Govt Ethics

Only available on StudyMode
  • Download(s) : 30
  • Published : April 9, 2013
Open Document
Text Preview
Assignment #1: Government and Private Industry Roles in Cyber Security

By Charles Sneed

13 Feb 2010

CSEC 620 Section 9040

TABLE OF CONTENTS
Table of Content……………………………………….……………………..…2

Introduction………….…………………………………………………………..3

Governmental Guidance……………………………………………………....3

Private Industry’s Responsibility………………………………………..….…8

Conclusion……………………………………………………………….……...9

References…………………..………………………………………….….….10

I. Introduction
A. Objective
The purpose of this report is to describe how the government can help private industry to better manage improved cyber security and their responsibility to protect national security through implementing good cyber security controls. B. Organization of Subheadings

Section II provides an overview of how the government can provide guidance to private industry through the use of government regulation and cyber insurance. Section III tells why private industry has to have solid cyber security controls in place to protect national security. Section IV concludes with a review of the discussion and summary of responsibilities for both the government and private sector in relation to cyber security. II. Governmental Guidance

The government, more per se congress, must be clear about decisions of where to legislate or not. Government regulations and potential liability continue to be the biggest factor driving security investments, indicating that in addition to IT investments in security, security spending may be occurring in departments other than IT in order to comply with the Sarbanes-Oxley law (Swartz, 2004). True the federal government can set these lanes on the highway to protect cyber security but must also be flexible for both private and government to somehow overcome and begin to adapt to these ever-changing threats. It the government’s responsibility to ensure that information concerning cyber threats is shared with that of the private industry. However, the efforts of government must not only be effective but voluntarily in nature. Until the private sector can be granted access to cyber information and technical advice, they will be reluctant to join the fight with the government’s policies and procedures on protecting our networks. A. Governmental Regulation

There have repeatedly been concerns from industry, private sector, and those operating critical infrastructure that over legislating by Congress ultimately will make it harder to protect our networks (Foster, 2002). This is especially true as new innovation is created and it sometimes quick response gets overshadowed by the government mandating regulatory schemes that are unnecessary. There should be viable avenues to collaborate on for sharing cyber information between the private sector and the government. Usually the private sector is often on the front lines of cyber attacks, so any information it can provide to increase government awareness of the source and nature of cyber threats will make both government and the private sector stronger (Foster, 2002). Governmental regulation barely meets the standards of today as minimum, especially where these companies have difficulty in meeting the government standard-setting. Although this is a good concept it is just not amply suited for an area that’s rapidly evolving as cyber-security. However, the produced standards could be compromise, and unfortunately involvement of the government in this industry slows down innovation. A more effective behavior modification technique is positively reinforcing the insurers, as they would rather receive rewards than punishment. Fear of legal sanctions can force companies to maintain a set of minimum standards, as cyber-insurance does, but unlike cyber-insurance it does not provide any incentive to do better (Powner, 2006). This is also a global risk, the US government policies alone are not capable of effectively managing it. Moreover, worldwide regulation...
tracking img