The purpose of this assignment is to utilize regulatory compliance measures and security controls to address risk.
In the Topic 4 assignment you completed a FMEA to analyze the risks associated with implementing the selected technology. Building on that is the need to implement security controls to address identified risks. For this assignment, select a key risk you identified that could directly impact customers or an essential part of business operations (e.g., protection of person-identifiable information to prevent customer identify theft).
Using the identified risk as the basis for your assignment, complete the following requirements.
Write a 500-word summary that addresses the following:
Explain the regulatory compliance and security controls that should be adhered to in order to address the risk.
Explain why adherence to regulatory compliance measures and security controls is essential from the customer perspective and the business perspective. Provide specific examples to illustrate your ideas.
Create a data flow diagram to illustrate how systems will interact with the customer and how the data are passed through the system(s), including how the data will reside in the system of record. Explain the data flow diagram in regard to the key controls in place to address protection of personal identifiable information (PPII).
Complete the “Security Controls Mapping Template” using the FMEA from the Topic 4 assignment. Reference appropriate regulatory compliance information (i.e., HIPAA, PCI, SOX) and security control frameworks (i.e., NIST, CIS, COBIT) when completing the template.
Submit the summary, data flow diagram, and “Security Controls Mapping Template” documents.
While APA style is not required for the body of this assignment, solid academic writing is expected, and documentation of sources should be presented using APA formatting guidelines, which can be found in the APA Style Guide, located in the Student Success Center.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
You are required to submit this assignment to LopesWrite. A link to the LopesWrite technical support articles is located in Class Resources if you need assistance.
Security Controls Mapping Template
Rule (i.e., HIPAA: 164.XXX PCI: Section 1.1.4)
Code (i.e. NIST: AC-4, COBIT: AI6, CIS: CSC 5.1)
Title (i.e., NIST: Information Flow Enforcement, COBIT: Manage Changes, CIS: Minimize administrative priv.)
Policy or Procedure to Develop for Enforcement
Have you implemented procedures to regularly review records of IS activity such as audit logs, access reports, and security incident tracking? (R)
NIST: AU-6, AU-7, CA-7, IR-5, IR-6
AU-6: Audit Review, Analysis, and Reporting AU-7: Audit Reduction and Report Generation CA-7: Continuous Monitoring IR-5: Incident Monitoring IR-6: Incident Reporting
Information Security Audit Policy
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more