Access keys | Skip to primary navigation | Skip to secondary navigation | Skip to content | Skip to page tools | Skip to footer |
Problems viewing this site
Feature News and Research title Feature News and Research image top
CITEC feature news Feature News and Research image bottom

Legal perspective: enterprise security

22 February 2004

Lawyers are increasingly being called upon to provide legal advice on corporate activities and projects that have electronic security dimensions.

In legal circles "enterprise security" is a term that includes all the technical and non-technical steps that an organisation takes to ensure that its hardware, software and systems are not compromised so that they operate in the manner contemplated by the organisation, its business partners and clients.

Australian organisations and their personnel may be liable under a range of laws following a breach of enterprise security, including:

  • Trade Practices or Fair Trading legislation - where a corporation or person makes a false or mislead
  • Contract law - where an organisation fails to discharge an express or implied contractual obligation
  • ASX Listing Rule 3.1 (if the organisation is a listed company) - where a company does not disclose a

Directors and officers of corporations may also be subject to legal sanction for failing to take reasonable steps to implement appropriate enterprise security controls as may be required under section 180 of the Corporations Act 2001.

The core elements of any program should be organisation neutral and should deal with both the implementation and maintenance of an enterprise security compliance program. At the very least, a program should have the following components:

  • Audit phase;
  • Planning phase;
  • Implementation phase; and
  • Monitoring phase.

Importantly, apart from an organisation ensuring that it has an effective enterprise security program and that the program is followed so that all relevant risks are identified, the organisation should also ensure that responsibility for the management of those risks is documented. Poorly drafted or ill-considered service and service level definitions are a constant source of commercial, technical and legal risk for organisations that outsource security.

.In summary, sound enterprise security planning and, where necessary, good outsourcing practice will not only lower commercial, technical and legal risk for an organisation, but will also assist in the mitigation of damage when inevitable security incidents do occur.

Phillip Hourigan is a Partner, Digital Industries, Tele-communications, Media and Technology Group, with major national law firm, Deacons.

About CITEC

CITEC is a national information and communications technology (ICT) service provider with offices in Brisbane, Sydney, Canberra and Melbourne. As Queensland's largest ICT provider CITEC's clients include local, national and multinational organisations. Founded in 1964, CITEC has today established itself as the second largest Australian-owned information systems outsourcer and is ranked eighth in IDC's "Australian IT Outsourcing Market, Top 10 Players - 2003" (Source - IDC, 2004).

CITEC manages several high security data centres and has approximately 600 employees located across Australia. CITEC's core solutions encompass the following areas: information brokerage, business process outsourcing and applications management, infrastructure management and ICT professional services.

minor dividing line

Read more CITEC feature news

grey line

CITEC RSS feedCITEC feed available.

Read more about RSS at CITEC. Not sure what is RSS?
Related links

» CITEC at a glance

» CITEC feature news

Ask a CITEC analyst