Part 1: Statutes, Regulations, and Contract Compliance
Outcomes addressed in thi
Part 1: Statutes, Regulations, and Contract Compliance
Outcomes addressed in this activity:
Course Outcome:
IT591M4-4: Analyze technical scenario elements for industry standards, compliance regulations, and laws to determine strategy.
Purpose
It is important to understand how compliance and penalties differ across statutes, regulations, and contractual obligations, as this will affect decisions that need to be made in security controls that an organization will need to implement and will also have an impact on performing an accurate risk assessment. In this assessment, you will provide a specific example of a statute, a regulation, and a contractual agreement for an industry of their choice. You will discuss the differences in the origin of each, the compliance requirements of each, and the penalties for each within that specific industry.
Assessment Instructions
Select an industry of your choice (retail, education, military, healthcare, financial, government) and briefly describe that industry in today’s world and discuss any changes occurring within the industry that are relevant for security.
For that industry, identify one specific relevant statute, one relevant regulation, and one relevant contractual obligation that might exist.
Create a header for Statute, Regulation, and Contractual Obligation. For each, describe the origin of the statute, regulation, or need for contract. Discuss the compliance requirements for the statute, the regulation, and the contract. Discuss the penalties that exist for the lack of compliance under each.
Describe the statute, regulation, and contractual obligation in terms of how it might affect a security risk assessment for the organization.
Assessment Requirements
4–5 pages of content (exclusive of cover sheet and references page), using Times New Roman font style, 12 point, double-spaced, using correct APA formatting, and include a cover sheet, table of contents, abstract, and reference page(s)
At least 1 credible source cited and referenced
No spelling errors
No grammar errors
No APA errors
Part 2: Organizational Impact of Regulations
Purpose
For this assessment, you will have an opportunity to compare and contrast organizations in two different domains and evaluate the organization in terms of the information they collect, process, and store and to evaluate the organizations’ risk, audit/regulation requirements within each domain, and necessary security controls. This leaves you with a well-rounded view of the organizational impact of regulation across domains. You will also analyze areas related to risk analysis, standard compliance, and control implementation where conflict resolution may be necessary.
Assessment Instructions
Part 1:
Pick two organizations (they can be real or hypothetical in nature). Make sure they are different types of organizations (like those listed below).
Municipality
Educational institution (e.g., university, community college, high school, etc.)
Police station
Retail store
Government research
Hospital
Utility
Bank
Manufacturing facility
Convention center
Airline
Military installation
Describe the organizations in moderate detail.
Identify the types of information that these two businesses use, process, or store that must be protected by one of the regulatory requirements previously discussed in this course.
List the types of information and how the info is collected, used, processed, or stored.
Identify the risk exposure for each of these two organizations. Compare and contrast these risks.
List the risks (of the information being lost, corrupted, stolen, etc.) by different methods.
Identify the impact of not adequately protecting this information (consequences and costs).
Identify the compliance frameworks that would apply to these organizations based upon their information needs and applicable rules, regulations, and standards (e.g., ISO, COBIT, HIPPA, PCI, SOX, etc.).
List the requirements or standards that apply to the two organizations based on their businesses and the information that they use or process.
Identify and list the types of controls that would be the most important to implement to safeguard this information to comply with regulations and to minimize risk to the organizations.
Summarize the internal controls that would need to be established to achieve these compliance goals (including physical, administrative, technological, and auditing controls that would have to be in place).
Summarize how the differences in business requirements, information needs, and regulatory environment affect business priorities, operations, and structure.
Close the paper with a conclusion, summary of lessons learned, and/or personal observations or opinions of the team.
Part 2:
Conflict Management Skills Evaluation
Consider the process of identifying risks, identifying relevant standards, and identifying and implementing security controls (both process and technology). In addition to identifying risks, standards, and controls, there is also a people element, and often there is tension between business needs and processes and security controls. Discuss the types of inter-departmental conflicts that might arise during this process. Using the library resources and the Internet, find and summarize five conflict management skills. Be certain to cite your sources. Focus on one of the industries discussed in part 1, and discuss which of these conflict resolution skills that might be required to successfully implement effective security for an organization.
Assessment Requirements
5–6 pages of content (exclusive of cover sheet and references page), using Times New Roman font style, 12 point, double-spaced, using correct APA formatting, and include a cover sheet, table of contents, abstract, and reference page(s)
At least 1 credible source cited and referenced
No spelling errors
No grammar errors
No APA errors
For more information on APA formatting and citation style, refer to the resources in the Academic Tools area of this course. Also, review the university policy on plagiarism. If you have any questions, please contact your professor.