1 / 37

Introduction to corporate security

Introduction to corporate security. Teemupekka Virtanen Helsinki University of Technology Telecommunication Software and Multimedia Laboratory teemupekka.virtanen@hut.fi. 3. Lecture - Legislation. Why legislation is important for an organization and its security

barry-cooley
Télécharger la présentation

Introduction to corporate security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to corporate security Teemupekka VirtanenHelsinki University of TechnologyTelecommunication Software and Multimedia Laboratory teemupekka.virtanen@hut.fi

  2. 3. Lecture - Legislation • Why legislation is important for an organization and its security • Some Finnish legislation related to security • Co-operation between an organization and authorities

  3. The level of understanding • Understanding the meaning of legislation in the operations of an organization • Engineers are not lawyers and they should not try to be • A person who for the purpose of favouring a foreign state or damaging Finland procures information on a matter concerning the Finnish defence or other preparation for emergencies, Finland’s foreign relations, State finances, foreign trade or power supplies or another comparable matter involving Finnish national security, and the disclosure of the information to a foreign state can cause damage to the Finnish defence, national security, foreign relations or economy, shall be sentenced for espionage to imprisonment for at least one and at most ten years. (Penal code, 12 sect §5)

  4. Why there is a legislation

  5. A written version of the moral of society • Society requires that there are some rule how to behave • The rules of co-operation between entities • Citizens, the state, organizations etc • A tool to solve conflicts between entities • The content and applications depend on local moral

  6. A words from God • Legislation itself is important • Laws is not followed because they make life easier but because laws must be followed • The form is important, not the meaning

  7. A tool for administrators • Legislation can help keeping current administration • Legislation can be a collection of “good habits” • Definitions of one generation • Definitions of one religion • A tool to force other people to follow my ethical decisions

  8. Legislation and organizations

  9. Legislation gives possibilities • The area is regulated by a law • Viestintämarkkinalaki (396/1997) • A law gives advantages to certain organizations • Postitoimintalaki (N:o 907/1993 ) • A law gives possibilities for private organizations • Laki yksityisistä turvapalveluista (282/2002)

  10. Legislation sets requirements • Organizations must follow the rules of a society • Penal code (39/89) • Personal data act (523/1999) • Laki yksityisyyden suojasta televiestinnässä ja teletoiminnan tietoturvasta (565/1999) (Privacy in communication) • The legislation for specific areas

  11. Legislation gives authority • Legislations gives tools to improve security • Act on background checks (177/2002) • Immediate crime prevention • Hätävarjelu (RL 3 luku §6) • Private guards • Private security services act (282/2002)

  12. Legislation as a general tool for protection • A punishment will follow if a law is violated • A threat of punishment prevents crimes • In practise, the probability of being caught is more important than the level of punishment

  13. Some Finnish legislation

  14. Penal code • Penal code 19.12.1889/39 • Originated from 1889 but updated continuously • The most important law for public • Me Aleksander Kolmas, Jumalan Armosta, koko Venäjänmaan Keisari ja Itsevaltias, Puolanmaan Zsaari, Suomen Suuriruhtinas, y.m., y.m., y.m. Teemme tiettäväksi: Suomenmaan Valtiosäätyjen alamaisesta esityksestä tahdomme Me täten armosta vahvistaa seuraavan rikoslain Suomen Suuriruhtinaanmaalle, jonka voimaanpanemisesta, niinkuin myöskin rangaistusten täytäntöönpanosta erityinen asetus annetaan

  15. Crimes • Aggravated war crime (578/1995) • Violation of human rights in a state of emergency (578/1995) • Genocide (578/1995) • Breach of the prohibition of biological weapons (17/2003) • Ethnic agitation (578/1995) • Discrimination (578/1995) • Warmongering (578/1995)

  16. Business secret • For the purposes of this chapter, a business secret is defined as a business or professional secret and to other corresponding business information that a businessman keeps secret and the revelation of which would be conductive to causing financial loss to him/her or to another businessman who has entrusted him/her with the information.

  17. Business espionage (769/1990) • A person who unjustifiably obtains information regarding the business secret of another • by entering an area closed to unauthorised persons or accessing an information system protected against unauthorised persons, • by gaining possession of or copying a document or other record, or in another comparable manner, or • by using a special technical device, • with the intention of unjustifiably revealing this secret or unjustifiably utilising it shall be sentenced, unless a more severe penalty for the act is provided elsewhere in the law, for business espionage to a fine or to imprisonment for at most two years.

  18. Violation of a business secret (769/1990) • A person who, in order to gain financial benefit for himself/herself or another, or to injure another, unlawfully discloses the business secret of another or unlawfully utilises such a business secret, having gained knowledge of the secret • while in the service of another; • while acting as a member of the administrative board of directors, the managing director, auditor or receiver of a corporation or a foundation or in comparable duties; • while performing a duty on behalf of another or otherwise in a fiduciary business relationship; or • in connection with company restructuring proceedings, • shall be sentenced, unless a more severe penalty for the act is provided elsewhere in the law, for violation of a business secret to a fine or to imprisonment for at most two years. (54/1993) • This section does not apply to an act that a person referred to in subsection 1(1) has undertaken after two years has passed since his/her period of service has ended. (61/2003)

  19. Assault (578/1995) • A person who employs physical violence on another or, without such violence, damages the health of another, causes pain to another or renders another unconscious or to a comparable condition, shall be sentenced for assault to a fine or to imprisonment for at most two years. An attempt is punishable. • A person who through negligence inflicts not insignificant bodily injury or illness on another shall be sentenced for negligent bodily injury to a fine or to imprisonment for at most six months.

