LEGAL ISSUE IN SECURITY POLICY OF INTERNATIONAL COMPANY : A LEGACY APPLICATION SETTING, COMPARATIVE STUDY OF EU PERSPECTIVE and US LAW TRADITION

Research Project

Security plays a big part in today’s world of computer, e-commerce and the internet. By the advent of the Internet and networking, there has been a huge potential for expanding the way that businesses communicate and share data, provide services to clients and process information to increase their efficiency and lower production costs. It is now possible to interconnect two partner companies in order to share data in real time, to hold conferences with people who are geographically separated and to place orders and update inventory in real-time.

Unfortunately, the security of information is at risk by simply being stored and accessed on a networked computer. The risk of an incident is even more significant when multiple people will be legitimately modifying, updating, and otherwise accessing the data on these systems.

As these threats have increased, security has become a priority for companies, where companies hold large amount of personal information about its costumers or clients, keeping the information private is top priority. A Security policy is needed to inform user and staff members about the need of their responsibility to process the organizations technology and critical information. Security policies inform employee of the guidelines processing company and asset. Security policies also serve as good foundation for conducting audits of the network and its resources. Developing a security policy will help to define strategic goals, to identify critical assets, and to uncover potential vulnerabilities and/or existing vulnerabilities.

Creating a security policy is more complicated than arriving a policy and putting it on the shelf. A company may be in a situation where they need to comply with certain local, state, and or federal laws. By way of that, we will know principals used to create a security policy for international company. In this case, of course, each state will be different because legal system which bases it on is different too. It’s also about issues in information security which develops. So that, we know the principles to make a policy for international companies. Each country has different principles for the difference of the law system. The developing security information will be distinct as well.

The researcher will form the boundary only in international company using Linux operating system (open source). Then, researcher uses comparative approach, which compares security policy of international company in France (One of the European Unions) and USA. Hopefully, through this research, we will get a basic principals base on creating a security policy. Then, by all of those principals, A STANDARD SECURITY PROCEDURE FOR INTERNATIONAL CORPORATE (LINUX OPERATING SYSTEM) can be composed. Next, this draft can be a reference for companies of the entire world that develop their security system in Linux Open Source.

First, this researcher will roll out the information issues including cyber crime threatening an international company. The comparative case study in France international company and American international company will be carried out then. The comparison itself is not only limited in security policy which each country created, but also in laws and non-law factors that influence the creating process. Laws that will be compared here is the computer security laws or the others that relevant to the information security issues. From this comparison, it is expected that the principals of security policy in EU and USA will be found out.

France is chosen as a county where an international company exists. It is also because France has an important actor in EU. France has always been an engine of European integration, especially for its political aspects. It is also one of the most active actors in EU Politics and Policies. Its level of “Europeanization” of the national foreign policy is a high degree. Besides, taking research in France will decrease the expense because the master study is also done in France. The other case study will be done at an international company in USA where a security policy which is suitable with US Law Principe will be found. By this study, we will know how US handle information security issues that develop out there.

USA is chosen because it has an extra ordinary development in internet, computer and networking. It is considered as a place where they were born. Besides, USA is usually used as the guidance for many countries in creating their policies because of its great development in computer and networking technology.

Security policy that will be compared is a security policy in Linux operating system. Why it is chosen? It is to limit the scope, and also to make it suitable with purpose of this research, compose a security standardization of open source (Linux).

In the same manner as we know, open source today is very more forward looking. In France, Ministry of Equipment has already changed 1.500 office server and Microsoft Windows NT infrastructure with Mandrake Corporate server, one of the Linux distro. It was done to support Linux development and to decrease calculation (2004). In Munich, German, Linux or operating system and other open source desktop application are used in all of department. In a note, on Mei 2003, Munich the third big city in German, decided to use Linux for 14.000 of their public service computer. It was big migration, since Munich is considered as a big city in German.

Five years ago, Linux showed such a great progress in developed countries. Now, in 2009, it must be more improved and spread out all over the world. Even in the developing country such as Indonesia; it has been applied in the computer operating system of the education institutions, government institution and also private company. The main reason is because it can decrease the expense calculation for license. The other reason is the improvement of open source product is done by users that spread in the entire world. It causes the security system become more up to date. We do not have to wait for its individual or team improvement in laboratory as what happened in Microsoft or other license service supplier.

Along with Linux development, its security system became more increased. In legal, it also needs to move forward together with the increasing of security issues. One of the moves is creating a private security policy in each company especially for international company; considering their activity is cross-border. STANDART SECURITY PROCEDURE FOR INTERNATIONAL CORPORATE (LINUX OPERATING SYSTEM) tried to be created from the result of the comparative approach in this research is expected to be the reference for companies which try to develop their Linux security system. One of them is Indonesia.

LITERARY REVIEW

PRIMARY LAW MATERIALS:

1. The Constitutions or Regulations which are relevant with Computer Security Law in France.

2. The Constitutions or Regulations which are relevant with Computer Security Law in US.

3. The International Security Convention or others which are relevant with information security issues.

SECONDARY LAW MATERIALS:

1. The Security Policy of international company in France and US.

2. Law text books, Law journals and Law Articles which are relevant with information security issues.

NON-LAW MATERIALS: Computer and Networking text books, Linux text books, research report and non-law journals which are relevant with information security issues.

THE RESEARCH APPROACH: COMPARATIVE APPROACH

This research compares constitutions or regulations in France and US which regulate an information security. The constitutions or regulations are evidently relevant with creating a security policy in international company. Absolutely, the background bases the constitutions or regulations on is different because the legal system is also different. However, it is estimated that there is an equal doctrine which is used in each constitutions or regulations to handle an information security issues.

THE RESEARCH OBJECTIVES:

1. To know the principles and the main things used in creating security policy of international company in France and US.

2. To know the similarity and difference of constitutions or regulations between France and US to handle an information security issues.

3. To know the relevancy of non-law factors in creating security policy in US Legal system and EU legal system.

4. To know the pattern of giving protection of computer and internet security law in international company between France and US.

To create a STANDARD SECURITY PROCEDURE FOR INTERNATIONAL CORPORATE (LINUX OPERATING SYSTEM) to become the reference or guidance for international company in other states in developing open source security policy in their company