Management of Information Security

Categories: Computer security Government Information Management Policy Security

Essay, Pages 6 (1486 words)

Views

Management of Information Security

The first law I will discuss is the Sarbanes-Oxley Act. The Sarbanes-Oxley Act is also known as the Public Company Account Reform and Investor Protection Act. This law was enacted in 2002. This law was designed to enforce accountability for the financial reporting and record-keeping at publicly traded companies (Mattord & Whitman, 2017). I will give a brief history of how and why this law came about. I will also touch on why this law is appropriate and strengths of this law.

Don't use plagiarized sources. Get your custom essay on

“ Management of Information Security ”

Get custom paper

NEW! smart matching with writer

The Enron and WorldCom financial scandals showed the American public that there needed to be some sort of standard for public accounting and that helped protect the investors from unethical acts of business entities. During the 2000 to 2002-time frame Enron which is in Texas was thought to be one of the most if not the most successful oil companies in the world. During that time, they inflated its numbers, executive members embezzled corporate funds, and manipulated the energy market.

These things were not initially caught because there currently wasn't a way to verify this data. This was just a few illegal things that they did throughout this time frame. Most employees and investors were unaware until the company filed for bankruptcy in 2001 in which many investors suffered huge losses.

This law is appropriate. It establishes a much-needed standard to increase accountability. With having a standardized system in place, it allows discrepancies to be caught sooner, increases accountability, and ensures that the companies remain transparent in their business practices.

The probably most important thing about this law is it protects the investor. With this legislation came additional provisions such as the creation of the Public Company Accounting Oversight Board, prohibition of insider trades during pension fund blackout periods, enhanced criminal and civil penalties for violations of securities laws. That was just the beginning.

The National Cybersecurity Protection Act was enacted in 2014. This act updated the Homeland Security Act of 2002 which was introduced after the September 11 attacks. What this act did was is established the Department of Homeland Security, to include a national cybersecurity and communications integrations center to share information and facilitate coordination between agencies and perform analysis of cybersecurity incidents and risk (Mattord & Whitman, 2017). The overall goal was to provide a collaboration of entities to help secure national cyber infrastructure protection.

As a result of this act the National Cybersecurity and Communications Integration Center would require that government entities and private sectors come together to share sector information without penalties or delay. A few of the organizations included federal agencies, various levels of government, and companies from the private sector. With the enactment of this law it allows the government and various private sectors to build a strong working relationship. The most significant thing to come from this act was the information sharing amongst the group. With all the various experiences throughout the sector this will help the country be better prepared to defend itself against other security threats.

I believe this law is appropriate given how often we see data breaches. We have seen through countless incidents how important it is for entities to respond and respond quickly to breaches to mitigate damages. If it were not for this law, it would take an extended amount of time to act. This is mainly due to the different policies companies and governments would have to go through just to get approval join the discussion and what could be released.

The Cybersecurity Workforce Assessment act was enacted in 2014. The purpose of this law was to be sure that the Department of Homeland Security employees kept up with trainings and that the best employees were recruited. About every three years the Department of Homeland Securities' cybersecurity employees are evaluated. With this evaluation if they do not pass the evaluation, they must take the required steps to come up to par to passing. This could be as simple as passing a required certification test. The Department of Homeland Security must also develop a plan that will help improve recruiting and training cybersecurity employees.

The Department of Homeland Security's main purpose is to protect the nation's critical infrastructure from cyber threats. This why this is a very appropriate and needed law. It forces the Department of Homeland Security employees to keep up with the ever-evolving cybersecurity landscape which ensures that the unit will be better prepared for the prevention and responding to attacks that may occur. With this bill came a set of standards and best practices. Some of those standards or requirements can be seen when browsing federal job boards. Some of more basic requirements are certifications such as CompTIA's Security+, CCNA-Security, and SSCP just to name a few. To work in this field requires lifetime commitment to learning and staying abreast of the constant changes. By the Department of Homeland Security imposing these standards it forces the employees to constantly learn in order to keep up with the new material and technology that is required to pass the certification test.

The additional benefits of this law are that it ensures that the best and brightest cyber security talent is recruited. With this assessment it also helps to identify workforce needs. With the identifying of the agency's weak areas they can begin to fill the gap by searching for those IT professionals that are qualified to fill the roles.

The Health Information Technology for Economic and Clinical Health Act was passed in 2009 by President Barack Obama. This law addresses privacy and security concerns associated with the electronic transmissions of Private Health Information (PHI), in part through several provisions that strengthen help to strengthen Health Insurance Portability and Accountability Act (Mattord & Whitman, 2017)).

The main purpose of this law was to help stimulate the adoption of electronic health records(her). The electronic health records allowed patients to have the right to be able to receive their private health information in an electronic format. The second main reason for this law being passed was to expand data breach notifications which in turn would help to protect protected health information. By doing this it also increased penalties for those companies that constantly had HIPAA violations and those companies that failed to correct any violations.

This law is appropriate because as companies are converting from paperless to electronic systems this means that this data is more accessible for those that wish to steal it. The rollout of this law helps by establishing a standard and promoting safety. For the companies that fail to comply they get penalized with fines. The Health Information Technology for Economic and Clinical Health Act works hand in hand with the HIPAA Security rule. Health Information Technology for Economic and Clinical Health Act also came with incentives for those that used the electronic health record systems.

Like many other laws I expect this law to be amended and changed as the cyber security landscape continues to evolve. To ensure that companies are following this law the Department of Health and Human Services conducts audits of these businesses. By doing audits it ensures that these companies are following the laws and if they are not, they must make the adjustment.

The Federal Information Security Management Act also known as FISMA was enacted in 2002. This act requires each federal agency to develop, document, and implement an agency wide program to provide Infosec for the information and information systems that support the operations (Mattord & Whitman, 2017). The act was then updated in 2014 to the Federal Information Security Modernization Act. The way this act works is that the leaders each federal agency is required to develop, document, and implement agency wide-programs that provide information systems that support the operations of the agency, including those provided or managed by another agency, contractor, or other source (Mattord & Whitman, 2017).

On a yearly basis the CIOs and inspector generals are required to lead an annual review. They review the policies and programs and then report their findings to the Office of Management and Budget. In turn the Office of Management and Budget uses this data to report to Congress. The main purpose of this law to provide information on how money is being spent. The leaders should be implementing polices that are reducing cost and security risk. This law is appropriate since it establishes a form of accountability from the leaders.

Since these leaders are a part of the government, they tend to have more funding than others which means they can spend more. By having a plan that encourages cost efficient polices less tax dollars are going to waste and makes funds available for various other projects that the department may want to take on. Laws are the most effective if they adapt and are amended as needed. I believe this law is necessary since it promotes accountability of departments that it affects.