Term Paper: Security Regulation Compliance
This assignment consists of two (2) sections: a written paper and a
PowerPoint presentation. You must submit both sections as separate files for the
completion of this assignment. Label each file name according to the section of
the assignment it is written for.
In the day-to-day operations of information security, security
professionals often focus the majority of their time dealing with employee
access issues, implementing security methods and measures, and other day-to-day
tasks. They often neglect legal issues that affect information security. As a
result, organizations often violate security-related regulations and often have
to pay heavy fines for their non-compliance. Thus, as a Chief Information
Officer in a government agency, you realize the need to educate for senior
leadership on some of the primary regulatory requirements, and you realize the
need to ensure that the employees in the agency are aware of these regulatory
requirements as well.
Section 1: Written Paper
1.Write a six
to eight (6-8) page paper in which you:
a.Provide an
overview that will be delivered to senior management of regulatory requirements
the agency needs to be aware of, including:
i.FISMA
ii.Sarbanes-Oxley
Act
iii.Gramm-Leach-Bliley
Act
iv.PCI
DSS
v.HIPAA
vi.Intellectual
Property Law
b.Describe the
security methods and controls that need to be implemented in order to ensure
compliance with these standards and regulatory requirements.
c.Describe the
guidance provided by the Department of Health and Human Services, the National
Institute of Standards and Technology (NIST), and other agencies for ensuring
compliance with these standards and regulatory requirements.
d.Use at least
five (5) quality resources in this assignment. Note: Wikipedia and similar
Websites do not qualify as quality resources.
Your written paper must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with one-inch
margins on all sides; references must follow APA or school-specific format.
Check with your professor for any additional instructions.
Include a cover page containing the title of the assignment, the student’s
name, the professor’s name, the course title, and the date. The cover page and
the reference page are not included in the required page length.
Section 2: PowerPoint Presentation
2.Create an
eight to ten (8-10) slide security awareness PowerPoint presentation that will
be presented to the agency’s employees, in which you:
a.Include an
overview of regulatory requirements and employee responsibilities,
covering:
i.FISMA
ii.Sarbanes-Oxley
Act
iii.Gramm-Leach-Bliley
Act
iv.PCI
DSS
v.HIPAA
vi.Intellectual
Property Law
Your PowerPoint presentation must follow these formatting
requirements:
Include a title slide, six to eight (6-8) main body slides, and a conclusion
slide.
The specific course learning outcomes associated with this assignment
are:
Explain the concept of privacy and its legal protections.
Describe legal compliance laws addressing public and private
institutions.
Analyze intellectual property laws.
Examine the principles requiring governance of information within
organizations.
Use technology and information resources to research legal issues in
information security.
Write clearly and concisely about information security legal issues and
topics using proper writing mechanics and technical style conventions.
Click here to view the grading rubric for this
assignment.Points: 100Term Paper: Security Regulation ComplianceCriteriaUnacceptableBelow 60% FMeets Minimum Expectations60-69% DFair70-79% CProficient80-89% BExemplary90-100% ASection 1: Written Paper1a. Provide an overview that will be delivered to senior management of regulatory requirements the agency needs to be aware of.1ai. Include an overview covering FISMA.Weight: 5%Did not submit or incompletely included an overview covering FISMA.Insufficiently included an overview covering FISMA.Partially included an overview covering FISMA FISMA.Satisfactorily included an overview covering FISMA.Thoroughly included an overview covering FISMA.1aii. Include an overview covering Sarbanes-Oxley Act.Weight: 5%Did not submit or incompletely included an overview covering Sarbanes-Oxley Act.Insufficiently included an overview covering Sarbanes-Oxley Act.Partially included an overview covering Sarbanes-Oxley Act.Satisfactorily included an overview covering Sarbanes-Oxley Act.Thoroughly included an overview covering Sarbanes-Oxley Act.1aiii. Include an overview covering Gramm-Leach-Bliley Act.Weight: 5%Did not submit or incompletely included an overview covering the Gramm-Leach-Bliley Act.Insufficiently included an overview covering the Gramm-Leach-Bliley Act.Partially included an overview covering the Gramm-Leach-Bliley Act.Satisfactorily included an overview covering the Gramm-Leach-Bliley Act.Thoroughly included an overview covering the Gramm-Leach-Bliley Act.1aiv. Include an overview covering PCI DSS.Weight: 5%Did not submit or incompletely included an overview covering PCI DSS.Insufficiently included an overview covering PCI DSS.Partially included an overview covering PCI DSS.Satisfactorily included an overview covering PCI DSS.Thoroughly included an overview covering PCI DSS.1av. Include an overview covering HIPPA.Weight: 5%Did not submit or incompletely included an overview covering HIPPA.Insufficiently included an overview covering HIPPA.Partially included an overview covering HIPPA.Satisfactorily included an overview covering HIPPA.Thoroughly included an overview covering HIPPA.1avi. Include an overview covering the Intellectual Property Law.Weight: 5%Did not submit or incompletely included an overview covering the Intellectual Property Law.Insufficiently included an overview