Question

Name two (2) regulatory agencies and describe how they regulate in cybersecurity.

Answer 1

Regulatory agencies:

1.The Federal Bureau of Investigation:

1. Until recently, the level to which the federal government could get involved in a major private sector cybersecurity incident was unclear. But last month, the White House issued a presidential policy directive (PPD) on cyber incident coordination.  The PPD outlines the federal role and pledges that, in the case of a major private sector cybersecurity event, federal government responders will safeguard sensitive private sector information and abstain from interfering while remaining informed of the affected organization's response.

2. The PPD also directs that, in the event of a cybersecurity incident or threat, the FBI and the National Cyber Investigative Joint Task Force will take the response lead. A "relevant sector-specific agency" will also work with the federal government to help it understand "potential business or operational impact of a cyber incident on private sector critical infrastructure.".

3. Through the PPD, the White House also promised that the Department of Homeland Security and the Department of Justice will develop a fact sheet outlining how private individuals and organizations can work with federal agencies in response to a cyber incident.

2. Federal Trade Commission:

1. Over the past decade, the FTC has established itself as the government’s chief cybersecurity enforcer when it comes to protecting consumers from a data breach. The FTC has sued several private-sector companies, including LabMD and Wyndham Hotels, for allegedly failing to protect consumer data because of lacking cybersecurity practices.

2. Some private companies have challenged the FTC’s authority to police cybersecurity shortcomings. LabMD's CEO and others have said Congress did not give explicit directions for the agency to go after companies with weak security measures. But the FTC then reversed an administrative law judge's decision from last November that had dismissed FTC charges against LabMD.

3. The reversal concludes that LabMD’s data security practices were unreasonable and constitute an unfair act or practice that violated Section 5 of the Federal Trade Commission Act. The reversal also underscored the fact that the FTC can in fact act to protect consumers from data mismanagement.

Note:

if you have any doubt at any point, please comment.