...Understanding The Concept of Protecting Personal Information (PPI) IFSM 201 6381 Concepts and Applications of Information Technology (2158) University of Maryland University College Understanding The Concept of Protecting Personal Information (PPI). Personally Identifiable Information or PII is information that can be used to distinctively identify, contact, or locate an individual. PPI is sensitive information that is associated with a person. These information should be accessed only on a strict need-to-know basis and handled and stored with great care. Personally identifiable information is information that can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc., alone, or when combined with secondary personal or secondary identifying information that is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc. Most companies keep sensitive personal information in their hard copy files such as names, addresses, gender, social security numbers, credit card, or other account data that uniquely identifies customers or employees (Heller, 2001, p. 1). This information is often necessary to complete customers’ orders, meet payroll, or perform other important business functions. However, if sensitive information gets into the wrong people, there is every tendency that it can lead...
Words: 942 - Pages: 4
...bigger breaches of data and patient privacy in 2014, an Experian report says” (www.experian.com), according to this report “The healthcare industry, by far, will be the most susceptible to publicly disclosed and widely scrutinized data breaches in 2014”. A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property. A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property. According to laws in 40 states, when a data security breach occurs, notification must be made to the affected individuals. Depending on the size and scope of the breach, notification can be handled in a variety of ways, including by mail, telephone, email or through the news media. The Health Insurance Portability and Accountability Act (HIPAA) protect patients' privacy and simplify the administrative processes. Information security considerations are involved throughout the guidelines and play a significant role in complying with the Privacy Rule. The purpose of this rule is to secure personally identifiable information...
Words: 1280 - Pages: 6
...Question 1: Discuss vicarious liability and cyber-liability Vicarious liability is the principle of law that holds one party liable for the acts or inactions of another (Beyer, 2006). The concept means that a party maybe held responsible for injury or damage even when he or she was not actively involved in the incident. Under the specific type of fault required or complicity rule, vicarious liability will only be found if the employer authorized or ratified the conduct or the manner in which the particular task was performed or empowered the employee for example by making him or her a manager or recklessly hired or retained an employee that was unfit for the particular job. The existence of vicarious liability can be justified on both legal or policy grounds and organizational management grounds. There are reasons for the application of vicarious liability in legal or policy. First reason is the wrongful act of the employee are so closely related to their duties that they can be properly and fairly regarded as being within the course of employment. Second there is the business risk rationale, that it is an inevitable part of commercial life that agents and employees may act beyond their authority and instructions causing damage to a third party. Employers have calculated and accepted this risk thus incurring legal liability. Given that an employer generally benefits from the work undertaken by its employees it is not unreasonable that it also bear any losses that those activities...
Words: 2528 - Pages: 11
...Information Security Challenge February 17, 2010 Information Security Challenges As the world becomes more saturated and dependent upon Information Access, increased opportunities await the criminal element to exploit. This creates new and more costly problem sets that must be mitigated in order to navigate in today’s business world. One of the larger challenges is, entering the criminal information market does not take an excessive capital investment. It simply requires a computer, online access and some talent. Potentiating this problem is the large legitimate market of information brokers that gather marked amounts of information today. This allows for the integration of legal identifiable information to augment those criminal activities. From far away places like Russia, Belarus and Nigeria, scores of criminal associations scour the Internet in search of information and opportunities to be used in identity theft, malware insertion or extortion through complete denial of service (DOS), (Higgins, 2008). The Bigger They are… the Harder They Fall Most of us have seen it in the news, “Veterans Administration loses Personally Identifiable Information (PII)”, “Bank of America (BOA) loses account numbers” etc… At first it seems minor but after investigation it turns out to be large amounts of PII lost (O’Brien, 2008). The criminals focus on big companies (mostly point of sale functions) as they are the slowest to adapt to change and they have the largest...
