Question
Chapter 1 of the textbook discussed legal issues associated with information systems, security, and privacy. It discussed cybersecurity laws such as the Computer Security Act
Chapter 1 of the textbook discussed legal issues associated with information systems, security, and privacy. It discussed cybersecurity laws such as the Computer Security Act of 1987 which require implementation of certain security measures and privacy laws such as HIPAA which require the protection of sensitive information. In other words, there are some laws that require specific means (e.g., the implementation of certain controls) to be in compliance, and others that require specific outcomes (e.g., the protection of specific types of information) to be in compliance.
In relation to these legal requirements, please discuss the following:
1. Do you believe that it is more difficult for businesses to comply with laws that require the implementation of specific controls or those that require the protection of specific types of information? Why?
2. Would you, as a business leader/owner, be more motivated to spend money on information security because of a 5% chance that a private party would bring a $10 million lawsuit or because of a 50% chance that a regulatory agency that directly oversees your industry would issue a $10,000 fine for noncompliance? Why?
3. Besides financial consequences, what other risks could your business face as a result of non-compliance with cybersecurity and privacy laws applicable to your industry?
Step by Step Solution
3.40 Rating (156 Votes )
There are 3 Steps involved in it
Step: 1
1 I do believe that it is more difficult for businesses to comply with laws that require the implementation of the protection of specific types of inf...Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started