Running head: INFORMATION SECURITY Cyber security Laws Gabrielle Briscoe University of Phoenix CYB/100 1 INFORMATION SECURITY 2 Information Security The US has many laws that govern information and computer security, and the use of the internet. One of these laws is the Computer Fraud and Abuse Act. This law was enacted in 1986 and makes it illegal to intentionally access a computer without authorization or exceed the level of authorization that one has been granted (McGowan, 2017). Another example is the Sarbanes-Oxley Act of 2002, and that was formed to prevent fraud of shareholders, destruction of information that could otherwise serve as evidence, and the requirement for auditors’ independence in their operations (Amadeo, 2017). The Sarbanes-Oxley Act has been one of the most frequently enforced laws in the US. According to Drawbaugh & Aubin (2002), Sarbanes-Oxley Act was heavily enacted during the bankruptcy of Lehman Brothers and Bernard Madoff in 2008. In fact, these companies became the largest companies in times of revenues and asset size to file for bankruptcy at the time. The law has also been attributed to the low number of initial public offering (IPO) during the late 2000s global financial crisis (Gingrich & Kralik, 2008). This is as a result of the strict requirements that it imposed to companies and particularly those owned by foreigners. As a result, the above factors have led to the Sarbanes-Oxley Act resulting to the largest financial impact on companies in the US. In fact, SEC (2003) further reports that Worldcom, one of the largest companies to file for bankruptcy, agreed to pay a fine of $2.5 billion to SEC and a further $500 million to investors due to the violation of fraud policies. The Sarbanes-Oxley Act also has the strictest punitive damages in comparison to the National Information Infrastructure Protection Act and the Computer Fraud and Abuse Act. Policies such as the Computer Fraud and Abuse Act have loopholes that have been used due to its lack of proper definition of its requirements. On the other hand, corporates can easily lose their licensure, have their staff imprisoned, and be forced to close businesses altogether. In fact, this is one of the issues that led to the closure of Arthur Andersen, which was INFORMATION SECURITY 3 considered as one of the five largest auditing firms in the world during the early 2000s (Rusell, 2014). The Sarbanes-Oxley Act protects business assets, shareholders’ equity, and information pertaining the running of the business. In this case, companies are required to comply with the SEC policies on disclosure of financial information and the standardization of auditing and accounting processes (Amadeo, 2017). As such, no company should mislead the public, and more so the shareholders, when reporting its financial information for the purpose of fraud. At the same time, no auditor should collude with the business management to mislead the public and neither should they destroy any information that may incriminate a company. The Sarbanes-Oxley Act, the National Information Infrastructure Protection Act, and the Computer Fraud and Abuse Act critically guarantee the confidentiality of all private information. In the Computer Fraud and Abuse Act, for example, no one should access private information from other people’s computers without authorization. On the other hand, the National Information Infrastructure Protection Act extends the Computer Fraud and Abuse Act by making it illegal not just to access computers without authorization but also to access restricted information and share the information for the purposes of harming the owner or the state (US Congress, n.d). Added to the Sarbanes-Oxley Act, these policies thus protect the confidentiality of personal, corporate, and state information. INFORMATION SECURITY 4 References Amadeo, K. (2017). Sarbanes-Oxley Summary: How It Stops Fraud. The Balance. Available from https://www.thebalance.com/sarbanes-oxley-act-of-2002-3306254 Drawbaugh, K. & Aubin, D. (2012). Analysis: A decade on, is Sarbanes-Oxley working? Reuters. Available from https://www.reuters.com/article/us-financial-sarbox/analysisa-decade-on-is-sarbanes-oxley-working-idUSBRE86Q1BY20120730 Gingrich, N. & Kralik, D. (2008). Repeal Sarbanes-Oxley. SF Gate. Available from http://www.sfgate.com/politics/article/Repeal-Sarbanes-Oxley-3186747.php McGowan, B. (January 01, 2017). Eject the Floppy Disk: How to Modernize the Computer Fraud and Abuse Act to Meet Cybersecurity Needs. Ssrn Electronic Journal. Russell, G. (2014). Andersen, Auditing And Atonement — The accounting profession 10 years after Enron. The Journal Of The Global Accounting Alliance. Available from http://www.gaaaccounting.com/andersen-auditing-and-atonement-the-accountingprofession-10-years-after-enron/ SEC (2003). The Honorable Jed Rakoff Approves Settlement of SEC'S Claim for a Civil Penalty Against Worldcom. SEC. Available from https://www.sec.gov/news/press/2003-81.htm The US Congress (n.d). H.R.4095 - National Information Infrastructure Protection Act of 1996. The US Congress. Available from https://www.congress.gov/bill/104thcongress/house-bill/4095 US Strategical