IT Graduate Certificate in Information Security and Assurance

 

Course Description

 

 

(9) IT 6923 Ethical and Legal Issues in Information Assurance

 

Course Description: This course explores the issues of ethical challenges and legal issues that fact security practitioners. Topics include: Understand and evaluate the impact of legal and ethical issues on information security practice, privacy and security laws and regulations such as HIPAA, GLBA, Sarbanes-Oxley, Patriot Act, FISMA, CISRA and other. Techniques for planning, managing and implementing strategies based on these regulatory requirements will be discussed.

 

Course Prerequisites: IT 6823 Information Security Concepts and Administration

 

Course Outline:

Criminal Activity Preparedness Planning

·    Evidence collection and handling

·    Incident handling and response

·    The parameters of investigations

·    NSTISSP 11

·    Develop/write policy for criminal activity

·    Explain criminal activity preparedness planning policy

·    Containment and management of evidence

·    Integrate criminal activity preparedness into local policy

 

Laws and Regulations

·       Clinger-Cohen Act

·       Computer Fraud and Abuse Act

·       Copyright Act of 1976

·       Copyright Protection and License

·       Electronic Freedom of Information Act

·       Electronic Records Management and Federal Records Act

·       Federal Information System Management Act

·       Federal Managers Financial Integrity Act

·       Federal Property and Administration Service Act

·       Freedom of Information Act

·       Government Paperwork Elimination Act

·       Government Information Security Reform Act

·       Millennium Copyright Act

·       National Archives and Records Act

·       Privacy Act issues

·       USA Patriot Act

·       Computer crime and various methods used to commit computer crime

·       Computer crime laws

·       Implications of the Privacy Act

·       Import/Export laws

·       Information systems security laws

·       Intellectual properties laws

·       International legal issues which can affect information assurance

·       Liability laws

·       Licensing laws

·       Legal responsibilities of the SSM, viz., CIO, DAA, CTO, etc.

·       Requirements of Computer Security Act

·       Trans-border data flow laws

·       Verify applicable laws and directives

 

Ethical Disclosure

·       Vulnerability assessment

·       Penetration testing

·       The dual nature of tools

·       Hackers motivations

·       Ethical hacking and the legal system

·       Proper and ethical disclosure

·       Organization for Internet Safety

·       Conflicts resolution