100% (1)
Pages:
3 pages/≈825 words
Sources:
3
Style:
APA
Subject:
Technology
Type:
Essay
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 16.2
Topic:

Why is it difficult to make security legislations and standards? And what factors need to be considered when making and enforcing security rules and regulations ?

Essay Instructions:
Assignment: "History informs our future." Let us start by knowing the history. The last page of Appendix C shows a nice picture of the development of technology and law. White House. (2009) Appendix C: Growth of Modren Comunications Technoloyg in the United State and Development of Supporting LEgal and Regulatory Framework. Cyberspace Policy Review. We then continue to become familiar with a set of legislations and standards regarding information security that you and your organization should know of. The following presentation has some overview. It doesn't provide a comprehensive list, but it does cover the major ones. Wang, Wenli. Powerpoint Presentation. Security Legislations. Next, read the following article which also contains a list of legislations and standards. Moreover, the article discusses why it is difficulty and ineffective to execute certain legislations. Bono, Stephen; Rubin, Aviel; Stubblefield, Adam; Green, Matthew. (2006) Security Through Legality. Communications of the ACM, Jun2006, Vol. 49 Issue 6, p41-43. (TUI library). An in-depth analysis of the difficulty in compliance can be found in the article below, where the author focuses on CAN-SPAM Act of 2003. Grimes, Galen A. (2003) Compliance With the CAN-SPAM Act of 2003. Communications of the ACM, Feb2007, Vol. 50 Issue 2, p56-62. (TUI library). The enforcement of a legislation and standard is also difficult. The following article uses the organizational context and emphasizes the need for development processes that facilitate enforcement. Siponen, M. (2006). Information Security Standards Focus on the Existence of Process, Not Its Content. Communications of the ACM, Aug2006, Vol. 49 Issue 8, pp. 97-100. (TUI library). Security legislations are not only made for organizations but also for individuals. On a personal level, it is also difficult to fully understand the implications of a legislation and we often times ignore the details. Read the following article to understand what risks you will be exposed to if you don't understand fully about a legislation. Desautels, Edward, Software License Agreements: Ignore at Your Own Risk. US-Cert. http://www(dot)us-cert(dot)gov/reading_room/EULA.pdf. Now I hope you have grasped the major concepts and understood what I want to come across regarding security legislations after following the background information. As I mentioned in the module's homepage, politics is naturally involved in making a legislation and in its enforcement, even when the word "politics" does show up. I am sure you have learned a lot and have a lot to say. Please write a 3-4 page paper on the following topic: Why is it difficult to make security legislations and standards? And what factors need to be considered when making and enforcing security rules and regulations ? You may think that you are not a law maker, hence you don't need to know how to make a legislation. But as a future CSO in the company, you have to come up with a list of rules and regulations that the organization's employees should follow. You will also be responsible following existing legal requirements and enforcing them as well. Expectations: In preparing your paper, you need to discuss the following issues, and support with arguments and evidences: what are the major legislations and standards in information security? are these legislations and standards serving their purposes? how to enforce these legislations and standards? is it easy? why? how to make security rules and regulations? who are involved? what factors need to be considered?
Essay Sample Content Preview:
IT SECURITY LEGISLATION AND STANDARDS Name Institution Affiliation Course Date of Submission Introduction Legislation is the driver of information security initiative, and this calls for protecting the confidentiality and integrity of data. Good information security practices have been put in force through the passing of laws that that are related to protection of consumer privacy and confidentiality. The legislation is an attempt to protect consumers, and the laws must be taken into account subject to the legislation. Although there are argument that some elements of security do not have business sense by acceptance of business risks, security requirements propelled by the legislations do not allow an option (Theohary & Rollins, 2009). The legislations make an organization subject to government audits and fines for failure of compliance. It is therefore imperative for organizations to comply with security requirements to perform security assessment and knowledge regarding the relevance of the legislation. The basic misconception regarding information security is its resolution by deployment technology of automated tools. Technology forms part of the wider picture as well as enhancing security. There are other security constituents issues such as the employment of appropriate security skilled resources, development and implementation of policies and procedures, conducting of risk management, training and educational awareness coupled with managements and legal requirement (CRC Press LLC, 2005). There are various legislations that have been enacted to provide security and confidentiality to consumers and organizational data infringement. Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA,) Sarbanes-Oxley Act, Code of Federal Regulations (21CFR), and CAN-SPAM Act of 2003 among others. These legislations have been provided to perform various tasks of providing security and protection of technological information of organizations and also individuals. These legislations have been enacted in a manner that allows organizations and individuals to comply. The legislations play significant role in enhancing compliance of origination to security programs to secure their electronic information. They play a vital role in managing information security programs in managing risks. The advocating of these security measures have some important limitation since they primarily focus in ensuring certain information security processes do exist, while they fail to provide advice on how these information security processes are accomplished in practice. He legislations need to describe the problem of information pertains to prestigious management standards. The lack of paying attention to the context in which a problem manifest itself portrays that the standards primary concern is ensuring certain information programs are carried out in an organization with a less interest on how they are employed. The legislations are mainly abstracts which do not provide advice on the desired results must be attained in practice. Lack of concern portrays nothing to the programs quality, as having in place these standards does not mean their goal has been achieved. These legislation are mandatory to organization to comply with in securing the confidentiali...
Updated on
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Sign In
Not register? Register Now!