Premium Essay

Cyberlaw, Regulations and Compliance

In:

Submitted By rjohnson1996
Words 1304
Pages 6
Task 1

Heart Healthy Information Security Policy:
A.
1.
The policy for information security has two different sections – first is managing passwords and second is new user policy. They are discussed in detail as below:
New Users:
When a new user enters the organization, depending upon the roles and responsibilities assigned to the person, he will be given corresponding access rights. With the help of these access rights the person would be able to access the required files and data necessary for his tasks. When these access rights are assigned the user should sign a document, which will list his roles and responsibilities. This document will be co-signed by his supervisor as an agreement. If a user requires elevation in privileges, he will need to get permission from the respecting manager. When new people join organization they will be taken through an orientation program which will give information on security policies, work culture, work place, information security practices etc. Besides orientation program the users will also be trained on topics like remote device protection, password management, content management, file downloads, access levels and its importance and acceptable use of internet and email. These trainings will be mandated for all the new users and after completion of training this will be documented and stored. As per HIPAA guidelines unless all these mandatory trainings are completed they are not given access to the company data and records (HIPAA Security Guidance, 2006). Besides this no user would be allowed to bring external hardware and storage devices like CD, USB storage media, external hard disks etc. in case there is a genuine need for this the user will need to get permission from the manager and IT administration and even then device will be scanned before it enters and leaves the organization.
2.
Password

Similar Documents

Premium Essay

Tft2 Cyberlaw, Regulations, and Compliance

...detrimental impact on an organization from a legal and operating perspective. One of the primary preventive controls that provide an organization with many operational benefits is continuous log management policies. In addition to helping solve network security related issues, logs can be extremely beneficial in identifying unauthorized access and behaviors. Security logs assist in identifying policy violators, fraudulent behavior, real time operational problems, and provide necessary data to perform auditing, transaction back tracking and forensic analysis. In addition to the many benefits of having policies in place for continuous log analysis, standards and regulations have increased business awareness of the requirements for archiving and reviewing system logs as part of daily continuity. Some of the influential regulations that reference log management and other information security task include the following. • Federal Information Security Management Act of 2002 (FISMA) requires entities to ensure the development and execution of organizational processes and internal controls designed to secure information systems. Health Insurance Portability and Accountability Act of 1996 (HIPAA) encompasses information security benchmarks for protecting consumer health information. Violation Penalties can range from $100-$1.5 million per violation and 1year-10year criminal sentences. ISO 17799 is an audit checklist...

Words: 1310 - Pages: 6

Premium Essay

Tft2 - Cyberlaw

...TFT2 Cyberlaw, Regulations, and Compliance Overview Kristi Lockett, Course Mentor Kristi.lockett@wgu.edu https://kristilockett.youcanbook.me Performance Assessment • • • Seven (7) Weeks to complete COS Four (4) Tasks Refer to Rubric (in Taskstream) for task requirement details Tasks – submit via Taskstream 1. Task 1 – Policy Statements • For given scenario, develop/revise two policy statements (new users and password requirements). Justify policies based on current federal information security laws/ regulations (i.e., HIPAA) 2. Task 2 - Policy Statements • For given scenario, develop three policy statements that would have prevented a security breach. Justify policies based on national or international standards (i.e., NIST, ISO) 3. Task 3 – Service Level Agreement • • • For given scenario, recommend/justify changes to service level agreement. Address the protection of the parent company’s physical property rights, intellectual property rights and the non-exclusivity clause Use Microsoft Word tracking to track your additions, deletions, and modifications. Insert your justifications after each SLA section, or write an essay describing your changes and justifications 4. Task 4 – Cybercrime • For the given scenario, write an essay responding to the following question prompts (suggested length of 3–5 pages): • • • • • • • • Discuss how two laws or regulations apply to the case study. Discuss how VL Bank will work within the parameters of appropriate legal jurisdiction...

