CHAPTER 3

1.The law consists of a set of rules and regulations, where

as Ethics comprises of guidelines and principles that inform people about how to
live or how to
behave in a particular situation.

2.Civil law comprises a wide variety of laws that govern a nation or state and deal
with
the relationships and conflicts between organizational entities and people.

3.Public law comprises constitutional law, administrative law, tax law and criminal
law, as well as all procedural law.
In public law, mandatory rules prevail. Laws concerning relationships between
individuals belong to private law.

4.The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that
made it a federal crime to access a
protected computer without proper authorization.

5.In the United States, a special law was created in 1999 to deal with the
encryption policy is named as SAFE Act of 1999
(Security and Freedom through Encryption Act).

6. Privacy in an information system refers to how the information that you supply
will be protected.
Privacy cannot be considered as absolute freedom from observation. But rather it
is more precise
�state of being free from unsanctioned intrusion of information�.

7.The Kennedy-Kassebaum Act is also known as the Health Insurance Portability &
Accountability Act of 1996 (HIPPA).
It is important to organizations that are not in the health care industry due to
the fact that it limits what information is collectable from individuals' health
record.

8.The law from 1999 that affects the use of customer data by financial institutions
is the Financial Services
Modernization Act or Gramm-Leach-Bliley Act of 1999. Specifically, this Act
requires all financial institutions
to disclose their privacy policies on the sharing of nonpublic personal
information.

9.The Patriot Act is legislation passed in 2001 to improve the abilities of U.S.
law enforcement to detect and
deter terrorism. The act's official title is,
�Uniting and Strengthening America by Providing Appropriate Tools Required to
Intercept and Obstruct Terrorism,� or USA-PATRIOT.

10.The Security and Freedom through Encryption Act of 1997 provides rules and
guidelines on the proper use of encryption.

11.

12.The Sarbanes-Oxley Act changes management's responsibility for financial

reporting significantly.
The act requires that top managers personally certify the accuracy of financial
reports.
If a top manager knowingly or willfully makes a false certification, he can face
between 10 to 20 years in prison.

13.Due diligence requires that an organisation make a valid effort to protect

others and continually maintain this level of effort.
Due care is when an organisation makes sure that every employee knows what is
acceptable or
unacceptable behavior and knows the consequences of illegal or unethical
actions.

14.Due diligence is the management of due care.

Due care and due diligence are often confused; they are related,
but there is a difference between them. Due care is informal, while due
diligence follows a process.

15.policies are made in the name of the people , and law is framed for bringing
justice to the society .

16.Three general categories of Unethical Behavior are:

(Accident; who makes mistakes and result in threats to information.)
(Intent; intent of doing wrong.)
(Ignorance; they just don't know any better.)

17.Deterrence is the best method for preventing an illegal or unethical activity.

Laws, policies,
and technical controls are all examples of deterrents.

18.The Association of Computing Machinery (ACM) has been established the longest
among all Internet security organizations.
It was founded 1947. 19-Of the organizations listed that have a code of ethics,
which is focused on auditing and control.

19.

20.Hitting "forgot password" more than "login".