Cis438 Term Paper Security Regulation Compliance

2307 words - 10 pages

Term Paper: Security Regulation Compliance
Giancarlos Guerra
Strayer University
CIS 438 - Information Security Legal Issues

In this paper I shall provide an overview that will be delivered to senior management of regulatory requirements the agency needs to be aware of, including: i. FISMA; ii. Sarbanes-Oxley Act; iii. Gramm-Leach-Bliley Act; iv. PCI DSS; v. HIPAA; vi. Intellectual Property Law. Describe the security methods and controls that need to be implemented in order to ensure compliance with these standards and regulatory requirements. Describe the guidance provided by the Department of Health and Human Services, the National Institute of Standards and Technology ...view middle of the document...

Federal Information Security Management Act (FISMA)
According to Weiss, The Federal Information Security Management Act of 2002 (FISMA) is contained within the E-Government Act of 2002, Public Law 107-347, as Title II and this act grants the importance of sound information security practices. Therefore the purpose of FISMA is to do the following: (1) Provide a framework for effective information security resources that support federal operations, data, and infrastructure; (2) Accept the interconnectedness of IT. Ensure effective risk management is in place; (3) Ensure coordination of information security efforts between civilian, national security, and law enforcement communities; (4) Facilitate the development and ongoing monitoring of required minimum controls to protect federal information systems and data; (5) Provide for increased oversight of federal agency information security programs; (6) Recognize that information technology solutions may be acquired from commercial organizations. Leave the acquisition decisions to the individual agencies (Weiss, 2011, pg 23).
FISMA requires regulatory bodies within the federal government to: Plan for security; Ensure that the appropriate and responsible officials are assigned the responsibility of security; Review security controls measure in a regular interval basis; Manage and authorize the system processing before the operations, and periodically after deploying.
FISMA is divided into three main sections: (1) Annual security reporting requirement (Annual Program Review – CIO); (2) Independent Evaluation – (IG) and; (3) Corrective action plan for recovery and remediation of security weaknesses. FISMA asks agencies to submit reports to OMB regarding the status of their information security program, quarterly.
Case Study
According the FISMA 2004 Report to Congress, Office of Personnel Management
Total Number of systems were 53.
Metrics Reported by Agency CIO:
Effective Security and Privacy Controls (C&A): 98%
Security Costs Included in the System Lifecycle Costs: 34%
Tested Security Controls: 94%
Tested Contingency Plans: 28%
Percentage of Employees Trained in IT Security: 100%
Cost per employee trained: $9.98
Configuration management policies for specific applications are being developed and implemented.
Incident management policies are being implemented.
Ten years later, "a large volume (11 out of 47 systems) of OPM's IT systems operating without a valid Authorization, but several of these systems are among the most critical and sensitive applications owned by the agency" (Michael Esser, OPM's assistant inspector general for audits).
What happen in that span of years to cause an estimated 14 million federal employees crucial information to be hijacked?
Sarbanes-Oxley Act (SOX)
SOX (Sarbanes Oxley) legislation – “requires all Public companies and Public accounting firms to show the auditors the accuracy of their financial reporting. The Act requires...

Other Essays Like Cis438 - Term Paper - Security Regulation Compliance

Does Emr Protect Patient Privacy? Essay

1903 words - 8 pages and care. Another purpose of the rules is to ensure that patient’s data does not get mixed up. When used properly, electronic medical records can ensure a health care provider stays in compliance (EMR Vendors, 2012). The Privacy Protection Regulation, delineated by The Institute of Medicine, delegates three levels of security based on the nature of the specific health information in a patient record. They are: non-privileged (least sensitive

Health Care Regulations Essay

1269 words - 6 pages , aiding in health care access, however, there are also different private bodies involved in regulating the healthcare sector. Health care regulation is focused on three main roles; cost control, quality control, and access expansion and control. This paper will discuss the impact of ACA on health care organizational policies. The Affordable Care Act (ACA) The Affordable Care Act (ACA) is a health care regulation signed into law on the 23rd of March

Post Crisis and Regulatory Response on Banking Regulation

3264 words - 14 pages hand, he uses the term supervision to refer to “the associated or complementary process of monitoring the behaviour of private parties, especially for the purpose of monitoring compliance with the regulatory requirements”. [7] David Llewellyn, ‘The Economic Rationale for Regulation’ (FSA Occasional Paper, 1 April 1999). [8] Howard Davies, “Why Regulate?” Henry Thornton Lecture, City University Business School, 4 November 1998. [9] Ibid [10

