Review Questions

(Whitman & Mattord, 2011)

  1. What is the difference between law and ethics?

Law is legislated and enforced by government through punishments and penalties if the law is not abided by. On the other hand Ethics are self-regulatory mechanism that depends on one’s moral standards and choices to abide by.

  1. What is civil law, and what does it accomplish?

Civil law is a branch of law that protects private and individual rights. This law helps in resolving issues between individuals or businesses concerning property, contracts and family matters.

  1. What are the primary examples of public law?

Public law defines the relations between a state and the people living in it. A primary example is the tax laws of a state.

  1. Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change?

In 1996, an Act called National Information Infrastructure Protection amended the Computer Fraud and Abuse Act. The new act increased penalties for different crimes to computer security and fraud.

  1. Which law was specifically created to deal with encryption policy in the United States?

1999’s Security and Freedom Through Encryption is a specific law to deal with encryption policy in the US. According to this law, each individual can deal in products related to encryption.

  1. What is privacy in an information security context?

Privacy is a form of individual or corporate right which call for a halt to unsanctioned interruption to personal interruption. If there is an issues of protecting the interests of the state, the government might put a check which could intrude privacy

  1. What is another name for the Kennedy-Kassebaum Act (1996), and why is it important to organizations that are not in the health care industry?

The other name for Kennedy-Kassebaum Act (1996) is Health Insurance Portability Accountability Act of 1996 (HIPAA). It is important to organizations other than health organization because it also impacts insurance and health programs run by non-health organizations.

  1. If you work for a financial service organization such as a bank or credit union, which

1999 law affects your use of customer data? What other affects does it have?

The Financial Services Modernization Act 1999. This Act is also called Gramm-Leah-Billey Act of 1999. This act is important because it protects the rights of customers when they deal with an organization. The organization is liable to inform its customers about their privacy policy according to this Act.

  1. What is the primary purpose of the USA PATRIOT Act?

The USA Patriot Act is related to terrorist activities. Its purpose is to deter and punish all acts of terrorism against American Interests.

  1. Which 1997 law provides guidance on the use of encryption?

The Security and Freedom through Encryption Act, 1997 provide guidance in the use of encryption.

  1. What is intellectual property (IP)? Is it afforded the same protection in every country of the world? What laws currently protect it in the United States and Europe?

Intellectual property is an intangible property which is the result of someone’s creativity. Different software and applications are example of intellectual property. It is not afforded the same protection in every country. The political and social systems of country play a decisive role in the implementation of laws specific to Intellectual Property. The US Copyrights Law insures the protection of Intellectual Property.

  1. How does the Sarbanes-Oxley Act of 2002 affect information security managers?

The top management will look for the reliability of the information that they acquire from technology managers while these manager will want the information security managers to verify that the information is confidential and its integrity is intact.

  1. What is due care? Why should an organization make sure to exercise due care in its usual course of operations?


  1. How is due diligence different from due care? Why are both important?

Due diligence is related to organizational efforts to protect others and continue on this practice while due care refers to the fact that the organization has maintained a surety that its employees are aware of ethical and unethical behavior during their works.

  1. What is a policy? How is it different from a law?

Policy is used to describe the set of behaviors inside an organization. These sets would contain ethical and unethical behaviors that the employees should know. This is a formalized document. When a person has done something against the policy, he/she can defend by arguing that there was an unawareness of the policy. In case of doing something against the law, the defense that there was an unawareness of the law is not acceptable.


  1. What are the three general categories of unethical and illegal behavior?

Ignorance, Accident and intent are the three categories of unethical and illegal behavior.

  1. What is the best method for preventing an illegal or unethical activity?

The best method for preventing an illegal or unethical activity is by deterrence where it is understood that the unethical and illegal activity carries a penalty, a detection or apprehension and the application of the penalty if detected.

  1. Of the information security organizations listed that have codes of ethics, which has been established for the longest time? When was it founded?

The Association of Computing Machinery or ACM is established for a long time. It was established in 1947.

  1. Of the organizations listed that have codes of ethics, which is focused on auditing and control?

Of the organizations listed that have codes of ethics, Information Systems Audit and Control Association is focused on auditing and control.

  1. What can be done to deter someone from committing a crime?

There are different ways to deter someone from committing a crime. For example strict laws can be introduced to create a sense of possible punishment after committing a crime. Different organizational policies can also help in minimizing crimes.