Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks
There are numerous global, regional as well as national laws and regulations focusing on IAP that require professional consideration. In particular, at the global level, the World Intellectual Property Organisation (WIPO) and World Trade Organization (WTO) have constructed legally binding derivative IAP agreements. While regionally, trans-border coalitions adopting or enacting IAP related laws include the Asia-Pacific Economic Co-operation (APEC), Council of Europe (COE), E.U., Organization of American States (OAS), and Organization for Economic Cooperation and Development (OECD). Lastly, the U.K. Computer Misuse Act of 1990, the U.S. Digital Millennium Copyright Act (DMCA) of 1998, the Trinidad and Tobago Act No. 86 of 2000, the U.S. Federal Information Security Management Act (FISMA) of 2002, as well as the Japanese Financial Instruments and Exchange Law (J-SOX) of 2006 are clear examples of IAP national legislation that can affect an entity’s control framework.