Words: 369 - Pages: 2

Free Essay

Your Mom

...Program Guidebook Master of Science, Information Security and Assurance The Master of Science in Information Security and Assurance is a competency-based degree program that encompasses the main security domains of knowledge developed following strict guidelines for information security and assurance education prescribed by the National Security Agency. Understanding the Competency-Based Approach Practically speaking, what does it mean when we say that WGU’s programs are competency-based? Unlike traditional universities, WGU does not award degrees based on credit hours or on a certain set of required courses. Instead, you will earn your degree by demonstrating your skills, knowledge, and understanding of important concepts through a series of carefully designed courses. Progress through your degree program is governed not by classes but by satisfactory completion of the required courses that demonstrate your mastery of the competencies. Of course, you will need to engage in learning experiences as you brush up on competencies or develop knowledge and skills in areas in which you may be weak. For this learning and development, WGU has a rich array of learning resources in which you may engage under the direction of your student mentor. You will work closely with your mentor to schedule your program for completing the courses. You will also work closely with additional faculty members as you proceed through courses of study that are designed to lead you through...

Words: 4226 - Pages: 17

Free Essay

Tft2 Task1

...Security Policy Cyberlaw, Regulations, and Compliance – TFT2 Task 1   Introduction: Heart-Healthy Insurance is currently evaluating their current security policy and have requested some changes to the policy concerning adding new users and the password requirements for the users. The end goal of the requested changes is to satisfy several compliance regulations that are required by law for their business. The regulations that need to be considered are: 1. PCI-DSS (Payment Card Industry Data Security Standard) 2. HIPAA (Health Insurance Privacy and Portability Act) 3. GLBA (Gramm-Leach-Bliley Act) 4. HITECH (Health Information Technology for Economic and Clinical Health Act) 5. HHS (US. Department of Health and Human Services) New Users: The current directive for new users from the standing security policy states: “New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator level access.” In evaluating the current policy this standard creates a lot of overhead and administration works for the users and the admins. The new users who are not already familiar with the systems must provide a list of machines that they require access too. Being so new they may not know all of the systems they would need on a day to day basis. This also rolls over...

Words: 1129 - Pages: 5

Premium Essay

Itmg381 - Week 8 Assignment

...document for grading following the instructions in the syllabus. Please provide detailed answers to support all of the questions. Use examples from the readings, or from your own research, to support answers. The assignment must be 1-page in length with a minimum of 2 outside sources. Chapter 14 A large American multinational corporation wants to establish a telephone and email hotline for employees to report wrongdoing within the company. The company has offices in the European Union and wants to ensure that it avoids violations of E.U. data protection laws. What steps can the company take to increase the likelihood that its hotline reporting system remains in compliance? To start with, all parties should be brushed up on existing laws and regulations and the consequences of non-compliance. Far too often there are incidents in which ignorance is claimed but the ignorance seems to be intentional. In fact it would be a good idea to regularly review such laws for their company and in their state as well as any laws that are applicable with the countries they do business with. Though it is understandable and certainly possible to not be aware of every law pertaining to your business and its practices and this is why there are lawsuits sometimes, due to the fact that someone really didn’t know. In the case of something like Yahoo and the French court dealing with access to purchase Nazi paraphernalia, one would have to wonder if this didn’t “feel right” to begin with...

Words: 630 - Pages: 3

Premium Essay

Tft2 Task 3 V1.Docx

...Introduction             A number of issues were discoveredupon review of the initial Service Level Agreement (SLA) draft. A great deal of problems arose with the key clauses lacking proper definition. Other areas that need review with the SLA include adding cyber law compliance and a need for the proper documentation preparation. The recommended changes that need to be made to the initial SLA are written below in a per-clause basis. Initial SLA Clause 4, Statement of Intent The original statement of intent makes claims about leading research and knowledgeable consulting firms without listing any references. These claims need an identifiable source to be included in the finalized statement of intent. The claims suggest that utilizing the smaller firm’s specialized products is the best approach to improve Finman’s business. Basing the entire SLA upon these statements is incredibly risky if these statements cannot be sourced and assessed as factual. Finman’s corporate resources may be placed under threat of lose or destruction if these sources are not verified and the entire notion of working with Datanal and Minertek should not move forward until this happens. Finman states, in the initial SLA, that service level management (SLM) “…offers the most promising strategy for the firm…” without detailing the methodology or listing reference material. This methodology of SLM may be part of the metric clause (7). This statement needs inclusion in the final documentation if that is...

