Information security professionals work within an enterprise to protect it from all non-physical threats to the integrity and availability of its data and systems. Performing this function draws security professionals into simultaneous, ongoing relationships between the enterprise on the one hand . . .
Information security professionals work within an enterprise to protect it from all non-physical threats to the integrity and availability of its data and systems. Performing this function draws security professionals into simultaneous, ongoing relationships between the enterprise on the one hand and, successively on the other, the enterprise's employees and other agents, its customers, suppliers, competitors, government officials and regulators, to say nothing of unidentified and sometimes unidentifiable actors.

In short, the working environment for security professionals is a maelstrom. In determining which aspect of this multi-faceted environment needs your immediate attention, the law can help. Whether in the courts or in legislatures or agencies, the law addresses individual claims or interests more or less one at a time. As such, the way the law treats a particular topic provides one point of focus that may help you allocate effort and resources to best effect.

This is the first article in a four-part series exploring the law of information security in the United States. The series is designed to be a resource for information security professionals in two respects. First, a legal perspective on security is valuable in itself, as an aid to defining the assets and interests to be protected and as the source of the prerequisites for and types of recovery available when breaches of security occur. Second, information about the intersection of law and information security will help information security professionals and their counsel work together more effectively.

The link for this article located at SecurityFocus is no longer available.