6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Tanya Zlateva et al.<br />
security breaches lose an average of 2.1% of their market value within two days and subsequent<br />
studies confirmed the sensitivity of financial performance from security breaches.<br />
The threat of cyber espionage and cyber war is not anymore restricted to expert forums but has<br />
become part of the public discussion. The increased number and sophistication of cyber-attacks<br />
clearly indicate that these attacks originate from professionally run business and government<br />
organizations. Estimates about the degree of the threat may vary—Clarke (2010) posits that cyber<br />
armies are being set up in Russia, China Israel, North Korea and Iran while others believe the goal is<br />
espionage not cyber . However, no one disputes the large negative impact an information security<br />
breach can cause to the economy, government, or the individual.<br />
These development trends clearly indicate that cyber law, business continuity and risk management<br />
provide an indispensable context for framing information security problems and are an integral part of<br />
finding effective solutions. A collaborative effort between the BU MET Computer Science and<br />
Administrative Sciences Department is currently under way for developing a new course in cyber law<br />
and for coordinating the curriculum of the information security concentrations in the MS program in<br />
CS, CIS, and TC with an existing graduate certificate and specialization in Business Continuity,<br />
Security and Risk Management (Boston University 2010b).<br />
4.1 Law and regulation of information security<br />
As technology evolves so must the law. The alleged obsolescence of legal rules in computers and the<br />
Internet among other technologically advanced fields is well recognized in legal scholarship (Moses<br />
2007; Downing 2005). Because the resolution of legal problems are typically left to the chosen dispute<br />
resolution bodies, it is most important to identify in advance the types of legal problems that frequently<br />
follow technological change (Moses 2007; Lessig 1995). Some of the more important questions<br />
arising in relation to information security include:<br />
Defining the technological advancements needed to secure greater protections to the citizens and<br />
communities from cyber-attacks;<br />
Determining who can best regulate the Internet environment and control activity in cyberspace in<br />
a sovereign world;<br />
Constructing with law enforcement and the intelligence communities, an effective means of<br />
sharing actionable information with the private sector (Chander 2002);<br />
Establishing an ethics and conflict policy governing cyber activity and information security to<br />
address cultural change; and<br />
Understanding the ways in which the rise of online interaction alters the balance of power among<br />
individuals, corporations, and government, and how our choice of legal regime should be<br />
influenced by these changes (Chander 2002).<br />
We approach the development of the new information security course by framing a course<br />
methodology and structuring the topics around the areas of the global regulatory environment,<br />
computer crime regulations in the US, jurisprudence over cyber space, culture and information<br />
security, cyber forensics and internet evidence, and international responsibility.<br />
Framing an Information Security Law Curriculum Methodology.<br />
Significantly, the global economy has expanded our vulnerability to manipulation of our software and<br />
hardware through a new phenomena known as "the global supply chain" which increases the number<br />
of actors and the complexity of understanding the legal environment from both a domestic and global<br />
perspective. Technology today passes through many hands including design, manufacture,<br />
distribution, transportation, wholesaler, retailer, installer, repair service and firmware update. To<br />
prevent these vulnerabilities we must focus on better system design, supply chain management,<br />
information security practices, public private partnerships, law enforcement, intelligence and most<br />
important the education of users, employees and management.<br />
The primary pedagogical approach to teaching security information law at Boston University is<br />
through the Socratic method. Diverse Socratic methodologies are used to develop critical thinking<br />
skills including inquiry and debate, examination of complex real-life cybersecurity problems and<br />
ethical concerns, and conflict and contractual analysis, The case studies are derived primarily from<br />
272