ITM 517 Module 3 Case

Module 3 - Case

POLITICS & LEGISLATION 

Case Assignment

"History informs our future." Let us start by knowing the history. The last page of Appendix C shows a nice picture of the development of technology and law.

White House. (2009) Appendix C: Growth of Modern Communications Technology in the United States and Development of Supporting Legal and Regulatory Framework. Cyberspace Policy Review.

Next, read the following article which also contains a list of legislations and standards. Moreover, the article discusses why it is difficulty and ineffective to execute certain legislations.

Bono, S., Rubin, A., Stubblefield, A., & Green, M. (2006). Security through legality. Communications of the ACM, 499(6), 41-43. Retrieved from the Trident Online Library.

An in-depth analysis of the difficulty in compliance can be found in the article below, where the author focuses on CAN-SPAM Act of 2003.

Grimes, G. A. (2003). Compliance with the CAN-SPAM Act of 2003. Communications of the ACM,50(2), 56-62. Retrieved from the Trident Online Library.

The enforcement of a legislation and standard is also difficult. The following article uses the organizational context and emphasizes the need for development processes that facilitate enforcement.

Sang Hoon Kim, Kyung Hoon Yang, Sunyoung Park (2014). An integrative behavioral model of information security policy compliance. Scientific World Journal, 1-12. doi: 10.1155/2014/463870

Security legislations are not only made for organizations but also for individuals. On a personal level, it is also difficult to fully understand the implications of a legislation and we often times ignore the details. Read the following article to understand what risks you will be exposed to if you don't understand fully about a legislation.

Desautels, E. Software License Agreements: Ignore at Your Own Risk. US-Cert. http://www.us-cert.gov/reading_room/EULA.pdf.

Now I hope you have grasped the major concepts and understood what I want to come across regarding security legislation after following the background information. As mentioned in this module's homepage, politics is naturally involved in making a legislation and in its enforcement, even when the word "politics" does show up.

After you have "strategically" read the above materials, and, more importantly, thought about them critically and interconnectively, please compose a 4- to 6-page paper on the topic:

Why is it difficult to make security legislations and standards? And what factors need to be considered when making and enforcing security rules and regulations?

You may think that you are not a lawmaker, hence you don't need to know how to make a legislation. But as a future security officer in the company, you have to come up with a list of rules and regulations that the organization's employees should follow. You will also be responsible for following and enforcing existing legal requirements. Look at the various laws across countries as you weave the international issues into your discussion.

In preparing your paper, you need to discuss the following issues, and support with arguments and evidences:

• What are the major legislations and standards in information security?
• Are these legislations and standards serving their purposes?
• How to enforce these legislations and standards? Is it easy? Why?
• How to make security rules and regulations? Who are involved? What factors need to be considered?

Assignment Expectations

Length: Minimum 4–6 pages excluding cover page and references (since a page is about 300 words, this is approximately 1,200–1,800 words).

Your assignment will be evaluated based on the Rubric.