How can the local government officials convince residents that this “invasion of privacy” (collection of personal information during account registration) is necessary and for their benefits?

Week 7 Discussion
Policy Soup: Dealing with the Aftermath of a New Cybersecurity Policy

For this discussion you must:

1. Create an MS Word document containing your “short paper” (response) for the discussion topic. Use MS Word to spell check and grammar check your work! Then, submit this file to the Discussions item in the assignment folder so that a Turn It In scan report is generated.

Prepare a 5 to 7 paragraph “Expert Opinion” for local government officials. This document should present a strategy for communicating with residents about a new “cybersecurity” policy that requires a user profile and password recovery information.

Background: Due to increased hacking attempts against the Service Request system, the local government adopted the new policy without allowing time for public comment. There has been a significant amount of backlash including a protest by sports coaches and youth group leaders who were unable to file reservation requests for ball fields and meeting rooms in local Parks & Recreation facilities.

To gain access to online services, the newly adopted “cybersecurity” policy requires users to establish a user profile that includes password recovery information The user profile registration form requires name, address, cell phone number, email address, date of birth, and the last four digits of the individual’s social security number. Setting up the password recovery section of the profile requires uses to provide answers to challenge questions that include disclosure of private information about the individual’s immediate and extended family members (names, birth places, schools, etc.).

Your “Expert Opinion” (document) should address the following issues:

1. How can the local government officials convince residents that this “invasion of privacy” (collection of personal information during account registration) is necessary and for their benefits?

2. Should the local government suspend implementation of the new policy for 90 days (180 days?) to allow members of the public to comment on the new policy? Why or Why not?

3. Identify and discuss an alternative to challenge questions as a means of authentication for the password recovery/reset process.

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.

Resources:

https://www.policynl.ca/policydevelopment/policycycle.html
https://www.iacdautomate.org/aboutiacd
https://us-cert.cisa.gov/sites/default/files/ncirp/National_Cyber_Incident_Response_Plan.pdf