Software Engineering Institute

Information security is rapidly emerging as one of the most critical legal and public relations issues facing companies today. As the series of highly-publicized security breaches over the past few years has demonstrated, it is in many respects a time bomb waiting to explode.

Creating, communicating, and storing corporate information in electronic form greatly enhances the potential for unauthorized access, use, disclosure, and alteration, as well as the risk of accidental loss or destruction.

Concerns regarding corporate governance, individual privacy, accountability for financial information, the authenticity and integrity of transaction data, and the security of sensitive business data are driving the enactment of new laws and regulations designed to ensure that businesses adequately address the security of their own data.

This paper discusses these points and provides information about the expanding duty to provide security and the emergency of a legal obligation for compliance.