Words: 2242 - Pages: 9
...10:00 a.m. EDT Tuesday, March 25, 2014 INFORMATION SECURITY VA Needs to Address Long-Standing Challenges Statement of Gregory C. Wilshusen, Director, Information Security Issues GAO-14-469T March 25, 2014 INFORMATION SECURITY VA Needs to Address Long-Standing Challenges Highlights of GAO-14-469T, a testimony before the Subcommittee on Oversight and Investigations, Committee on Veterans' Affairs, House of Representatives Why GAO Did This Study The use of information technology is crucial to VA’s ability to carry out its mission of ensuring that veterans receive medical care, benefits, social support, and memorials. However, without adequate security protections, VA’s systems and information are vulnerable to exploitation by an array of cyber-based threats, potentially resulting in, among other things, the compromise of veterans’ personal information. GAO has identified information security as a governmentwide high-risk area since 1997. The number of information security incidents reported by VA has more than doubled over the last several years, further highlighting the importance of securing the department’s systems and the information that resides on them. GAO was asked to provide a statement discussing the challenges VA has experienced in effectively implementing information security, as well as to comment on a recently proposed bill aimed at improving the department’s efforts to secure its systems and information. In preparing this statement GAO relied on...
Words: 4716 - Pages: 19
...As with everything in this world, if the need or want of something can be thought of, there will forever be a way of obtaining it. This is more evident in today’s society than in any period of time before. The need of information is one of the main drives of most hackers, terrorists, idiotic school kids, etc. This information can be about anything from a birthdate or a Social Security number to ruining a child’s school year or the next terroristic threat to our lives. In response to the data breach suffered by Verizon in 2009, nearly 92 percent of all compromised records were linked to organized crime and 93 percent was financial information (Verizon, 2009). Though 74 percent of the breaches were initiated from external sources, 69 percent was discovered by third parties. Also, 99.9 percent of the stolen information was comprised directly from servers and applications. These percentages are extensively staggering because most of the breaches could have been avoided by being compliant with all laws and regulations, and simple monitoring practices....
Words: 617 - Pages: 3
...INFINITE DATA UMUC Two point five quintillion bytes of data are generated daily across the cyber world(Mora et al., 2012). With the expansion and capability to generate and store data so much so that 90% of the data stored has been generated in the last two years. (Mora et al., 2012) With the sheer volume of the data that exists and speed at which new data is generated the ability of organizational IT Staffs to meet the security and privacy requirements is being pushed to the limits. With the capability of data mining algorithms to gather and correlate such large volumes of data at such speeds there exists the potential for extreme privacy and ethical concerns; as companies become experts at slicing and dicing data to reveal details as personal as mortgage defaults and heart attack risks, the threat of egregious privacy violations grows(Waxer, 2013). The requirements to maintain the privacy and security of these vast amounts of data are both ethically and legally mandated. What are the available tool sets that are accessible to an organizations IT Staff to secure databases from intrusion and exploitation? This is of extreme importance when dealing with the volume of data that exists and the personal and private nature of so much information. There are concerns over Personally Identifiable Information (PII) as well as Personal Health Information (PHI); unauthorized access to these could lead to identity theft through the access to PII or misuse of information to deny...
Words: 827 - Pages: 4
...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer...
