The difference between laws and ethics is laws are mandated and ethics are the basis of laws and the “right or wrongs” a person believes in.

Civil law is a body of laws established by a state or nation for its own regulation. It helps keep order and peace and prevent criminals from acting without a consequence. Primary examples of public law are administrative, constitutional and criminal. An example of a public law is like a speed limit.

Something that pertains to all people.The law that amended the Computer Fraud Abuse Act of 1986 is the National Information Infrastructure Protection Act of 1996, it changed several sections of the Computer Fraud Abuse Act and increased the penalties for selected crimes. The law that was specifically created to deal with encryption policy in the US was the Security and Freedom through Encryption Act of 1999. In an information security context, privacy is not absolute freedom from observation, but rather it is a more precise state of being free from unsanctioned intrusion.

Another name for the Kennedy-Kassebaum Act is the Health Insurance Portability and Accountability Act of 1996, it is important to organizations not in the health care industry because of the fact that its limits what information is collectable from people's health records. It also allows people to be informed of how their information is being used and who can access it. The law from 1999 that affects your use of computer data is the Gramm-Leach-Bliley Act which affects all financial service organizations and how they use customer data.It makes all financial institutions must disclose privacy policies, describe how they share nonpublic personal information and describe how customers can place request to not have their information shared. It also gives out all revisions and updates annually to all customers.

The primary purpose of the USA PATRIOT Act is to deter and punish terrorist acts in the US and around the world, and to enhance law enforcement investigatory tools.The 1997 law that provides guidance on the use of encryption is the Security and Freedom through Encryption Act of 1997. Intellectual property is the ownership of ideas and control over the tangible or virtual representation of those ideas. The WTO created the Agreement on Trade-Related Aspects of Intellectual Property Rights.

It is the first significant international effort to protect intellectual property rights. It covers how basic principles of the trading system and other international intellectual property agreements should be applied, how to ive adequate protection to intellectual property rights, how countries should enforce those rights adequately in their own territories, how to settle disputes on intellectual property between members of the WTO, and special traditional arrangements during the period when the new system is being introduced. The Sarbanes-Oxley act affects security mangers by improving the reliability and accuracy of financial reporting, as well as increase the accountability of corporate governance, in publicly traded companies.This causes IT managers to ask information security managers to verify the confidentiality and integrity of those information systems in a process known as sub-certification.

Due care is a legal standpoint measuring what any prudent person would do in the same situation in order to protect information and systems. If a company uses due care in its usual course operations then there is less chance of it being held liable for its employees illegal or unethical actions.Due diligence are the actions that demonstrate that an organization is diligent in ensuring that the implemented standards continue to provide the required level of protection. Due care is the actions that demonstrate that an organization makes sure that every employee knows what is acceptable or not acceptable behavior, and knows the consequences of illegal or unethical actions, and both are important to reduce organization liabilities.A policy is a plan or course of action used to convey instructions from an organization's senior-most management to those who make decisions, take actions, and perform other duties.

A policy is a companies way of telling their employees what they can and cannot do, where a law is written and every one has to follow it or they will be fined or jailed. The three general categories of unethical and illegal behavior are accident, intent, and ignorance. Also there is fear of penalty, probability of being caught, and probability of penalty being administered.The best method for preventing an illegal or unethical activity is deterrence. The organization that have listed codes of ethics, that was established first was the Association of Computing Machinery and was established in 1947. The organization focused on auditing and control is the Information Systems Audit and Control Association.

There are a lot of things to deter some one from committing a crime. A few of those things are stiffer penalties like loss of job, higher fines, and jail time.