Information Security Law: The Emerging Standard for Corporate Compliance

Information Security Law: The Emerging Standard for Corporate Compliance

By: Thomas J. Smedinghoff (author)Paperback

4 - 6 days availability


In today s business environment, virtually all of a company s daily transactions and all of its key records are created, used, communicated, and stored in electronic form using networked computer technology. Most business entities are, quite literally, fully dependent upon information technology and an interconnected information infrastructure. Emerging information security compliance requirements. While this reliance on technology provides tremendous economic benefits, it also creates significant potential vulnerabilities that can lead to major harm to a company and its various stakeholders. As a result, public policy concerns regarding these risks are driving the enactment of numerous laws and regulations that require businesses to adequately address the security of their own data. Information Security Law: The Emerging Standard for Corporate Compliance is designed to help companies understand this developing law of information security, the obligations it imposes on them, and the standard for corporate compliance that appears to be developing worldwide. ISO/IEC 27001, the international information security standard, should be read alongside this book. Emerging global legal framework - and compliance in multiple jurisdictions. This book takes a high level view of the multitude of security laws and regulations, and summarizes the global legal framework for information security that emerges from them. It is written for companies struggling to comply with several information security laws in multiple jurisdictions, as well as for companies that want to better understand their obligations under a single law. It explains the common approach of most security laws, and seeks to help businesses understand the issues that they need to address to become generally legally compliant.

Create a review

About Author

The author, Thomas J. Smedinghoff, is a partner in a Privacy, Data Security, and Information Law Practice in Chicago. He has been actively involved in developing e-business and information security legal policy, both in the U.S. and globally. He currently serves as a member of the U.S. Delegation to the United Nations Commission on International Trade Law (UNCITRAL) and chairs the International Policy Coordinating Committee of the American Bar Association (ABA) Section of Science & Technology Law.


Introduction Chapter 1: Security basics: The legal perspective 1.1 Definition of information security 1.2 Objectives of information security 1.3 Threats addressed by information security 1.4 Information security controls Chapter 2: Legal response to security 2.1 Declaring conduct illegal 2.2 Requiring the protection of data Chapter 3: The general duty to provide security 3.1 The basic obligation 3.2 Where does the obligation come from? 3.3 Who does the obligation apply to? 3.4 What is covered? 3.5 Who is responsible for security? Chapter 4: The legal standard for compliance 4.1 Recognition that security is relative 4.2 Legal definition of A"reasonable securityA" 4.3 Adoption of the legal definition Chapter 5: Developing a compliant security program 5.1 Identify information assets 5.2 Conduct a risk assessment 5.3 Select and implement security controls 5.4 Monitor and test the controls 5.5 Review and adjust the program 5.6 Oversee third party service providers Chapter 6: Security controls to consider 6.1 Physical security controls 6.2 Technical security controls 6.3 Administrative security controls 6.4 Special rules for specific data elements Chapter 7: The role of standards 7.1 Standards and industry customs 7.2 The legal impact of standards 7.3 ISO27001: Road to global legal compliance? Chapter 8: Security breach notification 8.1 Objectives of the breach notification laws 8.2 Viewing the laws in perspective 8.3 The breach notification obligation 8.4 International adoption 8.5 What companies need to do Appendix A. U.S. federal statutes B. U.S. state statutes C. U.S. federal regulations D. U.S. state regulations E. U.S. court decisions F. U.S. FTC decisions and consent decrees G. U.S. state Attorneys General consent decrees H. Country laws ITG Resources

Product Details

  • publication date: 07/10/2008
  • ISBN13: 9781905356669
  • Format: Paperback
  • Number Of Pages: 178
  • ID: 9781905356669
  • weight: 269
  • ISBN10: 1905356668

Delivery Information

  • Saver Delivery: Yes
  • 1st Class Delivery: Yes
  • Courier Delivery: Yes
  • Store Delivery: Yes

Prices are for internet purchases only. Prices and availability in WHSmith Stores may vary significantly