A Review of Information Security Management Requirements as Reflected in U.S. Federal Law Jeffrey P. Landry With federal regulation of information systems increasing, the need for greater...

A Review of Information Security Management Requirements as Reflected in U.S. Federal Law Jeffrey P. Landry With federal regulation of information systems increasing, the need for greater understanding of the ethical and legal implications of information technology (IT) in society has never been greater. The need for legal and ethical acumen is even more pronounced for the management of information security in a government context. Federal agencies, for example, are large bureaucracies created and governed by laws, rules, and regulations, and the ethical principles embodied in these codes. The body of legislation relating to information security in federal agencies, along with evolving case law, is a rich context for understanding the ethical and legal impacts of IT for both the private and public sectors, and for both classified and nonclassified systems. A national training standard for senior systems managers identified more than a dozen laws relating to the management of information security. These laws will be used as a framework for investigating legal and ethical issues in information security management.