Tactical Abuse Act and Computer Fraud prohibits computer’s unauthorized access their interference, and data obtaining Electronic Communications Privacy Act governs data interception, access to data RUSSIA Organisations or Individuals should be responsible for their network usage should not set up communication groups or websites due to fraudulent purposes and illegal activities. Any person who violates Article 27 is engaging in activities that endanger cyber security and may be imprisoned for between 5 to 15 days be detained for 5 to 15. This depends on the severity of the case. CHINA All government levels shall organize, carry out security of network and publically regularly. Network providers shall provide and maintain their products and services for time limits agreed upon between them and clients. Operators of Network Operational The Paperwork Reduction Act 1995 This law gave Management office and Budget the mandate and responsibility to develop cyber policies. shall cooperate with People have a right to have the errors in their personal information corrected by their network operators. network departments on lawful supervision and implementation tasks. CYBER SECURITY Important Concepts in Security Gabrielle Briscoe CYB/100 University of Phoenix The differences between Espionage, Intelligence gathering, and Cyber warfare. • Cyber espionage work can be termed as unapproved spying via PC. The term alludes to the channeling of infections that secretly watch or decimate information in the PC frameworks of government offices and expansive endeavors. • An intelligence gathering system or essentially intelligence gathering is a framework through which data about a specific substance is gathered for the advantage of another using more than one, between related source.[according to whom?] Such data might be assembled by a military intelligence, government intelligence, or business intelligence arrange. • Cyberwarfare additionally named as cyber war is any unreal clash started as a politically spurred assault on an adversary's PC and data frameworks. Pursued by means of the Internet, these assaults handicap budgetary and authoritative frameworks by taking or modifying characterized information to undermine systems, sites and administrations. Military Influence on Intelligence Gathering, Cyber Warfare, and Physical Assets. • Military has been influenced by intelligence gathering through extraction of information related to the battlefield, and tactical information extraction in relation to specific battle campaign strengths and units. A good example that this applied is during the Napoleonic wars. • Cyber warfare has always been a great topic when it comes to Cyber Security. Many countries have invested on military cyber warfare. Cyber's impact on methodology can be inspected from a long haul point of view. The military's key level manages long haul Military Influence on Intelligence Gathering, Cyber Warfare, and Physical Assets. • Vital designs tend to address questions leading to a whole war crusades. From this viewpoint, new cyber capacities will require little re-examination of the essential systems the military utilizes. The Department of Defense's central goal is general national resistance fundamentally from outside enemies. • Physical Assets. The U.S. Armed force needs to monitor a considerable measure of assets. There are expensive things like planes and rockets, guns, essential IT gear and PCs. Burning through cash on new supplies is dependably an issue to any militiary. In any case, this isn't an issue for IT resources at Fort Hood, one of the biggest U.S. Armed force posts. They've set up resource administration best practices that guarantee they generally know the condition of their advantages. In any case, this wasn't generally the case. Before executing Wasp MobileAsset, the base was utilizing a manual framework that was tedious, blunder inclined, and not refreshed progressively. Timeline of a Recent Incident Involving Personal Privacy • In February 2017, the Cloudflare Web Framework said that an error at this stage caused an arbitrary disclosure of sensitive and sensitive customer information. CloudFlare provides runtime and security authorities on six million client sites (counting hitters such as Fitbit and OkCupid devastators), so that occasional outages included only small amounts of information extracted from a giant data set. • On March 7, WikiLeaks distributed an information file containing 8,761 reports allegedly stolen by the CIA, containing several documents on espionage and piracy. The revelations included iOS and Android vulnerabilities, Windows bugs, and the ability to turn some enthusiastic TVs into listening devices. • On May 12, a variety of ransomware, called WannaCry, spread throughout the world, influencing a wide range of goals, including open public services and substantial partnerships. Ransomware has hit the clinics and offices of the UK's National Health Service, wrapped in crisis cells, postponing key restorative systems and causing problems in some British patients. • • • • • • • Five Physical Assets of the Cyber Domain The five physical assets of Cyber Domain