Wendy Only

Case Study at the end of Chapter 14 of the textbook below:

Recent corporate security breaches such as that at Lewis-Nexis and the failure Corporate America to act responsibly to correct security flaws may force legislators to enact laws that require to enact laws that require corporations to adhere to best practices in computer security.

Just as the Sarbanes-Oxley Act of 2002 was designed to ensure that financial records of a corporation are properly prepared and are accurate, and the Heath Insurance Portability and Accountability Act (HIPAA) requires increased security procedures for maintaining and exchanging medical information, businesses can expect new legislation that will require that information security best practices are followed.

The Federal Information Security Management Act of 2002 (FISMA) already requires federal departments and agencies to implement appropriate security polices and supporting security architectures to reduce and quickly remediate vulnerabilities to their enterprise systems. It is likely that similar legislation will be passed that would extend similar regulations to private enterprise. As with FISMA, the goals would be to define and architect the required security mechanisms within IT initiatives that support and enforce security planning, testing, and evaluation. FISMA creates a defined architecture for reporting information security incidents, which forms the basis of accountability, FISMA requires initial and regular risk assessments and management reviews. Organizations must begin the FISMA process with an organizational risk assessment and then implement the required information security mechanism and controls to ensure the security of those identified risks in their organization.

Rep. Adam Putman (R-Fla.) has drafted the Corporate Information Security Accountability Act of 2003, which would require private companies to comply with industry benchmarks. Work is proceeding to update the bill in a working group created by the subcommittee Putnam chairs, the Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.

The bill may require companies to conduct annual security audits, inventory key assets and their vulnerabilities, and carry insurance against cyberattacks. The proposed law also includes a provision to shield companies from large, punitive lawsuits over security breaches. It will seek not only to protect businesses, but also the nation’s infrastructure. (Note: the bill failed to pass.)

Corporate Security Case Study Assignment

Certain acts are being passed by U.S. legislators to aid corporations in adding information security to their organizations. The Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, and the Federal Information Security Management Act are examples of the government trying to regulate the security of certain organizations.

Read the Case Study at the end of Chapter 14 of the textbook. Prepare a report to present to the CIO of a company that produces engineering software for security agencies. This CIO does not believe the government should have any say in the operations of the company. The report should contain at least three security practices that meet best practices industrywide. Also, explain at least two risks the nation's infrastructure may face if the company fails to comply with security standards.   Your report should be 2–3 pages in length and should be written in APA style.