Policy, Legal, Ethics, and Compliance (2020)
The intent of the Policy, Legal, Ethics, and Compliance Knowledge Unit is to provide students with and understanding of information assurance in context and the rules and guidelines that control them.
- 1 Outcomes
- 2 Topics
- 3 Skills
- 4 NICE Framework Categories
- 5 CSEC 2017 Categories
- 6 Specialization Areas
- 7 See also
- 8 Further reading
- 9 Sample knowledge test
- 10 Sample skills test
- 11 Sample abilities test
- 12 Additional notes or materials
- 13 Contacts
- 14 Reference ID
After completing the KU, students will be able to:
- List the applicable laws and policies related to cyber defense.
- Describe the major components of each of the laws and policies pertaining to the storage and transmission of data in cyber defense.
- Describe their responsibilities related to the handling of data as it pertains to legal, ethical and/or agency auditing issues.
- Differentiate how the type of legal dispute (civil, criminal, private) affects the evidence used to resolve it.
- Analyze several information technology frameworks (i.e. COBIT, NIST, ITIL).
To complete this KU, you must complete all topics below, including sub-topics.
- Understanding laws, standards, and frameworks
- Governing Authority
- Implementation/Change processes
- Enforcement mechanisms,
- Federal Laws and Regulations - Overview, including selected topics from:
- Computer Security Act
- Sarbanes – Oxley
- Gramm – Leach – Bliley, Financial Services Modernization Act of 1999
- Privacy (COPPA)
- HIPAA / FERPA
- USA Patriot Act
- Americans with Disabilities Act, Section 508
- Other Federal laws and regulations
- State and local laws and regulations
- International laws / jurisdictions
- Standards (examples)
- Payment Card Industry Data Security Standard (PCI DSS)
- Frameworks (examples)
- Basic Intellectual Property Concepts
- Identification of requirements
- Codes of conduct
- Whistle blowing
NICE Framework Categories
CSEC 2017 Categories
- Data Management Systems Security
- Digital Forensics, Specialization Area
- Health Care Security
- Network Security Administration, Specialization Area
- Secure Cloud Computing
- Secure Embedded Systems
- Secure Mobile Technology
- Secure Telecommunications
Related Knowledge Units
- Title: Cyberethics: Morality and Law in Cyberspace, Sixth Edition, Author: Spinello ISBN: 978-1-284-08139-8
Suggested academic readings
Sample knowledge test
Sample skills test
Sample abilities test
Additional notes or materials
In the ENMU-Ruidoso Cybersecurity Programs we teach Cyber-Ethics, Professionalism, and Career Development course. This course exposes the student to the topic of Cyber Ethics, Professionalism, and Career Development. The course provides students seeking a career in Cybersecurity insight on professional behavior required in a security job and how to develop a professional career in Cybersecurity. This KU is focused more on policy, law and practices where we also focus on ethical concepts related to cybersecurity with the following outcomes:
- Understand the traditional ethical frameworks that can guide the student’s analysis of the moral dilemmas and social problems that arise in cyberspace.
- Describe and understand the directive and architectonic role of moral ideals and principles in determining responsible behavior in cyberspace.
- Describe and understand the capacity of free and responsible human beings to exercise some control over the forces of technology.
- Explain and understand the appropriate regulatory response to social problems that have emerged in the online world and formulate and apply answer to the idea that market forces handle social problems or that the government intervention is essential.
- Understand and explain the bottom-up and top-down approaches to regulating the internet.
- Describe and formulate the optimal approach and interaction of regulatory policy and technology.
- Understand and apply career development processes and best practices.