Words: 2292 - Pages: 10

Premium Essay

Engine Certification

...guide and recommended learning resources for you to use while completing said assessment. Your assigned mentor will help guide you through the process. For ease of understanding, WGU has assigned competency units to each of its courses as indicated below. A competency unit is equivalent to a semester credit hour of learning. WGU terms are six months in length. During a typical term, students will be expected to complete at least 8 to 9 competency units. Grades are assigned on a Pass/Not Pass basis; a “Pass” at WGU is equivalent to a letter grade of “B" or better. Speak to an Enrollment Counselor for more information about these courses. Course Competency Units Risk Management 2 Current and Emerging Technology 3 Cyberlaw, Regulations, and Compliance 3 Technical Writing 3 Power, Influence and Leadership 3 Advanced Networking Technology 3 Disaster Recovery Planning, Prevention and Response 2 Information Technology Management 3 Technological Globalization 3 MS, Information Technology Management Capstone Written Project 3 MS, Information Technology Management Capstone Oral Defense 2 APPLY NOW LEARN MORE CALL NOW 866.225.5948 LEARN MORE ABOUT WGU...

Words: 381 - Pages: 2

Free Essay

Hate Speach

...THE LIABILITY OF INTERNET SERVICE PROVIDERS FOR UNLAWFUL CONTENT POSTED BY THIRD PARTIES N.D. O’BRIEN 2010 THE LIABILITY OF INTERNET SERVICE PROVIDERS FOR UNLAWFUL CONTENT POSTED BY THIRD PARTIES By N.D. O’BRIEN Submitted in fulfilment of the requirements for the degree of MAGISTER LEGUM in the Faculty of Law at the Nelson Mandela Metropolitan University January 2010 Supervisor: Prof F. Marx PREFACE I would like to extend my thanks to the following people:      To my parents and Emma Taggart for their help, encouragement, sacrifice and support; To my supervisor, Prof Marx, for his assistance and guidance; To Dawn Prinsloo, at the NMMU Library, for providing me with her time and guidance; To Ms. Fourie, the Law Faculty Officer, for her always prompt and friendly assistance; To Mr. Ant Brooks and the Internet Service Provider Association, for providing me with a variety of interesting information and insights. Without their invaluable assistance I would not have been able to have completed this work. i SUMMARY Internet Service Providers (ISP’s) are crucial to the operation and development of the Internet. However, through the performance of their basic functions, they faced the great risk of civil and criminal liability for unlawful content posted by third parties. As this risk threatened the potential of the Internet, various jurisdictions opted to promulgate legislation that granted ISP’s safe harbours from liability. The South African (RSA)...

Words: 77880 - Pages: 312

Free Essay

Cyber Crime

...Cyber crimes and effectiveness of laws in India to control them Under the Supervision of Dr. P.K. Rai Birendra Singh (M.Phil(CS)) Department of Computer Science APSU Rewa ABSTRACT:- India owes a lot to the exponential growth of the Information Technology service Industry over the last 15 years. Though India got its first codified Act in the Information Technology Act (“IT Act), in the year 2000, the IT Industry and in fact all businesses with cross-border obligations have been left crying themselves hoarse for more! The Indian Legislature has now passed a mish –mash legislation in December 2008, which clearly demonstrates the appeasement policy adapted to meet the various and in some instances divergent interests of the Industry and the Government. The scope of this paper is to highlight some important provisions of the cyber criminal laws in India relating to data protection, privacy, encryption and other cyber crimes and the extent to which the said provisions arm the enforcement authorities to combat not just existing but emerging trends in Cyber Crime. INTRODUCTION:- The general laws in India were drafted and enacted in the 19th century. Whilst each of the general laws have undergone modifications and amendments, the broad and underlying provisions have withstood the test of time, including unimaginable advancements in technology, which speaks to the dynamism of the General laws. The general laws referred to in this Article are the Indian Penal Code, 1860 (“IPC”), which...

