Threat Information Would Enable Cybersecurity Str
Instructions
The Chief Technology Officer (CTO) has indicated that your organization has been requested by the National Security Council (NSC) to comment on the upcoming National Cybersecurity Strategy. The NSC has asked for specific recommendations as it relates to the next cybersecurity strategy, private / public partnerships, and comments on how specific technologies should be incorporated into the assessment.
The CTO has asked you to lead a group of experts to provide the organizational input. The specific questions you must respond to are provided below.
- After reading the Cybersecurity Act of 2015, address the private / public partnership with the DHS NCCIC. Arguably the most important aspect of the Act. The Cybersecurity Act of 2015 allows for private and public sharing of cybersecurity threat information. What should the DHS NCCIC (public) share with private sector organizations? What type of threat information would enable private organizations to better secure their networks? On the flip side, what should private organizations share with the NCCIC? As it is written, private organization sharing is completely voluntary. Should this be mandatory? If so, what are the implications to the customers private data? The government is not allowed to collect data on citizens. How should the Act be updated in 2018 to make it better and more value-added for the public-private partnership in regards to cybersecurity?
- Use additional sources as needed and be sure to critically analyze the questions, addressing the pros and cons in your proposal.
- Use visuals where appropriate.
- Review the General Data Protection Regulation (GDPR) proposed by the European Commission (EU). It includes many provisions and arguably strengthen data protection for individuals within the EU. It even includes the right to be forgotten. The United States does not have a similar regulation. There have only been a few regulations implemented related to US citizens private data, which include medical and financial industries. Some argue implementing regulation such as GDPR in the United States would hinder innovation. They contend that the End User License Agreements (EULA) provide sufficient protections and allow the citizens to make the choice of what is and is not shared. As a private sector organization do you believe that an equivalent to GDPR should or should not be implemented in the United States.
- Use additional sources as needed and be sure to critically analyze the questions, addressing the pros and cons in your proposal.
- Use visuals where appropriate.