a rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority implies imposition by a sovereign authority and the obligation of obedience on the part of all subject to that authority
a set of moral principles or values the principles of conduct governing an individual or a group an objectively defined standard of right and wrong
Categories of Law
Civil law: represents a wide variety of laws that govern a nation or state
Criminal law: addresses violations harmful to society and is actively enforced through prosecution by the state
Tort law enables individuals to seek recourse against others in the event of personal, physical, or financial injury.
Torts are enforced via individual lawsuits rather than criminal prosecutions by the state. When someone brings a legal action under tort law, personal attorneys present the evidence and argue the details rather than representatives of the state, who prosecute criminal cases.
The categories of laws that affect the individual in the workplace are private law and public law.
Private law regulates the relationship between the individual and the organization, and encompasses family law, commercial law, and labor law.
Public law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments, providing careful checks and balances. Examples of public law include criminal, administrative, and constitutional law
Law and Ethics
Laws are rules that mandate or prohibit certain behavior in society
ethics, which define socially acceptable behaviors.
The key difference between laws and ethics is that laws carry the sanctions of a governing authority and ethics do not. Ethics in turn are based on cultural mores: the fixed moral attitudes or customs of a particular group.
Some ethics are recognized as universal. For example,murder, theft, assault, and arson are commonly accepted as actions that deviate from ethical and legal codes in the civilized world.
Differences between Laws and Ethics
+Formal, documented
+Interpreted by courts
+Established by legislature representing everyone
+Applicable to everyone
+Priority determined by courts if two laws conflict
+Enforceable by police and courts
+Described by unwritten principles
+Interpreted by individuals
+Presented by philosophers, religions, professional group
+Personal choice
+Priority determined by individual if two principles conflict
Ethics Concept in Information Security
Ethical Differences Across Cultures
Cultural differences can make it difficult to determine what is and is not ethical especially when considering the use of computers.
individuals of different nationalities have different perspectives; difficulties arise when one nationality’s ethical behavior conflicts with the ethics of another national group
For example, to Western cultures, many of the ways in which Asian cultures use computer technology is software piracy. This ethical conflict arises out of Asian traditions of collective ownership, which clash with the protection of intellectual property
Software License Infringement
the individuals surveyed understood what software license infringement was but felt either that their use was not piracy, or that their society permitted this piracy in some way the lack of legal disincentives, the lack of punitive measures, or any one of a number of other reasons could also explain why these alleged piracy centers were not oblivious to intellectual property laws
Illicit Use
The individuals studied unilaterally condemned viruses, hacking, and other forms of system abuse as unacceptable behavior
The low overall degree of tolerance for illicit system use may be a function of the easy association between the common crimes of breaking and entering, trespassing, theft, and destruction of property to their computer-related counterparts
Misuse of Corporate Resources
Individuals displayed a rather lenient view of personal use of company equipment.
A range of views within the acknowledgement of ethical versus unethical behavior as to whether or not some actions are moderately or highly acceptable
Ethics and Education
Differences in the ethics of computer use are not exclusively international.
Differences are found among individuals within the same country, within the same social class, and within the same company
Deterrence to Unethical and Illegal Behavior
It is the responsibility of information security personnel to do everything in their power to deter these acts and to use policy, education and training, and technology to protect information and systems
Three general categories of unethical and illegal behavior:
Three general categories of unethical and illegal behavior:
ignorance of the law is no excuse, however ignorance of policy and procedures is
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident
Intent is often the cornerstone of legal defense, when it becomes necessary to determine whether or not the offender acted out of ignorance, by accident, or with specific intent to cause harm or damage
Deterrence is the best method for preventing an illegal or unethical activity. Laws, policies, and technical controls are all examples of deterrents. However, it is generally agreed that laws and policies and their associated penalties only deter if three conditions are present
Fear of penalty: The individual intending to commit the act must fear the penalty. Threats of informal reprimand or verbal warnings may not have the same impact as the threat of imprisonment or forfeiture of pay.
Probability of being caught: The individual has to believe there is a strong possibility of being caught performing the illegal or unethical act. Penalties can be severe, but the penalty will not deter the behavior unless there is an expectation of being caught.
Probability of penalty being administered: The individual must believe that the penalty will in fact be administered.
No comments:
Post a Comment