are: Hardware Software Data Peopleware Networks Physical resource are innately profitable but powerless against a wide assortment of dangers, both malevolent and coincidental/characteristic. On the off chance that dangers emerge and abuse those vulnerabilities influencing occurrences, there are probably going to be antagonistic effects on the associations or people who honestly claim and use the advantages, changing from insignificant to obliterating as a result. Security controls are planned to diminish the likelihood or recurrence of event as well as the seriousness of the effects emerging from occurrences, in this manner ensuring the estimation of the advantages. Conclusion • Cyber, similar to any other type of innovation, has influenced all parts of our lives, and the military isn't resistant from its impact. PC innovation has been incorporated into the lives of everybody from presidential perspective down to the enrolled Soldier on a watch. How far this mix goes on is truly up to the creative energy of innovation designers and trailblazers. For the time being, cyber looks to make the lives of Soldiers less demanding, more proficient and more secure. References Baiardi F, Sgandurra S (2013) Assessing ICT risk through a Monte Carlo method. Cam H, Mouallem P (2013) Mission assurance policy and risk management in cybersecurity. Kelic A, Collier ZA, Brown C, Beyeler WE, Outkin AV, Vargas VN, Ehlen MA, Judson C, Zaidi A, Leung B, Linkov I (2013) Decision framework for evaluating the macroeconomic risks and policy impacts of cyber attacks. Lambert JH, Keisler JM, Wheeler WE, Collier ZA, Linkov I (2013) Multiscale approach to the security of hardware. Linkov I, Eisenberg DA, Plourde K, Seager TP, Allen J, Kott A (2013) Resilience metrics for cyber systems. Pawlak P, Wendling C (2013) Trends in cyberspace: can governments keep up? Rosoff H, Cui J, John RS (2013) Heuristics and biases in cyber security dilemmas. Sheppard B, Crannell M, Moulton J (2013) Cyber first aid: proactive risk management and decision-making. Vaishnav C, Choucri N, Clark D (2013) Cyber international relations as an integrated system. Running head: PAPER AND STORY BOARD Microsoft Word Essentials Name: Course Number: Instructor: Date: 1 PAPER AND STORY BOARD 2 Microsoft Word Essentials Cyberspace alludes to the virtual PC world, particularly, it is an electronic medium used to shape a worldwide PC system to encourage online correspondence. It is a huge PC made up of numerous overall PC organizes that utilize TCP/IP convention to help in correspondence and information trade exercises (Gasser, 1988). Maritime domain mindfulness (MDA) is characterized by the International Maritime Organization as the successful comprehension of anything related to the maritime domain that could affect the security, wellbeing, economy, or condition. Space domain suggests a circumstance in which the abundance of a flag differs with position (for the most part in two measurements, as in a photo) instead of with time. A physical domain gives a situation, characterized basically by it is a cross and through factors, for interfacing the segments in a Physical Network. The most difficult territories for U.S. organizations working together abroad is adjusting U.S. staff contracting laws with those of different nations. Nations, for example, Saudi Arabia, for instance, declined to give visas to workforce in these classifications: single ladies, Jews, gay people and those with specific sorts of handicap. Cybersecurity is a political issue since administrations and lawmakers everywhere perceive national intrigue is intensely affected by the impact of cyber. In a period of distributed computing and associated gadgets, systems have turned out to be more mind-boggling than any time in recent memory. Security groups now confront the test of securing cloud situations. This growing assault surface has presented a large group of new open doors for on-screen risk characters, from trading off brilliant TVs and associated angles of taking information through Dropbox or AWS (Cashell et al, 2004). Complexity diminishes security in a few ways. In the PAPER AND STORY BOARD 3 first place, unpredictability makes vulnerabilities harder for designers and analyzers to reveal. Each element, capacity is a potential danger vector. The two benefits of cloud computing are: Cost savings. The cloud can also improve cost control by coordinating your cost model more closely with your revenue/requirements project, moving your business from a low-cost capital model to an Opex display. Adaptation upon request advantage. As your business grows, a cloud situation must develop with you. Also, when the request is fanciful, or you should try another application, you have the activation limit up or down, paying only for what you use. PAPER AND STORY BOARD 4 References Gasser, Morrie (1988). Building a Secure Computer System (PDF). Van Nostrand Reinhold. p. 3. Cashell, B., Jackson, W. D., Jickling, M., & Webel, B. (2004). The Economic Impact of CyberAttacks. Congressional Research Service, Government, and Finance Division. Washington DC: The Library of Congress 
Purchase answer to see full attachment