We survey laws, regulations, and standards for cybersecurity in the United States, including "soft law" and self-regulation. Topics include the pros and cons of regulatory solutions and market solutions; the different approach to data protection regulation in the European Union; and cybersecurity concerns and regulatory authorities in various U.S. industries and sectors. Students become familiar with key standards bodies involved in cybersecurity, and explore organizational processes for remaining current with industry best practices.
With successful completion of this course, students are able to: 1. Explain the legal and regulatory approach to cybersecurity in the United States. 2. Identify and describe cybersecurity concerns and regulatory authorities particular to various U.S. industries and sectors. 3. Compare and contrast U.S. and E.U. legal perspectives on data protection. 4. Debate the advantages and disadvantages of regulatory solutions and market solutions. 5. Identify common sources of cybersecurity standards. 6. Describe processes for incorporating regulatory concerns and security standards into systems and organizations. 7. Describe processes for maintaining currency of best practices through auditing and reassessment.