Cyber Security Policies

Abstract 

It is easy to view all policies about cyber security as active and beneficial to all Americans. The plans are held in high esteem because they attempt to fight the worst kind of threat that could beget the concerned parties, known as cyber-terrorism. However, the knowledge that they are not as effective, practically, as they are theoretically raises questions. What is the real aim of these policies and what impact do they have on American organizations, which are required to enforce them as per the law? This essay is purposed to answer these questions systematically. The hypothesis in this paper is that cyber security policies are flawed and infringe on the day to day running of businesses. It begins with an introduction explaining the plans and how they work. This part is followed up by an explanation of the research methods and how they are ideal for this particular subject. They include interviews, questionnaires, and information from secondary sources. The results of these methods follow and highlight the effect of these policies when they were enforced in the 90s and as they are being currently enforced. They emphasize the sentiments of business operators and explain why government officials believe in the policies they implement. It draws attention to the fact that private investors especially feel that the policies are used to interfere with their client relations and a way to monitor Americans who have a right to privacy. Evidence against the said effectiveness of the policies is also presented, indicating that they are loopholes in them and they are only formed to promote government agendas. Finally, recommendations on how to create effective policies and get business owners to work with the government are cited. They include creating awareness, involving the public in decision-making and enforcing all-inclusive laws that see to the privacy and information system protection of all industries. 

Introduction 

The term cyber security is inclusive of policies, technologies, and practices designed to protect information systems and computer hardware. They are necessary for America due to increased cyber terrorism, which affects many companies and might lead to the regular loss of critical information. Establishments such as Adobe, Yahoo, and Gawker are some of the organizations that have fallen victim to cyber-attacks. These attacks are often in the form of viruses, Trojan horses, worms, unauthorized access, denial of service attack and phishing. Following significant loss of information as a result of these ambushes, cyber security policies are continually being enforced to deal with these arising issues. However, there is a rising concern that the policies are not as effective as needed and therefore leave computer users questioning the need to enforce weak policies that do not have a significant impact in protecting their property. In this research paper, a defense to prove that cyber security policies are not practical for the protection of internet users is prepared. 

Literature review 

As the United States of America started its transition into industrialization and increased its reliance on computer systems, the need for policies to protect her online communities in as well as their information began. This step was especially important because, foremost, even the government’s information systems and networks were at risk. As a result, the first cyber security policy was introduced in 1977 when the General Accounting System (GAS) limited employees who could access their data as a way of curbing breaches. These policies had a continuation in the 80s following the ‘Morris Worm’ attack that affected 600,000 computers in the GAS office ( Kleiner, Nicholas & Sullivan, 2013) . In the 20th century, the Y2K virus became a central focus of American cyber security and substantial government funding for policies to avoid any damage as a result of the virus was provided. However, all these theories were ridiculed by the fact that the virus barely caused any damage. The money that the US government used for the prevention measures concerned proved excessive. 

Currently, the regulations that exist mainly focus on three primary industries which include healthcare institutions, financial organization, and federal agencies. The 1996 Health Insurance Portability and Accountability Act (HIPAA), the 1999 Gramm-Leach-Bliley Act, and the 2002 Homeland Security Act are the three policies that cater for the needs of each industry (Mohammed & Mariani, 2014) . They each recommend the establishment of mandatory policies, standards and programs to protect information systems and for the governance of operations in the mentioned industries. This minimal coverage is despite the fact that all American industries, as for instance the entertainment and hospitality industries rely on computers and on the internet for transactional purposes. The policies are also characterized by vague language that is open to multiple interpretations. Also, they were all formed as a result of past experiences where the systems succumbed to data loss and are rarely informed by research that highlights the loopholes within the information system in the present. 

These data surfaces questions that no government shareholders has attempted to confront. Organizations in the health and financial sectors are curious as to whether the enforcement of these policies in necessarily or is it a way for the government to control their operations. Are the recommended plans and procedures within the cyber security regulation full proof to possible attacks? Why have cyber-attacks in the last decades increased and yet these policies are designed to curb them? And what happens to the industries that are not covered under the existing laws? These questions are the motivations of this research paper, which seeks recommendations to fill in the gaps left by policy makers in charge of information technology authorities within the government. It is essential to bringing out the assumptions in laws that leave systems vulnerable to theft, corruption, and destruction. All these objectives are fulfilled through keen and systematic research processes. 

