By: Sonny Zulhuda
At the closing week of year 2009, I’ll present my paper entitled: ‘Corroborative Intersection between Information Security Standards and the Legal Framework on Data Management’ at the Second International Conference on Computer ad Electrical Engineering (ICCEE 2009), 28-30 December 2009, Dubai, United Arab Emirates. The conference is organized by IEEE and IACSIT, both are renowned international associations for the electronic, computer and IT industry professionals. having gone through review and recommendations, over 200 papers will be presented at the two-day parallel sessions, discussing various aspects of computer and electronic industries. My paper talks about legal and industrial frameworks. I am looking forward to meeting the participants in person and having some networking sessions.
Here is the abstract:
This paper examines the intersection between the industrial standards and the legal framework in defining the scope of information security obligations in relation to the management of data and information assets. It undertakes two primary tasks; namely assessing the scope of legal compliance as stated in the internationally-accepted information security standards, in particular the Information Security Management Standards (ISMS); and identifying the legal trends adopted by laws in major jurisdictions, especially the UK and the US. It found that the intersection between the standards and the law is crucial and corroborative; one is found to compliment the other.
Some more snapshots and briefs will come soon.
A very happy new year of 2010 to you.
I hope your paper presentation goes well in Dubai. Happened to bump into your pic at the tallest building in the world as well (of course, via Facebook!) 🙂 Anyway, I am keen to read your paper that you have presented, if you do not mind to share with me. It sounds interesting. I have some general thought on standardisation:-
At times, standards prone to be a “soft law” or “self-regulation” means in the absence of such a black letter law (legislation). Thus, ICT industry tends to adopt standards efficiently as to suit the market and practice demands. For instance, there are several Data Centres in Malaysia that have adopted the ISMS certification and also Tier 4 Compliant. On one hand, Malaysia is still awaiting the Data Protection Bill to be a reality. So, whilst awaiting, companies have opted for the certification in their Data Centres due to global best practices, business and technology trends. So much so, standards are very much indispensable as a means of internal controls. The huge challenge is to sustain the standards to being compliant and the effectiveness of having such standards in place, as opposed to making it like a typical compliance tick checklist.
In the interim, I am impressed with your blog. Do keep in touch! I have been in touch with Professor Abu Bakar Munir via his blog as well.
Alhamdulillah it went well. Thank you for the compliments. I have also visited your blog occasionally and found it very informative indeed. Hope we can be in touch more frequently through blogs and, of course, FB:)
I’m pleased to know you also share the interest on this issue. This paper is a snap discussion extracted from my phd work. Yes, the standards and codes as a soft law have indeed played an important role in defining the whole regulatory framework of the data protection and information security. While the word legal compliance bears certain ‘strict’ implications, the terms code or standards sound more friendly. On the negative side, this brings about some reluctance and ignorance against law.
My paper argues that both the compliance to standards and law is important and warranted. Both framework is complementing each other and therefore I showed those intersections.
The paper itself is brief and introductory in nature. Absolutely i can share with you. Please drop me your email that I’ll reply to it.
Wish you all the best bro! (Am praying that I can meet you in Oxford this year) 🙂
Btw, I can be reached at: firstname.lastname@example.org.