Premium Essay

Cyberlaw-Task 1

In: Computers and Technology

Submitted By erv2k007
Words 750
Pages 3
Heart-Healthy Insurance Information Security Policy
Paul Ervin
Western Governors University

A1. New User Section
New Users
The REVISED portions of the new user section now stipulates:
“(1) New users are assigned access with principle of least privilege. They will have a level of access commensurate with access required to do their job. This level will be predetermined by IT staff according to job title.

(2) An administrators account approval form with manager’s signature must be submitted to the IT department for a request for administrator access along with justification. The department will review for approval. (Perkins, 2014).

A2. Password Requirements
Password Requirements

The REVISED portions of new user section now stipulates:
“Passwords must be at least (1) nine characters long and contain a combination of upper- and lowercase letters, have at least 1 number, and have at least a single special character. Shared passwords are not permitted on any system under any circumstances.

(2) must use the password reset tool that asks three challenge questions set by the user.” (Guidelines for Password Management, 2014).
B. Justification.
Overall Justification: ISO/IEC 27001 formally defines the requirements for information Security Management Systems and the uses ISO/IEC standard 27002 is directly concerned with information security to mandate suitable security controls. Further ISO/IEC 27005 is the standard for information security risk management. Most organizations adopt all standards simultaneously (Information Security Standards, 2016).
New User Policy Change Justification: A connection between a computer, a network and the internet poses a potential risk from malware and persons whom wish to attack externally. A factor the raises the risks is giving users elevated privileges and access on their computers. When a user logs onto a work

Similar Documents

Free Essay

Cyberlaw Tft Task 1

...New Policy Statements for the Heart-Healthy Information Security Policy New User Policy Statement The current New Users section of the policy states: “New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator level access.” There are procedures for creating new user account profiles. HIPPA requires that an Information Security Officer (ISO) must be assigned to the network account profiles. This appointed person(s) is usually the network or system security administrator of the organization. Once this role is assigned, the security administrator can create network profiles and assign the new user to such specified profile. The network profiles are implemented in accordance with least privilege access. This means that data intended for use will only be available to the specified profile. This method protects the privacy of the data during transmission. This process complies with the 4 standard Federal regulatory requirements stated in this policy: FISMA, HIPAA/HITECH, GLBA, and PCI-DSS. Once the network account profiles are created, a new user is created and assigned. To implement a strong access control measure, a unique user identifier must be assigned to the new user account. Before the new user account is activated, the network or security administrator will need to...

Words: 971 - Pages: 4

Premium Essay

Tft2 - Cyberlaw

...TFT2 Cyberlaw, Regulations, and Compliance Overview Kristi Lockett, Course Mentor Kristi.lockett@wgu.edu https://kristilockett.youcanbook.me Performance Assessment • • • Seven (7) Weeks to complete COS Four (4) Tasks Refer to Rubric (in Taskstream) for task requirement details Tasks – submit via Taskstream 1. Task 1 – Policy Statements • For given scenario, develop/revise two policy statements (new users and password requirements). Justify policies based on current federal information security laws/ regulations (i.e., HIPAA) 2. Task 2 - Policy Statements • For given scenario, develop three policy statements that would have prevented a security breach. Justify policies based on national or international standards (i.e., NIST, ISO) 3. Task 3 – Service Level Agreement • • • For given scenario, recommend/justify changes to service level agreement. Address the protection of the parent company’s physical property rights, intellectual property rights and the non-exclusivity clause Use Microsoft Word tracking to track your additions, deletions, and modifications. Insert your justifications after each SLA section, or write an essay describing your changes and justifications 4. Task 4 – Cybercrime • For the given scenario, write an essay responding to the following question prompts (suggested length of 3–5 pages): • • • • • • • • Discuss how two laws or regulations apply to the case study. Discuss how VL Bank will work within the parameters of appropriate legal jurisdiction...

