Question

Select one of the laws from the NIST document to discuss:

-What is the law?

-What are some of the key considerations related to the law you selected?

-Can you find an example of a breach that compromised the law you selected?

-For example, in the Equifax breach, credit history information was stolen. What laws were broken?

-What were other legal consequences to the breach?

-Can you find another example?

Answer 1

a) With the advancement in technology, computer science is being widely used in almost every fields. So, National Institute of Standards and Technology has come up with several laws based on cyber security and supports overall mission to advance US’s innovations and industrial advancements by empowering standards and related technology through various development in the field of cyber security. NIST’s cybersecurity Act seeks to enable development and implementing innovative technologies to secure the data in IT fields.

b) key considerations regarding Cyber Security Act:

• This law focusses on disseminate clear and concise resources that are being used in helping businesses to reduce the cyber security risk.
• The Act must be implemented on wide ranges of businesses starting from small businesses to large IT giants. This Act promotes cybersecurity awareness among the companies and introduce the security strategy.

c) The OPM (US Office of Personnel Management) where personal information of near about 22 million current and former federal data has been leaked. Here the NIST law has been compromised in this data breach.

d) in the Equifax breach, personal information such as Social Security Numbers, addresses, date of birth and even driver license number has been hacked. The number of users is reported to be nearly 143 million consumer and more than 209000 user’s credit card details has been exposed. This is totally against the Cyber Security Act which has been implemented by NIST. All the personal information has been leaked from Database and this is against the NIST act. Application vulnerability of their website led to this attack. Company’s negligence towards NIST security implementation has done the damage.

e) The Federal Trade Commission checks the impact of the data breach and the impact on the business happened. Based on that, a charge that company has to bear if it is found that they haven’t implemented the law properly on their network. It fine amount could be millions of dollars based upon the impact on the amount of data breached.

f) the WannaCry ransomware has almost hit 150 countries IT companies, where they demanded money to open the files. This ransomware encrypts the file and demanded a payment in Bitcoin in order to decrypt the files. Many US based IT companies were affected by this virus. here also companies negligency towards cyber security cause the virus to affect the business.