Law and Policy Case Study Example | Topics and Well Written Essays - 750 words

Law and Policy - Case Study Example The organizational policies that deal with information security are drawn from a number of U.S. laws that include: the National Information Infrastructure Protection Act, 1996, the Communications Decency Act of 1996 (CDA) as well as the Computer Security Act of 1987 (Furlani, 2006). To ensure that it is compliant with all relevant information security laws and regulations, Digitol IT Solutions Ltd has employed information security professionals who are responsible for ensuring that everyone working there understands every single policy and government legislation. These policies act as a guideline on how technology should used and information handles within the company. Ensuring confidentiality is vital in any information system (Zevin, 2004). At Digitol IT Solutions Ltd there is a policy that states that it is wrong for an individual or a group of individuals to access a computer without authorized access. There are some levels of information which are only available to a few members of staff. For instance, financial information of customers is not available to everyone. Only the accountants who deal with payments are allowed to access this confidential information. The policy restricting access to certain computers is in line with the National Information Infrastructure Protection Act, 1996, a federal regulation that makes it a criminal offence for unauthorized persons to gain access to a certain computer where they have been denied entry (Department of Justice, 2011). Another of the company’s information security policy restricts the number and kind of customers who can have full access of their website. Due to fear of hackers and malicious internet users who might want to cause harm or steal some of the company’s technology for ulterior motives, the company requires only trusted users to gain full access to their online services. This policy not only keeps the company’s website secure, it also ensures that sensitive information is not le aked out to unscrupulous individuals. This way the integrity of the company is kept intact and confidentiality is maintained, as is required in the National Information Infrastructure Protection Act, 1996 and the Computer Security Act of 1987. These two laws aim at ensuring that an organization has the proper mechanisms to ensure that all information systems are safe (Department of Justice, 2011 and National Institute of Standards and Technology, 2011). Digitol IT Solutions Ltd operates a rather liberal kind of business, and people have the freedom to be as creative and imaginative as they can. These two skills are pivotal to the success of the company. However, there are strict guidelines as presented in one of the terms of conduct policies, which direct what kind on information or content is allowed into the company’s computer system. An employee of the company was recently relieved of his duties and charged in court for failing to comply with the organization’s poli cies requiring him to upload obscene content on the website from his computer. The court found him guilty of flaunting the Communications Decency Act which stipulates that obscene and indecent material should not be allowed in cyberspace (National Institute of Standards and Technology, 2011). The company also reserves the right to block certain websites from being accessed by its staff. For instance, no one is allowed