SECURITY LAWS AND STANDARDS

Title
SECURITY LAWS AND STANDARDS

Assignment type
Case Study

Discipline
Computer security and reliability

Description
Employees must be trained and kept aware of topics related to information security, not the least of which is the expected behaviors of an ethical employee. This is especially important in information security, as many employees may not have the formal technical training to understand that their behavior is unethical or even illegal. It is the responsibility of information security personnel to do everything in their power to deter illegal, immoral, or unethical behavior and to use policy, education and training, and technology to protect information and systems. Three general causes of unethical and illegal behavior are ignorance, accident, and intent. Deterrence is the best method for preventing illegal or unethical activity. Laws, policies, and technical controls are all examples of deterrents. Laws and policies and their associated penalties only deter if three conditions are present: fear of penalty, probability of being apprehended, and the probability of penalty being applied. Many professional organizations have established codes of conduct or codes of ethics that members are expected to follow. Discuss and prepare tables to compare the following certifications: Certified Information Systems Security Professional (CISSP), HealthCare Information Security and Privacy Practitioner (HCISPP), Certified Cyber Security Forensics Analyst (CSFA), Certified Secure Software Lifecycle Professional (CSSLP) certification. Use the Internet to identify the ethical rules that holders of each certification have agreed to follow. Also determine the knowledge requirements for each of these certifications. You will be assessed on your comparison of the certifications in terms of their knowledge requirements, ethical rules, and effectiveness for the individual in terms of future employment.