What are the ethical and legal issues in information security?

In computer science, ethics are regarded as how professionals make decisions for professional and social conduct. There are rules and practices that determine what is right or wrong. Ethical issues occur when a decision or activity creates a dispute with society's moral policies. They could be generated due to an individual or an entire organization.

Legal factors are the laws that the Government has passed. The Government has issued several acts/ laws specifically for the computer industry. All professionals in this industry need to obey these rules. Legal issues occur when a company or an individual violates the laws given by the Government.

Ethical issues in information security

Ethical issues faced by organizations in information technology are generally concerned with privacy, property rights, or the effects of an activity on society. Some of the common ethical issues in the cyber world are as follows:

Privacy

Nowadays, computer users can access different information from various servers located all over the world. Though the users have their private computer, tools, and operating system, their network is distributed at a large scale when they try to access information. As a result, their information is likely to be disclosed to various organizations, and their privacy is not maintained.

Furthermore, hackers often intrude into the computer system of people and access the user's information without authorization. Some organizations also sell the information and data of their users. This also raises the question of user information privacy.

That is why companies need to develop ethical policies that can keep the information of their users safe from hackers.

Access right

Lots of industries use computer software and technology to provide services to their customers. This software should be capable of preventing unauthorized access to the system.

Especially in payment or banking software, the developers need to create software that guarantees authorized access and stops malware, viruses, or unauthorized access to the system.

Prevention of loss

According to this ethical principle, information technology should not be used in a manner that would cause harm or loss of property, information, ownership, or destruction of the property. The employees, users, and other public should use all the equipment with care to prevent any severe loss.

Patents

Ethical issues that are regarded to patents are tough to deal with. Patents preserve the unique and secret part of an idea. To acquire a patent, companies need to provide proper disclosure of the software. The patent holder also has to reveal the entire program details to a proficient programmer. If any issues in the patent are found, the company will be answerable to the public or Government.

Copyright

Copyright issues need to be taken extremely seriously by information security professionals. Copyright laws are created to protect computer software before and after a security breach such as the mishandling of data, misusing information, documentation, computer programs, or any other material. Most countries have different laws to handle copyright issues occurring in the cyber world.

Trade secrets

Another common ethical issue in the computer world is trade secrets. Trade secrets keep the value and importance of the ideas, business, or software secure. According to this ethic, the confidential data of an organization should not be leaked to outsiders. If this law is broken, it may cause much harm to the company. Therefore, the company's staff and all individuals need to obey this law.

Piracy

Piracy means the creation and usage of illegal copies of the software. This issue commonly occurs in today's world. Software owners have the right to choose how to distribute the software and whether users can create copies of the software. If a developer does not allow duplication of the software, it is considered piracy whenever the software is duplicated. The individual who duplicates the software is also held guilty for that.

The software industry is facing a high number of piracy issues nowadays. Courts are also working to prepare strict laws to prevent piracy.

Legal issues in information security

Similar to ethical issues, information technology organizations are also bound to follow laws issued by the Government. If a company fails to provide satisfactory service to the client or cheats the client, the organization is held guilty in court. The most common legal issues that occur in the information security industry are as mentioned below.

Violation of contract

When a client or organization decides to work with each other, the details are finalized by creating a contract. The contract contains the work duration, the purpose of the work, and other details related to the project. Before getting the client on board, it is necessary to discuss the contract and get all the details approved by the client.

Later, if the client or the organization violates the contract, they may face legal issues. Either party can file an issue in court and get the conflict solved according to the computer acts defined by the Government.

Negligence of contract

If a company fails to fulfill the client's requirements (as mentioned in the contract), it is considered negligence of the contract. In such cases, the company will also be considered guilty and will have to prove itself in court.

Information technology needs to ensure they deliver the correct services to the client within the mentioned time duration to avoid such legal issues.

Acts related to information technology

The Government has created certain acts to protect against fraud and illegal activities in this industry. The acts vary depending on the region. However, the common acts related to computer science are as follows.

• Data protection act - This act imposes restrictions on organizations and individuals that store personal data. Such companies need to follow the regulations defined by this act.
• Freedom of information act - According to this act, the information held by public authorities can be accessed by any individual.
• Computer misuse act - This act was created to prevent hacking and misuse of data. It controls issues related to user data misuse.

Difference between ethics and law 

Context and Applications

Ethical and legal issues are essential topics in information security and cybersecurity subjects. The topic is taught in courses like:

• Bachelor of Science in information technology
• Master of Science in information technology

Practice Problems

Ques 1) What are ethics?

1. Set of rules that define what is right or wrong
2. Legal laws issued by the Government
3. Activities that an organization does
4. None of these

Answer: Option a

Explanation: According to the definition, ethics are rules and practices that identify what is right or wrong.

Ques 2) Issues related to misuse of the data of a user or individual are regulated by which legal act?

1. Freedom of information act
2. Computer misuse act
3. Data protection act
4. All of the above

Answer: Option b

Explanation: Issues related to misuse of user data or hacking are controlled under the computer misuse act.

Ques 3) Who creates laws?

1. Government
2. Business organizations
3. Schools
4. Engineers

Answer: Option a

Explanation: Laws are a documented set of rules that the Government of the country creates.

Ques 4) Which of these is not an ethical issue in the information security industry?

1. Piracy
2. Copyright
3. Prevention of loss
4. Creating innovative products

Answer: Option d

Explanation: Piracy, copyright issues, prevention of loss, trade secrets, patent issues, access rights, and privacy problems are all ethical issues in the computer world. However, creating innovative products is not an ethical issue.

Ques 5) Under which of the following circumstances does a company have to face legal issues?

1. Violation of the contract
2. Selling product to a client
3. Talking to the client
4. None of the above

Answer: Option a

Explanation: If an organization violates the legal contract made with the client, the organization will have to deal with legal issues.

Common Mistakes

Students often think that ethics and laws are the same terms. Though these terms refer to a set of rules to be followed by an individual or organization, they are different terms. Students should note the difference between these terms and should not use the terms interchangeably.

Related Concepts

• Information system security
• Ethical hacking
• Cultural issues
• Cybercrime