IT Graduate Certificate in Information Security and Assurance


Course Description



(9) IT 6923 Ethical and Legal Issues in Information Assurance


Course Description: This course explores the issues of ethical challenges and legal issues that fact security practitioners. Topics include: Understand and evaluate the impact of legal and ethical issues on information security practice, privacy and security laws and regulations such as HIPAA, GLBA, Sarbanes-Oxley, Patriot Act, FISMA, CISRA and other. Techniques for planning, managing and implementing strategies based on these regulatory requirements will be discussed.


Course Prerequisites: IT 6823 Information Security Concepts and Administration


Course Outline:

Criminal Activity Preparedness Planning

    Evidence collection and handling

    Incident handling and response

    The parameters of investigations

    NSTISSP 11

    Develop/write policy for criminal activity

    Explain criminal activity preparedness planning policy

    Containment and management of evidence

    Integrate criminal activity preparedness into local policy


Laws and Regulations

       Clinger-Cohen Act

       Computer Fraud and Abuse Act

       Copyright Act of 1976

       Copyright Protection and License

       Electronic Freedom of Information Act

       Electronic Records Management and Federal Records Act

       Federal Information System Management Act

       Federal Managers Financial Integrity Act

       Federal Property and Administration Service Act

       Freedom of Information Act

       Government Paperwork Elimination Act

       Government Information Security Reform Act

       Millennium Copyright Act

       National Archives and Records Act

       Privacy Act issues

       USA Patriot Act

       Computer crime and various methods used to commit computer crime

       Computer crime laws

       Implications of the Privacy Act

       Import/Export laws

       Information systems security laws

       Intellectual properties laws

       International legal issues which can affect information assurance

       Liability laws

       Licensing laws

       Legal responsibilities of the SSM, viz., CIO, DAA, CTO, etc.

       Requirements of Computer Security Act

       Trans-border data flow laws

       Verify applicable laws and directives


Ethical Disclosure

       Vulnerability assessment

       Penetration testing

       The dual nature of tools

       Hackers motivations

       Ethical hacking and the legal system

       Proper and ethical disclosure

       Organization for Internet Safety

       Conflicts resolution