TABLE OF CONTENTS The U.S. Government has announced both the possibility of a significant information security attack on our U.S. critical infrastructure, and its intent to respond forcefully to such an attack if necessary, and the duty of the private sector to better secure its portion of cyberspace.
Although no one can predict when and how severe such an attack may be, prudent commercial and educational entities, after the attacks of September 11, 2001, also should assume it will happen and act accordingly.
This is an additional reason, beyond business operational needs, legal and regulatory requirements, and customer confidence, why commercial and educational entities should engage qualified and experienced legal counsel and technical information security providers sooner rather than later.
A complex web of federal, state, and international statutes, regulations, and common law is evolving to create legal duties for commercial and educational entities in the area of information security.
Non-lawyer consultants, even knowledgeable ones, cannot lawfully give advice on compliance with these laws, and commercial and educational entities should not rely on them to do so.
This chapter cannot provide commercial and educational entities (or anyone else) with legal advice. Only qualified, licensed, and experienced legal counsel in a direct relationship with individual corporate and educational clients can do so.
At the U.S. federal level, HIPAA, GLBA, SOX, the Computer Fraud and...
