Managing Enterprise Information Integrity - Case Study Example

? Law and Case Policy Case Study Law and Case Policy Case Study The current business security landscape is continually evolving. Throughout history, the significance of information security and protection has been appreciated. The modern reliance on computers to conduct business operations has resulted in the emergence of technology-based solutions that ensure information security and safeguard business information systems from external threats. Therefore, since the business environment considers information as a vital asset, it has come to depend increasingly on infrastructure that protects information in a way that ensures business sustainability (Collins, 2013). The legal environment that consists of laws, policies and regulations that help organizations guarantee the protection of the integrity, confidentiality and availability of their information and information systems. An examination of the present legal environment reveals the effectiveness of policies in safeguarding business information and information systems. More than ever before, businesses are rapidly globalizing their operations due to the expansion of e-commerce abilities. This has resulted in the emergence of robust information systems that encompass vast quantities of business-related information. As a consequence, businesses have increasingly started depending on third-party vendors for diverse business operations, posing immense challenges to information security. Vendors such as contractors need to guarantee protection of valuable customer data. Complex systems are needed to handle these complex business opportunities and challenges. Consequently, information security policies are essential to effective everyday business operations. Policies encompass both government polices and organizational polices. With regard to government policies, the US is renowned for its development and implementation of robust information security legislation to deter exploitation and misuse of information and information systems and technology. Such legislation provides a reliable business environment, ensuring a stable economy (IT Governance Institute, 2004). Prominent government policies on information security include the 1986 Computer Fraud and Abuse Act (CFA Act), which is the foundation of most computer and information-related federal laws. The 1996 National Information Infrastructure Protection Act amended the 1986 law, increasing penalties for information-related crimes. The degree of the penalties imposed depends on the essence of the information acquired and used and whether or not the information-related offense was committed for commercial advantage, personal financial gain or the perpetuation of a criminal act, for instance, fraud. The US Patriotic Act has modified various laws, allowing greater latitude to law enforcement agencies in order to deter terrorism-related activities that encompass the use of information and information system; for instance, making information available for terrorist activities. However, perhaps some of the most important government legislation that govern information dissemination, confidentiality and integrity include the 1996 Telecommunications Deregulation and Competition Act, which regulates telecommunications, both foreign and interstate (IT Governance Institute, 2004). Additionally, the 1966 Freedom of Information Act facilitates disclosure of formerly unreleased documents or information controlled by the government, for instance, tax records. In order to protect businesses against illegal access to stored information on business and personal communications, the government established the Unlawful Access to Stored Communications. This law is particularly important since it deters access and dissemination of business and personal communications, especially those carrying vital business details. The Computer Fraud and Abuse Act, which was last amended in 2006, helps to deter computer-related acts of unlawful information use, dissemination and access (IT Governance Institute, 2004). This ensures the protection of the confidentiality and integrity of vital business information by deterring unauthorized access and misuse of valuable information. Government policies such as the 1996 Economic Espionage Act prevent use or abuse of information acquired during employment. This Act is particularly vital to the company since its contract services are employed by various institutions. The Act protects all company customers against misuse of important information acquired by the company from assisting customers’ CISOs. The digital world is prone to copyright protections on various media, including information systems (Kaplan & Norton, 2001). Consequently, the government established the Digital Millennium Copyright Act of 1998 to safeguard copyright protections. Lastly, the 2002 Sarbanes-Oxley Act ensures that company executives are accountable for the operations of their companies in, among others, information, accounting and information technology (IT) (IT Governance Institute, 2004). This means that the company’s executives are responsible for implementing viable organizational policies to safeguard company information and information systems. The 2002 Act calls for the establishment of robust organizational policies to safeguard information and information systems. This implies the creation of an intentional culture geared towards information security. This is a critical policy since it places immense importance on organizational culture. Developing a planned information security culture is a notable objective of this policy (Kaplan & Norton, 2001). This involves establishing awareness campaigns to create organizational awareness regarding information security activities (Hartman & DesJardins, 2010). This involves creating targeted education sessions for specific organizational audiences. These educational sessions present viable opportunities to help inform organizational departments regarding their information security responsibilities. For instance, the human resources department could be tasked with ensuring initial training for all employees, both old and new. Such training can encompass material that presents the importance of information security to the organization. The policy requires management commitment. Culture encompasses the logic behind the way things are done. Genuine support for information security culture from senior management is the only sure way of guaranteeing the effectiveness of business information security. Management commitment is bound to encourage a sense of obligation and responsibility regarding the implementation of information security among other employees. An effective organizational policy is also one that seeks the intentional establishment of cross-functional teams that ensure that the organization not only adheres to its own policies, but government policies as well (Hartman & DesJardins, 2010). This involves providing for effective communication and collaboration that deters inter-departmental isolation so as to ensure that all employees work towards the sole goal of ensuring information and information system security. Effective organizational polices require alignment of information security with company objectives from the board room to information end users (Kaplan & Norton, 2001). In any company, information security is maintained through the creation and establishment of policies that dictate acceptable information-related behaviors, as well as conformity to government policies in order to deter penalties and sanctions. This dictates the rules of information dissemination, access, comprehension and compliance (Collins, 2013). The organization must demonstrate acceptable practices in its information-related practices including distribution, review, understanding and compliance. In order to conform to acceptable business standards, the organization must be ready to enforce all information policies uniformly. References Collins, D. (2013). Essentials of business ethics: Creating an organization of high integrity and superior performance. New Jersey: Wiley. Hartman, L., & DesJardins, J. (2010). Business ethics: Decision-making for personal integrity & social responsibility (2nd ed.). New York: McGraw-Hill/Irwin. IT Governance Institute. (2004). Managing enterprise information integrity: Security, control and audit issues. Washington, DC: IT Governance Institute. Kaplan, R. S., & Norton, D. P. (2001). The strategy-focused organization: How balanced scorecard companies thrive in the new business environment: A Harvard business review book. Boston: Harvard Business Press. Read More