Impact of Legislation on State of Maryland
1. Introduction.
The purpose of this paper is to research and evaluate the legislative drivers for information security programs of State of Maryland in order to improve the information security policy to prevent loss of the confidentiality, integrity and availability of agency operations, organizational assets or individuals with new amendments in legislation. This paper elaborates the objectives of five proposals that would impact the information security policy of the State of Maryland upon becoming legislation.
State of Maryland is a dedicated organization to provide top level quality service and unprecedented level of access to their state government for the people residing in Maryland.
2. Points of Analysis
For this research paper, proposals from May 2011 Cybersecurity Legislative Proposal and the proposed Cyber Security Act of 2012 is considered which would impose specific requirements on State of Maryland information security policy. They are as follows:
Point of Analysis #1
The first point of analysis is related to National Data Breach reporting which main goal is to protect consumers against identity theft and incentivize businesses for better cyber security. Businesses are required to inform the consumers if the intruder had access to the consumers’ personal information in order to prevent further damage or loss. The information security policy of State of Maryland is set forth to provide any data breach incident
Maryland, located in the eastern coast of the United States, is a state that offers many tourist attractions. From the food to the sites to even the hotels, Maryland is a state that is considered a fun family place for everybody from little kids to adults. Maryland has many different types of culture in the state from native american to Irish culture and even parts of German. Maryland has many things you can plan and do with family,friends or by yourself.
During the last Christmas season, Target announced that their data security was breached. According to David Lazarus in Los Angeles Times, Target stated that roughly 110 million customers’ information was illegally taken from their database. The information included their credit/debit card info, phone numbers, and email addresses. Target is one of the most popular grocery stores in the U.S.; they have a substantial amount of consumers. Because of this incident, consumers' trusts for the store have been decreasing. Worrying about losing its customers, the company offered a free year of credit monitoring and identity-theft protection, so the customers will feel more secure. Not only Target, some other large retailers also faced the same issues. They want their customers to trust that the companies can protect private data. However, should we not worry? Data breaches have been going on for about a decade, but we have not seriously thought about the issue. In order to protect people’s privacy, the federal government should make new laws concerning companies’ handling of customer information.
Maryland is a Mid-Atlantic state that's defined by its abundant waterways and coastlines on the Chesapeake Bay and Atlantic. Its largest city, Baltimore, has a long history as a major seaport. Fort McHenry, birthplace of the U.S. national anthem, sits at the mouth of Baltimore’s Inner Harbor, home to the National Aquarium and Maryland Science
In the state of Maryland in the year 2010 research was conducted and seen that we Americans in the state spend over $1.3 billion on teenagers that drink (udetc). This includes accidents that happens, medical hospitalizations, work loss and pain and sufferage. Youth violence including accidents, fights, suicides and homicides is the largest cost of the state of Maryland (udetc) this is a big problem in the state and we could be using this money for a different reason.
Data security; affinion security center augments data breach solution. (2012). Information Technology Newsweekly, , 91. Retrieved from http://search.proquest.com/docview/926634711?accountid=458
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (US Patriot Act), 2001, renewed 2006
A strong and diverse multi-sector advisory entity is essential to guiding cybersecurity policy aimed at providing for the public good. Simple public-private partnerships, while important, are falling behind the demand for a more holistic and community centered approach to cybersecurity and cyber health. Boards that include state, federal, and local government, academia, health, financial, business, industry, critical infrastructure owners and operators, and cybersecurity entities are affecting innovative change. Diverse guiding bodies are best fit to research and advise on solutions aimed at bolstering the cybersecurity posture of the state as a whole. This multi-sector advisory approach has been executed by states like Colorado, Michigan, Maryland, and California. This structure allows for a large advisory body that can delegate amongst themselves to provide a deeper focus when investigating specific cybersecurity policy areas via subcommittees. The structure provides for a more well-rounded and informed approach to cybersecurity than simple public-private partnerships.
