Upload
osric
View
246
Download
0
Embed Size (px)
DESCRIPTION
IS3350 Security Issues in Legal Context Unit 5 Security and Privacy Involving Corporations and Educational Institutions. Learning Objective. Identify the basic components of the American legal system Describe legal compliance laws addressing public and private institutions. Key Concepts. - PowerPoint PPT Presentation
Citation preview
© ITT Educational Services, Inc. All rights reserved.
IS3350 Security Issues in Legal Context
Unit 5
Security and Privacy InvolvingCorporations and Educational Institutions
© ITT Educational Services, Inc. All rights reserved.Page 2IS3350 Security Issues in Legal Context
Learning Objective
Identify the basic components of the American legal system
Describe legal compliance laws addressing public and private institutions
© ITT Educational Services, Inc. All rights reserved.Page 3IS3350 Security Issues in Legal Context
Key Concepts
Protecting children on the InternetFamily Education Rights and Privacy Act
(FERPA)Regulation of privacy and security in
corporationsSarbanes-Oxley (SOX)Compliance and security controls
© ITT Educational Services, Inc. All rights reserved.Page 4IS3350 Security Issues in Legal Context
EXPLORE: CONCEPTS
© ITT Educational Services, Inc. All rights reserved.Page 5IS3350 Security Issues in Legal Context
Critical Aspects of FERPA
Right to inspect and review student education records
Right to request that a school correct inaccurate or misleading records
Schools required to secure written permission from parent or eligible student to release information from student education record
© ITT Educational Services, Inc. All rights reserved.Page 6IS3350 Security Issues in Legal Context
School Disclosure Exceptions in FERPA
• School officials with legitimate educational interest• Other schools to which a student is transferring• Specified officials for audit or evaluation
purposes• Appropriate parties in connection with financial
aid to a student
© ITT Educational Services, Inc. All rights reserved.Page 7IS3350 Security Issues in Legal Context
School Disclosure Exceptions in FERPA (cont.)• Organizations conducting certain studies for
or on behalf of the school• Accrediting organizations• Response to judicial order or lawfully issued
subpoena • Appropriate officials in cases of health and
safety emergencies• State and local authorities within a juvenile
justice system, pursuant to specific State law
© ITT Educational Services, Inc. All rights reserved.Page 8IS3350 Security Issues in Legal Context
School Disclosure Exceptions in FERPA (cont.)
• Directory information• Student and parents must be informed
and raise no objectives• Name, address, and telephone number• Date and place of birth• Honors and awards• Dates of attendance
© ITT Educational Services, Inc. All rights reserved.Page 9IS3350 Security Issues in Legal Context
Critical Aspects of Sarbanes-Oxley (SOX) Protect investors by requiring accuracy and
reliability in corporate disclosures Created new standards for corporate
accountability Created new penalties for acts of wrongdoing,
both civil and criminal Changes how corporate boards and executives
must exchange information and work with corporate auditors
© ITT Educational Services, Inc. All rights reserved.Page 10IS3350 Security Issues in Legal Context
Critical Aspects of Sarbanes-Oxley (SOX) continued
Specifies new financial reporting requirements Requires all financial reports to include an
internal control report Auditing firms are also required to attest to the
accuracy of the assessment
© ITT Educational Services, Inc. All rights reserved.Page 11IS3350 Security Issues in Legal Context
Critical Sections of Sarbanes-Oxley Act• Services outside scope of auditor
practice
• Corporate responsibility for financial reports
Sec. 404 • Assessment of internal controls
• Real time issuer disclosures
• Criminal penalties for altering documents
• Protection of employees exposing fraud
• Criminal penalties for defrauding shareholders
© ITT Educational Services, Inc. All rights reserved.Page 12IS3350 Security Issues in Legal Context
Privacy – Principle Concepts
• Privacy of employee data• Privacy of customer data• Privacy of corporate data
© ITT Educational Services, Inc. All rights reserved.Page 13IS3350 Security Issues in Legal Context
Privacy in Workplace
Law generally allows organizations to monitor employee conduct
Protection of proprietary informationMaintain privacy of customer information
© ITT Educational Services, Inc. All rights reserved.Page 14IS3350 Security Issues in Legal Context
COPPA and CIPAChildren are Internet-ready and receptiveLack the judgment and knowledge of
dangers Lack knowledge to evaluate the merits of
informationU.S Congress Protective Actions• Children's Online Privacy Protection Act
(COPPA) of 1998• Children's Internet Protection Act (CIPA)
of 2000
© ITT Educational Services, Inc. All rights reserved.Page 15IS3350 Security Issues in Legal Context
EXPLORE: PROCESS
© ITT Educational Services, Inc. All rights reserved.Page 16IS3350 Security Issues in Legal Context
Children's Online Privacy Protection Act (COPPA)Notice of information practices on home
pageNotice at each area where personal
information from children is collectedNotice must be clearly written and
understandableNotice may not include any unrelated or
confusing materialsNotification of parent is requiredVerifiable parental consent is required
© ITT Educational Services, Inc. All rights reserved.Page 17IS3350 Security Issues in Legal Context
EXPLORE: CONTEXT
© ITT Educational Services, Inc. All rights reserved.Page 18IS3350 Security Issues in Legal Context
Where do COPPA and CIPA Apply?
Commercial Web sites Online servicesEducational institutions Libraries
© ITT Educational Services, Inc. All rights reserved.Page 19IS3350 Security Issues in Legal Context
CIPA Requirements
Schools and libraries must • Use technology protection measures • Protect against access to harmful visual
depictions• Adopt and enforce a policy to monitor the
online activities of minorsMinors are those 17 years of age or less
© ITT Educational Services, Inc. All rights reserved.Page 20IS3350 Security Issues in Legal Context
Summary
Protecting children on the InternetFamily Education Rights and Privacy Act
(FERPA)Regulation of privacy and security in
corporationsSarbanes-Oxley (SOX)Compliance and security controls