Words: 369 - Pages: 2

Free Essay

Your Mom

...Program Guidebook Master of Science, Information Security and Assurance The Master of Science in Information Security and Assurance is a competency-based degree program that encompasses the main security domains of knowledge developed following strict guidelines for information security and assurance education prescribed by the National Security Agency. Understanding the Competency-Based Approach Practically speaking, what does it mean when we say that WGU’s programs are competency-based? Unlike traditional universities, WGU does not award degrees based on credit hours or on a certain set of required courses. Instead, you will earn your degree by demonstrating your skills, knowledge, and understanding of important concepts through a series of carefully designed courses. Progress through your degree program is governed not by classes but by satisfactory completion of the required courses that demonstrate your mastery of the competencies. Of course, you will need to engage in learning experiences as you brush up on competencies or develop knowledge and skills in areas in which you may be weak. For this learning and development, WGU has a rich array of learning resources in which you may engage under the direction of your student mentor. You will work closely with your mentor to schedule your program for completing the courses. You will also work closely with additional faculty members as you proceed through courses of study that are designed to lead you through...

Words: 4226 - Pages: 17

Premium Essay

Itmg381 - Week 8 Assignment

...ITMG381 - Week 8 Fill in your name above, put your answer below each question, and then return this document for grading following the instructions in the syllabus. Please provide detailed answers to support all of the questions. Use examples from the readings, or from your own research, to support answers. The assignment must be 1-page in length with a minimum of 2 outside sources. Chapter 14 A large American multinational corporation wants to establish a telephone and email hotline for employees to report wrongdoing within the company. The company has offices in the European Union and wants to ensure that it avoids violations of E.U. data protection laws. What steps can the company take to increase the likelihood that its hotline reporting system remains in compliance? To start with, all parties should be brushed up on existing laws and regulations and the consequences of non-compliance. Far too often there are incidents in which ignorance is claimed but the ignorance seems to be intentional. In fact it would be a good idea to regularly review such laws for their company and in their state as well as any laws that are applicable with the countries they do business with. Though it is understandable and certainly possible to not be aware of every law pertaining to your business and its practices and this is why there are lawsuits sometimes, due to the fact that someone really didn’t know. In the case of something like Yahoo and the French court dealing with...

Words: 630 - Pages: 3

Free Essay

Hate Speach

...THE LIABILITY OF INTERNET SERVICE PROVIDERS FOR UNLAWFUL CONTENT POSTED BY THIRD PARTIES N.D. O’BRIEN 2010 THE LIABILITY OF INTERNET SERVICE PROVIDERS FOR UNLAWFUL CONTENT POSTED BY THIRD PARTIES By N.D. O’BRIEN Submitted in fulfilment of the requirements for the degree of MAGISTER LEGUM in the Faculty of Law at the Nelson Mandela Metropolitan University January 2010 Supervisor: Prof F. Marx PREFACE I would like to extend my thanks to the following people:      To my parents and Emma Taggart for their help, encouragement, sacrifice and support; To my supervisor, Prof Marx, for his assistance and guidance; To Dawn Prinsloo, at the NMMU Library, for providing me with her time and guidance; To Ms. Fourie, the Law Faculty Officer, for her always prompt and friendly assistance; To Mr. Ant Brooks and the Internet Service Provider Association, for providing me with a variety of interesting information and insights. Without their invaluable assistance I would not have been able to have completed this work. i SUMMARY Internet Service Providers (ISP’s) are crucial to the operation and development of the Internet. However, through the performance of their basic functions, they faced the great risk of civil and criminal liability for unlawful content posted by third parties. As this risk threatened the potential of the Internet, various jurisdictions opted to promulgate legislation that granted ISP’s safe harbours from liability. The South African (RSA)...

