Premium Essay

Tft2 - Cyberlaw


Submitted By ceebee
Words 369
Pages 2
TFT2 Cyberlaw, Regulations, and Compliance Overview Kristi Lockett, Course Mentor
Performance Assessment
• • • Seven (7) Weeks to complete COS Four (4) Tasks Refer to Rubric (in Taskstream) for task requirement details

Tasks – submit via Taskstream
1. Task 1 – Policy Statements • For given scenario, develop/revise two policy statements (new users and password requirements). Justify policies based on current federal information security laws/ regulations (i.e., HIPAA)

2. Task 2 - Policy Statements • For given scenario, develop three policy statements that would have prevented a security breach. Justify policies based on national or international standards (i.e., NIST, ISO)

3. Task 3 – Service Level Agreement • • • For given scenario, recommend/justify changes to service level agreement. Address the protection of the parent company’s physical property rights, intellectual property rights and the non-exclusivity clause Use Microsoft Word tracking to track your additions, deletions, and modifications. Insert your justifications after each SLA section, or write an essay describing your changes and justifications

4. Task 4 – Cybercrime • For the given scenario, write an essay responding to the following question prompts (suggested length of 3–5 pages):

• • • • • • • •

Discuss how two laws or regulations apply to the case study. Discuss how VL Bank will work within the parameters of appropriate legal jurisdiction with specific bodies of law enforcement to resolve the situation. Discuss legal considerations for preparing the digital evidence VL Bank will need to provide law enforcement and attorneys. Explain what coordination should take place between the CISO and VL Bank’s lawyer. Discuss how this cybercrime could affect VL Bank’s enterprise continuity. Explain how VL Bank could use technology

Similar Documents

Free Essay

Cyberlaw Tft2 Task 2

...New Policy Statements for the Heart-Healthy Information Security Policy New User Policy Statement The current New Users section of the policy states: “New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator level access.” There are procedures for creating new user account profiles. HIPPA requires that an Information Security Officer (ISO) must be assigned to the network account profiles. This appointed person(s) is usually the network or system security administrator of the organization. Once this role is assigned, the security administrator can create network profiles and assign the new user to such specified profile. The network profiles are implemented in accordance with least privilege access. This means that data intended for use will only be available to the specified profile. This method protects the privacy of the data during transmission. This process complies with the 4 standard Federal regulatory requirements stated in this policy: FISMA, HIPAA/HITECH, GLBA, and PCI-DSS. Once the network account profiles are created, a new user is created and assigned. To implement a strong access control measure, a unique user identifier must be assigned to the new user account. Before the new user account is activated, the network or security administrator will need to...

Words: 971 - Pages: 4

Premium Essay

Tft2 Cyberlaw, Regulations, and Compliance

...Running Head: Policy Statements 1 Policy Statements Kevin Corey Western Governors University Policy Statements 2 Internationally security techniques and standards, such as ISO 17799, establish guidelines that organizations must implement in order to maintain information security. Information must be protected from those without a readily need to know to perform organizational business functions. Unauthorized access to information can have a detrimental impact on an organization from a legal and operating perspective. One of the primary preventive controls that provide an organization with many operational benefits is continuous log management policies. In addition to helping solve network security related issues, logs can be extremely beneficial in identifying unauthorized access and behaviors. Security logs assist in identifying policy violators, fraudulent behavior, real time operational problems, and provide necessary data to perform auditing, transaction back tracking and forensic analysis. In addition to the many benefits of having policies in place for continuous log analysis, standards and regulations have increased business awareness of the requirements for archiving and reviewing system logs as part of daily continuity. Some of the influential regulations that reference log management and other information security task include the following. • Federal Information Security Management Act of 2002 (FISMA) requires entities to ensure the development...

Words: 1310 - Pages: 6

Free Essay

Tft2 Task1

...Security Policy Cyberlaw, Regulations, and Compliance – TFT2 Task 1   Introduction: Heart-Healthy Insurance is currently evaluating their current security policy and have requested some changes to the policy concerning adding new users and the password requirements for the users. The end goal of the requested changes is to satisfy several compliance regulations that are required by law for their business. The regulations that need to be considered are: 1. PCI-DSS (Payment Card Industry Data Security Standard) 2. HIPAA (Health Insurance Privacy and Portability Act) 3. GLBA (Gramm-Leach-Bliley Act) 4. HITECH (Health Information Technology for Economic and Clinical Health Act) 5. HHS (US. Department of Health and Human Services) New Users: The current directive for new users from the standing security policy states: “New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator level access.” In evaluating the current policy this standard creates a lot of overhead and administration works for the users and the admins. The new users who are not already familiar with the systems must provide a list of machines that they require access too. Being so new they may not know all of the systems they would need on a day to day basis. This also rolls over...

Words: 1129 - Pages: 5