Relationship Between The Law And Network Security
An increasing number of legal issues affected how network administrators approach network security. If your organisation is a publicly-traded company, a government agency, or does business with either, there may be a legal constraint to choose your security approach. In this article, I want to look at the relationship between law and network security in this article.
Legal constraints include any law that affects how information is stored or accessed. Even if your network is not bound to these security guidelines, reviewing various laws impacting computer security and perhaps deriving ideas that can apply to your own idea is useful.
#1 Computer Act of 1987
One of the oldest legislation in the United States affecting computer security is the Computer Security Act of 1987. This acts requires government agencies to identify sensitive systems, conduct computer security training, and develop computer security plans. The law is a vague mandate ordering federal agencies in the US to establish security measures without specifying any security standards.
The legislation established a legal mandate to enact specific standards, paving the way for future guidelines and regulations. It also helped defined certain terms such as what is indeed “sensitive” according to some quotes found in the legislation itself.
Sensitive information is any information, the loss, misuse, unauthorized access to, or modification which could adversely affect the national interest or privacy to which individual is entitled to under section 552a of title 5, the United State code (Privacy Act), but which has not been specifically authorized under criteria established by executive order or an Act of Congress to be kept secret in the interest of national defence or foreign policy.
Keep this definition in mind for it is not just Social Security information or medical record that must be secured when considering information that needs to be secured, simply ask this question: Would the unauthorized access or modification of this information adversely affect my organisation? If yes, then you must consider the information “sensitive” and in need of security precautions.
#2 Computer Misuse Act of 1990
This is the base law for all other computer-related law in the UK. It applies to the whole of UK and is usually the underlying law used to charge a suspect over computer crime. Crimes like stealing, hacking and phishing are considered section 1 offences, which can lead to six months or two years imprisonment.
Section 2 crimes are the crimes intended to be performed after a hacker has penetrated a system, such as using the credentials stolen to access a server, or committing fraud. If anyone is guilty of this, it can lead to five years imprisonment.
You have to keep in mind that any law that governs privacy such as the Health Insurance Portability and Accountability Act (HIPAA) also has a direct impact on computer security. If a system is compromised and data that is covered under any privacy statute is compromised, you might need to prove that you exercised due diligence to protect that data. If it was discovered that you do not do your best to protect that data, you might be sanctioned for it.
Now your take on this argument.
We would also like to hear what you feel about the topic we discussed today. Your feedback is very important to us. Feel free to drop your comments and recommendations. If you have a contrary opinion, you can drop that too.
You can also like our Facebook Page CRMNigeria for more updates. You can do that by clicking on the link or searching for our page on Facebook.
Tired of Google Adsense? Use Adsense alternative.
You can also become part of our WhatsApp Group Here.
Enter your email address to get updates when we post our next article. you have to click on the link in the email sent to you to confirm your subscription. If you have been receiving our email updates and it is no longer active, please subscribe again.: