Risk Management and the Law, Research Paper Example

Abstract

This paper is based on Information security management which has become extremely prevalent as more and more of individuals information and vital data is stored, transferred and used in information technology systems.  With the ease of access and use of personal information there is also a rise in the need for laws and regulations governing the use, access and security of that data.  Accompanied by the laws and regulations there are also specific techniques and best practices that can be implemented at each level of access to mitigate the risk of security breach and provide control over the integrity of the information.  Each area of information security has specific focal points for ensuring data security and includes risk mitigation as a keystone to data integrity.

Risk Management and the Law

The term information technology law designates the sets of rules and regulations that are used to control the activities and practices in the sector of information technology. The law is used to safeguard information flow in the IT sector. It aims at safeguarding security of information, computer software, internet activities, electronic commerce transactions, and promoting privacy of computer users. Information Technology law can also be defined as the legal provisions that governs the flow of digital information. The main goal of the law is to foster information security in the IT sector to ensure data confidentiality and integrity. As such, case laws on information security management have played a greater in ensuring data security (Cooper, Grey, Raymond, & Walker, 2005).

The common example of case law on information security management is Federal Information Security management Act which was enacted by the Federal government in the United States. The law mandates the federal entities to acquire, document and establish a program that ensures information security within for the Federal government. This ensures that assets and operations of the federal government are safeguarded from intruders. Information security management in this aspect also transcends to the matters of privacy in the health sector, for instance, Health Information Privacy was enacted by the federal government to ensure that patient information is highly safeguarded for the purposes of privacy (Dobson, 2004).

Computer law and legislation has promoted the utilization and computer resources. This has enabled the sector to reduce the element of information security risk. In the United States, organization such as Computer Professionals for Social responsibility has played a great role in ensuring data security and responsible behavior among the IT professionals. The entity has created awareness on computer risk management for both professionals and non professionals in the country. It enlightens policy makers on the various issues of computer security and policy formulation.

In other instances, computer legislation and case law on information security management is evidenced in the changed behavior and practices of IT professionals.  The various set of laws and regulations have greatly transformed the field of IT by promoting good practices among the professionals and their clients. Take a case scenario of the E-business Regulatory Alliance that offers directives on good data protection practices by the organization and the clients. The body has worked with the UK government to ensure that problems such as spamming of data and information cookies are properly solved (Dobson, 2004).

The other noticeable impact of computer laws and legislation to the field to IT is the in increasing cost that is associated with the adoption of new policies. Most IT firms incur a lot of expenses when training their employees to adapt to the new laws in the industry. At the introductory stage of the legislations and policies there tend to be great confusion between corporate laws and the legal expectations from the members of an organization. It is cognizance to note that, laws and regulations have played a great role in promoting information security and provide proper avenues for management of risks.  Computers laws and legislations have also improved the pace of growth of the IT sector in many countries across the world. Competition in the sector has greatly improved due to elimination of unfair practices by the law. This has also translated to more efficient and effective use of computers and information systems (Stamp, 2011).

The most common law in the field of IT is the information technology law which governs the flow of digital information and software issues.  Internet law has made possible for various entities to combat fraud and identity theft, for instance, online service organizations have found internet laws to be of great help in managing information risk. Saab Inc implemented a policy that enabled employees and clients to report any potential interference with personal data.

Extending the discussion on personal data, it is also vital highlight the possible approaches that have been adopted to improve personal protection.  Internet Privacy Act which is used by most countries all over the world promote to transmission and utilization of personal information. The law promotes respect for every one’s privacy in the internet world.  Other approaches for improving privacy and protection include the installation of firewalls on computer, use of pass words that enable an individual to safeguard personal information and eliminating unauthorized access to personal data. The other practice is data encryption which is ensures that the transmitted data can only be read by the intended recipient, encrypted data enables the sender to eliminate chances of information hacking since information is sent in a form that can only be read by the recipient. Such practices have the advantages of ensuring the integrity and confidentiality of personal information.  Personal privacy is also used in the health sector to ensure respect of patient personal information. The privacy Rule applied in most hospitals across the world has ensured that IT professionals in the health sector permit the disclosure of private information only when it is needed by the doctor and the patient (Dobson, 2004).

