Unit 2.pdf

Full Transcript

Differentiate between Ethics and
Law
 What is Ethics?
Moral principles that govern a person's behaviour or the conducting of an activity.
Ethics refers to a set of principles or moral values that govern human behavior and
decision-making.
It is an internal system of beliefs, values, and principles that individuals develop
based on their upbringing, cultural background, personal experiences, and
philosophical perspectives.
Ethics provides guidelines for distinguishing between right and wrong, good and
bad, and morally acceptable and unacceptable actions.
It focuses on questions of morality and aims to promote virtuous behavior,
fairness, and the well-being of individuals and society.
Ethics are subjective and can vary among individuals or cultures, leading to
different ethical frameworks or systems.
Ethics in Cyber Security
Confidentiality
Integrity
Availability
Privacy
Ethical Hacking
Responsible Disclosure
Ethical Decision-Making
Legal and Regulatory Compliance
Awareness and Education
 What is Law?
The system of rules which a particular country or community recognizes as
regulating the actions of its members and which it may enforce by the imposition
of penalties.
Laws, on the other hand, are rules and regulations established by governing
bodies, such as governments or legislative bodies, to maintain order, provide a
framework for society, and protect the rights and well-being of individuals.
Laws are based on ethical principles but are enforceable and have legal
consequences if violated. They are designed to be impartial and apply to all
members of a society equally.
Laws are typically enacted through a formal legislative process and are codified in
legal statutes, constitutions, or regulations. They cover various aspects of human
conduct, such as criminal behavior, property rights, contracts, employment, and
public safety.
Violations of laws can result in penalties, such as fines, imprisonment, or other
legal consequences.
"Shooting the birds is against the law“.
 Difference Between Ethics and Laws
Laws Ethics
Laws are rules that mandate or prohibit Ethics comprises of guidelines and
certain behavior in society; they are drawn principles that inform people about
from ethics, which define socially how to live or how to behave in a
acceptable behaviors. particular situation.
laws tend to be more rigid and may Ethics are more flexible and adaptable
require formal amendments. to changing circumstances, allowing
individuals.
laws are created by governing bodies as
formal rules and regulations. Ethics stem from personal beliefs,
Laws are generally intended to be values, and moral principles.
universally applicable within a specific Ethical frameworks can vary among
jurisdiction. individuals, cultures, and societies.
Distinguish among types of
ethical concerns.
 Privacy: This deals with the right of an individual to
control personal information. It is the protection of
personal or sensitive information. Privacy is
subjective. Different people have different ideas of
what privacy is and how much privacy they will trade
for safety or convenience.
 Accuracy: This talks about the responsibility for
the authenticity, fidelity an accuracy of the
information.
 Property: This determines who the owner of the
information is and who controls access.
 Accessibility: This deals with the issue of the
type of information, an organization has the right
to collect. And in that situation, it also expects to
know the measures which will safeguard against
any unforeseen eventualities.
Cyber Bullying
Cyberbullying or cyber harassment is a form
of bullying or harassment using electronic means.
Cyberbullying and cyber harassment are also known
as online bullying.
Cyberbullying refers to the act of using digital communication
technologies, such as social media platforms, online forums, text
messages, or emails, to harass, intimidate, or harm another person. It
involves the repetitive and intentional use of these technologies to
target an individual or a group, causing emotional distress, humiliation,
or fear.
 It has become increasingly common, especially among teenagers, as the
digital sphere has expanded and technology has advanced.
Cyberbullying is when someone, typically a teenager, bullies or harasses
others on the internet and other digital spaces, particularly on social media
sites.
Harmful bullying behavior can include posting rumors, threats, sexual
remarks, a victims' personal information, or pejorative labels (i.e. hate
speech). Bullying or harassment can be identified by repeated behavior
and an intent to harm.
Victims of cyberbullying may experience lower self-esteem,
increased suicidal ideation, and various negative emotional responses,
including being scared, frustrated, angry, or depressed.
 Cyberbullying can take various forms:-
Verbal Abuse: Sending threatening, abusive, or derogatory messages, comments, or emails.
