Presentation is loading. Please wait.

Presentation is loading. Please wait.

© ITT Educational Services, Inc. All rights reserved. IS3350 Security Issues in Legal Context Unit 5 Security and Privacy Involving Corporations and Educational.

Similar presentations


Presentation on theme: "© ITT Educational Services, Inc. All rights reserved. IS3350 Security Issues in Legal Context Unit 5 Security and Privacy Involving Corporations and Educational."— Presentation transcript:

1 © ITT Educational Services, Inc. All rights reserved. IS3350 Security Issues in Legal Context Unit 5 Security and Privacy Involving Corporations and Educational Institutions

2 © ITT Educational Services, Inc. All rights reserved.Page 2 IS3350 Security Issues in Legal Context Learning Objective  Identify the basic components of the American legal system  Describe legal compliance laws addressing public and private institutions

3 © ITT Educational Services, Inc. All rights reserved.Page 3 IS3350 Security Issues in Legal Context Key Concepts  Protecting children on the Internet  Family Education Rights and Privacy Act (FERPA)  Regulation of privacy and security in corporations  Sarbanes-Oxley (SOX)  Compliance and security controls

4 © ITT Educational Services, Inc. All rights reserved.Page 4 IS3350 Security Issues in Legal Context EXPLORE: CONCEPTS

5 © ITT Educational Services, Inc. All rights reserved.Page 5 IS3350 Security Issues in Legal Context Critical Aspects of FERPA  Right to inspect and review student education records  Right to request that a school correct inaccurate or misleading records  Schools required to secure written permission from parent or eligible student to release information from student education record

6 © ITT Educational Services, Inc. All rights reserved.Page 6 IS3350 Security Issues in Legal Context School Disclosure Exceptions in FERPA School officials with legitimate educational interest Other schools to which a student is transferring Specified officials for audit or evaluation purposes Appropriate parties in connection with financial aid to a student

7 © ITT Educational Services, Inc. All rights reserved.Page 7 IS3350 Security Issues in Legal Context School Disclosure Exceptions in FERPA (cont.) Organizations conducting certain studies for or on behalf of the school Accrediting organizations Response to judicial order or lawfully issued subpoena Appropriate officials in cases of health and safety emergencies State and local authorities within a juvenile justice system, pursuant to specific State law

8 © ITT Educational Services, Inc. All rights reserved.Page 8 IS3350 Security Issues in Legal Context School Disclosure Exceptions in FERPA (cont.) Directory information Student and parents must be informed and raise no objectives Name, address, and telephone number Date and place of birth Honors and awards Dates of attendance

9 © ITT Educational Services, Inc. All rights reserved.Page 9 IS3350 Security Issues in Legal Context Critical Aspects of Sarbanes- Oxley (SOX)  Protect investors by requiring accuracy and reliability in corporate disclosures  Created new standards for corporate accountability  Created new penalties for acts of wrongdoing, both civil and criminal  Changes how corporate boards and executives must exchange information and work with corporate auditors

10 © ITT Educational Services, Inc. All rights reserved.Page 10 IS3350 Security Issues in Legal Context Critical Aspects of Sarbanes- Oxley (SOX) continued  Specifies new financial reporting requirements  Requires all financial reports to include an internal control report  Auditing firms are also required to attest to the accuracy of the assessment

11 © ITT Educational Services, Inc. All rights reserved.Page 11 IS3350 Security Issues in Legal Context Critical Sections of Sarbanes-Oxley Act Sec. 201 Services outside scope of auditor practice Sec. 302 Corporate responsibility for financial reports Sec. 404 Assessment of internal controls Sec. 409 Real time issuer disclosures Sec. 802 Criminal penalties for altering documents Sec. 806 Protection of employees exposing fraud Sec. 807 Criminal penalties for defrauding shareholders

12 © ITT Educational Services, Inc. All rights reserved.Page 12 IS3350 Security Issues in Legal Context Privacy – Principle Concepts Privacy of employee data Privacy of customer data Privacy of corporate data

13 © ITT Educational Services, Inc. All rights reserved.Page 13 IS3350 Security Issues in Legal Context Privacy in Workplace  Law generally allows organizations to monitor employee conduct  Protection of proprietary information  Maintain privacy of customer information

14 © ITT Educational Services, Inc. All rights reserved.Page 14 IS3350 Security Issues in Legal Context COPPA and CIPA  Children are Internet-ready and receptive  Lack the judgment and knowledge of dangers  Lack knowledge to evaluate the merits of information  U.S Congress Protective Actions Children's Online Privacy Protection Act (COPPA) of 1998 Children's Internet Protection Act (CIPA) of 2000

15 © ITT Educational Services, Inc. All rights reserved.Page 15 IS3350 Security Issues in Legal Context EXPLORE: PROCESS

16 © ITT Educational Services, Inc. All rights reserved.Page 16 IS3350 Security Issues in Legal Context Children's Online Privacy Protection Act (COPPA)  Notice of information practices on home page  Notice at each area where personal information from children is collected  Notice must be clearly written and understandable  Notice may not include any unrelated or confusing materials  Notification of parent is required  Verifiable parental consent is required

17 © ITT Educational Services, Inc. All rights reserved.Page 17 IS3350 Security Issues in Legal Context EXPLORE: CONTEXT

18 © ITT Educational Services, Inc. All rights reserved.Page 18 IS3350 Security Issues in Legal Context Where do COPPA and CIPA Apply?  Commercial Web sites  Online services  Educational institutions  Libraries

19 © ITT Educational Services, Inc. All rights reserved.Page 19 IS3350 Security Issues in Legal Context CIPA Requirements  Schools and libraries must Use technology protection measures Protect against access to harmful visual depictions Adopt and enforce a policy to monitor the online activities of minors  Minors are those 17 years of age or less

20 © ITT Educational Services, Inc. All rights reserved.Page 20 IS3350 Security Issues in Legal Context Summary  Protecting children on the Internet  Family Education Rights and Privacy Act (FERPA)  Regulation of privacy and security in corporations  Sarbanes-Oxley (SOX)  Compliance and security controls


Download ppt "© ITT Educational Services, Inc. All rights reserved. IS3350 Security Issues in Legal Context Unit 5 Security and Privacy Involving Corporations and Educational."

Similar presentations


Ads by Google