Information Technology Reference
In-Depth Information
13.9.1
Cyberspace Law
There are many technology-focused laws, regulations, and policies requiring the
attention of commercial and government organizations. A small sampling of U.S.
laws is:
n
n
−
n
n
−
Homeland Security Act of 2002
USA PATRIOT Act
Pertains to protection of U.S. critical commercial infrastructure
Electronic Communications Privacy Act
Sarbanes-Oxley Act of 2002
Pertains to executive responsibilities for accurate portrayal of organiza-
tional finances
Gramm-Leach-Bliley Act
Pertains to financial institutions
Health Insurance Portability and Accountability (HIPPA) Act of 1996
Insured privacy issues
Federal Information Security Management Act (FISMA) 2002
Implications for NIST security categorizations and certification and
accreditation (C&A)
National Strategy to Secure Cyberspace
Although not a compulsory compliance requirement, this does provide
insight into national concern for cyber-security.
n
−
n
−
n
−
n
−
Legislative and regulatory compliance to avoid monetary fines and avoid jail
time for organizational officers is strong justification for investing in IA. A formal
compliance management program identifies all relevant compliance requirements
and decomposes the requirements into actionable items. These actionable items are
prioritized according to risk, budget, schedule, and effect on overall operations.
13.9.2
Legal Obligations
Legal obligation management includes:
n
n
n
Contract definition
Intellectual property management
Defamation protection against acts
by
others and against unauthorized
actions taken
toward
others
Objectionable materials or speech
Corporate policy on intellectual property rights and privacy
n
n
The IA architect considers legal obligations from various perspectives,
including: