U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Managing Legal and Security Risks in Computing and Communications

NCJ Number
174734
Author(s)
P D Shaw
Date Published
1998
Length
254 pages
Annotation
The protection of computer and telecommunications technologies, computer data, and information has spawned a unique set of legal risks; liability and litigation can arise from misuse and abuse of computer databases, bulletin boards, e-mail and web pages, electronic funds transfer systems, and proprietary computer programs and from absent or ineffective disaster recovery procedures and data archiving.
Abstract
The following legal liability risks associated with information systems are examined: failure to provide effective controls and security to prevent wrongful access to computers or networks, use of online systems in ways that violate another person's rights, failure to have a disaster recovery program, failure to keep adequate records of and reasonable security for electronic transaction systems, failure to make timely data backups and provide safe records storage, improper use of vendor software or systems, and insufficient protection of proprietary information and intellectual property. Guidance is offered on laws covering computer crime and on possible liabilities and litigation risks associated with computer crime and the protection of information assets. An effort is also made to provide legal facts and background information essential to the development of computer protection policies, to foster continuing dialogue on matters that affect information systems security and legal liabilities, and to provide a legal reference for the development of training materials that sensitize employees to legal compliance requirements and the importance of computer protection. In addition, consideration is paid to the confidentiality and privacy of information and U.S. Sentencing Commission guidelines on how to develop effective compliance programs. An appendix discusses industry and government standards on computer security, internal controls, and auditing. References and tables