Words: 2370 - Pages: 10

Free Essay

Jurisdictional Issue in Cyber Crime

...Ad idem ‘12 | Jurisdictional Issues in Cyber Crimes | | | | | Arashdeep Singh Gurm Address: #181 Anand Nagar A, Gurudwara Street Patiala(147001) E-Mail Id: arashdeepgurm@gmail.com Contact Number: 7508729986,9646020181 RAJIV GANDHI NATIONAL UNIVERSITY OF LAW, PUNJAB Mohindra Kothi, Mall Road,  Patiala - 147 001 (PUNJAB) | ABSTRACT In this essay I wish to discuss the various types of crimes that are emerging with special reference to developing countries like India By developing we mean where growth of Information Technology is rampant but still it has not reached its peak. Cyber crimes can take place across various jurisdictions and hence the legal issue of jurisdiction of International Courts and country specific Indian Courts arises. Throw light on the present system in India, how it is ineffective and also upon international treaties and legal solutions to deal with the same. I have suggested possible ways to tackle the problem taking into consideration the domestic laws in India. The inefficiency of legislature to enact a more user friendly law is also examined in detail. Turning back our focus on the main legal dilemma of Jurisdiction of Cyber Crime Courts we have suggested a model that would be successful in India taking into consideration its working in other countries. In my concluding remarks a problem solution approach is taking where we have addressed the issue and after due consideration the solution is suggested. If proposal taken...

Words: 2824 - Pages: 12

Free Essay

Code

...02142, or call (617) 252-5298, (800) 255-1514 or e-mail special.markets@perseusbooks.com. CIP catalog record for this book is available from the Library of Congress. ISBN-10: 0–465–03914–6 ISBN-13: 978–0–465–03914–2 06 07 08 09 / 10 9 8 7 6 5 4 3 2 1 Code version 1.0 FOR CHARLIE NESSON, WHOSE EVERY IDEA SEEMS CRAZY FOR ABOUT A YEAR. Code version 2.0 TO WIKIPEDIA, THE ONE SURPRISE THAT TEACHES MORE THAN EVERYTHING HERE. C O N T E N T S Preface to the Second Edition Preface to the First Edition Chapter 1. Code Is Law Chapter 2. Four Puzzles from Cyberspace PART I: “REGULABILITY” ix xiii 1 9 Chapter 3. Is-Ism: Is the Way It Is the Way It Must Be? Chapter 4. Architectures of Control Chapter 5. Regulating Code PART II: REGULATION BY CODE 31 38 61 Chapter 6. Cyberspaces Chapter 7. What Things Regulate Chapter 8. The Limits in Open Code PART III: LATENT AMBIGUITIES 83 120 138 Chapter 9. Translation Chapter 10. Intellectual Property Chapter 11. Privacy Chapter 12. Free Speech Chapter 13. Interlude PART IV: COMPETING SOVEREIGNS 157 169 200 233 276 Chapter 14. Sovereignty Chapter 15. Competition Among Sovereigns 281 294 PART V: RESPONSES Chapter 16. The Problems We...

Words: 190498 - Pages: 762

Premium Essay

Engineer

...Challenges to Criminal Law Making in the New Global Information Society: A Critical Comparative Study of the Adequacies of Computer-Related Criminal Legislation in the United States, the United Kingdom and Singapore Warren B. Chik* Introduction Computer and Internet usage is on the rise due to lower costs of computer ownership and connectivity as well as faster and easier accessibility. As it is another mode of commercial and personal transaction and one that is heavily dependent on interaction through computers and automatic agents rather than face-to-face meetings, which increases distance and allows anonymity, it is another avenue for crimes to perpetuate. “Computer Crime” encompasses crimes committed against the computer, the materials contained therein such as software and data, and its uses as a processing tool. These include hacking, denial of service attacks, unauthorized use of services and cyber vandalism. “Cyber Crime” describes criminal activities committed through the use of electronic communications media. One of the greatest concerns is with regard to cyber-fraud and identity theft through such methods as phishing, pharming, spoofing and through the abuse of online surveillance technology. There are also many other forms of criminal behaviour perpetrated through the use of information technology such as harassment, defamation, pornography, cyber terrorism, industrial espionage and some regulatory offences. The existing criminal laws in most countries...