Words: 77880 - Pages: 312

Free Essay

Tft2 Task1

...Security Policy Cyberlaw, Regulations, and Compliance – TFT2 Task 1   Introduction: Heart-Healthy Insurance is currently evaluating their current security policy and have requested some changes to the policy concerning adding new users and the password requirements for the users. The end goal of the requested changes is to satisfy several compliance regulations that are required by law for their business. The regulations that need to be considered are: 1. PCI-DSS (Payment Card Industry Data Security Standard) 2. HIPAA (Health Insurance Privacy and Portability Act) 3. GLBA (Gramm-Leach-Bliley Act) 4. HITECH (Health Information Technology for Economic and Clinical Health Act) 5. HHS (US. Department of Health and Human Services) New Users: The current directive for new users from the standing security policy states: “New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator level access.” In evaluating the current policy this standard creates a lot of overhead and administration works for the users and the admins. The new users who are not already familiar with the systems must provide a list of machines that they require access too. Being so new they may not know all of the systems they would need on a day to day basis. This also rolls over...

Words: 1129 - Pages: 5

Free Essay

Lab #10 Securing the Network with an Intrusion Detection System (Ids)

...Lab #10 Securing the Network with an Intrusion Detection System (IDS) Introduction Nearly every day there are reports of information security breaches and resulting monetary losses in the news. Businesses and governments have increased their security budgets and undertaken measures to minimize the loss from security breaches. While cyberlaws act as a broad deterrent, internal controls are needed to secure networks from malicious activity. Internal controls traditionally fall into two major categories: prevention and detection. Intrusion prevention systems (IPS) block the IP traffic based on the filtering criteria that the information systems security practitioner must configure. Typically, the LAN-to-WAN domain and Internet ingress/egress point is the primary location for IPS devices. Second to that would be internal networks that have or require the highest level of security and protection from unauthorized access. If you can prevent the IP packets from entering the network or LAN segment, then a remote attacker can’t do any damage. A host-based intrusion detection system (IDS) is installed on a host machine, such as a server, and monitors traffic to and from the server and other items on the system. A network-based IDS deals with traffic to and from the network and does not have access to directly interface with the host. Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. An IDS provides...

Words: 3209 - Pages: 13

Free Essay

Cyber Law

...FULL PAPER. AUTHOR’S NAME: NUPUR AGARWAL AFFILIATION: INSTITUTE OF LAW , NIRMA UNIVERSITY MAILING ADDRESS: 1 , RADHANPUR SOCIETY , BEHIND SWAMINARAYAN MANDIR , RAMBAUG , MANINAGAR , AHMEDABAD – 380008 PHONE NO: 09898839289 EMAIL-ID: nupuragarwal201995@yahoo.com CO-AUTHOR’S NAME: NUPUR JOSHI AFFILIATION: UNITED WORLD , SCHOOL OF LAW MAILING ADDRESS: 67, SWAGAT CITY , GANDHINAGAR – MEHSANA ROAD ADALAJ GANDHINAGAR PHONE NO: 9408968686 EMAIL-ID: nupurjoshi184@gmail.com TITLE OF THE PAPER: CYBER SPACE MASS SURVEILLANCE PROGRAMS,INFRINGEMENT OF PRIVACY OF INDIVIDUALS, BY STATE IN THE NAME OF NATIONAL SECURITY. ABSTRACT: In this present era of cyber revolution and globalization, citizens have turned into “Netizens”. The advancements in the field of technology is also accompanied with the development of various methods of surveillance and intervention by the State into individuals’ private information. Governments are keeping an eagle eye by monitoring individual's movements, businesses transactions and also the means of communication, which includes cyberspace. It is alleged that the United States of America’s National Security Agency runs a program known as PRISM, which enables the US government to gain access to e- mails , conversations, pictures, voice calls and even sign in details of people using websites and applications associated with 1|Page Facebook, Yahoo, Microsoft, to name a few. Failure of cyber law mechanisms and national authorities to advance legislation and...

