Cyber Security Policy Guidebook by Jennifer L. Bayuk, Jason Healey, Paul Rohmeyer, Marcus H. Sachs, Jeffrey Schmidt, Joseph Weiss

6

Cyber Security Policy Catalog

The Cyber Security Policy Catalog is organized according to the taxonomy introduced in Chapter 5. There are five major topics that correspond to sections of the catalog. Each topic has several subtopics. Each topic and subtopic is introduced with some background information, some of which may appear technical, but the level of technical detail required to understand the issues has been purposely kept to a minimum and may be skimmed without loss of continuity. The background information is followed by a table that contains a list of policy issues that are of relevance to the topic. Each table has three columns. Each row in the table begins with an articulation of a cyber security policy statement. The second column in each row is an explanation of the policy statement. The third column contains a representative list of the reasons why the policy statement may be controversial.

The authors recognize that it is easy to confuse collecting policy statements with endorsing them, other than as statements that, in our judgment, are good examples. This chapter contains the policy statements that we collected. Please do not read the catalog as if it is a policy document. It is not. The catalog exists because participation in policy debate requires recognition of a policy and reasoning about it. As repeated several times in both Chapters 1 and 5, the statements in this catalog are not contrived as endorsements but as examples. None of the statements in this ...