1. How would enacting S. 2105 have improved upon cybersecurity? That is, what topics raised in class would it have addressed, regarding cybersecurity?
The proposed act encourages consultation between the government and the private sector raising the level of awareness within management rank and file. As Bayuk location 387 (2012) points out, on-going communication and cooperation between the public and the private sectors will lead to a more resilient national cyber standing. As it stands today, data on cyber breaches and vulnerabilities are kept confidential and locked away. Not realizing how vulnerable various sectors are keeps managers in the dark about the threats facing their enterprise. Bayuk further emphasizes the need for closer collaboration …show more content…
Privacy of individuals is protected by through proper measures and oversight. Bayuk, et al, emphasize the privacy issue and warn against “terse” responses and point out the potential for discriminatory behavior by the government and private entities.
The bill would have encouraged information sharing as opposed to mandating it. In line with bayuk’s approach, the goal of the policy should be set to reduce cyber security risk and not to meet a goal that is set externally, such as compliance with regulatory or industry’s best practices, although once cyber security risks (in line with business needs) are established, external compliance considerations can be easily achieved by performing an audit and closing gaps, if any are identified.
At times, various agencies play conflicting roles. Clearly wide gaps between the Department of Homeland Security, DoD, the intelligence community, and organizations such as NIST remain. Some provisions of the proposed legislation have been implemented, such as the creation of Cyber Threat Integration Center, announced February 2015, whose limited role is to assess and coordinate sharing of the threat data amongst various …show more content…
But this is not necessarily a bad outcome as the reason for the drop in expenditure is due to the fact the companies reach their security objectives at a lower cost. (www.directscience.com 2003)
Similar to S.2105, it emphasizes the need to move away from a culture of compliance to a culture of outcome measurement with added benefit of putting in place the organizational framework to ensure that there is streamlined focus to strengthen resilience of federal government systems. The steps mandated by S. 3414 in the areas of “red team” exercises will undoubtedly raises awareness and lead to better security leading to stronger cybersecurity posture.
Without a doubt we are witnessing a shift in the needed expertise akin to the shift that took place at the dawn of industrial revolution or with the advent of computers, programming and the internet. In each case, the workforce had to be trained in new set of skills . Cybersecurity is no different. This Act would have advanced this cause on the road to developing a stronger cybersecurity workforce and enhancing our cybersecurity
The proposed act encourages consultation between the government and the private sector raising the level of awareness within management rank and file. As Bayuk location 387 (2012) points out, on-going communication and cooperation between the public and the private sectors will lead to a more resilient national cyber standing. As it stands today, data on cyber breaches and vulnerabilities are kept confidential and locked away. Not realizing how vulnerable various sectors are keeps managers in the dark about the threats facing their enterprise. Bayuk further emphasizes the need for closer collaboration …show more content…
Privacy of individuals is protected by through proper measures and oversight. Bayuk, et al, emphasize the privacy issue and warn against “terse” responses and point out the potential for discriminatory behavior by the government and private entities.
The bill would have encouraged information sharing as opposed to mandating it. In line with bayuk’s approach, the goal of the policy should be set to reduce cyber security risk and not to meet a goal that is set externally, such as compliance with regulatory or industry’s best practices, although once cyber security risks (in line with business needs) are established, external compliance considerations can be easily achieved by performing an audit and closing gaps, if any are identified.
At times, various agencies play conflicting roles. Clearly wide gaps between the Department of Homeland Security, DoD, the intelligence community, and organizations such as NIST remain. Some provisions of the proposed legislation have been implemented, such as the creation of Cyber Threat Integration Center, announced February 2015, whose limited role is to assess and coordinate sharing of the threat data amongst various …show more content…
But this is not necessarily a bad outcome as the reason for the drop in expenditure is due to the fact the companies reach their security objectives at a lower cost. (www.directscience.com 2003)
Similar to S.2105, it emphasizes the need to move away from a culture of compliance to a culture of outcome measurement with added benefit of putting in place the organizational framework to ensure that there is streamlined focus to strengthen resilience of federal government systems. The steps mandated by S. 3414 in the areas of “red team” exercises will undoubtedly raises awareness and lead to better security leading to stronger cybersecurity posture.
Without a doubt we are witnessing a shift in the needed expertise akin to the shift that took place at the dawn of industrial revolution or with the advent of computers, programming and the internet. In each case, the workforce had to be trained in new set of skills . Cybersecurity is no different. This Act would have advanced this cause on the road to developing a stronger cybersecurity workforce and enhancing our cybersecurity