Computer Security And The Law

Title	Computer Security And The Law
# of Words	4260
# of Pages (250 words per page double spaced)	17.04

Computer Security And The Law

Computer Security And The Law

I.  Introduction

     You are a computer administrator for a large manufacturing company.  In
the middle of a production run, all the mainframes on a crucial network grind to
a halt.  Production is delayed costing your company  millions of dollars.  Upon
investigating, you find that a virus was released into the network through a
specific account.  When you confront the owner of the account, he claims he
neither wrote nor released the virus, but he admits that he has distributed his
password to "friends" who need ready access to his data files.  Is he liable for
the loss suffered by your company? In whole or in part? And if in part, for how
much?  These and related questions are the subject of computer law.  The answers
may very depending in which state the crime was committed and the judge who
presides at the trial.  Computer security law is new field, and the legal
establishment has yet to reach broad agreement on may key issues.

     Advances in computer security law have been impeded by the reluctance on
the part of lawyers and judges to grapple with the technical side of  computer
security issues[1].  This problem could be mitigated by involving technical
computer security professional in the development of computer security law and
public policy.  This paper is meant to help bridge to gap between technical and
legal computer security communities.

II. THE TECHNOLOGICAL  PERSPECTIVE

A.  The Objectives of Computer Security

     The principal objective of computer security is to protect and assure
the confidentiality, integrity, and availability of automated information
systems and the data they contain.  Each of these terms has a precise meaning
which is grounded in basic technical ideas about the flow of information in
automated information systems.

B.  Basic Concepts

     There is a broad, top-level consensus regarding the meaning of most
technical computer security concepts.  This is partly because of government
involvement in proposing, coordinating, and publishing the definitions of basic
terms[2].  The meanings of the terms used in government directives and
regulations are generally made to be consistent with past usage.  This is not to
say that there is no disagreement over the definitions in the technical
community.  Rather, the range of such disagreement is much narrower than in the
legal community.  For example there is presently no legal consensus on exactly
what constitutes a computer[3].

     The term used to establish the scope of computer security is "automated
information system," often abbreviated "AIS."  An Ais is an assembly of
electronic equipment, hardware, software, and firmware configured to collect,
create, communicate, disseminate, process, store and control data or information.
This includes numerous items beyond the central processing unit and associated
random access memory, such as input/output devises (keyboards, printers, etc.)

     Every AIS  is used by subjects to act on objects.  A subject is any
active entity that causes information to flow among passive entities called
objects.  For example, subject could be a person typing commands which transfer
information from a keyboard (an object) to memory (another object),
or a process running on the central processing unit that is sending information
from a file(an object) to a printer a printer(another object).2

     Confidentiality is roughly equivalent to privacy.   If a subject
circumvents confidentiality measures designed to prevent it's access to an
object, the object is said to be "comprised."  Confidentiality is the most
advanced area of computer security because the U.S. Department of Defense has
invested heavily for many years to find way to maintain the confidentiality of
classified data in AIS [4].  This investment has produced the Department of
Defense trusted computer  system evaluation criteria[5], alternatively called
the Orange Book after the color of it's cover.  The orange book is perhaps the
single most authoritative document about protecting the confidentiality of data
in ...

This is ONLY a preview of the article. If you would like to view the entire document, you must subscribe to Academic Library. Please register below now!

Subscribe to Academic Library

When you subscribe to the Academic Library, you get 24-hour access to the online database containing full-text articles written by thousands of scholarly students. For only $8.95 per month, you receive unlimited monthly access to view and download all of our 40,000 articles available online. That is less than the price of one textbook!
This price includes:

24-hours-a-day, 7 days a week unlimited access on any computer with Internet access

Complete access to all 40,000 articles, essays, and research papers

Ability to view and download virtually unlimited number of documents

Ability to browse through perfectly arranged catalog of articles

Superior search and relevancy ranking techniques using Google SiteSearch and our local search engine

Instant access to the online database after registration

You can pay by credit card, checking account. You get instant access after registration:

You will be billed $ 8.95 every 30 days (recurring billing) starting on the day you subscribe.
Your credit card will automatically be renewed for your convenience until you cancel.

If you are already registered, please click here to login.


	Home \| Register \| Login \| FAQ \| Forgot Password \| Privacy Policy \| Disclaimer \| Close Account \| Contact Us \| Logout Copyright 1998-2007 Academic Library. Academic Library is designed only to assist students and researchers in the preparation of their own work. Anybody who use our services are responsible not only for writing their own papers, but also for citing Academic Library as a source when doing so. By accessing and using this page you agree to the Disclaimer. If you wish to cancel your subscription to Academic Library, please click here.