manner, so if one wants to be prepared another good place to check is the media. There are many websites dedicated to IT information and many of these sites have sections that focus on federal regulations. These websites have become more prevalent with the recent and very quick enactment of so many laws pertaining to security since the terrorist attacks on 9/11/01.
The following non-government websites, while occasionally bias, have proven to be good sources of security legislation information:
GovExec.com (http://www.govexec.com) The ‘E-Government’ link on the home page leads to a wealth of news, special reports, and links to other related web sites. There is also a “Bill Tracker” link on the home page that leads to a list of current bills going through Congress. It includes a search mechanism for bills and legislation as well as a search by ZIP Code for elected officials. In their own words, “ G o v E x e c . c o m i s g o v e r n m e n t ’ s b u s i n e s s n e w s d a i l y a n d t h e p r e m i e r w e b site for federal managers and executives.” 1 2
Government Computer News (GCN) (http://www.gcn.com) While the home page lists current news articles on government security issues, following the ‘E-Government’ link will provide the most concise list.
Washington Technology (http://washingtontechway.com) Washington Technology provides links to “Budget/Policy/Legislation”, “Security”, “E-Government” and several other IT security topics containing current news releases and information.
Center for Democracy and Technology (http://cdt.org) This site is a watch dog/activist site, so they are slightly biased, but they are very up-to-date on the latest IT legislation and news. “The Center for Democracy and Technology works to promote democratic values and constitutional liberties in the digital age. With expertise in law, technology, and policy, CDT seeks practical solutions to enhance free expression and privacy in global communications technologies.” 13
There are a plethora of other websites and news magazines spanning the political spectrum. Anybody should be able to find one that fits their information needs.
© SANS Institute 2004, Author retains full rights.
Once the applicable federal mandates have been identified, it is important to understand which agencies and entities are responsible for which pieces of the legislation. Knowing which agencies, and subsequently the audience, are
GovExec.com – About Us - http://govexec.com/about.htm Center for Democracy and Technology – Mission – http://www.cdt.org/mission/
© SANS Institute 2004,
As part of the Information Security Reading Room
4 Author retains full rights.