Law and Policy Case Study Example | Topics and Well Written Essays - 750 words - 1

Law and Policy - Case Study Example These strategies promote integrity, availability and confidentially of information by defining security procedures, guiding their implementation and outlining wide array of measures. This proposal looks the impact of organization laws, regulations, and policies in maintaining confidentiality, integrity, and availability. Legal environment and its impact on information security The legal environment provides an indispensable framework that guides organization on how to achieve various goals such as information security. In many organization, the triad of factors—rules, regulations and policies constitute the entire framework the promote information security (Martin, & Khazanchi, 2006). These factors, however, differ on their scope and impact on information security matters within an organization. In many organizations, policies remain the first strategy of ensuring the organization information systems are secure. Regardless of the type of organization, whether business, nonprof it or federal, policies stipulate guidelines that promote information security. Policies in general, guide information security governance within an organization and this help maintain information security within an organization. ... For instance, the United States Federal government publishes a minimum-security requirement that its agencies must adapt to secure data and information technologies (Martin, & Khazanchi, 2006). On the other hand, organization can develop policies that guide how their employees interact and use information system to protect data and promote confidentiality, integrity, and availability. In many cases, government policies guide how government entities structure their policies and implement security apparatus. However, organization policies direct the conduct and use of information system among the organizations personnel, administrators, and clients. Despite their difference, these policies provide a baseline that helps define access rules and develop mitigation effect should there be any security breach. For instance, government and organization polices provide employees with guidelines on how to secure systems. For instance, the Federal guidelines stipulate the minimum encryption that federal entities must adapt to secure the system from threats that can influence (Martin, & Khazanchi, 2006). In addition, an organization can develop policies that outline how its users can secure their information when using information system. For instance, a banking institution can set policies that require customers to change users’ passwords after the lapse of a certain period. These policies reduce the risk that can breach security measures not to mention promoting responsibility over information security. Rules on information security define the legal environment of an organization. Regulations refer to orders that define what users of information can perform and what they user should not. This aspect of the legal environment is critical in