The Information Systems Security Impact Phase
This week, you will evaluate the status of the security and its infrastructure for your case study from the perspective of professional and industry best practices, for example, CERT, SANS, (ISC)2, and existing national security and privacy acts, such as: the Health Insurance Portability and Accountability Act (HIPAA), the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act (ECPA), the PATRIOT Act, the Gramm-Leach-Bliley Act (GLBA), the Sarbanes-Oxley Act (SOX), the Payment Card Industry Data Security Standard (PCI-DSS), or the Family Educational Rights and Privacy Act (FERPA). Depending on your case study some of the above regulations may or may not directly apply.
Research security and privacy acts that are pertinent to your case study in the South University Online Library and on the Internet by using the following keywords:
- Health Insurance Portability and Accountability Act
- Computer Fraud and Abuse Act
- Electronic Communications Privacy Act
- USA PATRIOT Act
- USA PATRIOT Improvement and Reauthorization Act of 2005
- Public Law 107-56
- Gramm-Leach-Bliley Act
- Sarbanes-Oxley Act
- Payment Card Industry Data Security Standard
- Family Educational Rights and Privacy Act (FERPA)
On the basis of your research, discuss the impacts of your case study analysis from the previous weeks on the security and privacy acts such as the ones listed above.
Your report should include:
- A suggested plan for improving your organization’s operations security
- The information systems security impact of the constructed IS
On the basis of the system that you’ve developed so far, devise an annual budget to operate the following:
- Points of entry into the system where customers, or generally end users, are identified, authenticated, and authorized to access resources
- Points of entry for assets (material or digital) obtained from suppliers
- Support systems that track events, based on the system you’ve proposed
- Support systems that track the traffic of information, based on the system you’ve proposed
State the assumptions made on the operations of these systems. These assumptions may include the number of staff required, the pay rate, and the number of hours the different elements of the system operate per day.
Your report should be written using the APA format, and it should include a copy of all the references used. Be sure your report contains the following:
- A logical flow and transition in the content.
- Complete report should include a title, abstract, summary, reference, and bibliography.
- Report should be an appropriate deliverable to senior management.
- Report should reflect depth, breadth, and implications related to the theories and constructs studied in this course.
Conclusions and recommendations practical and actionable, not merely theoretical with no basis for the organization officers to take specific actions or steps to improve.
- Submit your plan in a 10–15 page Microsoft Word document, using APA style.