Regulations are not the only manner in which security is dealt with. Mostly, technology means are used, such as anti-virus software, smart card readers, encryption software, firewall software, and electronic signature software. These are some of the responses of individuals and individual organizations trying to protect their communication. However, they cannot stand on their own. Technical measures can only partly deal with network and information security issues, as the functioning of technical means, to a large extent, relies on legal measures. The security situation is affected by a combination of the architectures of systems, the laws, the norms and the markets in which network and information security is in question. Most often, it is combinations of these different factors which determine the level of security, as in the case of procedures, laws and technologies, e.g. for authorization, authentication, integrity and non-repudiation, which are essential elements in a secure network and information system environment.
With respect to the issue of the organizational responsibilities and competences in relation to network and information security, there are and will be differences among countries. Regulators are increasingly approached in security issues, as mentioned, but there are other organizations looking into these matters, for instance the national Computer Emergency Response Teams (CERTs). There can be many models for the organization of security work, partly or to a larger extent, involving communication regulators. However, with respect to the large number of other issues which are related to security, for instance privacy and consumer protection, they are in most cases best taken care of by other public authorities specialized in these fields. Many countries have agencies specialized in data and privacy protection, and consumer protection is best dealt with by specialized consumer agencies or organizations, even if commerce takes place on electronic platforms.
The important issue to be dealt with in connection with network and information security is to construct the appropriate combination of technology and legal measures taking the broader environment of market and norms into consideration. This applies nationally as well as internationally, as communication is increasingly international, and security issues are therefore also international. This implies participating in or monitoring international negotiations and standardization initiatives on secure protocols and security systems.