Join Mike Chapple for an in-depth discussion in this video What role should the government play in cybersecurity?, part of Insights from a Cybersecurity Professional.
- The government's role in cybersecurity is a little bit of a tricky one. It's certainly the government's responsibility to protect the public interest. What we have here in the United States is a situation where we have a patchwork of law that sometimes conflict with each other and certainly lead to confusion in information security. We have different law for personal health information. We have HIPAA, the Health Insurance Portability and Accountability Act. We have laws for financial institutions, like Gramm-Leach-Bliley. Publicly traded corporations are covered under Sarbanes-Oxley.
There are non-legal regulations as well. Things like the Payment Card Industry Data Security Standard, PCI DSS. We're left with this alphabet soup of regulations and it really can be very confusing from a security perspective, because many organizations are subject to two, three, four, or more of these laws at the same time, and security professionals are left trying to sort that out and figure out how do the controls that we're putting in place map back to meet all of these different regulations. In Europe, on the other hand, they have a pretty good, solid framework for data privacy that applies across all industries.
And security professionals over there, I'm a little envious of, because they have one common framework that they need to comply with, while we have this sort of patchwork here that causes a lot of confusion.
- How does one break into the cybersecurity field?
- What are the various career tracks?
- How do organizations prevent a security breach?
- What are the compliance issues?
- Who is responsible for security in the cloud?
- How does IT security impact other business divisions?
These are the kinds of insights that can help you explore a new career, focus on a course of study, or even prepare for an interview.