Learning Unit 11 - Legal issues in information security and risk management

12345678910111213141516171819
Across
  1. 3. which involves any illegal act which involves a computer whether the computer is an object of a crime, an instrument used to commit a crime or a repository of evidence related to a crime and includes the statutory cyber crimes set out in sections 85 to 88 of the ECT Act.
  2. 5. where the concepts of “reasonableness” and “duty of care” are being relied upon to determine whether or not organisations have been negligent in not taking the necessary security precautions, or are liable for loss suffered where it is proved by a party who suffered loss that their loss should have been reasonably foreseeable and due to the others parties negligence, loss or damage has been suffered by the other party.
  3. 6. Many jurisdictions have enacted breach notification laws that require organizations to notify affected individuals, regulators, or authorities in the event of a data breach. These laws often have specific timelines for reporting breaches and may also outline the content and format of the notifications.
  4. 10. where information technology contracts such as outsourcing, service provision, application service provider and software licensing agreements are beginning to impose security obligations on vendors and business partners. These agreements increasing require the providers of information technology to warrant against security vulnerabilities, such as viruses and trojan horses, and organisations are more frequently being contractually obligated to protect a customer’s, employee’s, or business partner’s personal or confidential information. Similarly, businesses are often required to agree to security commitments as a condition of participating in certain activities. For example, merchants that want to accept credit cards, must agree to comply with the PCI Data Security Standard (click here to read our post on the Standard).
  5. 13. (e.g. the SA Post Office Trust Centre) which includes digital certificates and electronic authentication.
  6. 16. Various data protection and privacy laws, such as the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in the United States, regulate the collection, storage, processing, and transfer of personal data. Organizations must comply with these laws and implement appropriate security measures to safeguard personal information.
  7. 18. in terms of section 87 of the ECT Act where the victim of an information security attack conducted by means of impersonation or spoofing could lay a criminal charge of fraud against the attacker based on the attacker’s attempt to mislead or misappropriate something of value
  8. 19. Laws related to cybercrime and computer fraud address offenses like hacking, unauthorized access, identity theft, malware distribution, and other cyber-related crimes. These laws provide legal frameworks for prosecuting individuals or organizations engaged in illegal activities targeting information systems and networks.
Down
  1. 1. Organizations need to protect their intellectual property rights, such as trade secrets, patents, copyrights, and trademarks. Implementing robust security measures and employing legal mechanisms to safeguard intellectual property is crucial for mitigating risks associated with unauthorized access or theft.
  2. 2. in connection with forensic issues relating to information in electronic form which may have been modified or deleted in an attempt to hide the evidence and the taking of necessary steps to ensure that the reliability and admissibility of the electronic evidence will be maintained in the eyes of a Court of law.
  3. 4. Transferring personal data across international borders may be subject to specific legal requirements. Adequate safeguards, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs), may need to be implemented to ensure compliance with applicable data protection laws.
  4. 7. where section 43 (5) of the ECT Act requires the use of a payment system which is “sufficiently secure”.
  5. 8. Contracts, such as service level agreements (SLAs) and vendor agreements, play a crucial role in managing information security risks. Organizations should include provisions that outline security responsibilities, breach notification requirements, and liability allocation in case of security incidents.
  6. 9. play a significant role in information security and risk management. Several laws and regulations govern the protection of sensitive information, privacy, and the management of risks associated with data breaches and cybersecurity incidents.
  7. 11. where for example a person submits personal information to an organisation for a certain purpose and the organisation reveals the information to a third party who misuses the information causing the person to suffer damage or loss (for example, in the context of ‘data swops’ between organisations).
  8. 12. where ordinary electronic signatures and “advanced” electronic signatures play a role in securing information pursuant to sections 13 of the ECT Act.
  9. 13. has introduced the concepts of providing appropriate, reasonable technical and organisational measures to protect personal information.
  10. 14. under the soon to be enacted Protection of Personal Information Bill.
  11. 15. for example identity theft
  12. 17. where King III™ requires appropriate information security controls to protect companies and their shareholders.