There are at least 36 states that have enacted legislation that requires sensitive and personal information to warn the individuals of a security breach. The states that are led the way in creation these kind of laws is California, And all the other state would expanded upon the requirements by the way that California has start to do with creation the laws. You also have federal legislation. They also have survey data that they have collected to identity theft. If there is a breach you have to be notification by law. The breach notification duties would in power them to have new access controls, they may also want to encryption everything that they have on their system. They would not want to have any open source or any clear text to where any one that want to get it could. You want to create safe place period for notification. A concerns that identity theft a data center has leaked personal information of over 265,000 California state employees the legislature in this country’s was the first state that level the security breach notification. This law was in affective in July 1, 2003 and it was call the security breach information act or senate bill 1386. After this data breach notification law was done In other states are doing the same kind of laws that would deal with the same data breaches. In this studies in which they show roughly between 200 to 250 breaches. Most of the majority of all incidents and personal accounts compromised resulted from intentional unauthorized
Although identity theft can occur in vast data breaches or theft from large companies, usually it is simply thieves acquiring personal information from the trash or even dishonesty among employees with individuals information (Kapoor, Dlabay, Hughes, 2014). When an individual has a suspicion that their information has been compromised, it is important to take the necessary steps to protect yourself from further damage and charges as well as protecting your future credit history (Kapoor et al., 2014).
People across the world are becoming disproportionately dependent on modern day technology, which results in more vulnerability to cyber-attacks including cybersecurity breaches. Today, the world continues to experience inordinate cases of cybersecurity meltdowns. There is a rapid growth in complexity and volume of cyber-attacks, and this undermines the success of security measures put in place to make the cyberspace secure for users. Cyber-attacks on both private and public information systems are a major issue for information security as well as the legal system. While most states require government organizations and certain federal vendors to report incidences of data breaches, no equivalent legislation exists to cover private entities.
The Federal Government needs to create information systems which are more effective shielded systems to protect their assets and resources at home. The foundation of any mandated cybersecurity strategies that secure our nation national security must incorporate worldwide or state local threats whether targeted toward the federal government or the private sector forces. The OPM breach highlighted the insufficient and inconsistence security approaches the federal government has already used in modernizing the existing cybersecurity policies. There is a requirement for the United States government to institute polices that would incorporate and implement new government cybersecurity structures and centralized the protection of their assets to avert future breaches (Source). Examining the inadequacies in the current national cybersecurity policies and regulations is disappointing as OPM choice to implement these mechanisms and the current authoritative propositions to cybersecurity must change immediately. It was reported that OPM only spent $2 million in 2015 to avert pernicious digital assaults, while the Department of Agriculture spent $39 million. The Department of Commerce, Department of Education, and Department of Labor likewise invested more money in cybersecurity resources than the Office of Personnel Management. The Small Business Administration devoted a similar amount into cybersecurity to recognizing, examining, and alleviate any cyber breaches as OPM, however
The specific focus of this report is two information security laws of New York State that PPIT must address prior to starting operations in the new location.
Every state in the nation should have a comprehensive IT security policy due to the “growing array of state and non-state actors are compromising, stealing, changing, or destroying information and could cause critical disruptions to U.S. systems” ("Cyberspace policy RevIew", 2016). Because of “ the dual challenge of maintaining an environment that promotes efficiency, innovation, economic prosperity, and free trade while also promoting safety, security, civil liberties, and privacy rights” ("Cyberspace policy RevIew", 2016). It is the responsibility of state and the federal government “ to address strategic vulnerabilities in cyberspace and ensure that the United States and the world realize the full potential of the information technology revolution” ("Cyberspace policy RevIew", 2016).
Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets. A framework is the outline from which a more detailed blueprint evolves. The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies. The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years. The blueprint is used to plan the tasks to be accomplished and the order in which
The United States Department of Justice defines Identity Theft and Fraud as, “… terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain” (U.S. Department of Justice, 2012). An individual’s personal data such as: Social Security number, bank account information, credit card numbers, or telephone calling card number¬ may be used by criminals to personally profit at your expense. In many cases, a victim's loss not only includes out-of-pocket financial losses, but substantial additional financial costs and time repairing and correcting credit histories and erroneous information. To assist with my research for this paper, I chose two books written from different perspectives. First, I sought out a book to provide a comprehensive review of identity theft history; methods used to steal identities, consequences of having your identity stolen, and prevention techniques from an individual or business perspective. Next, after developing a strong baseline on identity theft, I searched for a reference book which offers a comprehensive review of the concepts of computer crimes, relevant laws, and methods practiced by investigators to trace, capture and persecute identity theft