IT_412___ShortPaper_ImpactOfDataBreach.doc IT 412 Cyberlaw and Ethics 4.1 Short Pape

IT_412___ShortPaper_ImpactOfDataBreach.doc    IT 412 “ Cyberlaw and Ethics  4.1 Short Paper: Impact of Data Breach  Southern New Hampshire University  There are three laws that primarily effect the data breach for this aircraft manufacturing plant located in California. They are The Federal Information Security Management Act, The Sarbanes-Oxley Act, and the California Breach Notification Act.   The Federal Information Security Act also known as FISMA was created in 2002 as part of the E-Government Act. This law was put in place to require entities to develop and maintain an information security program. This act would have applied to the aircraft manufacturer as well. The information security program must include a risk assessment, annual inventory, policies, and procedures, testing and evaluation and incident response (Grama & Spinello. n.d.). Preforming a risk assessment, would have allowed the aircraft manufacturer the ability to measure the possibility of harm that would result from unauthorized access to their system. The security program created should be developed and updated from this assessment. By preforming this assessment annually, you can make changes if needed to the IT security program. An annual inventory of all the IT equipment will ensure none of the equipment is missing and will also allow the ability to determine if there is any equipment that is old or out of date that needs to be replaced for security reasons. Companies, including this aircraft manufacturer should have policies and procedures in