Revised 8/2023

ITN 267 - Legal Topics in Network Security (3 CR.)

Course Description

Conveys an in-depth exploration of the civil and common law issues that apply to network security. Explores statutes, jurisdictional, and constitutional issues related to computer crimes and privacy. Includes rules of evidence, seizure and evidence handling, court presentation and computer privacy in the digital age. Total 3 hours per week.

General Course Purpose

The purpose of this course is to train the student on legal, regulatory, and policy standards that impact his or her role as a network administrator or security professional. As such, there should be less of an emphasis on case law or precedent as found within business-oriented cyberlaw courses, and more of an emphasis on legal requirements, policy, and regulations that have direct impact on technical roles or responsibilities with safeguarding sensitive information to meet legal and regulatory compliance expectations.

Course Prerequisites/Corequisites

Ability to read and write at a college level.

Course Objectives

Upon successful completion of this course, the student will have a working knowledge of:

  • Legal statutes as they apply to network security
  • computer crime rules of evidence
  • evidence seizure, handling, and court presentation
  • privacy, individual rights, and free speech

Major Topics to Be Included

  • Legal System
  • Rules of Evidence
  • Evidence Seizure and Handling
  • Court Presentation
  • Privacy, Individual Rights, Free Speech and the Law.

Student Learning Outcomes

  • Legal System (PLE)
    • Identify major national, state, and international laws that relate to information security.
    • Understand the difference between law and ethics.
    • Understand the role of culture as it applies to ethics.
    • Understand the difference between Civil, Criminal, Tort, Private and Public laws as they apply to security and evidence.)
    • Understand the role copyright laws play in security.
    • Understand the role that the Freedom of Information Act of 1966 (FOIA) plays in security.
    • Understand the main elements of the Federal Privacy Act of 1974 as it applies to individual privacy and its subsequent impact upon security.
    • Understand the main elements of the Electronic Communication Privacy Act of 1986 as it applies to privacy and security.
    • Understand the main elements of the Computer Fraud and Abuse Act of 1986 as it applies to security.
    • Understand the main elements of the Computer Decency Act of 1987 as it applies to security.
    • Understand the main elements of the National Information Infrastructure Protection Act of 1996 as it applies to security.
    • Understand the main elements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as it applies to privacy and security.
    • Understand the main elements of the Economic Espionage Act of 1996 as it applies to security.
    • Understand the main elements of the Financial services Modernization Act of 1999 (Gramm- LEACH-Bliley) as it applies to privacy and security.
    • Understand the main elements of the Security and Freedom through Encryption Act of 1999 as it applies to security.
    • Understand the main elements of the U.S.A. Patriot Act of 2001 as it applies to security.
    • Understand the difference between policy and law.
    • Understand how ethical concepts apply to security.
    • Understand the main element of the Americans with Disabilities Act (Section 508)
    • Understand the main elements of the Computer Security Act as it applies to security.
    • Understand the main elements of Sarbanes-Oxley as it applies to security.
    • Understand the main elements of FERPA as it applies to security.
    • Understand the main elements of COPPA as it applies to privacy.
    • Understand the main elements of PCI DSS as it applies to security.
  • Rules of Evidence (PLE)
    • Understand how role of evidence in both a criminal and civil case.
    • Identify and understand the different categories of evidence.
    • Understand when evidence is or is not admissible in court.
    • Understand the role of forensic standards as they apply to evidence gathering.
    • Understand the role of the first responders, investigators and crime scene technicians as they apply to evidence.
    • Understand the difficulty in recovering, documenting and preserving digital evidence.
    • Describe how the type of legal dispute (civil, criminal, and private) affects the evidence used to resolve it.
  • Evidence Seizure and Handling (PLE)
    • Identify various laws and authorities and understand who has jurisdiction of a case.
    • Identifying and understanding the steps in the investigative process.
    • Understand how to prepare a search warrant.
    • Understand rules of particularity and how they relate to evidence seizure and the search warrant.
    • Understand the process for seizing evidence in the execution of a search warrant.
    • Understand the value of cooperating witnesses and technical experts.
    • Describe the process of documenting the seized evidence through document tags, document logs, videotapes and photographs.
    • Describe the issues associated with maintaining an evidence chain of custody.
  • Court Presentation (PLE)
    • Understand the trial process to include preliminary hearing, burden of proof and the role of the prosecutor and defense attorney.
    • Understand the role of the evidentiary witness and the expert witness.
    • Understand the qualifications required of an expert witness.
    • Identifying techniques for enhancing the credibility of a witness giving direct testimony.
    • Understand the tactics employed during cross examination.
    • Understand the value of notes and visual aids during court testimony in a computer crime case.
  • Privacy, Individual Rights, Free Speech and the Law (PLE)
    • Understand privacy and its role in society.
    • Understand Individual rights and their basis in the constitution and the law.
    • Understand the balance between privacy in the work place and the needs of the organization.
    • Understand the balance between the need of the organization to protect its business and customer information and the need of law enforcement and the intelligence community.
    • Understand the relationship between free speech and the law as it applies to a web site and email.
    • Understand ethics as it applies to software licenses, corporate resources and malware.
    • Explain common practices employed to deter unethical or illegal behavior.
    • Explain the value of a code of ethics and its relationship to employee behavior and organizational liability.
    • Describe an employee’s responsibilities related to the handling of information about vulnerabilities and the necessity for confidentiality.
    • Discuss issues relating to Bring Your Own Device (BYOD).

CAE2Y Knowledge Unit Domain Index

KU Category

Course Content KU

Mapping

CAE2Y KU Name

Description

Core Non-Technical CDE Knowledge

 PLE Policy, Legal, Ethics, and Compliance Provide students with and understanding of information assurance in context and the rules and guidelines that

 

control them.

NOTE: the course content KU mapping represents the KU Domain topic as shown in the Center of Academic Excellence (CAE) KU mapping matrix (Excel file).

Required Time Allocation

Topic

Time in Hours

Percentages
Legal System 8 18%
Rules of Evidence 8 18%
Evidence Seizure and Handling 8 18%
Court Presentation 3 7%
Privacy, Individual Rights, Free Speech, and the Law 6 13%
Other Optional Content (NIST Framework) 4 8%
Exams and Quizzes 8 18%
Total 45 100%