This chapter described how important it is to conform to U.S. compliance laws and examined how technology and the Internet are driving globalization. With broad use of the Internet comes new threats. You also learned the importance of compliance to the economy and how it serves the public interest. The chapter examined a number of major compliance regulations. From these examples, you can see an increasing government need to regulate. Sometimes regulations result from public pressure when something goes wrong. The chapter examined these pressures and the motivations of both the government and the industry. The chapter also discussed how the industry tries to self-regulate to avoid government regulation to keep costs down and retain flexibility. The United States faces new threats continuously from nation-states trying to attack the country’s critical infrastructure.
This chapter also examined how security policies, controls, and procedures need to align with regulations, and demonstrated how to create this alignment. The chapter also examined how to show evidence of compliance to a regulator. You read about the challenges to comply with regulation and industry standards, as well as the need to align security policies to both legal requirements and the company’s core values. Finally, a key lesson in this chapter is not to chase laws by building specific security policies and controls tailored to each new regulation. Rather, you should base policies on key concepts that address a broad range of regulatory concerns such as consumer protection and privacy.
Also, this chapter touched on several international laws. Obviously, it is not possible to cover every law in every country. One will need to consult the laws in one’s own nation. However, a brief introduction to international laws was covered.
1. Internet World Stats, https://www.internetworldstats.com/stats.htm accessed December 2019
2. Kemp, Simon, “Digital 2019: Global Internet Use Accelerates,” We Are Social, https://wearesocial.com/blog/2019/01/digital-2019-global-internet-use-accelerates, accessed April 10, 2020.
3. “Internet Stats and Facts (2020),” HostingFacts, https://hostingfacts.com/internet-facts-stats/, accessed April 10, 2020.
4. Harress, Christopher, “Obama Says Cyberterrorism Is Country’s Biggest Threat, U.S. Government Assembles ‘Cyber Warriors,’” International Business Times, February 18, 2014, http://www.ibtimes.com/obama-says-cyberterrorism-countrys-biggest-threat-us-government-assembles-cyber-warriors-1556337, accessed March 9, 2014.
5. Goodin, Dan, “New Advanced Malware, Possibly Nation Sponsored, Is Targeting US Utilities,” Ars Technica, https://arstechnica.com/information-technology/2019/08/new-advanced-malware-possibly-nation-sponsored-is-targeting-us-utilities/, accessed April 10, 2020.
6. Center for Strategic and International Studies, “Significant Cyber Incidents,” https://www.csis.org/programs/technology-policy-program/significant-cyber-incidents, accessed April 10, 2020.
7. “Executive Order—Improving Critical Infrastructure Cybersecurity,” The White House, Office of the Press Secretary, February 12, 2013, https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity, accessed April 11, 2020.
8. U.S. Securities and Exchange Commission, Office of Inspector General, Office of Audits, “Audit of the SEC’s Compliance with the Federal Information Security Modernization Act for Fiscal Year 2017,” https://www.sec.gov/files/Audit-of-the-SECs-Compliance-with-FISMA-for-Fiscal-Year-2017.pdf, accessed April 10, 2020.
9. American Speech-Language-Hearing Association, “Health Information Technology for Economics and Clinical Health (HITECH) Act,” https://www.asha.org/Practice/reimbursement/hipaa/HITECH-Act/, accessed April 10, 2020.
10. ITIL, http://www.itil-officialsite.com/home/home.asp, accessed March 22, 2010.
11. ETSI, “Cyber,” https://www.etsi.org/committee/1393-cyber, accessed April 11, 2020.
12. Asia-Pacific Economic Cooperation, “APEC Privacy Framework,” https://www.apec.org/Publications/2005/12/APEC-Privacy-Framework, accessed April 11, 2020.