Words: 6245 - Pages: 25

Free Essay

Jurisdictional Issue in Cyber Crime

...Ad idem ‘12 | Jurisdictional Issues in Cyber Crimes | | | | | Arashdeep Singh Gurm Address: #181 Anand Nagar A, Gurudwara Street Patiala(147001) E-Mail Id: arashdeepgurm@gmail.com Contact Number: 7508729986,9646020181 RAJIV GANDHI NATIONAL UNIVERSITY OF LAW, PUNJAB Mohindra Kothi, Mall Road,  Patiala - 147 001 (PUNJAB) | ABSTRACT In this essay I wish to discuss the various types of crimes that are emerging with special reference to developing countries like India By developing we mean where growth of Information Technology is rampant but still it has not reached its peak. Cyber crimes can take place across various jurisdictions and hence the legal issue of jurisdiction of International Courts and country specific Indian Courts arises. Throw light on the present system in India, how it is ineffective and also upon international treaties and legal solutions to deal with the same. I have suggested possible ways to tackle the problem taking into consideration the domestic laws in India. The inefficiency of legislature to enact a more user friendly law is also examined in detail. Turning back our focus on the main legal dilemma of Jurisdiction of Cyber Crime Courts we have suggested a model that would be successful in India taking into consideration its working in other countries. In my concluding remarks a problem solution approach is taking where we have addressed the issue and after due consideration the solution is suggested. If proposal taken...

Words: 2824 - Pages: 12

Free Essay

Law and the Internet

...programs that search the Internet. In many cases such as eBay v. Bidder’s edge, and Ticketmaster Corp. v. Tickets.com, this law was used to fight the ability of users to search the internet and of providers to present data to users. This ability to search and present data is the primary purpose of the internet, and the overbroad application of trespass to chattels law, without any form of modification or alteration, should not be used to protect internet property rights. Tresspass to Chattels is defined as the act of direct physical interference with chattel owned by someone else without lawful justification. To make a case for Trespass to Chattles, “the plantiff must show that the defendant made a volitional movement that resulted in either: 1. Dispossesion of, or 2. Intermeddling...

Words: 3579 - Pages: 15

Free Essay

Russian Patriotic Hacking

...Russian Patriotic Hacking During Operation Allied Force Introduction. With the increasing number of cyberattacks, many security professionals are greatly troubled by the real threat to the information technology infrastructure in the United States. While safeguarding information has been a major issue for the private and public sectors since the beginning of the computer era, the increased level of concern over the most recent attacks has resulted in devoting more resources to combat this threat. This paper analyzes numerous cyberattacks by Russian computer enthusiast group Chaos Hackers Crew and other hacktivists during Operation Allied Force in 1999, that included taking down and defacing various NATO and US Government websites, several successful virus propagation attempts on military servers and countless spamming storms. This particular case raises curious questions about the legal definition of term cyberconflict itself, magnitude of the damage from a potential cyberattack on U.S. Government by terrorists and the level of preparedness of key military and intelligence units for the cyberwar. The cyberterrorism threat is real, however it’s essential to recognize that preserving the state of continuous distress over computer vulnerabilities can be profitable. Based on this research, cultural differences play a huge role in the world of computer hackers who decide what entity to attack and how, also the scale of a cyberattack doesn’t matter as economic damage can be devastating...

Words: 8586 - Pages: 35

Free Essay

Blogging

...THE “BLOG” EXPERIENCE: WHEN FREEDOM BECOMES INVASION INTRODUCTION Francois Voltaire, one of France’s most famous philosophers became well-known for this often quoted phrase: “I may disagree with what you have to say, but I shall defend, to the death, your right to say it.” The phrase summarizes the spirit of the freedom of speech – one of the inventions of the 18th century Enlightenment, a time when discussions among the upper class were construed as constituting the public sphere. Although they belonged to the sophisticated members of society, their conversations highlighted social equality and everyone was given the chance to speak and be demanded to listen. With free and frank conversations, people became acquainted with points of view that were not familiar; they discovered strengths and weaknesses in their personal arguments, and subsequently became moderate in the expression of their views taking into consideration the arguments of others. With this small light ignited in the intellectual realm, the idealism of free communication of thoughts and opinions spread and became one of the trademarks of democratic societies. During the next century, John Stuart Mill affirmed that societies progress when people freely express themselves because errors and misconceptions are exposed, and alternatives were proposed. These sentiments became the backbone of the United Nations’ Declaration of Human Rights, adopted in 1948...

