final

Cyber security Laws

Top of Form

Bottom of Form

Gabrielle Briscoe

University of Phoenix

CYB/100

Information Security

The US has many laws that govern information and computer security, and the use of the internet. One of these laws is the Computer Fraud and Abuse Act. This law was enacted in 1986 and makes it illegal to intentionally access a computer without authorization or exceed the level of authorization that one has been granted (McGowan, 2017). Another example is the Sarbanes-Oxley Act of 2002, and that was formed to prevent fraud of shareholders, destruction of information that could otherwise serve as evidence, and the requirement for auditors’ independence in their operations (Amadeo, 2017).

The Sarbanes-Oxley Act has been one of the most frequently enforced laws in the US. According to Drawbaugh & Aubin (2002), Sarbanes-Oxley Act was heavily enacted during the bankruptcy of Lehman Brothers and Bernard Madoff in 2008. In fact, these companies became the largest companies in times of revenues and asset size to file for bankruptcy at the time. The law has also been attributed to the low number of initial public offering (IPO) during the late 2000s global financial crisis (Gingrich & Kralik, 2008). This is as a result of the strict requirements that it imposed to companies and particularly those owned by foreigners. As a result, the above factors have led to the Sarbanes-Oxley Act resulting to the largest financial impact on companies in the US. In fact, SEC (2003) further reports that Worldcom, one of the largest companies to file for bankruptcy, agreed to pay a fine of $2.5 billion to SEC and a further $500 million to investors due to the violation of fraud policies.

The Sarbanes-Oxley Act also has the strictest punitive damages in comparison to the National Information Infrastructure Protection Act and the Computer Fraud and Abuse Act. Policies such as the Computer Fraud and Abuse Act have loopholes that have been used due to its lack of proper definition of its requirements. On the other hand, corporates can easily lose their licensure, have their staff imprisoned, and be forced to close businesses altogether. In fact, this is one of the issues that led to the closure of Arthur Andersen, which was considered as one of the five largest auditing firms in the world during the early 2000s (Rusell, 2014).

The Sarbanes-Oxley Act protects business assets, shareholders’ equity, and information pertaining the running of the business. In this case, companies are required to comply with the SEC policies on disclosure of financial information and the standardization of auditing and accounting processes (Amadeo, 2017). As such, no company should mislead the public, and more so the shareholders, when reporting its financial information for the purpose of fraud. At the same time, no auditor should collude with the business management to mislead the public and neither should they destroy any information that may incriminate a company.

The Sarbanes-Oxley Act, the National Information Infrastructure Protection Act, and the Computer Fraud and Abuse Act critically guarantee the confidentiality of all private information. In the Computer Fraud and Abuse Act, for example, no one should access private information from other people’s computers without authorization. On the other hand, the National Information Infrastructure Protection Act extends the Computer Fraud and Abuse Act by making it illegal not just to access computers without authorization but also to access restricted information and share the information for the purposes of harming the owner or the state (US Congress, n.d). Added to the Sarbanes-Oxley Act, these policies thus protect the confidentiality of personal, corporate, and state information.

References

Amadeo, K. (2017). Sarbanes-Oxley Summary: How It Stops Fraud. The Balance. Available from https://www.thebalance.com/sarbanes-oxley-act-of-2002-3306254

Drawbaugh, K. & Aubin, D. (2012). Analysis: A decade on, is Sarbanes-Oxley working? Reuters. Available from https://www.reuters.com/article/us-financial-sarbox/analysis-a-decade-on-is-sarbanes-oxley-working-idUSBRE86Q1BY20120730

Gingrich, N. & Kralik, D. (2008). Repeal Sarbanes-Oxley. SF Gate. Available from http://www.sfgate.com/politics/article/Repeal-Sarbanes-Oxley-3186747.php

McGowan, B. (January 01, 2017). Eject the Floppy Disk: How to Modernize the Computer Fraud and Abuse Act to Meet Cybersecurity Needs. Ssrn Electronic Journal.

Russell, G. (2014). Andersen, Auditing And Atonement — The accounting profession 10 years after Enron. The Journal Of The Global Accounting Alliance. Available from http://www.gaaaccounting.com/andersen-auditing-and-atonement-the-accounting-profession-10-years-after-enron/

SEC (2003). The Honorable Jed Rakoff Approves Settlement of SEC'S Claim for a Civil Penalty Against Worldcom. SEC. Available from https://www.sec.gov/news/press/2003-81.htm

The US Congress (n.d). H.R.4095 - National Information Infrastructure Protection Act of 1996. The US Congress. Available from https://www.congress.gov/bill/104th-congress/house-bill/4095