Drawing from the above observations, it is therefore important to note that privacy protection  both at individual level and corporate levels is aimed ensuring information security which is vested in the following principles; authenticity, integrity, availability, confidentiality,  and non-repudiation. The element of authenticity ensures that activities involved in the acquisition and storage of data are valid. Developments in IT have enabled individuals to authenticate data and various transactions through the use of digital signatures. The facet of integrity promotes accuracy and consistency of data to enhance reliability. Data encryption which is mentioned above is the best approach to ensure integrity of data. The practice prohibits unauthorized modification of data when in transit.  The other element that is related to authenticity is non-repudiation that plays an important role in validating the transactions between individuals. The practice eliminates unwanted errors in transmission and reception of information of information. It uses cryptography to promote integrity and authenticity of data (Cooper, Grey, Raymond, & Walker, 2005).

Availability is the most important feature of information when ensuring information security.  The main purpose of security is to ensure that information is readily available for the intended purposes. Availability of information facilitates efficiency by eliminating instances such as denial of service and unexpected delays.
Confidentiality is very important when it comes to the issue of personal privacy. This is one of the major principles of data security aimed at ensuring promoting privacy both at individual and corporate levels. It is aimed preventing access of information to unauthorized people or entities. Confidential information such as credit card information should be protected from intruders who may use such information for their personal gains.

The disadvantages of personal privacy protection are that it limits sharing of information within the organization and hence interfere with proper coordination of activities. Personal privacy protection makes it difficult for the service companies such insurance and banks to share information with their clients, for instance a (Cappelli, 2012).  Data is a powerful tool and protecting that information falls into the responsibility of many parties.  All the way from the individual making the transaction to the corporation that is utilizing that data to better serve their customer, each level must follow the regulations and comply with the laws governing information security (Stamp, 2011).

Digital Signature

The legislation of digital signature is to promote data security by ensuring that information is not tampered with by unauthorized parties.  Digital signature work in very unique ways that cannot be forged unlike the handwritten signature, the latter has two types of keys, namely public and private keys. The sender of information uses the private key that identifies him or her to the recipient. When the message is received, the recipient signs the public key which enables him or her to validate the information. The process of exchanging the keys is facilitated by a third party known as the certificate authority. Participation of governments in digital signature legislation is very vital to regulate certification authorities. Participation of the government is also very important to ensure that certification authorities are protected from any unexpected legal liability. In this regard, the authorities will ensure that consumers have sufficient knowledge on issues of certification; they use reliable and trusted computer systems and make ensure that certification activities are carried out by qualified and competent individuals (Dobson, 2004).

Legislation of digital signatures has greatly improved security in accounting transactions.  Digital signatures enable individuals involved in the transaction to validate the transaction between them and hence eliminate chances of fraud. Digital signature certificates that are given by various certification bodies are very important in identifying the persons who utilize internet services and ensure protection of passwords that enable individuals to access protected information. At individual level, digital signatures enables an individual to leverage the ability of private computer and internet usage and hence reduce overreliance on paper work.

At the corporate level digital signatures have been found to play an important reducing expenses that are associated with high volume clerical operations. Studies show that ink on paper signatures expose an organization to a lot of paper work that in most cases is very expensive to file and store, for instance an organization has to purchase very many physical pocket files that used in filling and storing documents

In future contracts signed using digital signatures will be recognized by courts and thus promote online signing of contracts to promote efficiency and reduce cost. Online contracts will enable companies and individuals to acquire and sell goods and services online (Stamp, 2011).

References

Cappelli, P. (2012). How to get a job? beat the machines. Time: Business & Money. Retrieved: http://business.time.com/2012/06/11/how-to-get-a-job-beat-the-machines/

Cooper, D. F., Grey, S., Raymond, G., & Walker, P. (2005).Project risk management guidelines, managing risk in large projects and complex procurements. John Wiley & Sons

Dobson, M. (2004). The triple constraints in project management. Vienna, VA: ManagementConcepts.

Stamp, M. (2011). Information security: principles and practice. Hoboken, NJ: Wiley