Words: 1570 - Pages: 7
...Project for IS4550 Shurleen E. Wilson-Fye ITT-Duluth Ms. Brown Contents Coversheet ……………………………………………………………………………… 1 Glossary…………………………………………………………………………………….2-3 Overview, Purpose, Scope……………………..4-5 Training………………………………………………….5-6 Procedure………………………………………………….6 Policy……………….………………………………….….6-9 Policy 1: Information Systems Policy..…..10-13 Policy 2: Security of Laptop…………………..14-16 Policy 3: Clean Desk policy…….……………..17-18 Policy 4: Workstation Policy………………………19 Policy 6: Email Policy………………………..….20-21 Policy 7: Personnel policy………………….…22-23 Policy 9: Data Breach Policy………………...24-27 Policy 10: Software policy………………………29-31 Policy 11: Data and information classification……32 Policy 12: Internal Treats…………………………………….33 Policy 13: Policies and Procedures for Electronic Protected Health Information (ePHI) and Personally Identifiable Information (PII)...34-35 Policy 14: Wireless LAN Security Policy……………………..36 IS security Awareness policy…………………………………..37-38 Conclusion……………………………………………………………………39 References……………………………………………………………………40 Overview: DSA contractors has been awarded a contract with the Department of Defense. Our next task is to revamp the companies’ policy to ensure compliance with DOD policy. All employees have to be retrained on new policy to ensure that DSA medicate violations. The attitudes and atmosphere of change will also be needed to ensure compliance with DOD standards. Training sessions is scheduled for all employees...
Words: 9781 - Pages: 40
...Social Media and Business Social media has always been a threat to not only security but also reputation of a business. Employees today have access to all kinds of social network sites to include Facebook, Myspace, Twitter, Instagram, online blogs, and many more. These sites are easily accessible to the user from their computer, tablets, and cellphones through various types of applications. Through my research I was able to find a trend in users using these media outputs to accidently leak information unintentionally and even intentionally. I found that any business can be susceptible to having data leaked and reputations tarnished from employees not handling social media correctly. I will cover this area of expertise, technology involved, future trends, security issues, some businesses involved, regulatory issues that arise, what business can do to handle social media, and global implications. When you consider what technology is being used most users will think of physical equipment. While this is the case that is the access medium that is used when thinking of social networking. Social media can be accessed in various ways to include your home computer, office computer if they allow you to view such sites, tablets, and your phone that could not be regulated depending on if it is a company phone. These access mediums must be regulated and users educated on the proper use of these devices. There are different types of online technologies that can be used to access social...
Words: 3437 - Pages: 14
...MDA Airlines MDA Airlines Risk Register A. Risk Register “The candidate provides a risk register with 8 risks currently facing the business, with substantial detail.” Risk 1|Jet Fuel Prices Fluctuates | Description|Fuel is required to fly aircraft and with fuel prices always changing, it can be very difficult to budget for it on a monthly/annual basis. The cost of fuel is based on the price of crude oil per barrel and is set by global entities. | Source|Global jet fuel prices are always fluctuating. If not able to purchase enough fuel at a reasonable price to store for several months, the company could find themselves well over budget potentially grounding aircraft.| Likelihood of Occurrence|High - Crude oil is traded on the stock market daily with prices fluctuating based on supply and demand.| Severity of Impact|High - If MDA is not able to manage the budget, they could find themselves in a financial bind.| Controllability|Med - The hedging program is intended to mitigate risks associated with increasing crude oil prices and is also intended to make it easier to plan for future fuel costs.| Risk Response|Mitigate - The acquisition and purchase of a refinery were researched by logistics managers that monitored and studied the aircraft fuel supply chain, which discovered that over the years refiners have benefited from increased margins on the sale of fuel. This decision will save millions of dollars and insure a reliable fuel supply for the domestic...
Words: 4899 - Pages: 20
...IA#1 Cybercrime Law, Regulation, Effects on Innovation John Doe CSEC 620 Section 9022 Note: This paper was submitted through originality check websites. Table of Contents 1. Introduction 3 2. Private Industry & Regulations 4 3. National Security Concerns 4 4. Methods 6 5. Impacts of Government Regulation 7 6. Compliance 8 7. Responsibility 9 8. The Real World 10 9. Conclusion 11 References 12 1. Introduction Cybersecurity and cybersecurity initiatives are commonplace in all aspects of our digital lives. Personal computers are still widely used, especially in the workplace, but mobile devices seem to be the preferred computing choice of the average person. This would include but not be limited to; smart phones, tablets, and laptops to name a few. Mobile devices have changed the digital landscape in a manner that could not have been predicted. This is because other than work or school related activities, most personal computers were used to play a few games, check email, and browse the internet. These activities eventually transitioned over to the aforementioned mobile devices. Now we mix in social media, and a whole new digital cyber-world has emerged. Talk about getting your head out of the clouds. We live in the cloud, literally and figuratively. What does this mean to the average consumer? Perhaps not much. Most people who operate in the digital world could probably care less about the underpinnings of cyberspace and...