Words: 24175 - Pages: 97

Premium Essay

Challenges to Criminal Law Makers

...Challenges to Criminal Law Making in the New Global Information Society: A Critical Comparative Study of the Adequacies of Computer-Related Criminal Legislation in the United States, the United Kingdom and Singapore Warren B. Chik* Introduction Computer and Internet usage is on the rise due to lower costs of computer ownership and connectivity as well as faster and easier accessibility. As it is another mode of commercial and personal transaction and one that is heavily dependent on interaction through computers and automatic agents rather than face-to-face meetings, which increases distance and allows anonymity, it is another avenue for crimes to perpetuate. “Computer Crime” encompasses crimes committed against the computer, the materials contained therein such as software and data, and its uses as a processing tool. These include hacking, denial of service attacks, unauthorized use of services and cyber vandalism. “Cyber Crime” describes criminal activities committed through the use of electronic communications media. One of the greatest concerns is with regard to cyber-fraud and identity theft through such methods as phishing, pharming, spoofing and through the abuse of online surveillance technology. There are also many other forms of criminal behaviour perpetrated through the use of information technology such as harassment, defamation, pornography, cyber terrorism, industrial espionage and some regulatory offences. The existing criminal laws in most countries...

Words: 24175 - Pages: 97

Premium Essay

Doing Business in Malaysia

...Doing business in Malaysia Contents Foreword Chapter 1 - Introduction • • • • • • • • • • • • • • • • • • Geography & population Advantages of investing in Malaysia Language Political environment Economy Major exports and imports Import controls Regulatory environment Financial services Currency denomination Exchange controls Government policy on foreign investment Communications 5 6 Chapter 2 - Intellectual property protection Patents Trade Marks Industrial Design Layout Design of Integrated Circuits Geographical Indications 19 PKF – Doing business in Malaysia 2 Chapter 3 - Business Structure • • • • • • • • • • • • • Types of business structures Companies limited by shares Companies limited by guarantee Foreign companies and foreign investments Sole proprietorship and partnerships Trusts 24 Chapter 4 - Business Finance Equity financing Loan Funding Grants & soft loans 28 Chapter 5 - Investment Incentives Manufacturing Multimedia Super Corridor Status Operational Headquarters International Procurement Centres / Regional Distribution Centres 35 Chapter 6 - Accounting • • • • • • • • • • • • Statutory Accounting Requirements Audit Requirements Accounting Standards 60 Chapter 7 - Taxation Overview of taxes in Malaysia Scope of taxes: Residency Sources of income liable to tax The Tax Year Payment of Tax Corporation tax Interest Deductions Interaction with International Tax Regime Taxation of Partnerships & Trusts ...

Words: 23067 - Pages: 93

Free Essay

A Pattern-Oriented Approach to Fair Use

...William & Mary Law Review Volume 45 | Issue 4 Article 5 A Pattern-Oriented Approach to Fair Use Michael J. Madison Repository Citation Michael J. Madison, A Pattern-Oriented Approach to Fair Use, 45 Wm. & Mary L. Rev. 1525 (2004), http://scholarship.law.wm.edu/wmlr/vol45/iss4/5 Copyright c 2004 by the authors. This article is brought to you by the William & Mary Law School Scholarship Repository. http://scholarship.law.wm.edu/wmlr A PATTERN-ORIENTED APPROACH TO FAIR USE MICHAEL J. MADISON* ABSTRACT More than 150 years into development of the doctrineof "fairuse" in American copyright law, there is no end to legislative,judicial, and academic efforts to rationalizethe doctrine. Its codification in the 1976 CopyrightAct appearsto have contributedto its fragmentation, rather than to its coherence. As did much of copyright law, fair use originated as a judicially unacknowledged effort via the law to validate certain favored practicesand patterns.In the main, it has continued to be applied as such, though too often courts mask their implicit validation of these patterns in the now-conventional "caseby-case" application of the statutoryfair use "factors"to the defendant's use of the copyrighted work in question. A more explicit acknowledgment of the role of these patterns in fair use analysis would be consistent with fair use, copyright policy, and tradition. Importantly, such an acknowledgment would help to bridge the often difficult conceptual gap between fair use...

Words: 74799 - Pages: 300