C841 - Legal Issues in Information Security

---

About

Security information professionals have the role and responsibility for knowing and applying ethical and legal principles and processes that define specific needs and demands to assure data integrity within an organization.

This course addresses the laws, regulations, authorities, and directives that inform the development of operational policies, best practices, and training to assure legal compliance and to minimize internal and external threats. Students analyze legal constraints and liability concerns that threaten information security within an organization and develop disaster recovery plans to assure business continuity.

Objective

Objective

Demonstrate achievement of four competencies:

• Compliance Legal Requirements
  • describes the legal requirements to address compliance with cybersecurity policies and procedures within an organization
• Protection Against Security Incidents
  • analyzes applicable laws and policies to legally protect the organization against security incidents
• Security Awareness Training and Education (SATE)
  • outlines legal issues that should be included within the security awareness training and education (SATE) program of an organization
• Ethical Issues for Cybersecurity
  • discusses the implications of ethical issues for specific cybersecurity actions within an organization

Course Outline

• Fundamental Issues
  • Information Security Overview
  • Privacy Overview
  • The American Legal System
• Laws Influencing Information Security
  • Federal Government Information Security and Privacy Regulations
  • State Laws Protecting Citizen Information and Breach Notification Laws
  • Intellectual Property Law
  • The Role of Contracts
  • Criminal Law and Tort Law Issues in Cyberspace
  • Sarbanes–Oxley Act (SOX)
• Security and Privacy in Organizations
  • Information Security Governance
  • Computer Forensics and Investigations
• Final Assessment
  • C841 Task 1
  • C841 Task 2

Resources

• Grama, Joanna Lyn. (2020). Legal issues in Information Security. Third Edition (JBL). http://www.jblearning.com/catalog/9781284054743/

Supplemental Resources

• Helmick, J. (2018) Security Awareness: Identifying Personally Identifiable Information. Pluralsight.com.
• Dennedy, M. (2019) Understanding and Prioritizing Data Privacy. LinkedIn Learning.
  • Moral_Crumple_Zones_Cautionary_Tales_in_Human-Robot_Interaction-MElish(2016)
• Rees, C. (2020). Law, Ethics, and Security Compliance Management. Pluralsight.com.
• Abraham, J. (2018). Digital Forensics: The Big Picture. Pluralsight.com.
• Chapple, M. (2021). CIPP/US Cert Prep: 1 U.S. Privacy Environment. LinkedIn Learning.
• Rogers, B. (2018). Information Security Manager: Information Security Program Management. Pluralsight.com.
• Turner, J. (2018). Building and Implementing a Security Awareness Training Program. Pluralsight.com.