| Confidence in online transactions and concerns for the security of personal data that traverses the Internet is reaching a point that should alarm businesses. The purpose of this research was to propose a new government department that builds trust and confidence between retailers and consumers. How do current industry standards address information security (INFOSEC) when dealing with transaction data from consumers and retailers? How does the government currently use policies and rules to regulate third-party entities? Finally, what paradigm shift should be implemented to provide a higher level of INFOSEC to heighten consumer confidence? Several standards and policies, both utilized by public and private organizations, were researched to identify strengths and weaknesses present. Although information security is something that is talked about quite often, research suggests otherwise when it comes to practicing it. Mandatory controls do not exist and private entities are given latitude in how they implement information security policies. Although several policies exist, there are no foundational mandates that have to be followed. A fundamental paradigm shift has to occur to change this alarming trend and it must include the creation and empowerment of a government department or agency that has the power to generate and enforce policies and controls that work. It also includes moving towards artificial intelligence means to secure data. Achieving this paradigm shift will have beneficial effects on information security and increase the public's confidence in Internet retail.;Keywords: Cybersecurity, Christopher M. Riddell, INFOSEC, National Infrastructure Protection Plan, National Cyber Incident Response Plan, Payment Card Industry Data Security Standards, Internet Security Forum, NIPP, NCIRP, PCI DSS, ISF. |