covering the Intellectual Property Law.Partially included an overview covering the Intellectual Property Law.Satisfactorily included an overview covering the Intellectual Property Law.Thoroughly included an overview covering the Intellectual Property Law.1b. Describe the security methods and controls that need to be implemented in order to ensure compliance with these standards and regulatory requirements. Weight: 15%Did not submit or incompletely described the security methods and controls that need to be implemented in order to ensure compliance with these standards and regulatory requirements.Insufficiently described the security methods and controls that need to be implemented in order to ensure compliance with these standards and regulatory requirements.Partially described the security methods and controls that need to be implemented in order to ensure compliance with these standards and regulatory requirements.Satisfactorily described the security methods and controls that need to be implemented in order to ensure compliance with these standards and regulatory requirements.Thoroughly described the security methods and controls that need to be implemented in order to ensure compliance with these standards and regulatory requirements.1c. Describe the guidance provided by the Department of Health and Human Services, the National Institute of Standards and Technology (NIST), and other agencies for ensuring compliance with these standards and regulatory requirements.Weight: 10%Did not submit or incompletely described the guidance provided by the Department of Health and Human Services, the National Institute of Standards and Technology (NIST), and other agencies for ensuring compliance with these standards and regulatory requirements.Insufficiently described the guidance provided by the Department of Health and Human Services, the National Institute of Standards and Technology (NIST), and other agencies for ensuring compliance with these standards and regulatory requirements.Partially described the guidance provided by the Department of Health and Human Services, the National Institute of Standards and Technology (NIST), and other agencies for ensuring compliance with these standards and regulatory requirements.Satisfactorily described the guidance provided by the Department of Health and Human Services, the National Institute of Standards and Technology (NIST), and other agencies for ensuring compliance with these standards and regulatory requirements.Thoroughly described the guidance provided by the Department of Health and Human Services, the National Institute of Standards and Technology (NIST), and other agencies for ensuring compliance with these standards and regulatory requirements.1d. 5 referencesWeight: 5%No references providedDoes not meet the required number of references; all references poor quality choices.Does not meet the required number of references; some references poor quality choices.Meets number of required references; all references high quality choices.Exceeds number of required references; all references high quality choices.1e. Clarity, writing mechanics, and formatting requirementsWeight: 10%More than 8 errors present7-8 errors present5-6 errors present3-4 errors present0-2 errors presentSection 2: PowerPoint Presentation2a. Create a PowerPoint presentation that will be presented to the agency’s employees, which includes an overview of regulatory requirements and employee responsibilities.2ai. Include an overview covering FISMA.Weight: 5%Did not submit or incompletely included an overview covering FISMA.Insufficiently included an overview covering FISMA.Partially included an overview covering FISMA.Satisfactorily included an overview covering FISMA.Thoroughly included an overview covering FISMA.2aii. Include an overview covering the Sarbanes-Oxley Act.Weight: 5%Did not submit or incompletely included an overview covering the Sarbanes-Oxley Act.Insufficiently included an overview covering the Sarbanes-Oxley Act.Partially included an overview covering the Sarbanes-Oxley Act.Satisfactorily included an overview covering the Sarbanes-Oxley Act.Thoroughly included an overview covering the Sarbanes-Oxley Act.2aiii. Include an overview covering the Gramm-Leach-Bliley Act.Weight: 5%Did not submit or incompletely included an overview covering the Gramm-Leach-Bliley Act.Insufficiently included an overview covering the Gramm-Leach-Bliley Act.Partially included an overview covering the Gramm-Leach-Bliley Act.Satisfactorily included an overview covering the Gramm-Leach-Bliley Act.Thoroughly included an overview covering the Gramm-Leach-Bliley Act.2aiv. Include an overview covering PCI DSS.Weight: 5%Did not submit or incompletely included an overview covering PCI DSS.Insufficiently included an overview covering PCI DSS.Partially included an overview covering PCI DSS.Satisfactorily included an overview covering PCI DSS.Thoroughly included an overview covering PCI DSS.2av. Include an overview covering HIPPA.Weight: 5%Did not submit or incompletely included an overview covering HIPPA.Insufficiently included an overview covering HIPPA.Partially included an overview covering HIPPA.Satisfactorily included an overview covering HIPPA.Thoroughly included an overview covering HIPPA.2avi. Include an overview covering the Intellectual Property Law.Weight: 5%Did not submit or incompletely included an overview covering the Intellectual Property Law.Insufficiently included an overview covering the Intellectual Property Law.Partially included an overview covering the Intellectual Property Law.Satisfactorily included an overview covering the Intellectual Property Law.Thoroughly included an overview covering the Intellectual Property Law.