The chief technology officer (CTO) has indicated that your organization has been requested by the National Security Council (NSC) to comment on the upcoming National Cybersecurity Strategy. The NSC has asked for specific recommendations as it relates to the next cybersecurity strategy, private/public partnerships, and comments on how specific technologies should be incorporated into the assessment.
The CTO has asked you to collaborate with your team to provide the organizational input.
You will be collaborating with your previously assigned team on this assignment. It is up to the team members to decide how they will plan, meet, discuss, and complete the six sections of the paper. Remember, if a member fails to complete his or her part of the work, the team is still responsible for all sections. You will also complete a peer review for yourself and for each member of the team. The peer feedback will be incorporated into each team member’s assignment grade.
As a group, use the Cybersecurity Strategy, Law, and Policy Team Assignment Resources to write your paper, which should cover the following topics:
Part 1: National Security Strategy and Cybersecurity
Part 2: Public/Private Partnerships
After reading the Cybersecurity Act of 2015, address the private/public partnership with the DHS National Cybersecurity and Communications Integration Center (NCCIC), arguably the most important aspect of the act. The Cybersecurity Act of 2015 allows for private and public sharing of cybersecurity threat information.
What should the DHS NCCIC (public) share with private sector organizations? What type of threat information would enable private organizations to better secure their networks?
On the flip side, what should private organizations share with the NCCIC? As it is written, private organization sharing is completely voluntary. Should this be mandatory? If so, what are the implications to the customers’ private data?
The government is not allowed to collect data on citizens. How should the act be updated to make it better and more value-added for the public-private partnership in regards to cybersecurity?
Part 3: Private Sector Organizations
Review the General Data Protection Regulation (GDPR) of the European Commission (EU). It includes many provisions and arguably strengthens data protection for individuals within the EU. It even includes the right to be forgotten. The United States does not have a similar regulation. There have only been a few regulations implemented related to US citizens’ private data, which include medical and financial industries. Some argue implementing regulation such as GDPR in the United States would hinder innovation. They contend that the End User License Agreements (EULA) provide sufficient protections and allow the citizens to make the choice of what is and is not shared.
Part 4: Protecting Critical Infrastructure and the Homeland
Part 5: Cybersecurity Technologies
Part 6: Ethics in Cybersecurity
- Ethical issues are at the core of what we do as cybersecurity professionals. Think of the example of a cyber defender working in a hospital. They are charged with securing the network, medical devices, and protecting sensitive personal health information from unauthorized disclosure. They are not only protecting patient privacy but their health and perhaps even their lives. Confidentiality, Integrity, Availability – the C-I-A triad – and many other cybersecurity practices are increasingly at play in protecting citizens in all walks of life and in all sectors. Thus, acting in an ethical manner, is one of the hallmarks of a cybersecurity professional.
- What are the ethically significant harms that may result from mass surveillance (including by government and corporations)?
- What are the ethically significant harms that may result from emerging technologies such as blockchain technology, artificial intelligence, and machine learning.
While quality is valued over quantity, it is expected that a quality paper will result in a minimum length of 10–15 pages.
Use additional sources as needed and be sure to critically analyze the questions, addressing the pros and cons in your proposal.
Use visuals where appropriate.
Each team will submit one assignment.
You will receive an individual grade for this assignment based on your contribution to the overall project.
How Will My Work Be Evaluated?
The following evaluation criteria aligned to the competencies will be used to grade your assignment:
1.1.3: Present ideas in a clear, logical order appropriate to the task.
2.1.3: Explain the significance of the issue or problem.
4.1.2: Engage in regular and consistent communication and meetings with team members and external project stakeholders.
4.2.4: Prepare a finished teamwork product.
10.1.1: Identify the problem to be solved.
12.9.1: Describe organizational compliance with government legislation that impacts technology.
12.9.2: Explain organizational compliance with industry regulations.
12.9.3: Explain compliance with organizational policies.
13.1.2: Describe the various processes that affect policies, processes, and procedures.
14.1.1: Explain how ethical principles used in the information technology industry apply to the welfare and safety of stakeholders and society.
To Submit Your Work