Policy, Legal, Ethics, and Compliance (2020)

From CyberEdWiki
Jump to: navigation, search
VPN-Legal-Policy.jpg

The intent of the Policy, Legal, Ethics, and Compliance Knowledge Unit is to provide students with and understanding of information assurance in context and the rules and guidelines that control them.

Outcomes[edit]

To complete this KU, students should be able to:

  1. List the applicable laws and policies related to cyber defense and describe the major components of each pertaining to the storage and transmission of data.
  2. Describe their responsibilities related to the handling of data as it pertains to legal, ethical and/or agency auditing issues.
  3. Differientiate how the type of legal dispute (civil, criminal, private) affects the evidence used to resolve it.

Topics[edit]

To complete this KU, you must complete all topics below, including sub-topics.

  1. Understanding laws, standards, and frameworks
    • Governing Authority
    • Implementation/Change processes
    • Mandatory/Voluntary/Incentive
    • Enforcement mechanisms,
  2. Federal Laws and Regulations - Overview, including selected topics from:
    • Computer Security Act
    • Sarbanes – Oxley
    • Gramm – Leach – Bliley, Financial Services Modernization Act of 1999
    • Privacy (COPPA)
    • HIPAA / FERPA
    • USA Patriot Act
    • Americans with Disabilities Act, Section 508
    • Other Federal laws and regulations
  3. State and local laws and regulations
  4. International laws / jurisdictions
  5. Standards (examples)
    • Payment Card Industry Data Security Standard (PCI DSS)
  6. Frameworks (examples)
    • COBIT
    • NIST
    • ITIL
  7. Basic Intellectual Property Concepts
  8. Compliance
    • Identification of requirements
    • Tracking
    • Reporting
  9. Ethics
    • Behaviors
    • Codes of conduct
    • Conflicts
    • Reporting
      • Whistle blowing

Skills[edit]

NICE Framework Categories[edit]

Specialization Areas[edit]

See also[edit]

Related Knowledge Units

Further reading[edit]

Suggested textbooks[edit]

  1. Title: Cyberethics: Morality and Law in Cyberspace, Sixth Edition, Author: Spinello ISBN: 978-1-284-08139-8

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]

In the ENMU-Ruidoso Cybersecurity Programs we teach Cyber-Ethics, Professionalism, and Career Development course. This course exposes the student to the topic of Cyber Ethics, Professionalism, and Career Development. The course provides students seeking a career in Cyber Security insight on professional behavior required in a security job and how to develop a professional career in Cyber Security. This KU is focused more on policy, law and practices where we also focus on ethical concepts related to cybersecurity with the following outcomes:

  1. Understand the traditional ethical frameworks that can guide the student’s analysis of the moral dilemmas and social problems that arise in cyberspace.
  2. Describe and understand the directive and architectonic role of moral ideals and principles in determining responsible behavior in cyberspace.
  3. Describe and understand the capacity of free and responsible human beings to exercise some control over the forces of technology.
  4. Explain and understand the appropriate regulatory response to social problems that have emerged in the online world and formulate and apply answer to the idea that market forces handle social problems or that the government intervention is essential.
  5. Understand and explain the bottom-up and top-down approaches to regulating the internet.
  6. Describe and formulate the optimal approach and interaction of regulatory policy and technology.
  7. Understand and apply career development processes and best practices.

Contacts[edit]

Reference ID[edit]

PLE