Why is it difficult to make security legislations and standards? And what factors need to be considered when making and enforcing security rules and regulations ?

Assignment: "History informs our future." Let us start by knowing the history. The last page of Appendix C shows a nice picture of the development of technology and law. White House. (2009) Appendix C: Growth of Modren Comunications Technoloyg in the United State and Development of Supporting LEgal and Regulatory Framework. Cyberspace Policy Review. We then continue to become familiar with a set of legislations and standards regarding information security that you and your organization should know of. The following presentation has some overview. It doesn't provide a comprehensive list, but it does cover the major ones. Wang, Wenli. Powerpoint Presentation. Security Legislations. Next, read the following article which also contains a list of legislations and standards. Moreover, the article discusses why it is difficulty and ineffective to execute certain legislations. Bono, Stephen; Rubin, Aviel; Stubblefield, Adam; Green, Matthew. (2006) Security Through Legality. Communications of the ACM, Jun2006, Vol. 49 Issue 6, p41-43. (TUI library). An in-depth analysis of the difficulty in compliance can be found in the article below, where the author focuses on CAN-SPAM Act of 2003. Grimes, Galen A. (2003) Compliance With the CAN-SPAM Act of 2003. Communications of the ACM, Feb2007, Vol. 50 Issue 2, p56-62. (TUI library). The enforcement of a legislation and standard is also difficult. The following article uses the organizational context and emphasizes the need for development processes that facilitate enforcement. Siponen, M. (2006). Information Security Standards Focus on the Existence of Process, Not Its Content. Communications of the ACM, Aug2006, Vol. 49 Issue 8, pp. 97-100. (TUI library). Security legislations are not only made for organizations but also for individuals. On a personal level, it is also difficult to fully understand the implications of a legislation and we often times ignore the details. Read the following article to understand what risks you will be exposed to if you don't understand fully about a legislation. Desautels, Edward, Software License Agreements: Ignore at Your Own Risk. US-Cert. http://www(dot)us-cert(dot)gov/reading_room/EULA.pdf. Now I hope you have grasped the major concepts and understood what I want to come across regarding security legislations after following the background information. As I mentioned in the module's homepage, politics is naturally involved in making a legislation and in its enforcement, even when the word "politics" does show up. I am sure you have learned a lot and have a lot to say. Please write a 3-4 page paper on the following topic: Why is it difficult to make security legislations and standards? And what factors need to be considered when making and enforcing security rules and regulations ? You may think that you are not a law maker, hence you don't need to know how to make a legislation. But as a future CSO in the company, you have to come up with a list of rules and regulations that the organization's employees should follow. You will also be responsible following existing legal requirements and enforcing them as well. Expectations: In preparing your paper, you need to discuss the following issues, and support with arguments and evidences: what are the major legislations and standards in information security? are these legislations and standards serving their purposes? how to enforce these legislations and standards? is it easy? why? how to make security rules and regulations? who are involved? what factors need to be considered?