I need a unique news story or article about an information technology event rela

Question

I need a unique news story or article about an information technology event related to legal regulations or data and networking defenses. Please make sure the event includes the specific elements listed below. •Discussion of how the general sentiment pertaining to security impacted this event •Evaluation of the security posture before, during, and after the security event •Explanation of the actions you would take if you were the chief security officer in charge of mitigation for this event •Evaluation of the risk assessment and information security management controls

Explanation / Answer

Answer:The event discussed here is Consumer Privacy Protection Act of 2015

a) How the general sentiment pertaining to security impacted Consumer Privacy:
Despite the much-heralded recent successes of Internet, one of the major impediments against full-scale integration of the Internet marketplace with modern business is the lack of confidence Internet consumers have in the newly developed marketing machinery.
The most crucial issue that Internet consumers have identified is fear and distrust regarding loss of personal privacy.One recent survey undertaken by
Equifax and Harris Associates determined that over two-thirds of Internet consumers considered the privacy concern to be very important .

b)Evaluation of the security posture before, during, and after the Consumer Privacy Protection Act :

Currently the consumer privacy protection laws are not very strict & in the recent past,there have been lots of cases including Apple,Adobe etc. where user's personal data was available easily on DeepWeb for few bucks.
So,this he Consumer Protection Act establishes a criminal offense for concealment of a security breach of computerized data containing sensitive personally identifiable information that results in economic harm of $1,000 or more to any individual.

It authorizes the Department of Justice (DOJ) to commence a civil action to enjoin unauthorized persons or entities from accessing or transmitting computer commands commonly referred to as botnets that would impair the integrity or availability of 100 or more computers used by financial institutions or the federal government or that affect interstate or foreign commerce or communications during any one-year period, including by denying access to the computers, installing unwanted software, or obtaining information without authorization. Allows DOJ to enjoin the alienation or disposal of, or to seek restraining orders prohibiting the disposal of, property obtained as a result of such a violation.

It also expands categories of money laundering offenses to include financial transactions involving the proceeds of unlawful manufacturing, distribution, possession, and advertising of wire, oral, or electronic communication intercepting devices.

It requires certain business entities that collect, use, access, transmit, store, or dispose of sensitive personally identifiable information in electronic or digital form of 10,000 or more U.S. persons during any 12-month period to implement a consumer privacy and data security program that complies with safeguards identified by the Federal Trade Commission (FTC).

It requires entities, following discovery of a security breach, to notify U.S. residents whose unencrypted personal information is reasonably believed to have been accessed or acquired. Sets forth special notification procedures for:

(1) third party entities that maintain or process data in electronic form on behalf of another entity; and

(2) certain providers of electronic data transmission, routing, storage, or network connection services.

It directs entities to notify a federal entity designated by the Department of Homeland Security (DHS) if a security breach involves:
(1) the personal information of more than 5,000 individuals,
(2) databases containing the personal information of more than 500,000 individuals nationwide,
(3) federal databases, or
(4) federal employees and contractors involved in national security or law enforcement.

It requires the DHS-designated entity to provide the information it receives to:
(1) the U.S. Secret Service or the Federal Bureau of Investigation for law enforcement purposes; and
(2) other federal agencies for law enforcement, national security, or data security purposes. Establishes a process for DOJ to adjust the thresholds for law enforcement and national security notifications.

Since,this law also supersedes federal and state laws that are less stringent than the data security practices and breach notification standards required by this Act,
but permits states to continue to enforce other consumer protection laws and to apply state laws regarding trespasses, contracts, torts, or fraud,so it willkeepcheckonsuch breaches in future.

c) Actions taken by me, if I were the chief security officer in charge of mitigation for Consumer Privacy Protection Act:
I will ensure that any person or company wich is found to breach consumer privacy or selling their private information will be punished heavily by strict Consumer protection lawsand this law would be the firststepin that direction.

d) Evaluation of the risk assessment and information security management controls:

This law exempts certain financial institutions, entities that comply with health record privacy laws, and electronic communication service providers from certain requirements of this Act.

It also requires notice of certain breaches to be provided to consumer reporting agencies and the FTC.

It establishes civil penalties for violations of this Act and provides enforcement authority to the FTC, DOJ, and states.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.