the penalty will not deter the behavior unless there is an expectation of being caught.
Probability of penalty being administered: The individual must believe that the penalty will in fact be administered.