Cybersecurity, Law, Policy, Ethics, and Compliance
Assignment 1
Every business sector has different cybersecurity challenges and must comply with different laws and
regulations. Many of these regulations relate to security and privacy. Some business sectors are
designated as “critical infrastructures” and so are subject to scrutiny and government oversight.
Prepare anAPA Report (3 to 4 pages)that shows the cybersecurity position in a selected industry. In
particular, include the following:
1. A brief description of the business sector you are assigned
2. Why the business sector might be vulnerable to attack (what might a criminal gain or what
damage might they do to a company), give examples of actual incidents if available
3. Whether the business sector is considered part of the US critical infrastructure and why
4. What specific cybersecurity laws and regulations apply specifically to that business sector,
both in the US and more globally
5. Details of any organizations (with links) who are working to establish standards, policies or
guidelines for the business sector
6. Whether there are any pending changes to these laws and regulations or whether there is any
new legislation pending in Congress
7. Based on the cybersecurity incidents that have occurred in the business sector, what laws or
regulations should be considered
8. Citations all sources used
Use the Resources folder along with these helpful web sites below:
? Worlds’ Biggest Data Breacheshttp://www.informationisbeautiful.net/visualizations/worlds-
biggest-data-breaches-hacks/
? Symantec Security Threat Reports, Annual
Reportshttp://www.symantec.com/security_response/publications/threatreport.jsp
? Verizon Data Breach Investigations Reporthttp://www.verizonenterprise.com/DBIR/2015/
? PwC Internet Security Report http://www.pwc.com/gx/en/consulting-services/information-security
-survey/
? Ponemon Institute: Cost of Data Breach Studyhttp://www.ponemon.org/blog/ponemon-institute-
releases-2014-cost-of-data-breach-global-analysis