Report
Share
Download to read offline
![Across the 50 states and the federally-regulated industries, a...
Across the 50 states and the federally-regulated industries, a large number of statutes and
regulations govern cybersecurity. Proposals for new cybersecurity laws are constantly
being debated by Congress and state legislatures. Given the breadth of existing laws and the
possibility that new laws will be enacted in the near future, an important skill to develop is
the ability to read and analyze cybersecurity statutes and regulations on your own.
Choose one of the federal or state laws listed below to analyze. Use the internet to learn
about the scope and mechanics of the law. Using your own words, and drawing
appropriately from primary source materials (i.e., regulatory text and guidance produced by
agencies), memo that synthesizes what the law is and how it works with respect to
information security or privacy.
Federal: Children's Online Privacy Protection Act (COPPA)
• [Student Records] Family Educational and Privacy Rights Act
• [Websites Directed at Kids] Children's Online Privacy Protection Act
• [Public Companies] Securities and Exchange Commission (SEC) rules and guidance on
cybersecurity, including:
o SEC's February 2018 Guidance on Cybersecurity Risks and Disclosures Controls
o SEC Regulation S-P, Rule 30 (the "safeguards rule")
At a minimum, your memo should aim to address the following questions:
General:
• Is the law a statute or a regulation?
• If it's a regulation, what agency enacted it?
Scope:
• To whom does the law apply? What kinds of organizations?
• What kinds of information or activities does it target?
• What kinds of information or activities does it exclude or omit from its coverage?
Requirements or Prohibitions:
• What does the law prohibit or require of regulated organizations?
• Does an agency publish any implementation guidance? If so, what additional insights does
the guidance provide into the requirements or prohibitions?
• What, in your best estimation, is the purpose or spirit of the law? What does it seek to
accomplish through its prohibitions or requirements?
Enforcement:
• Which agencies, if any, are responsible for enforcement?](https://image.slidesharecdn.com/acrossthe50statesandthe-230305224630-de412d0b/85/Across-the-50-states-and-the-pdf-1-320.jpg)
Recommended
Recommended
More Related Content
Similar to Across the 50 states and the.pdf
Similar to Across the 50 states and the.pdf (20)
Paper A Application of a decision making framework to an IT-related.docx
Paper A Application of a decision making framework to an IT-related.docx
Project DescriptionApply decision-making frameworks to IT-rela.docx
Project DescriptionApply decision-making frameworks to IT-rela.docx
250 words agree or disagreePlease discuss the various limitation.docx
250 words agree or disagreePlease discuss the various limitation.docx
Identify and Apply the Legal Framework Part 1 ConveyancingSe
Identify and Apply the Legal Framework Part 1 ConveyancingSe
Information Assurance And Security - Chapter 3 - Lesson 1
Information Assurance And Security - Chapter 3 - Lesson 1
The Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best Practices
Extended EssayEnglish BCriminal Rights And CultureTo what ex.docx
Extended EssayEnglish BCriminal Rights And CultureTo what ex.docx
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
- FIRST EXAM SPRING 20201. Describe how the view of operations.docx
- FIRST EXAM SPRING 20201. Describe how the view of operations.docx
- FIRST EXAM SPRING 20201. Describe how the view of operations.docx
- FIRST EXAM SPRING 20201. Describe how the view of operations.docx
What is Network security, or Securiing your data Through Network,N.pdf
What is Network security, or Securiing your data Through Network,N.pdf
More from sdfghj21
More from sdfghj21 (20)
you interviewed the CEO and evaluated the organization to gain.docx
you interviewed the CEO and evaluated the organization to gain.docx
When you talk about the meaning of which sense.docx
When you talk about the meaning of which sense.docx
Virtualization and cloud services continue to gain momentum as more.docx
Virtualization and cloud services continue to gain momentum as more.docx
Your name Brief background Your profession What you hope to.docx
Your name Brief background Your profession What you hope to.docx
This project provides you an opportunity to apply the marketing.docx
