Security Laws and Standards- Case 3
Employees must be trained and kept aware of topics related to information security, not the least of which is the expected behaviors of an ethical employee. This is especially important in information security, as many employees may not have the formal technical training to understand that their behavior is unethical or even illegal. It is the responsibility of information security personnel to do everything in their power to deter illegal, immoral, or unethical behavior and to use policy, education and training, and technology to protect information and systems. Three general causes of unethical and illegal behavior are ignorance, accident, and intent. Deterrence is the best method for preventing illegal or unethical activity. Laws, policies, and technical controls are all examples of deterrents. Laws and policies and their associated penalties only deter if three conditions are present: fear of penalty, probability of being apprehended, and the probability of penalty being applied. Many professional organizations have established codes of conduct or codes of ethics that members are expected to follow.
Module 3 Video: https://tlc.trident.edu/content/enforced/136285-ITM517-2020JAN13FT-1/ITM517module3.mp4?_&d2lSessionVal=0d33FHkTkbJiAhh9CgHr3pqKC&ou=136285
Case Assignment
Discuss and prepare tables to compare the following certifications: Certified Information Systems Security Professional (CISSP), HealthCare Information Security and Privacy Practitioner (HCISPP), Certified Cyber Forensics Professional (CCFP) certification, Certified Secure Software Lifecycle Professional (CSSLP) certification. Use the Internet to identify the ethical rules that holders of each certification have agreed to follow. Also determine the knowledge requirements for each of these certifications.
Assignment Expectations
You will be assessed on your comparison of the certifications in terms of their knowledge requirements, ethical rules, and effectiveness for the individual in terms of future employment.
Background Readings:
To access Skillsoft books, go to Skillsoft’s Books24x7 in the Additional Library Resources. For additional help, follow these instructions for Finding Skillsoft Books.
Read Chapters 10 to 12
Andress, Jason and Winterfeld, Steve (2014). Cyber warefare: Techniques, tactics and tools for security practitioners. Syngress, Waltham, Ma. (ISBN: 9780124166721). Available in the Trident Online Library.
Read Chapters 8,9, 10
Chappel, M. Ballad, B., Balad, T. and Bnks, E.K. (2014). Access control, authentication, and public key infrastructure. Jones and Barlett Learning, 2nd Edition
Read chapters 19 – 23
Dordal, Peter L. (2017). An introduction to computer networks. Book under Creative Commons
Chapters 4 and 5
Gordon, A. (2015). Official (ISC)2 guide to the CISSP CBK, Fourth Edition, CRC Press.
Read Chapter 3
Risk management for enterprises and individuals (2017) Book under Creative Commons
Soper, Daniel (2017). Information Privacy and Security. Security Lesson #6 Encryption https://www.youtube.com/watch?v=qcai6ZY6sVs&list=PLlYw7XsK0HV-r0T5fypBv9-a1gbq8xkZR&index=6
Soper, Daniel (2017). Information Privacy and Security. Security Lesson #7 Firewalls and Network Security
Soper, Daniel (2017). Information Privacy and Security. Security Lesson #8 Wireless Security
Soper, Daniel (2017). Information Privacy and Security. Security Lesson #9 Data Interception and Public Encryption
Soper, Daniel (2017). Information Privacy and Security. Security Lesson #10 Forgeries and Digital Identity https://www.youtube.com/watch?v=gCIN6ObEMcI&index=10&list=PLlYw7XsK0HV-r0T5fypBv9-a1gbq8xkZR
Soper, Daniel (2017). Information Privacy and Security. Security Lesson #11 Denial of Service Attack. https://www.youtube.com/watch?v=0_59AocrBVo&list=PLlYw7XsK0HV-r0T5fypBv9-a1gbq8xkZR&index=11
Soper, Daniel (2017). Information Privacy and Security. Security Lesson #12 Information Privacy. https://www.youtube.com/watch?v=0_o3pmnWmSI&list=PLlYw7XsK0HV-r0T5fypBv9-a1gbq8xkZR&index=12