An
increasing number of legal issues effect how one approaches computer security. If
your company is publicly traded, the company, a government agency or both in
the business, may be legal barriers for the safety of your network. Even if
your network is not legally bound to these security guidelines, it is useful to
understand the various laws impacting computer security you may choose to apply
them to your on security standards.
The
effect is an ancient law that states that computer security Computer Security
Act of 1987. This requires government agencies to identify sensitive systems,
develop computer security training, and develop computer security plans. This
law was vague mandate ordering federal agencies in the Stats to establish
security measures, but it does not specify any standards.
It
established a legal mandate for legislation paves the way for future guidelines
and regulations impose certain criteria. It also helped define terms, such as what
information is considered “sensitive” this quote is found in the legislation
itself.
The term "sensitive information" means any
information, damage, may affect the conduct to misuse or unauthorized access to
or modification of negative national or federal programs or the privacy to
which individuals are entitled under law of a state, but which has not been
specifically authorized under criteria established by executive order to be
kept sect in the interest of national defense or foreign policy..
This
definition should be kept in mind, for it is not just social security
information or medical history that must be secured. When considering what
information needs to be secure, simply ask the question; Would the unauthorized
access or modification this information adversely affect your institution? The
answer is yes, then you must consider that the information is sensitive and
needs security precaution.
Security
must be applied to the system is a more specific law OMB Circular. This
document requires that agencies of the state establish security programs
containing specified elements. It also describes requirements for developing
standards for computer systems & for records held by government agencies.
Most
states have specific laws regarding computer security, such as legislation like
the cyber-crimes. If you are responsible for network security, you might find
yourself part of criminal investigation. It may be investigating a hacking
incident or employee misuse of computer resources A list of computer crime laws
(by a state) can be found at information system of the state.
Online Security Resources
When
you move out into the professional world, you will have frequent need for
additional security resources. Appendix B includes a more complete list of
resources, but this section highlights a few of the most important once and
those you may find useful now.
CERT
CERT
is stands for Computer Emergency Response Team. This group is sponsored by
Carnegie-Meilon University CERT was the first computer incident response team
and it is still one of the most respected in the industry. Anyone interested in
network security should visit the site routinely.
Microsoft Security Advisor
Because
so many computers today run Microsoft operating system, another good resource
is the Microsoft Security Advisor Website: www.microsoft
.com/security/default.mspx. This site shows a portal to all Microsoft security
information, tools & updates. If you use any Microsoft software, then it is
advised that you visit this web site regularly.
F - Secure
The
F – Secure corporation maintains a website at www.f-secure.com.
Among other things, this site is a repository for detailed information on the
virus. Here you will not only find notifications about a particular virus but you
will find detailed information about the
virus. This information includes how the virus spreads; ways to recognize the
virus; & frequently, specific tools for cleaning an infected system of a
particular virus.
SANS Institute
The
SANS instituted website (www.sans.org) is a
vast repository of security-related documentation. On this site you will find
detailed documentation on all aspects of protecting your computer you can
imagine in practice. Sans Institute has also published a number of sponsorship
and information about those projects in the security research projects.