Impact of Legislation on Organizations
Introduction
Cyber security is one of the most growing threats among computer users, personally or professionally. This is an issue that needs not to be taken for granted as more and more cyber crimes were being reported. We argue that the Cyber security proposal and cyber security policy may help people in taking care of their vital information that can be used for identity theft and fraudulent activities. The report shows that proposals to develop a more comprehensive law against cyber crimes may affect the State of Maryland’s current information security, thus making it stronger against cyber crimes. Points of analysis are provided under the Cyber Security Legislative Proposal along with potential impact to Maryland’s information security program.
Points of Analysis
In the statement of Governor Martin O’Malley on Cyber Security Legislative that was proposed by President Obama, he raised that he wanted the State of Maryland to be the country’s epicenter of cyber security. Some of the points of analysis in the Cyber Security Legislative Proposal are Penalties for Cyber Crime, Data Breach Notification, and Personnel Authorities Related to Cybersecurity Positions. These analyses may have an impact on State of Maryland’s information security program.
The legislative proposal for Cyber Security’s first section is about the penalties that will be imposed over a proved cyber crime. In this section, it says that computer criminals should be liable for graver penalties once proven guilty under the Cyber Security Law. The proposal recommends that the Abuse Act and Computer Fraud be updated to stipulate a minimum fine if cyber crime or cyber attack is committed, which will be a mandatory under the updated cyber laws. This law also recommends the liability of cyber attackers that had an unsuccessful cyber crime. In addition, the initial section of proposal recommends harsher a penalty against cyber attacker in the event that significant infrastructure system has been damaged. This is one of the points of analysis that I picked because once this section has been implemented along with the other parts of the proposal, it will surely lower the number of cyber crime attacks if not eliminate cyber offenders as they will be more liable to heavier and harsher penalties under Cyber Security Law (Stephens, 2011).
The Cyber Security Legislative Proposal also includes the new rulings for Data Breach Notification. The inclusion of this section states that companies and organizations will be required to notify a potential victim of breach within sixty days. This section covers the organizations and companies that handle at least 10,000 personal data per year. However, the Federal Trade Commission could grant an extension in the event that further investigation is needed and if the Federal Bureau of Investigation identifies possible investigation interference due to notification. In the event of information breach, the organization will be required to inform The Secret Service, Federal Bureau of Investigation, and Federal Trade Commission. Notification requirements will then be enforced by Federal Trade Commission. The inclusion of this section in the points of analysis asserts the extensive security over people’s vital information and the notification from FTC will be a good warning sign for the people to handle their personal information more carefully. This may not stop the cyber attacks, but with the enforcement of notification, it will help people in taking more steps in protecting their sensitive information to stop identity theft and computer frauds (Stephens, 2011).
The proposal’s section about Personnel Authorities Related to Cyber Security Positions will grant authority to the Secretary of Homeland Security to set competitive pay, establish cyber security positions, and provide supplementary benefits and compensation for employees of cyber security. It also includes the scholarship program that will be grant to employees in obtaining certification or degree in information assurance course. This recommendation aims to develop and produce more competitive professionals, which also hopes to enhance Department of Homeland Security’s flexibility when it comes to hiring professionals. This is another point of analysis, which will be the key to enhancement of hiring professional cyber security professionals, thus increases the government’s capability to eliminate and fight cyber attackers. As the DHS provide more competitive pay and better compensations to cyber security professionals, the more they will be motivated in achieving the government’s goal. This will also provide a concrete streamline and guidelines in establishing strong agency against growing threats of cyber crimes.
Analysis
The three included points of analysis based on the Cyber Security Legislative Proposal may have some impacts towards the State of Maryland’s current information security program. Initially, the Penalties for Cyber Crime may need the State of Maryland’s current rulings when it comes to penalties against cyber crimes. The impact that the proposal may have to Maryland’s information security program would be the attempts to attack the state government’s cyber infrastructure. People who have plans to attack the state of Maryland’s computer system may have to think twice as even if their plans will not be successfully done, they are still liable with harsher penalties under the proposed cyber crime law (maryland.gov).
The Data Breach Notification section of the Cyber Security Proposal asserts that an organization or company can have immunity in the event that the federal government needs their cooperation in resolving national security issues. While the current state policy states that anyone in the organization must not divulge or disclose any vital information as the person will be liable and may face administrative actions up to termination of employment.
The state of Maryland’s information security policy states that if their employee is unsure and not capable enough to handle a severe cyber incident, they may have to hire trained professionals for consultation and assistance in response with needs to resolve the incident. In the proposed legislation, a section, this is Personnel Authorities Related to Cyber Security Positions, states that there will be more trained and competitive professionals who will be specialized in cyber security crimes. In this case, the state government may not require an organization to consult skilled professionals, but to consult professionals hired by Department of Homeland Security as they will be trained in handling such incidents (maryland.gov).
Conclusion
The proposal to develop a more comprehensive law to protect the people’s cyber security is needed as it will also protect the national security from cyber attacker who might hack the government’s vital cyber infrastructure. The court should also be more involved when deciding when to grant and who will be granted with immunity to companies that will provide vital information in resolving cyber issues so as to keep the balance with executive branch. The DHS should also be stricter with the guidelines regarding scholarship grants, ensuring that only qualified employees should be trained and developed to handle cyber issues especially if it involves national security and individuals’ financial security. The legislative policy that was proposed by President Obama may have some opportunities that need to be enhanced or revised as the cyber world covers a wide range of information from all over the world and may need to comply with existing laws against cyber crimes.
References
Stephens, K. (2011, June 15). A Review of the Cybersecurity Legislative Proposal. Retrieved August 26, 2013, from http://www.nsci-va.org/WhitePapers/2011-06-15-Federal%20Cyber%20Legislative%20Proposal%20Whitepaper-K%20Stephens.pdf