KAMRAN

GC
UNIVERSITY
FAISALABAD

----------------------------------------------------

NAME:
MUHAMMAD KAMRAN
ROLL No:
4256
SUBMITTED To:
SIR IRFAN ANWAR

4TH SEMESTER BSIT ( MORNING)

INFORMATION

SECURITY

CHAPTER ::3

GC UNIVERSITY FAISALABAD 1
KAMRAN

QUESTION : 1
What is the difference between law and ethics?

ANSWER:

The difference between law and ethics is that law is a set of rules and regulations that are
universal and should be accepted and followed by society and organizations. Ethics on the other
hand was derived from the latin word mores and Greek word Ethos means the beliefs and
customs that help shape the character of individuals and how people interact with one another.

QUESTION :2
What is civil law, and what does it accomplish?

ANSWER:
A wide variety of laws that govern a nation or state and deal with the
relationships and conflicts between organizational and entities and people.

QUESTION :3
What are the primary examples of public law?

ANSWER:

Criminal, administrative and constitutional law.

QUESTION :4
 Which law amended the Computer Fraud and Abuse Act of 1986, and what did
it change?

ANSWER:
The National Information Infrastructure Protection of 1996 amended the Computer
Fraud and Abuse Act of 1986. It modified several sections of the CFA Act, and increased the
penalties for selected crime.

QUESTION :5
  Which law was specifically created to deal with encryption policy in the United
States?

GC UNIVERSITY FAISALABAD 2
KAMRAN

ANSWER:

The Security and Freedom through Encryption Act of 1999.

QUESTION :6
What is privacy in an information security context?

ANSWER:

Privacy is not absolute freedom from observation, but rather it is a more

precise “State of being free from unsanctioned intrusion”.

QUESTION :7
What is another name for the Kennedy-Kassebaum Act(1996), and why
is it important to organizations that are not in the health care industry?

.
ANSWER:

The Health Insurance Portability and Accountability Act of 1996(HIPAA) protects the
confidentiality and security of health-care data by establishing and enforcing standards and by
standardizing electronic data interchange. It impacts all health-care organizations including.

QUESTION :8
 If you work for a financial service organization (such as a bank or credit
union), which law from 1999 affects your use of customer data? What other effects does
it have?
ANSWER:
 The Gramm-Leach-Bliley (GLB) Act of 1999 affects how financial service organizations use
customer data. It provides that all financial institutions must disclose privacy policies, describe
how they share nonpublic personal information, and describe how customers can place requests
to not have their information shared. It also requires organizations to create and disseminate a
privacy policy to the customers which is to be distributed annually with all revisions and updates.

QUESTION :9
 What is the USA PATRIOT Act? When it was initially established and when was
it significantly modified?

ANSWER:
The USA PATRIOT Act was initially enacted in 2001 as a mechanism to provide the
United States with a means to investigate and respond to the 9/11 attacks on the New York

GC UNIVERSITY FAISALABAD 3
KAMRAN

World Trade Center. It was modified by the USA PATRIOT Improvement and Reauthorization
Act of 2005, which became law in 2006. Some aspects of the law have been updated as
recently as 2015.

QUESTION :10
. Which 1997 law provides guidance on the use of encryption?

ANSWER:
The Security and Freedom through Encryption Act of 1997 provides rules and
guidelines on the proper use of encryption. The act provides proper uses and situations in which
encryption can legally be used and situations in which it cannot legally be used.

QUESTION :11

 What is intellectual property? Is it offered the same protection in every country? What
laws currently protect intellectual property in the United States and Europe?

ANSWER:

 Intellectual property is any material or words created by individuals on their own free
time or at any time, depending on the policy their employers issue. Any country in the world may
have its own definition of “intellectual property.” Therefore, intellectual property is difficult to protect
worldwide. Currently, the U.S. copyright law ensures intellectual property in the United States, and
Europe has the European Council Cyber-Crime Convention.

QUESTION :12
. How will the Sarbanes-Oxley act of 2002 affect information security
managers?
ANSWER:

Executives working in firms covered by this law will seek assurance on the
reliability and quality of information systems from senior information technology managers. In
turn IT manager will likely ask information security managers to verify the confidentiality and
integrity of those same information systems in a process known in the industry as sub
certification

QUESTION :13
What is due care? Why would an organization want to make sure it
exercises due care in its usual course of operations?

GC UNIVERSITY FAISALABAD 4
KAMRAN

ANSWER:
 Due Care is a company taking measures to make sure that every employee
knows what is acceptable and what is not, and the consequences of illegal or unethical actions.
The practice of due care in daily operations would protect a company against liability resulting
from illegal or unethical actions by any employee.

QUESTION :14
 How is due diligence different from due care? Why are both important?
ANSWER:
Due diligence requires that an organization maker a valid effort to protect other and
cardinally maintain this level of effort. Whereas due care has been taken when an organization
makes score that every employee knows that is acceptable or unacceptable behavior and
knows the consequences of illegal or unethical actions Both are important because an
organization can be held responsible if both due diligence and due care are not common
practice.

QUESTION :15
. What is a policy? How is it different from a law?

ANSWER:
A policy is a formalized body of expectations that describe acceptable and
unacceptable employee behaviors in the workplace. The difference between a policy and a law
is that ignorance of a policy is an acceptable defense.

QUESTION :16
What are the three general categories of unethical and illegal
behavior?
ANSWER:
Software license infringement, illicit use, and misuse of corporate resources are the
three general categories of unethical and illegal behavior

QUESTION :17
 What is the best method for preventing an illegal or unethical activity?
ANSWER:

GC UNIVERSITY FAISALABAD 5
KAMRAN

Deterrence can prevent an illegal or unethical activity from occurring. Deterrence

requires significant penalties, a high probability of apprehension, and an expectation of
enforcement of penalties

QUESTION :18
Of the information security organizations listed that has codes of
ethics, which has been established for the longest time?

ANSWER:
When was it founded? The Association of Computing Machinery (ACM) was
established in 1947 as “the world’s first educational and scientific computing society”.

QUESTION :19
 Of the organizations listed that have a code of ethics, which is focused
on auditing and control?

ANSWER:

Information systems audit and control association is the organization which is

focused on auditing and control

QUESTION :20
 What can be done to deter someone from committing a crime?

ANSWER:
Deterrence is the best method for preventing an illegal or unethical activity. Laws,
policies, and technical control are all examples of deterrent. However, itis generally agreed that
laws and policies and their associated penalties only deter it three conditions are present: 1 fear
of penalty2probability of being caught3probability of penalty being administered

-----------------------------------

GC UNIVERSITY FAISALABAD 6