Laws and Legal Aspects of Information Technology Security
CET2691 — LAWS AND LEGAL ASPECTS OF INFORMATION TECHNOLOGY SECURITY
← Course Modules
Course Description
CET 2691 provides an overview of legal issues common to computer security and interweaves business paradigms in order to offer a macro-context against which to view such issues. These issues topically fall within the parameters of privacy, intellectual property, computer crime investigation for network breaches, civil liability, and ethics of the Information Technology (IT) professional focused on network security. The course expands on all matters of law that may be included on any network security certification exam, but also covers broadly the economic impact that security breaches have on industry sectors and the business response required. Coursework includes reviewing fact patterns applied to legal and ethical authorities.
Learning Outcomes
Required Outcomes
- Evaluate computer crimes as they are defined in the United States.
- Identify emerging issues that affect society and apply various sources of legal authority, including federal statutes, state statutes, and case law, involving intellectual property, privacy, and business with security crime.
- Analyze the application of access control and identity management from a legal and regulatory perspective.
- Apply Florida-specific cybersecurity statutes (e.g., Florida Information Protection Act / FIPA, Chapter 815 Computer-Related Crimes) to organizational scenarios.
- Draft policies (such as a breach notification policy) that comply with applicable federal and Florida state laws.
- Evaluate the ethical responsibilities of the IT security professional.
- Analyze regulatory frameworks including HIPAA, HITECH, GLBA, FERPA, COPPA, CIPA, CFAA, and ECPA.
Optional Outcomes
- Examine international and comparative privacy frameworks, including the EU GDPR.
- Evaluate cyber-insurance considerations before and after a breach.
- Analyze internet governance models and their influence on cybersecurity policy.
- Investigate emerging issues in artificial intelligence governance, algorithmic accountability, and AI risk management.
- Apply computer forensics principles to legal investigations.
Major Topics
Required Topics
- Foundations of U.S. Cyber Law — sources of legal authority (federal statutes, state statutes, case law)
- Computer Crimes — Computer Fraud and Abuse Act (CFAA), Electronic Communications Privacy Act (ECPA)
- Privacy Law — consumer privacy, workplace monitoring, employer surveillance
- Intellectual Property — copyright, trademark, patent, trade secret, and software licensing issues
- Healthcare Information Security — HIPAA, the Health Information Technology for Economic and Clinical Health (HITECH) Act, and breach notification requirements
- Financial Sector Regulation — Gramm-Leach-Bliley Act (GLBA) consumer protection provisions
- Protection of Children's Information — CIPA protects minors from obscene or objectionable material on school or library computers, requires schools and libraries that receive federal internet-access funding to filter offensive content; COPPA governs collection of information from children under 13
- Educational Records — FERPA
- Florida State Law — Computer Related Crimes Chapter 815, Florida Statutes; Florida Cybersecurity Standards Chapter 60GG-2, Florida Administrative Code; FIPA breach-notification requirements (Section 501.171, Florida Statutes) including notification of affected individuals within 30 days and notification of the Florida Department of Legal Affairs when 500 or more individuals are affected
- Civil Liability and Tort Issues — negligence, duty of care, damages from data breaches
- Computer Crime Investigation — digital evidence, chain of custody, forensic procedures
- Professional Ethics in IT security
- Economic Impact of Security Breaches and required business response
Optional Topics
- International privacy frameworks (EU GDPR)
- NIST Cybersecurity Framework and FFIEC/SEC guidance
- Cyberstalking, cyberbullying, and online harassment statutes
- Internet governance and jurisdictional issues in cyberspace
- Cyber-insurance and risk transfer
- Artificial intelligence governance and algorithmic fairness
- Case studies: e.g., Sony v. Tenenbaum, U.S. v. McNealy, and other landmark cybercrime prosecutions
Resources & Tools
- Standard textbook: Legal Issues in Information Security (Jones & Bartlett Learning) or equivalent
- Florida Statutes online (leg.state.fl.us) — Chapters 815 and 501.171
- Federal statute repositories and case-law databases
- NIST Special Publications and Cybersecurity Framework documents
- FTC, HHS Office for Civil Rights, and FCC guidance documents
Career Pathways
This course supports careers in information security, IT compliance, and risk management. Graduates may pursue positions such as Information Security Analyst, IT Compliance Officer, Cybersecurity Specialist, Privacy Analyst, Security Auditor, Risk Manager, and Computer Forensics Technician. Cybersecurity curricula at Florida colleges align with industry standards and include coursework in subjects like cyber law, risk assessment, and incident response.
Special Information
Certification Preparation: The course content supports the legal, regulatory, and compliance domains found on industry certification exams, including:
- CompTIA Security+ — Governance, Risk, and Compliance domain
- (ISC)² SSCP and CISSP — Security and Risk Management; Legal, Regulations, Investigations and Compliance
- ISACA CISA / CRISC — regulatory compliance and risk management topics
- EC-Council CEH — legal aspects of ethical hacking and digital forensics
The course is typically offered as part of an A.S. or B.A.S. degree in Computer Information Systems Technology, Cybersecurity, or Network Systems Technology at Florida College System institutions. Students should expect a writing-intensive workload involving policy drafting, fact-pattern analysis, and case briefs.