U.S. Information Security Law, Part One
Information security professionals work within an enterprise to protect it from all non-physical threats to the integrity and availability of its data and systems. Performing this function draws security professionals into simultaneous, ongoing relationships between the enterprise on the one hand and, successively on the other, the enterprise's employees and other agents, its customers, suppliers, competitors, government officials and regulators, to say nothing of unidentified and sometimes unidentifiable actors.
In short, the working environment for security professionals is a maelstrom. In determining which aspect of this multi-faceted environment needs your immediate attention, the law can help. Whether in the courts or in legislatures or agencies, the law addresses individual claims or interests more or less one at a time. As such, the way the law treats a particular topic provides one point of focus that may help you allocate effort and resources to best effect.
This is the first article in a four-part series exploring the law of information security in the United States. The series is designed to be a resource for information security professionals in two respects. First, a legal perspective on security is valuable in itself, as an aid to defining the assets and interests to be protected and as the source of the prerequisites for and types of recovery available when breaches of security occur. Second, information about the intersection of law and information security will help information security professionals and their counsel work together more effectively.
Each article in the series deals with information security in a particular context. The first article (below) addresses the legal framework for protection of information systems and the role of information security professionals in the creation of trade secret interests, one type of intellectual property. The articles that follow will discuss the law of achieving and maintaining a secure working environment, the criminal law aspects of information security, and the impact of national defense law and regulations on information security. Throughout the series, the focus will be on providing information that security professionals can bring to bear to improve the security of the people and businesses who depend on them.
[ Read more ]