Words: 11752 - Pages: 48

Premium Essay

Engineer

...Challenges to Criminal Law Making in the New Global Information Society: A Critical Comparative Study of the Adequacies of Computer-Related Criminal Legislation in the United States, the United Kingdom and Singapore Warren B. Chik* Introduction Computer and Internet usage is on the rise due to lower costs of computer ownership and connectivity as well as faster and easier accessibility. As it is another mode of commercial and personal transaction and one that is heavily dependent on interaction through computers and automatic agents rather than face-to-face meetings, which increases distance and allows anonymity, it is another avenue for crimes to perpetuate. “Computer Crime” encompasses crimes committed against the computer, the materials contained therein such as software and data, and its uses as a processing tool. These include hacking, denial of service attacks, unauthorized use of services and cyber vandalism. “Cyber Crime” describes criminal activities committed through the use of electronic communications media. One of the greatest concerns is with regard to cyber-fraud and identity theft through such methods as phishing, pharming, spoofing and through the abuse of online surveillance technology. There are also many other forms of criminal behaviour perpetrated through the use of information technology such as harassment, defamation, pornography, cyber terrorism, industrial espionage and some regulatory offences. The existing criminal laws in most countries...

Words: 24175 - Pages: 97

Premium Essay

Challenges to Criminal Law Makers

...Challenges to Criminal Law Making in the New Global Information Society: A Critical Comparative Study of the Adequacies of Computer-Related Criminal Legislation in the United States, the United Kingdom and Singapore Warren B. Chik* Introduction Computer and Internet usage is on the rise due to lower costs of computer ownership and connectivity as well as faster and easier accessibility. As it is another mode of commercial and personal transaction and one that is heavily dependent on interaction through computers and automatic agents rather than face-to-face meetings, which increases distance and allows anonymity, it is another avenue for crimes to perpetuate. “Computer Crime” encompasses crimes committed against the computer, the materials contained therein such as software and data, and its uses as a processing tool. These include hacking, denial of service attacks, unauthorized use of services and cyber vandalism. “Cyber Crime” describes criminal activities committed through the use of electronic communications media. One of the greatest concerns is with regard to cyber-fraud and identity theft through such methods as phishing, pharming, spoofing and through the abuse of online surveillance technology. There are also many other forms of criminal behaviour perpetrated through the use of information technology such as harassment, defamation, pornography, cyber terrorism, industrial espionage and some regulatory offences. The existing criminal laws in most countries...

Words: 24175 - Pages: 97

Premium Essay

Law Essay

...Copyright and the Internet Hector L MacQueen*(* LLB (Hons), PhD, FRSE, Professor of Private Law, University of Edinburgh, email hector.macqueen@ed.ac.uk. This is a substantially revised, updated and rewritten version of the chapter which appeared under the same title in L Edwards and C Waelde (eds), Law and the Internet: Regulating Cyberspace (1997). I am grateful to those who commented upon that earlier version, to those who sent me information about developments on the Internet (especially Dr Athol Murray), and to the editors once again for their help, guidance and patience over a prolonged period.) Introduction A major issue for copyright lawyers at the present time is how to deal with the rapid development of the Internet and the prospect of the ‘information superhighway’, world-wide telecommunications systems which permit the rapid, indeed virtually instantaneous transmission around the world, at times chosen as much by individual recipients as by transmitters, of information and entertainment in all media - print, pictures still and moving, sound, and combinations thereof. The issues are manifold. Is the ease of perfect reproduction and manipulation of material in the digital form used by our communications systems the death-knell of the whole basis of copyright? Are we at least going to have to reconsider such fundamentals of copyright law as what constitutes publication, copying and public performance, or the old distinctions between categories of work such as literary...

Words: 22271 - Pages: 90