Law and Policy Case Study
September 15, 2013
In the field of information security, there are many types of law. As senior managers, it is important to be knowledgeable of the legal environment. Once this information is learned and retained, then it will increase access and understanding of information security. Laws and practices that are related to information security will be discussed and how these laws impact organizations today and ensures confidentiality, integrity, and availability, of information and information systems. Governance policy will be discussed and recommendations for development of governance policy in an organization.
...view middle of the document...
The Privacy Act governs the compilation, usage, and publication of the record of an individual maintained by federal agencies. The Privacy Act defined a record as “any item, collection, or grouping of information about an individual that is maintained by an agency and contains his or her name or another personal identifier (Stevens, 2010 pg. 7).” The Computer Security Act of 1987 made it that all federal computer systems that contain information that is classified, have security plans in place and to have security training for anyone that deals with the systems. The HIPAA is aimed for the security of medical information. Medical information obtained in medical practices must maintain its privacy at all costs. The Veterans Affairs Information Security Act requires the Veterans Administration to add information security procedures to protect veterans’ personal information that is sensitive. The Federal Information Security Management Act of 2002 deals with government agencies providing protection for systems and agency information.
The impact of these five laws upon how an organization ensures confidentiality, integrity, and availability of information and information systems is tremendous. Nobody wants personal or private information put into the public eye or available to someone that is not entitled to the specific information. These laws and regulations are put into place to protect confidentiality. In particular, the HIPAA affects hospitals and any place in the medical field. These types of places should not give any medical history about individuals to anyone but the individual unless agreed upon otherwise. Each of these individually deals with maintaining confidentiality of software and information so it will not be shared illegally. If these laws are followed, then the integrity of companies will be maintained. Everything that is shared or maintained through companies should be true and not illegally edited to...