Harassment: Repeatedly sending unwanted messages, spreading rumors, or making false statements
about someone online.
Exclusion: Deliberately excluding someone from online groups, chats, or activities to isolate and
ostracize them.
Impersonation: Creating fake profiles or pretending to be someone else to deceive and harm
others.
Disclosure of Personal Information: Sharing someone's private information, photos, or
videos without their consent, often with the intention of embarrassing or blackmailing them.
Cyberstalking: Persistent and intrusive online monitoring, tracking, or following of an individual,
causing them fear or anxiety.
Trolling: Posting provocative or offensive content with the aim of provoking emotional responses and
disrupting online discussions.
Identify actions that constitute cyberbullying
Sending mean, hurtful, or threatening messages
Sharing or spreading false rumors
Posting or sharing embarrassing or private information
Creating fake profiles or impersonating others
Online harassment and stalking
Trolling and baiting
Exclusion or cyber isolation
Hate speech and discriminatory language
Photoshopping or altering images to ridicule
Identify possible warning signs of someone
being cyberbullied
Emotional distress Changes in sleep or eating patterns
Avoidance of technology Self-blame or low self-esteem
Changes in social behavior Secrecy about online activities
Physical complaints
Decline in academic or work
performance Withdrawal from family and friends
Expressions of hopelessness or
Unexplained anger or frustration suicidal thoughts
Sudden loss of interest
Identify laws applicable to cybersecurity
General Data Protection Regulation (GDPR): Implemented in the European
Union, the GDPR regulates the processing and handling of personal data to safeguard
individual privacy and data security.
Computer Fraud and Abuse Act (CFAA): In the United States, this law addresses
unauthorized access to computer systems and data, making it illegal to hack into
protected networks.
Cybersecurity Information Sharing Act (CISA): Encourages the sharing of
cybersecurity threat information between private companies and government agencies
to improve cybersecurity measures.
The Data Protection Act 2018 (UK)
 Information Technology Act, 2000 (IT Act): The IT Act is the primary legislation
governing electronic transactions, cybersecurity, and digital signatures in India. It defines
various cyber offenses, such as unauthorized access, hacking, and the spreading of
malicious code, and prescribes penalties for these offenses.
Information Technology (Amendment) Act, 2008: This amendment to the IT Act was
enacted to address emerging cyber threats and provide additional provisions for dealing
with cybercrimes, including the introduction of new offenses and higher penalties.
Indian Computer Emergency Response Team (CERT-In): Although not a law,
CERT-In is the national agency responsible for coordinating responses to cybersecurity
incidents in India. It plays a crucial role in enhancing the security of the country's
cyberspace.
Data Protection Laws and Rules: While India does not have a comprehensive data
protection law, various rules and guidelines govern data protection. The Personal Data
Protection Bill, 2019, is currently under consideration to establish a comprehensive data
protection framework.
Payment Card Industry Data Security Standard (PCI DSS): While not a law, PCI DSS
is a set of industry standards that apply to organizations handling credit card data. It aims
to ensure the security of cardholder information and prevent data breaches.
 National Cyber Security Policy, 2013: This policy outlines India's vision and
strategy for ensuring a secure cyberspace and strengthening the country's
cybersecurity posture.
Guidelines for Corporate Governance in IT Sector: The Ministry of Corporate
Affairs has issued guidelines for good corporate governance in the IT sector, which
includes recommendations for cybersecurity practices.
Indian Penal Code, 1860: While not specific to cybersecurity, various sections of
the Indian Penal Code deal with offenses related to cybercrimes, such as fraud,
identity theft, and cyber defamation.
Securities and Exchange Board of India (SEBI) Cybersecurity Guidelines: SEBI
has issued guidelines for listed companies and market intermediaries to enhance their
cybersecurity and protect against cyber threats.
Reserve Bank of India (RBI) Guidelines: The RBI has issued guidelines and
circulars related to cybersecurity in the banking and financial sector, mandating
certain security measures and incident reporting.