Research methods 

The research methods used in this paper aim to collect factual data and input from all possible sources. They include: 

Secondary sources 

These sources involve reading the materials, audios, and videos that are relevant to the issue of information’s technology security. They are an ideal source of information for the research because they contain already documented circumstances of how the policies enforced for safety purposes have either succeeded or failed. Relevant thoughts from authorities affected by the laws at the time are noted in interviews with reporters and newspaper commentators. The constitution is relevant as a reference at this point since the laws are written here, and all arms of government refer to it alongside other statutes. It is mentionable that these sources may contain bias since articles are published from the author's perspective, and thus the researcher will sample material addressing both sides of the issue. 

Interviews 

There is a significant multitude of authorities that can speak up on this issue. They range from home computer users to CEOs of multi-billion information systems organizations. This literature focuses on the impact of policies on business operators together with their data systems. Therefore, the interviewees will include employees of such organizations and government officials who play a role in the formation of these policies. It is essential to carry out interviews that give insight into the reality of the matter at hand. All procedures to ensure the trust and honesty of subjects are earned before the meeting will be considered. 

Questionnaires 

Questionnaires are a preferred mode of data collection because they help the researcher narrow down on the information he/ she seeks to acquire. The questions are directly related to the topic. Some questions are open, allowing the respondents to give their honest answers to them while others have choices that help the researcher draw statistics on individual facts. These questionnaires were mainly filled out by employees in various industries that are either included or exempted in the three standing policies of cyber security as an approach to analyzing how they are impacted on a daily basis by these laws. 

Results 

The data gathered from the research methods present facts that bring out negative and positive arguments on the case. About secondary data, it is noted that cyber security crimes have increased by 63% in the last decade. This growth is attributed to some reasons, including an over-dependence on the internet and on information systems for plenty of Americans ranging from 3-60 years of age, poor sanitizations on the laws of cyber use and poor enforcement of policies. It is also emphasized that these crimes are carried for the purposes of stealing data, harming individuals or organizations and destruction. More than 70% of Americans have a personal experience with cyber-attack yet only half of them have had their issue resolved in a caught of law ( Kshetri, 2015) . 

Interviewed government officials mention that there are professionals including Homeland Security and NATO personnel, and the CIA working round the clock to enforce these policies and as well, to arrest anyone that infringes on them. However, private organizations are of the opinion that these policies are a way for the government to draw information from their databases to facilitate their operations. They infringe on the privacy agreement between companies and their clientele, especially with regards to social media organizations such as Twitter, Facebook, and Myspace. Security departments defend these actions by indicating that most of the individuals arrested for internet crimes would have easily been stopped if the organization flagged them beforehand instead of waiting for officials to demand information through court orders. The questionnaires indicate the lack of awareness of the policies of cyber security and list of actions considered as crimes. 

Discussion 

From these results, it is evident that the cyber security policies that govern information system users are patched and vague. Most establishments do not adhere to them because they constantly change according to law maker’s instructions and seem to arise after a notable crime is already committed. The haphazard nature in which these regulations are enforced is an indication that the authorities do not know what to prepare for. In most cases, they are viewed as a way to harass investors in the information systems sector. All the loopholes within the constitution are proof that they are simply formalities and not for the actual purpose of protection. Therefore, changes are desired in the way the government establishes law over these systems and their operators if they are to facilitate an efficient and organized America (Butler, 2013) . 

There are individual recommendations from this research. One was that the legislative approach to include all computer users in regulations is paramount. The government can accommodate the task of ensuring that all users are safe since tax payers money is more than enough. Secondly, the government should contract the private sector to assist them in policy making. This approach is crucial since an all-rounded perspective is required in such situation. They can bring in perspectives and strategies that the government is not aware of or prepared for. For example, most of the current legislations revolve around the idea of an external or terrorist attack while Americans within the nation are also a risk to their peers and big corporations. In the end, it is evident that harsh and infringing laws are not the answer. In fact, the best solution is to have governments agents customize protection systems for every business because no organization is similar or operates the same way as another. 

References 

Butler, A. (2013). When cyberweapons end up on private networks: third amendment implications for cybersecurity policy. 

Kleiner, A., Nicholas, P., & Sullivan, K. (2013). Linking Cybersecurity Policy and Performance. Microsoft Trustworthy Computing . 

Kshetri, N. (2015). Recent US Cybersecurity Policy Initiatives: Challenges and Implications. Computer . 

Mohammed, D., & Mariani, R. (2014). An Evaluation of the Cybersecurity Policies for the United States Health & Human Services Department: Criteria, Regulations, and Improvements. International Journal of Business and Social Research ,