Internet Security Policies Standards and Laws

Network security policies describes an organization’s security controls. It aims to keep malicious users out while also mitigating risky users within your organization. The initial stage to generate a policy is to understand what information and services are available, and to whom, what the potential is for damage, and what protections are already in place.

The security policy should define the policies that will be enforced – this is done by dictating a hierarchy of access permissions – granting users access to only what they need to do their work.

These policies need to be implemented in your organization written security policies and also in your IT infrastructure – your firewall and network controls’ security policies.

Why are security policies important?

Security policies are important because they protect an organizations' assets, both physical and digital. They identify all company assets and all threats to those assets.

Physical security policies are aimed at protecting a company's physical assets, such as buildings and equipment, including computers and other IT equipment. Data security policies protect intellectual property from costly events, like data breach and data leaks.

Types of security policies

Security policy types can be divided into three types based on the scope and purpose of the policy:

  1. Organizational. These policies are a master blueprint of the entire organization's security program.
  2. System-specific. A system-specific policy covers security procedures for an information system or network.
  3. Issue-specific. These policies target certain aspects of the larger organizational policy. Examples of issue-related security policies include the following:
    • Acceptable use policies define the rules and regulations for employee use of company assets.
    • Access Control policies say which employees can access which resources.
    • Change Management policies provide procedures for changing IT assets so that adverse effects are minimized.
    • Disaster Recovery policies ensure business continuity after a service disruption. These policies typically are enacted after the damage from an incident has occurred.
    • Incident Response policies define procedures for responding to a security breach or incident as it is happening.
Ecommerce Security 
Ecommerce security is essential if you are to make it in this industry. Online businesses experienced 32.4% of all successful cyber attacks in 2018. A serious business should, therefore, employ rock-solid eCommerce security protocols and measures. It will keep the business and customers free from attacks.

What is eCommerce or electronic commerce security?

eCommerce security is the guidelines that ensure safe transaction through the internet. It consists of protocols that safeguard people who engage in online selling and buying of goods and services. You need to gain your customers’ trust by putting in place eCommerce security basics. Such basics include:

  • Privacy
  • Integrity
  • Authentication
  • Non-repudiation

1. Privacy

Privacy includes preventing any activity that will lead to the sharing of customers’ data with unauthorized third parties. Apart from the online seller that a customer has chosen, no one else should access their personal information and account details.

A breach of confidentiality occurs when sellers let others have access to such information. An online business should put in place at least a necessary minimum of anti-virus, firewall, encryption, and other data protection. It will go a long way in protecting credit card and bank details of clients.

2. Integrity

Integrity is another crucial concept of eCommerce Security. It means ensuring that any information that customers have shared online remains unaltered. The principle states that the online business is utilizing the customers’ information as given, without changing anything. Altering any part of the data causes the buyer to lose confidence in the security and integrity of the online enterprise.

3. Authentication

The principle of authentication in eCommerce security requires that both the seller and the buyer should be real. They should be who they say they are. The business should prove that it is real, deals with genuine items or services, and delivers what it promises. The clients should also give their proof of identity to make the seller feel secure about the online transactions. It is possible to ensure authentication and identification. If you are unable to do so, hiring an expert will help a lot. Among the standard solutions include client logins information and credit card PINs.

4. Non-repudiation

Repudiation means denial. Therefore, non-repudiation is a legal principle that instructs players not to deny their actions in a transaction. The business and the buyer should follow through on the transaction part that they initiated. eCommerce can feel less safe since it occurs in cyberspace with no live video. Non-repudiation gives eCommerce security another layer. It confirms that the communication that occurred between the two players indeed reached the recipients. Therefore, a party in that particular transaction cannot deny a signature, email, or a purchase.

Cyber Law

Cyber Law or IT Law is referred to as the Law of the Internet. The Cyber law definition says it is a legal system designed to deal with the Internet, computing, Cyberspace, and related legal issues. The apt introduction to Cyber Law is: It is ‘paper laws’ in the ‘paperless world’.

Cyber law encompasses aspects of intellectual property, contract, jurisdiction, data protection laws, privacy, and freedom of expression. It directs the digital circulation of software, information, online security, and e-commerce. The area of Cyber Law provides legal recognition to e-documents. It also creates a structure for e-commerce transactions and e-filling. The first cyber law to ever exist was the Computer Fraud and Abuse Act in 1986 that prohibited Unauthorized access to computers and illegal usage of digital information.