Exploration of Cyber Security as a Public Good

2319 words - 10 pages , except under certain enumerate circumstances (18 U.S.C. 2707c)”(Bidgoli, 2011, p50) The ECPA does not directly focus on the data security. However, organizations must be aware that in order to prevent the compromise or release of this data the security of their network and data must be thorough. Therefore, the government has justified improving private industry security through another regulation. When President Obama took office he ordered a

Risks and Torts

1185 words - 5 pages Many organizations contend with tort liability and management in the day-to-day business. The proper management and protective measures to minimize the organizations spotlight tort liability has become a key to efficient operating a business. This paper will identify the tort liability and regulatory risk of Alumina within a business plan to manage it. The prevention, detection, and corrective measures for each liability will be described. The

The Patriot Act and Its Effect on Corporations

3276 words - 14 pages The Patriot Act and its Effect on Corporations SECR 5080 – Term Paper 9 May 2015 Table of Contents Abstract – page 3 Introduction – page 3 Current State of Affairs as by the law – page 5 Impact on computing – page 6 Surveillance on Businesses – page 9 Penalty on non-compliance – page 10 Internet Service Providers – page 10 Conclusion – page 12 References – page 13 Abstract The Patriot Act was written into law just a mere 45

Blank Stare

1575 words - 7 pages , standards, and guidelines. Ensuring that agencies comply with FISMA requirements and, when necessary, enforcing accountability are major initiatives”. (Herrmann, 2007) Here at the USGA IT department it is our jobs to make sure all the proper paper work is in order before our CIO come to audit us. The OMB give our CIO list of regulations to stay in compliance with the five requirements standard mandate from the Homeland Security. Now through

Indian Market And Nse

2486 words - 10 pages intermediary. It is usually issued by companies with a high credit standing in the form of a promissory note redeemable at par to the holder on maturity and therefore, doesn’t require any guarantee. Commercial paper is a money market instrument issued normally for a tenure of 90 days. Treasury Bills: Short-term (up to 91 days) bearer discount security issued by the Government as a means of financing its cash requirements. • • • 2. SEBI

Risk Management

5016 words - 21 pages regulation. One of the principal issues facing health care risk management is governmental regulation. Over the last few decades, there has been a growing public demand for accountability in health care delivery. The consequent tightening of governmental regulation has led to a greater allocation of an organization's resources to regulatory compliance. Some states, including New York, enacted stringent incident reporting requirements for hospitals


1687 words - 7 pages involved in offshoring. Implementing both process and procedural controls as well as compliance controls costs money, which takes away from the savings of the cheaper labor markets seen overseas" ("Globalthink"). Set-up costs can be major in some industries such as call centers and training can be extremely costly. So can maintaining quality and security at offshore sites. For example, one company who processed credit cards in Juarez, Mexico

Compliance Plan

2295 words - 10 pages industry, and give guidelines for the managers and employees so that they know and understand the laws Riordan Manufacturing Employees will maintain an innovative and team-oriented working environment. By ensuring that theirs employees are well informed and properly supported, they will provide a climate focused on the long-term viability of theirs company.” The Corporate Compliance Plan will help Riordan Manufacturing follow the business policies

Related Papers

The Need And Importance Of An Officer

3788 words - 16 pages organizations were able to promise to the public that their patient data will remain in safe hands and will be handled with quality care in regards to privacy, security and confidentiality. Healthcare organizations assigned these overseeing roles to individuals known as a compliance or privacy officers. Sometimes they are also titled as a JCAHO/HIPAA/AHIMA Compliance Officers, based on which external agency they adhere to in terms of regulations

Compliance Plan Essay

2272 words - 10 pages Riodan Corporate Compliance Plan Business Law/ Law531 December 21, 2011 Introduction: Mission Statement “To meet the challenges of our customers by being the industry leader in using polymer materials to create unique innovative plastic designs” ("Riordan Manufacturing", 2004). The purpose of this paper is to present a corporate compliance plan for a major plastic manufacturing company called Riordan. In this plan, the following aspects

Challenges Facing The Finance Industry Essay

2404 words - 10 pages Challenges Facing the Finance Industry This paper will explore three problems facing the finance industry. Those problems include cybersecurity, compliance with regulation, and risk management. Three solutions will also be addressed later in this paper. 1 When one thinks about the finance industry, banks, credit agencies, insurance companies, and equity firms may come to mind. Over the years financial institutions have

Ethics And Compliance Paper

1652 words - 7 pages Ethics and Compliance Paper Ethics and compliance with laws demonstrates the integrity of corporations that strive to advocate these. Ethics serves as the backbone for a company to sustain a secure financial environment. To do so companies have to comply and make it a priority to incorporate these laws into every day practices. This paper will evaluate the role that ethics and compliance plays in Wal-Mart’s financial environment, explain