Federal Laws Relating to Cybersecurity
Discuss some of the benefits and disadvantages of using group policy in an organization
April 17, 2023Strategies and recommendations to the CIO
April 17, 2023Federal Laws Relating to Cybersecurity
Description
Read Federal Laws Relating to Cybersecurity: Overview of Major Issues, Current Laws, and Proposed Legislation (Links to an external site.). A PDF version of this document is available via the same link. Select one of the following U.S. Federal Cybersecurity and Data Privacy Laws to analyze. Questions to include in your analysis are below.
Data breach notification laws by state (Links to an external site.)
e.g., New Jersey Statutes 56:8-163: Identity Theft Prevention Act
1986 Computer Fraud and Abuse Act (considered the first cyber law)
1996 Health Insurance Portability and Accountability Act (HIPAA)
- 1999 Gramm-Leach-Bliley Act
2002 Sarbanes-Oxley (SOX), requires organizations to prove their cybersecurity credentials
11 titles
2002 Homeland Security Act, which included the Federal Information Security Management Act (FISMA)
- 2002 Cyber Security Research and Development Act
- 2014 Cybersecurity Enhancement Act (CEA)
- 2014 Federal Information System Modernization Act (FISMA)
- 2015 Cybersecurity Information Sharing Act (CISA)
- 2015 Federal Exchange Data Breach Notification Act
2015 National Cybersecurity Protection Advancement Act
- 2015 Cybersecurity Workforce Assessment Act (CWWA)
- 2017 Consumer Privacy Protection Act
- Or another cybersecurity or privacy law with prior approval (send a quick email to Dr. H.). Federal Cybersecurity and Data Privacy Laws Directory (Links to an external site.) (https://www.itgovernanceusa.com/federal-cybersecurity-and-privacy-laws (Links to an external site.))
- Questions for analysis
- What year did the law go into effect?
- Which U.S. Congress proposed the legislation? e.g. 112th.
- Describe the issues the law addresses. e.g. see Table I on pg. 11.
- Describe the key provisions of the law.
- What are the possible penalties for non-compliance?
- Is the law considered a standard? (www.itgovernanceusa.com/cybersecurity-standards (Links to an external site.))
- Is the law devised to protect people, property, and/or the government?
Does the law address/protect
freedom of expression (censorship)
access to and usage of the Internet
online privacy
intellectual property
something else
- Anything else of interest about this cyber law, such as providing guidance. (e.g. Federal Guidance on the Cybersecurity Information Sharing Act of 2015 (Links to an external site.))
- Cite a case that was brought before this law and briefly describe its outcome.
