Policy, Legal, Ethics, and Compliance (2020)

From CyberEdWiki
Revision as of 22:07, 21 November 2019 by GeralynUH (talk | contribs) (Text replacement - "To complete this KU, students should be able to:" to "After completing the KU, students will be able to:")
Jump to: navigation, search

The intent of the Policy, Legal, Ethics, and Compliance Knowledge Unit is to provide students with and understanding of information assurance in context and the rules and guidelines that control them.


After completing the KU, students will be able to:

  1. List the applicable laws and policies related to cyber defense.
  2. Describe the major components of each of the laws and policies pertaining to the storage and transmission of data in cyber defense.
  3. Describe their responsibilities related to the handling of data as it pertains to legal, ethical and/or agency auditing issues.
  4. Differentiate how the type of legal dispute (civil, criminal, private) affects the evidence used to resolve it.
  5. Analyze several information technology frameworks (i.e. COBIT, NIST, ITIL).


To complete this KU, you must complete all topics below, including sub-topics.

  1. Understanding laws, standards, and frameworks
    • Governing Authority
    • Implementation/Change processes
    • Mandatory/Voluntary/Incentive
    • Enforcement mechanisms,
  2. Federal Laws and Regulations - Overview, including selected topics from:
    • Computer Security Act
    • Sarbanes – Oxley
    • Gramm – Leach – Bliley, Financial Services Modernization Act of 1999
    • Privacy (COPPA)
    • USA Patriot Act
    • Americans with Disabilities Act, Section 508
    • Other Federal laws and regulations
  3. State and local laws and regulations
  4. International laws / jurisdictions
  5. Standards (examples)
    • Payment Card Industry Data Security Standard (PCI DSS)
  6. Frameworks (examples)
    • COBIT
    • NIST
    • ITIL
  7. Basic Intellectual Property Concepts
  8. Compliance
    • Identification of requirements
    • Tracking
    • Reporting
  9. Ethics
    • Behaviors
    • Codes of conduct
    • Conflicts
    • Reporting
      • Whistle blowing


NICE Framework Categories

CSEC 2017 Categories

Specialization Areas

See also

Related Knowledge Units

Further reading

Suggested textbooks

  1. Title: Cyberethics: Morality and Law in Cyberspace, Sixth Edition, Author: Spinello ISBN: 978-1-284-08139-8

Suggested academic readings

Sample knowledge test

Sample skills test

Sample abilities test

Additional notes or materials

In the ENMU-Ruidoso Cybersecurity Programs we teach Cyber-Ethics, Professionalism, and Career Development course. This course exposes the student to the topic of Cyber Ethics, Professionalism, and Career Development. The course provides students seeking a career in Cyber Security insight on professional behavior required in a security job and how to develop a professional career in Cyber Security. This KU is focused more on policy, law and practices where we also focus on ethical concepts related to cybersecurity with the following outcomes:

  1. Understand the traditional ethical frameworks that can guide the student’s analysis of the moral dilemmas and social problems that arise in cyberspace.
  2. Describe and understand the directive and architectonic role of moral ideals and principles in determining responsible behavior in cyberspace.
  3. Describe and understand the capacity of free and responsible human beings to exercise some control over the forces of technology.
  4. Explain and understand the appropriate regulatory response to social problems that have emerged in the online world and formulate and apply answer to the idea that market forces handle social problems or that the government intervention is essential.
  5. Understand and explain the bottom-up and top-down approaches to regulating the internet.
  6. Describe and formulate the optimal approach and interaction of regulatory policy and technology.
  7. Understand and apply career development processes and best practices.


Reference ID