CSI-604 - Information Security

ArfanShahzad.com
Course Outline

ArfanShahzad.com
 Legal and Social Issues

• Legal and social issues in information security are critical

considerations in today's digital age.

• Protecting data and information is not only a technical challenge but

also a legal and social responsibility.

• Here are some key legal and social issues in information security:

ArfanShahzad.com
 Legal and Social Issues cont…
Legal Issues
• Data Privacy Laws: Compliance with data privacy laws, such as the
General Data Protection Regulation (GDPR) in Europe and the
California Consumer Privacy Act (CCPA) in the United States, is
essential.

• These laws require organizations to protect the personal data of

individuals and report data breaches promptly.

ArfanShahzad.com
 Legal and Social Issues cont…
Legal Issues
• Intellectual Property Rights: Information security extends to
safeguarding intellectual property (IP) like patents, copyrights, and
trade secrets.

• Unauthorized access or theft of IP can lead to legal action.

ArfanShahzad.com
 Legal and Social Issues cont…
Legal Issues
• Cybercrime Laws: Laws related to cybercrime define offenses like
hacking, identity theft, and cyberbullying.

• Perpetrators can face criminal charges and penalties.

ArfanShahzad.com
 Legal and Social Issues cont…
Legal Issues
• Contractual Obligations: Organizations may have contractual
agreements with clients or partners that require certain security
standards.

• Failure to meet these obligations can result in legal disputes.

ArfanShahzad.com
 Legal and Social Issues cont…
Legal Issues
• Liability: When data breaches occur, determining liability can be
complex.

• Organizations may be held responsible for financial and reputational

damages.

ArfanShahzad.com
 Legal and Social Issues cont…
Legal Issues
• International Considerations: Information crosses borders, and
international laws can be challenging to navigate.

• Conflict of laws and jurisdictional issues can arise when a breach

involves multiple countries.

ArfanShahzad.com
 Legal and Social Issues cont…
Cyber laws in Pakistan
• In Pakistan several data privacy and protection laws and regulations
are existing.

• Here are some key data privacy laws and regulations that were in
place:

ArfanShahzad.com
 Legal and Social Issues cont…
Cyber laws in Pakistan
• The Prevention of Electronic Crimes Act, 2016 (PECA): PECA is one of the
primary laws governing cybersecurity and data protection in Pakistan.

• It includes provisions related to the unauthorized access, data breaches,

and protection of personal data.

• The Pakistan Telecommunication (Re-organization) Act, 1996: This act has

provisions for the protection of telecommunications data and information.

ArfanShahzad.com
 Legal and Social Issues cont…
Cyber laws in Pakistan
• The Cybercrime Rules, 2020: These rules provide further details and
procedures related to the implementation of the Prevention of
Electronic Crimes Act, 2016.

• The National Response Center for Cyber Crimes (NR3C): This is the
law enforcement agency responsible for investigating and addressing
cybercrimes in Pakistan.

ArfanShahzad.com
 Legal and Social Issues cont…
Cyber laws in Pakistan
• The Data Protection Guidelines, 2017: These guidelines were introduced
by the Pakistan Telecommunication Authority (PTA) to regulate the
processing and protection of personal data by telecom operators.

• The Payment Systems and Electronic Money Institutions (EMIs)

Regulations, 2019: These regulations include provisions related to the
protection of financial data and customer information.

ArfanShahzad.com
 Legal and Social Issues cont…
Cyber laws in Pakistan
• The Securities and Exchange Commission of Pakistan (SECP) Data
Protection Regulations, 2018: These regulations govern the
protection of personal and financial data in the financial sector.

ArfanShahzad.com
 Legal and Social Issues cont…
Social Issues
• Trust and Reputation: Data breaches and security incidents erode
trust in organizations.

• Rebuilding trust can be challenging and may require transparent

communication.

ArfanShahzad.com
 Legal and Social Issues cont…
Social Issues
• Digital Divide: Not everyone has equal access to information and
technology.

• The digital divide can exacerbate societal inequalities and limit access
to critical information.

ArfanShahzad.com
 Legal and Social Issues cont…
Social Issues
• Ethical Hacking: Ethical hacking, or white-hat hacking, raises ethical
questions about the boundaries of permissible security testing and
research.

• Surveillance and Civil Liberties: Balancing national security and

surveillance measures with civil liberties and individual freedoms is an
ongoing debate.

ArfanShahzad.com
 Legal and Social Issues cont…
Social Issues
• Cyberbullying and Online Harassment: The digital realm has seen an
increase in cyberbullying and online harassment, leading to concerns
about the safety of individuals, particularly young people.

• Social Engineering: Human factors play a significant role in security

breaches. Education and awareness programs are essential to
mitigate social engineering risks.

ArfanShahzad.com
 Legal and Social Issues cont…
Social Issues
• Environmental Impact: The rapid growth of data centers and the
energy consumption associated with digital technologies raise
environmental concerns.

ArfanShahzad.com