This project provides you an opportunity to apply the marketing.docx
The assignment must be submitted on a Microsoft word.docx
The assignment must be submitted on a Microsoft word.docx
Using online or library research articles explain the.docx
Using online or library research articles explain the.docx
Standards are designed to ensure Without no structure.docx
Standards are designed to ensure Without no structure.docx
think of a leader or presenter whose communication has.docx
think of a leader or presenter whose communication has.docx
The Community of Inquiry frameworkLinks to an external is.docx
The Community of Inquiry frameworkLinks to an external is.docx
When and how did you become aware of people being.docx
When and how did you become aware of people being.docx
Write Cornell notes after reading Cornell Notes are.docx
Write Cornell notes after reading Cornell Notes are.docx
What are some current challenges your chosen groups.docx
What are some current challenges your chosen groups.docx
To complete this review the Learning Resources for this.docx
To complete this review the Learning Resources for this.docx
Strong leaders do not only focus on building their own.docx
Strong leaders do not only focus on building their own.docx
Recently uploaded
Recently uploaded (20)
WIOA Program Info Session | PMI Silver Spring Chapter | May 17, 2024
WIOA Program Info Session | PMI Silver Spring Chapter | May 17, 2024
Jual Obat Aborsi Jakarta (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
Jual Obat Aborsi Jakarta (Asli No.1) Wa 082134680322 Klinik Obat Penggugur Ka...
Master SEO in 2024 - The Complete Beginner's Guide
Master SEO in 2024 - The Complete Beginner's Guide
The Best VFX Course with Job Placement near Dunlop
The Best VFX Course with Job Placement near Dunlop
Across the 50 states and the.pdf
- 1. Across the 50 states and the federally-regulated industries, a... Across the 50 states and the federally-regulated industries, a large number of statutes and regulations govern cybersecurity. Proposals for new cybersecurity laws are constantly being debated by Congress and state legislatures. Given the breadth of existing laws and the possibility that new laws will be enacted in the near future, an important skill to develop is the ability to read and analyze cybersecurity statutes and regulations on your own. Choose one of the federal or state laws listed below to analyze. Use the internet to learn about the scope and mechanics of the law. Using your own words, and drawing appropriately from primary source materials (i.e., regulatory text and guidance produced by agencies), memo that synthesizes what the law is and how it works with respect to information security or privacy. Federal: Children's Online Privacy Protection Act (COPPA) • [Student Records] Family Educational and Privacy Rights Act • [Websites Directed at Kids] Children's Online Privacy Protection Act • [Public Companies] Securities and Exchange Commission (SEC) rules and guidance on cybersecurity, including: o SEC's February 2018 Guidance on Cybersecurity Risks and Disclosures Controls o SEC Regulation S-P, Rule 30 (the "safeguards rule") At a minimum, your memo should aim to address the following questions: General: • Is the law a statute or a regulation? • If it's a regulation, what agency enacted it? Scope: • To whom does the law apply? What kinds of organizations? • What kinds of information or activities does it target? • What kinds of information or activities does it exclude or omit from its coverage? Requirements or Prohibitions: • What does the law prohibit or require of regulated organizations? • Does an agency publish any implementation guidance? If so, what additional insights does the guidance provide into the requirements or prohibitions? • What, in your best estimation, is the purpose or spirit of the law? What does it seek to accomplish through its prohibitions or requirements? Enforcement: • Which agencies, if any, are responsible for enforcement?
- 2. • How is the law enforced? • Is there a private right of action that enables individuals to recover damages? • Have there been any noteworthy or significant cases or enforcement actions related to the regulation? If so, briefly describe one or two. What was the result? Overall Reflections: • As best you can tell, how does this law fit into the landscape of cybersecurity laws? • Is there anything about the law that surprises you or that stands out as particularly interesting?