Words: 2894 - Pages: 12
...Computer Network Security for Social Networking McCray C. Devin Undergraduate Business, Leadership, Information System Technology Security Regent University 1000 Regent University dr. Virginia Beach, VA 23464 e-mail: devimcc@mail.regent.edu Abstract In this paper, I will address the security issues, flaws, and problems that social networking sites are faced with in retrospect to information that the sites hold. The Information is not protected from the public in any way, why is this a normal operation about the popular social media sites. Lastly I want to address the simplicity of gaining someone vital information through a protected individual’s social network profile. 1. Introduction In today’s society almost everyone has some type of social networking service that they hold an account with. These social networking sites are a great way to communicate, network, and interact with fellow colligates and friends. Facebook, Twitter, and Google plus are just a few social networking sites to mention. These sites all have a one factor authentication system for the user to log into their account (Beaver) .This simplistic authentication systems is very easy and efficient for the users accessing there accounts. The idea arose if it is this easy for me to log into my account how easy would it be for an outside party to gain access within my account. Companies are faced with the problem of convenience over security. (McCHale 12) In this paper I would like to address...
Words: 2048 - Pages: 9
...Copyright © 2010 Dell Inc. How we win Our Code of Conduct “Winning with integrity means we operate legally and ethically, everywhere we are and in everything we do.” –Michael Dell A message from Michael Winning with integrity is one of Dell’s most important values. We all work hard every day to deliver technology solutions that enable people everywhere to grow and thrive. That’s our purpose, and it’s important. It’s equally important that the actions we take as we deliver on that purpose are transparent and honorable. We are very clear about what it means to win with integrity. It means we contribute our time, technology and know-how to improve the communities where we work and live. It means we are committed to helping our customers succeed—and growing our business—in ways that benefit the environment and society. We demand high performance and high standards. It also means we operate legally and ethically, everywhere we are and in everything we do. I expect us all to operate according to applicable laws and regulations, and in accordance with the letter and spirit of those laws. Our Code of Conduct, “How We Win,” provides guidance on how to follow laws and Dell policies, and also includes our general ethical principles. Our Code is global, so it applies to Dell team members in all roles, at all levels and in all locations. We also expect our agents and other third parties acting on our behalf to adhere to equally high standards. In addition, Dell leaders have a...
Words: 15436 - Pages: 62
...Running Head: KUDLER FINE FOODS IT SECURITY REPORT Kudler Fine Foods IT Security Report CMGT/400 Abstract Kudler Fine Foods is developing a customer loyalty program that will reward customers and increase sales. Kudler has requested the team to design the customer loyalty program while making sure that system meets security requirements. The following paper will describe a plan on how Kudler can achieve their goal by using the Systems Development Life Cycle or SDLC, which has five phases, and how they can use each one. As part of establishing Kudler’s reputation, the company will emphasize the need for security for the business and its customers. Introduction Kudler Fine Foods is a local business based in San Diego California that would like to increase their sales in their three other California locations. Kudler has decided to implement a customer loyalty program. The customer loyalty program will reward customers for shopping within the locations. One of the goals is to increase sales by tracking customer purchases so that sales can be more relevant and to attract customers. Kudler has decided that a development team is needed to build this new service for its customers. As part of the development, the System Development Life Cycle will be used to obtain the goal while paying attention to the security needs that the program will create. Our team will develop the SDLC and identify the potential threats and vulnerabilities have the customer loyalty program...
Words: 3313 - Pages: 14