THE IMPORTANCE OF CYBER LAW

Just like any other law, Cyber law consists of rules that dictate how people and companies should use the internet and computers. While other rules protect people from getting trapped in Cybercrime run by malicious people on the internet. Although it is close to impossible to curb 100% of all cybercrimes, laws implemented all around the world assist Now the question arises, what are Cyber law and its importance? The importance of Cyber law can be understood by the following points:

  1. It dictates all actions and reactions in Cyberspace.
  2. All online transactions are ensured to be safe and protected 
  3. All online activities are under watch by the Cyber law officials.
  4. Security for all data and property of individuals, organizations, and Government 
  5. Helps curb illegal cyber activities with due diligence 
  6. All actions and reactions implemented on any cyberspace has some legal angle associated with it
  7. Keeps track of all electronic records
  8. Helps to establish electronic governance
  • THE VARIOUS COMPONENTS OF CYBER LAW

    Safeguarding data and privacy– Both private and professional information and data must be secured thoroughly. Personal and financial information always attracts cybercriminals. Misuse of this information by any other person is illegal and that is where these laws come into play. The basic steps to safeguard your data and privacy is elaborated below

    • Two-factor authentication for financial platforms and any other forums that provide this function.
    • Initiate Virus protection software.
    • Use only verified payment methods on reputed websites.
    • Avoid giving out personal information

    Cybercrimes- These crimes are any illegal activities that occur on a networked technological device. These crimes include online and network attacks, extortion, harassment, money laundering, hacking, and many more.

    Intellectual property- Intellectual property is basically an individual or group’s work, designs, symbols, inventions, or anything owned by them which are intangible and are usually patented or copyrighted. Now cyber theft would mean the stealing or illegal use of the same intangible items.

    Electronic and digital signatures- Nowadays most individuals and companies use electronic signatures to verify electronic records. This has become reliable and regular. The wrong usage by another of this signature is illegal and hence a cybercrime.

  • TYPES OF CYBER LAW

    Now let us discuss what are the types of Cyber law? The law has rules dictating behavior while using computers and the internet. It also prevents unscrupulous activities online. Some major types of Cyber Law are:

    • Copyright: These days’ copyright violations come under Cyber law. It protects the rights of companies and individuals to get profit from their creative work. In earlier days, online copyright violation was easier. But due to the introduction of Cyber law, it has become difficult to violate copyright. Which is very good!
    • Defamation: Generally, people use the internet to speak out their minds. But in the case of fake public statements on the internet that are bound to hamper someone’s business and reputation, that is when defamation law comes into the picture. Defamation Laws are a kind of civil law.
    • Fraud: What is Cybercrime law? The major motive of this law is to protect people from online fraud. Consumers these days depend on Cyber Law to prevent online fraud. IT law prevents credit card theft, identity theft, and other money-related crimes that are bound to happen online. People who commit online fraud,  face state criminal charges. They may also witness a civil action by the victim.
    • Harassment and Stalking: Some statements made by people can violate criminal law that refuses stalking and harassment online. When somebody posts threatening statements repeatedly about somebody else, this violates both criminal and civil laws. Cyber lawyers fight and defend people when online stalking occurs.
    • Freedom of Speech: The internet is used as a medium of free speech. But there are laws to avoid free speech that may cause immorality online. Cyber lawyers should advise their clients about the amount of free speech allowed online. Sometimes the Cyber lawyers fight cases for their clients where they debate whether their client’s actions are within the permissible limit of free speech.
    • Trade Secrets: Businesses depend on Cyber laws to preserve their trade secrets. For example, some organizations might steal online algorithms or features designed by another firm. In this case, Cyber laws empower the victim organization to take legal action to protect its secrets.
    • Contracts and Employment Laws: You might have agreed upon many terms and conditions while opening a website or downloading some software. This is where the Cyber law is used. These Terms & Conditions are designed for online privacy concerns.











Comments

Popular posts from this blog

Computer Hardware and It's Peripherals

Internet

Social Impact of Computer on Society