Cybersecurity Regulation and Compliance

Relationship between criminal and civil court systems (Cyber-Security)

Criminal and civil court systems have similar court systems as it is applied to cybersecurity initiatives. Essentially, criminal law handles offenses against the state, and in detailed definitions, the civil procedures include crimes against an individual. The state commits its resources to prove the verdict presented to the individual, where the guilty outcomes result in fines, probation, incarceration, or possible death (Horowitz & Lucero, 2016). In proving whether the case is criminal in a way, the forensic auditor oversees the procedures of collecting data and producing results. The prosecutor has to prove that the interventions drew a criminal case. Civil court systems are often between individuals and individuals, and the prosecutor has to prove the breach was not criminal in any way. The prosecutor can involve computer analysts to determine digital forensic sleuth. 

Compliance

Compliance remains a critical component for cybersecurity as it details measures, policies, laws, standards, and regulations. Compliance philosophy is We Trust but Verify, which justifies the need for sound compliance posture while integrating a continuous expansion for the compliance challenges.

U.S. Organizations in Compliance

Federal and state government requires the organization to comply with cybersecurity standards, which protect stakeholders in a business. Standard NIST SP 800-53 contains at least 272 controls NIST while NIST SP 800-171 features another 114 controls approachable framework for contractors to implement (Fin Jan Team, 2019). The control further checks the ability to control unclassified information by integrating laws, regulations, and policies. 

Policies and Technologies Addressing Compliance

There are policies and technologies that can be applied to address existing regulations. Cybersecurity organization includes directives committed to safeguarding information technology and computer systems from attacks such as worms, Trojan horses, viruses, denial of services attacks, or unauthorized access and control systems attacks. Cyber-security includes anti-virus software, intrusion detection, encryption, login-passwords, anti-virus software, and firewalls. 

How U.S. Organizations Monitor Compliance

Organizations are required to comply with cyber-security, wherein this case, they abide by the massively scalable environment of rules, laws, policies, and procedures that help in improving regulatory requirements. In complying, organizations are adopting the use of a consolidated and harmonized set of compliance controls, which include duplication of efforts and activity for resources (Zerlang, 2017, p. 8). Compliance further includes mechanisms of handling data more efficiently by developing audit trails, data transfer evaluations, and calculations.

References

Fin Jan Team. (2019). NIST Updates SP 800-171 to Help Defend Sensitive Information from Cyberattack. Retrieved from https://www.nist.gov/news-events/news/2019/06/nist-updates-sp-800-171-help-defend-sensitive-information-cyberattack

Horowitz, B., & Lucero, D. (2016). System-aware cybersecurity: a systems engineering approach for enhancing cybersecurity. Insight, 19(2), 39-42. doi: 10.1002/inst.12087Zerlang, J. (2017). GDPR: a milestone in convergence for cyber-security and compliance. Network Security, 2017(6), 8-11. doi: 10.1016/s1353-4858(17)30060-0