  20. Negligent homicide (578/1995) • A person who through negligence causes the death of another shall be sentenced for negligent homicide to a fine or to imprisonment for at most two years. • If in the negligent homicide the death of another is caused through gross negligence, and the offence is aggravated also when assessed as a whole, the offender shall be sentenced for grossly negligent homicide to imprisonment for at least four months and at most six years.

  21. Manslaughter and Murder (578/1995) • A person who kills another shall be sentenced for manslaughter to imprisonment for a fixed period of at least eight years. An attempt is punishable. • If the manslaughter is • premeditated; • committed in a particularly brutal or cruel manner; • committed by causing serious danger to the public; or • committed by killing a public official on duty upholding the peace or public security, or because of an official action; • and the offence is aggravated also when assessed as a whole, the offender shall be sentenced for murder to life imprisonment. An attempt is punishable.

  22. Invasion of public premises (531/2000) • A person who unlawfully • by force, stealth or deception, enters a public office, business premises, office, production installation, meeting place, other similar premises or another similar building, or the fenced yard of such a building, a barracks area or another area in the use of the armed forces, where movement is restricted by the decision of the competent authority, or • hides or stays in premises referred to in subparagraph (1) • shall be sentenced for an invasion of public premises to a fine or to imprisonment for at most six months. • However, an act that has caused only a minor disturbance does not constitute an invasion of public premises.

  23. Theft and Embezzlement (769/1990) • A person who appropriates movable property from the possession of another shall be sentenced for theft to a fine or to imprisonment for at most one year and six months. An attempt is punishable. • A person who appropriates the assets or other movable property of another which are in the possession of the offender shall be sentenced for embezzlement to a fine or to imprisonment for at most one year and six months.

  24. Personal Data Act • 22.4.1999/523 • The objectives of this Act are to implement, in the processing of personal data, the protection of private life and the other basic rights which safeguard the right to privacy, as well as to promote the development of and compliance with good processing practice.

  25. Personal data • personal data means any information on a private individual and any information on his/her personal characteristics or personal circumstances, where these are identifiable as concerning him/her or the members of his/her family or household; • Any piece of information that can be connected to a person • E-mail • Computer logs • Video surveillance tape

  26. Processing of personal data • Processing of personal data means the collection, recording, organisation, use, transfer, disclosure, storage, manipulation, combination, protection, deletion and erasure of personal data, as well as other measures directed at personal data;

  27. The requirements for processing • the data subject has unambiguously consented to the same; • there is a relevant connection between the data subject and the operations of the controller, based on the data subject being a client or member of, or in the service of, the controller or on a comparable relationship between the two

  28. Principles relating to data quality • The personal data processed must be necessary for the declared purpose of the processing (necessity requirement). • The controller shall see to that no erroneous, incomplete or obsolete data are processed (accuracy requirement). This duty of the controller shall be assessed in the light of the purpose of the personal data and the effect of the processing on the protection of the privacy of the data subject.

  29. Data security • The controller shall carry out the technical and organisational measures necessary for securing personal data against unauthorised access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. The techniques available, the associated costs, the quality, quantity and age of the data, as well as the significance of the processing to the protection of privacy shall be taken into account when carrying out the measures.

  30. Remarks about personal data act • Personal data can be collected and processed if there is reasonable connection • Only such information can be collected which is necessary for the reasonable connection • The collection, content and usage must be designed beforehand • The information must be correct • The information must be protected • When the connection end the information must be deleted

  31. Act on the Protection of Privacy in Working Life (759/2004) • The employer is only allowed to process personal data directly necessary for the employee’s employment relationship. • The employer shall collect personal data about the employee primarily from the employee him/herself. In order to collect personal data from elsewhere, the employer must obtain the consent of the employee. • The employer shall notify the employee in advance that data on the latter is to be collected in order to establish his/her reliability. • The employer is not permitted to require the employee to take part in genetic testing during recruitment or during the employment relationship, and has no right to know whether or not the employee has ever taken part in such testing.

  32. Act on the Protection of Privacy in Working Life (759/2004) • The employer may operate a system of continuous surveillance within his premises based on the use of technical equipment which transmits or records images (camera surveillance) for the purpose of ensuring the personal security of employees and other persons on the premises, protecting property or supervising the proper operation of production processes, and for preventing or investigating situations that endanger safety, property or the production process. • Camera surveillance may not, however, be used for the surveillance of a particular employee or particular employees in the workplace. Neither may camera surveillance be used in lavatories, changing rooms or other similar places, in other staff facilities or in work rooms designated for the personal use of employees.

  33. Organization and authorities • Authorities are important for organizations • Permissions and authorizations • Inspection • Advice • Crime prevention • Crime solving

  34. Security and safety related authorities • Police • Crime prevention • Plans for security • Crime solving • Public safety authorities • Safety plans • Inspections • Fire fighting • Solving reasons

  35. Contacts • Contacts are useful in normal situations, too • It is good to have a contact person • Authorities can participate in planning phase • Communication can be unofficial

  36. If something happens • Find out what is happening • Prevent the escalation • Leave the solving to the authorities • Re-build what is needed • Prevent such an incident in the future

  37. Conclusions • Legislation is • A source of possibilities • A set of requirements • A way to solve conflicts • A protection against violators

More Related