Course Summary
Cybersecurity law & policy, or CSOL 540, provides a big picture of how policy shapes the entirety of an information security architecture. Cybersecurity Law & policy explores the approaches that are part of an overall security strategy, from policies that shape the overall security strategy to policies that determine rules and best practices.
Leaders are professionally and ethically responsible for ensuring a cybersecurity architecture includes the laws and regulations specified for their given industry. For example, a healthcare institution that collects and stores personal health information (PHI) must adhere to Health Insurance Portability and Accountability Act (HIPAA). Regulations ensure the organization meets the bare minimum requirements to protect consumer information.
Leaders are professionally and ethically responsible for ensuring a cybersecurity architecture includes the laws and regulations specified for their given industry. For example, a healthcare institution that collects and stores personal health information (PHI) must adhere to Health Insurance Portability and Accountability Act (HIPAA). Regulations ensure the organization meets the bare minimum requirements to protect consumer information.
Coursework Artifacts
| crypto_and_forensics_considerations_and_recommendations.pdf |
Exporting is a privilege, not a right, so companies in the U.S. have an essential responsibility to adhere to laws that pertain (Diaz & Patil, 2022).
| coppa_compliance.pdf |
The Children's Online Privacy Protection Act (COPPA) restricts online service providers from collecting information on children under thirteen. This groundbreaking law was enacted by the U.S. Congress in 1998 and went into effect on April 21, 2000. COPPA specifies that website service providers must adhere to a privacy policy that requires verifiable consent from parents of children to access their website. The act restricts digital marketing toward children (Schreider, 2020).
This act was modernized in 2013 to reflect mobile devices and social media use, where cookies and geolocation can track children's location and online activity. Hence, COPPA compliance is necessary for online service providers to avoid penalties of up to 41,484 per violation.
This act was modernized in 2013 to reflect mobile devices and social media use, where cookies and geolocation can track children's location and online activity. Hence, COPPA compliance is necessary for online service providers to avoid penalties of up to 41,484 per violation.
| acts_standards_and_regulations.pptx |
This artifact revolves around the laws and regulations that pertain to PHI. It is necessary to understand the importance of compliance.
Reflections
It's essential to incorporate the law with a cybersecurity program. The program's leaders must ensure that their program provides a defensible position on consumer data privacy. Understanding cybersecurity is an absolute necessity to deter losses. (Schreider, 2020)
Numerous federal and state laws, like the FTC (Federal Trade Commission), include cybersecurity requirements. Some federal laws, however, are sector-specific or extend only to public companies. At the state level, many states have passed laws imposing security requirements, like the California Consumer Privacy Act (CCPA) creates a data breach right of action for California residents with statutory penalties of $100 to $750 per consumer and per incident if plaintiffs prove that the impacted business failed to implement reasonable security procedures to protect the personal information. (Iclg.com, n.d.)
I was prompted to select the crypto and forensics considerations and recommendations as a coursework artifact because it’s vital for professionals in cybersecurity to understand applications or products distributed outside the United States that use, access, contain, implement, or incorporate encryption are considered an export of encryption goods and are subject to U.S. export compliance requirements and the import compliance requirements of the countries where you distribute your products (Apple.com, n.d.).
The second artifact is an excellent example of the professional liability cybersecurity leaders bear to protect consumer data and the consequences of negligence. This artifact discusses the COPPA violation by HyperBeard and can go a long way in learning policies and controls to safeguard this company from losses due to similar actions.
The third artifact is a presentation on acts, regulations, and policies that pertain to PHI. The health industry is one of the most regulated. PHI violation could cost an organization a fortune and cause a loss of reputation.
Cybersecurity professionals will handle proprietary information that must be kept secret. We must understand laws and regulations to keep data safe. Our ethical and professional obligation is to Incorporate cybersecurity laws, standards, and regulations necessary to keep information secure and our organization away from tort and civil litigations.
Numerous federal and state laws, like the FTC (Federal Trade Commission), include cybersecurity requirements. Some federal laws, however, are sector-specific or extend only to public companies. At the state level, many states have passed laws imposing security requirements, like the California Consumer Privacy Act (CCPA) creates a data breach right of action for California residents with statutory penalties of $100 to $750 per consumer and per incident if plaintiffs prove that the impacted business failed to implement reasonable security procedures to protect the personal information. (Iclg.com, n.d.)
I was prompted to select the crypto and forensics considerations and recommendations as a coursework artifact because it’s vital for professionals in cybersecurity to understand applications or products distributed outside the United States that use, access, contain, implement, or incorporate encryption are considered an export of encryption goods and are subject to U.S. export compliance requirements and the import compliance requirements of the countries where you distribute your products (Apple.com, n.d.).
The second artifact is an excellent example of the professional liability cybersecurity leaders bear to protect consumer data and the consequences of negligence. This artifact discusses the COPPA violation by HyperBeard and can go a long way in learning policies and controls to safeguard this company from losses due to similar actions.
The third artifact is a presentation on acts, regulations, and policies that pertain to PHI. The health industry is one of the most regulated. PHI violation could cost an organization a fortune and cause a loss of reputation.
Cybersecurity professionals will handle proprietary information that must be kept secret. We must understand laws and regulations to keep data safe. Our ethical and professional obligation is to Incorporate cybersecurity laws, standards, and regulations necessary to keep information secure and our organization away from tort and civil litigations.
References
Apple.com. (n.d.). Complying with Encryption Export Regulations. Apple Developer. Retrieved October 3, 2022, from https://developer.apple.com/documentation/security/complying_with_encryption_export_regulations
Iclg.com. (n.d.). Cybersecurity Laws and Regulations Report 2022 USA. ICLG. https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/usa
Apple.com. (n.d.). Complying with Encryption Export Regulations. Apple Developer. Retrieved October 3, 2022, from https://developer.apple.com/documentation/security/complying_with_encryption_export_regulations
Iclg.com. (n.d.). Cybersecurity Laws and Regulations Report 2022 USA. ICLG. https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/usa