Information systems have become rampant in current times and by default, the use of said technology has been widespread in the usage to manage countless items of personnel and organizational data. In fact, this data may contains items such as organizational proprietary information, financial information, and/or personal information that in the hands of others, can arguable be harmful to the data owner(s). It is well known that organizations rely and have increasingly become reliant on technology to conduct business operations (Herath, Herath, & Bremser, 2010). Consequently, security measures are necessary to protect organizational information from both inside and outside entities of an organization. The protection and security of organizational information is under constant threat and mitigation measures are necessary to ensure information is protected from unauthorized users. Additionally, governmental agencies have developed regulations that mandate minimal standards necessary for organizations to protect information.
Furthermore, organizations like the Information Systems Audit and Control Association, otherwise known as ISACA, have developed frameworks and communicate best practices that assist an organization in the development and implementation of security control measures tailored to protect organizational information for informational security threats. The author will provide the reader a brief synopsis of the Federal Information Security Management Act (FISMA) of 2002 and of the Gramm-Leach-Bliley Act (GLBA) and other security regulations that pertain the protection of information and the management of risks. Furthermore, the author will provide a comparative analysis between FISMA and GLBA. Lastly, a summation will be offered describing the differences that occurred before and after the governmental regulations were enacted and provide an opinionated discussions on whether information is safer with the development and implementation of governmental regulations.
On December 17, 2002, the Federal Information Security Management Act (FISMA) was enacted as part of the E-Government Act which sought to provide security requirements for governmental systems that do not play a vital role in national security efforts (Hulitt & Vaughn, 2010). White (2010) described the development of FISMA as a way to thwart the increased threat to information security and the conduct of cyberwarfare on the technological infrastructure of the federal government. The higher purpose as directed by FISMA, is the requirement for each federal agency to develop a systemtic, but risk-based approach in the adoption, management, and the documentation of a security program designed to safeguard agency information from cybercriminals (Hulitt & Vaughn, 2010; White, 2010). Furthermore, FISMA created three broad objectives for information systems, which are confidentiality, integrity, and availability. Finally, the regulation with emphasis by the US...