Chapter Four

Commentary on legal
frameworks and enforcement

May/2023
 Ways to manage the risks associated with
vulnerabilities
In addition to malicious attacks, there are always accidents
and careless behaviors.
o Are backups really current?
o What happens if a pipe breaks causing flooding?
These are examples of careless behaviors and accidents.
There are electrical storms, fires, tornadoes, hurricanes,
earthquakes, and other nature related events for which
information systems must be prepared.
It is important to take care and consideration before risks should
be happen; and avoid carless behaviors.

•
2
• It is important to take care and consideration before
risks should be happen; and avoid carless behaviors.
 Managing the risk of computer crime, Protecting
systems and data with passwords, encryption,
auditing software, and access logs is vital.
• These logical protections must be reviewed and
analyzed in order to ensure the system has not been
penetrated.
• Physical entry to computer systems must be
protected.
• Locations of computer systems are often hidden from
the public knowledge in order to make the systems
more difficult to find.
3
 Cont’d
• Managing the risk of fraud; Regulatory
agencies and criminal justice units are using
the web to locate fraud.
• Regulatory agencies review medical and
pharmaceutical related sites.
• Also, professional organizations and
credible health care organizations provide
correct information on sponsored sites.

4
 Fighting crimes
• To fight the crimes the major fronts are
legislative and technical actions.
• Legislative: States have to adopt measures to be
taken against computer criminals and expand
law of enforcement.
• Technically: software exists to detect
unauthorized entry and denying the entry.
• Additionally, security issues involving
cryptography also used.

5
 Managing the risk of technology vulnerabilities .
 The major activity deployed by businesses to protect
computer systems and data from electronic intrusion is
the utilization of firewalls and virus protection
software.
• Firewalls are utilized to establish a barrier between
the business computer systems and the outside
world.
• Firewalls may be a combination of hardware and
software or it may be software only.
• A firewall filters or restricts access externally to
enter system and access internally to exist system.
6
 Protecting Information Products
• Rights of intellectual property is the means for protecting information
Products.
• The rules for IP protection, such as the scope of protection and the
requirements for obtaining protection, are set out and enforced in laws
and regulations of national governments.
 Digital Millennium Copyright Act (DMCA)
• developed to address issues that arise in the electronic environment
• take copyright principles in to the digital information age.
 The rules of DMCA:
 Prohibit the circumvention of technological protection measures (TPMS).
 Prohibit alteration of Copyright management information imbedded in
digital works.
 grant open source products and software (OSPS) an exclusion from
monetary liability for Copyright infringement.
 Allow non-Profit educational institutions to use digital technology for
distance education.
 Permit Preservation and storage in a digital format etc .

7
 Ethiopian Case;
The following articles of the Ethiopian Constitution consist statements on
intellectual property:
 Article 51: Powers and Functions of the Federal Government
• No.19- Federal Government shall patent inventions and protect
copyrights.
 Article 55: powers and Functions of House of People’s
Representatives
 No. 2(e) - the House of Peoples” Representatives shall enact specific laws
on Patent & Copyright.
 Article 77- Powers and Functions of Council of Ministers
 No. 5- Council of Ministers shall Protect patents and copyright.
 The existing copyright law is part of the 1960 civil Code and it is too
general- difficult to apply
 Ministry of Youth, sports and culture has introduced a new bill
providing copyright protection, but the bill has not been enacted.
Current responsible institution:
 Patent, Technology & Development Department Of Ethiopian Science
and Technology Minister regulates patents & intellectual property.

8
 Computer Security
 Computer security refers to the protection of computers
and the information contained in them from
unauthorized access, damage or modification.
 It involves the protection of hardware, software, and
information being processed, stored & communicated.
 Computer Security Measures
I. Physical access control.:- This includes using:
I. security badges with photographs,
II. magnetic card readers,(magnetic strips that identify the
individual )
III. biological detection methods to restrict access only to
authorized users.
II. Procedural controls:-
I. use of security guards &
II. locking the computer room --key is required.

9
III Technical controls: - includes
a. Passwords
b. Firewalls.
c. Cryptography:-
d. Strong authentication using digital signature
e. Closed circuit television surveillance
f. Dial back systems which: disconnect external users &
calling them back once their password has been verified.
g. Biometric security techniques: (Practical in high security
& defiance organization).
• Electronic finger printing
• Retina scanning
• Hand geometry
• Signature dynamics
• Voice recognition
• Neural Network identification

10
 Privacy
Ethiopian Case:
The Ethiopian constitution has included article about privacy:
Article 26: Right to Privacy
 Everyone has the right to privacy. This right shall include the
right not to be subjected to searches of his home, person or
property, or the seizure of any property under his personal
possession.
 Everyone has the right to the inviolability of his notes and
correspondence including postal letters, and
communications made by means of telephone,
telecommunications and electronic devices.
 Public officials shall respect and protect these rights. No
restrictions may be placed on the enjoyment of such rights
except in compelling circumstances and in accordance with
specific laws whose purposes shall be the safeguarding of
national security or public peace, the prevention of crimes
or the protection of health, public morality or the rights and
freedoms of others.
11
 Information Policy
Information policy is defined as:
as
• A set of interrelated principles, laws,
guidelines, rules, regulations, and procedures
guiding the oversight and management of the
information life cycle. (production, collection,
distribution/dissemination, retrieval and
retirement of information)
• Information policy has become one of the
most important aspects of public policy
because of: the following factors.
12
 Cont’d
 The growing importance of information as a major factor of
production and wealth creation. Information policy can play a
pivotal role in:
 industrial and commercial competitiveness;
 employment and the creation of high value-added job opportunities;
 lifelong learning and the effectiveness of the education and training system;
 social inclusion and access to services and opportunities;
 healthy living and the effectiveness of the National Health Service;
 the efficiency and effectiveness of public services;
 participation in the democratic process;
 regional development;
 cultural identity and diversity;
 intellectual rights

 A growing concern about privacy:

• the advances in information technology made the collection,
processing and dissemination of data on individuals very
inexpensive. 13
Areas of concern for a National Information Policy
Three main areas of concern can be identified for a National Information
Policy:
• connectivity,
• content and
• competencies.
1. Connectivity: incorporate ideally three areas which are:
• information networks,
• Access
• interoperability

2. Content include:
• the creation of core content,
• ensuring delivery of this content,
• protection of the citizen, and
• provision of free access to core information.
3. Competencies consist of:
• the development of universal information literacy,
• the supply of information specialists, and
• the creation of information strategies for organizations.

14