Premium Essay

Tft2 Cyberlaw, Regulations, and Compliance

In:

Submitted By puggy05
Words 1310
Pages 6
Running Head: Policy Statements

1

Policy Statements Kevin Corey Western Governors University

Policy Statements

2

Internationally security techniques and standards, such as ISO 17799, establish guidelines

that organizations must implement in order to maintain information security. Information must be protected from those without a readily need to know to perform organizational business functions. Unauthorized access to information can have a detrimental impact on an organization from a legal and operating perspective. One of the primary preventive controls that provide an organization with many operational benefits is continuous log management policies. In addition to helping solve network security related issues, logs can be extremely beneficial in identifying unauthorized access and behaviors. Security logs assist in identifying policy violators, fraudulent behavior, real time operational problems, and provide necessary data to perform auditing, transaction back tracking and forensic analysis. In addition to the many benefits of having policies in place for continuous log analysis, standards and regulations have increased business awareness of the requirements for archiving and reviewing system logs as part of daily continuity. Some of the influential regulations that reference log management and other information security task include the following. •

Federal Information Security Management Act of 2002 (FISMA) requires entities to ensure the development and execution of organizational processes and internal controls designed to secure information systems. Health Insurance Portability and Accountability Act of 1996 (HIPAA) encompasses information security benchmarks for protecting consumer health information. Violation Penalties can range from $100-$1.5 million per violation and 1year-10year criminal sentences. ISO 17799 is an audit checklist

Similar Documents

Premium Essay

Tft2 - Cyberlaw

...TFT2 Cyberlaw, Regulations, and Compliance Overview Kristi Lockett, Course Mentor Kristi.lockett@wgu.edu https://kristilockett.youcanbook.me Performance Assessment • • • Seven (7) Weeks to complete COS Four (4) Tasks Refer to Rubric (in Taskstream) for task requirement details Tasks – submit via Taskstream 1. Task 1 – Policy Statements • For given scenario, develop/revise two policy statements (new users and password requirements). Justify policies based on current federal information security laws/ regulations (i.e., HIPAA) 2. Task 2 - Policy Statements • For given scenario, develop three policy statements that would have prevented a security breach. Justify policies based on national or international standards (i.e., NIST, ISO) 3. Task 3 – Service Level Agreement • • • For given scenario, recommend/justify changes to service level agreement. Address the protection of the parent company’s physical property rights, intellectual property rights and the non-exclusivity clause Use Microsoft Word tracking to track your additions, deletions, and modifications. Insert your justifications after each SLA section, or write an essay describing your changes and justifications 4. Task 4 – Cybercrime • For the given scenario, write an essay responding to the following question prompts (suggested length of 3–5 pages): • • • • • • • • Discuss how two laws or regulations apply to the case study. Discuss how VL Bank will work within the parameters of appropriate legal jurisdiction...

Words: 369 - Pages: 2

Free Essay

Tft2 Task1

...Security Policy Cyberlaw, Regulations, and Compliance – TFT2 Task 1   Introduction: Heart-Healthy Insurance is currently evaluating their current security policy and have requested some changes to the policy concerning adding new users and the password requirements for the users. The end goal of the requested changes is to satisfy several compliance regulations that are required by law for their business. The regulations that need to be considered are: 1. PCI-DSS (Payment Card Industry Data Security Standard) 2. HIPAA (Health Insurance Privacy and Portability Act) 3. GLBA (Gramm-Leach-Bliley Act) 4. HITECH (Health Information Technology for Economic and Clinical Health Act) 5. HHS (US. Department of Health and Human Services) New Users: The current directive for new users from the standing security policy states: “New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator level access.” In evaluating the current policy this standard creates a lot of overhead and administration works for the users and the admins. The new users who are not already familiar with the systems must provide a list of machines that they require access too. Being so new they may not know all of the systems they would need on a day to day basis. This also rolls over...

Words: 1129 - Pages: 5