Certain acts are being passed by U.S. legislators to aid corporations in adding
ID: 3559105 • Letter: C
Question
Certain acts are being passed by U.S. legislators to aid corporations in adding information security to their organizations. The Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, and the Federal Information Security Management Act are examples of the government trying to regulate the security of certain organizations.
Read the Case Study at the end of Chapter 14 of the textbook. With your group, prepare a report to present to the CIO of a company that produces engineering software for security agencies. This CIO does not believe the government should have any say in the operations of the company. The report should contain at least three security practices that meet best practices industrywide. Also, explain at least two risks the nation's infrastructure may face if the company fails to comply with security standards
Explanation / Answer
Industrywide Information Security Report:
There has been an enormous growth in the use of various types of data used in the industries these days. This includes crucial information like employee records, tender files, etc. which must not be allowed to slip into the hands of third party. For this purpose there needs to be a common set of rules to be followed so that the data is not not lost or malfunctioned during exchange. The government of US has implement a few acts or laws for the same. This has occured previously with other industries like health and finance. The acts have been known to be succesful and also brought about a uniformity in the process. Similarly, now new acts have been in theory for information security of industries. A few best practices involved are as follows:
responsibility and layered security : every individual in an organization have their duties assigned. These duties and responsibilities are structured in a layered format to maintain the coordination. These responsibilites are to be well understood and followed by every employee. At no point should these responsibilities be compromised or the system security.
Layered security can be achieved by providing firewalls at all possible levels. Also provide passwords for individual system so that data loss can be recorded timely and accurately(the source system).
Security and network audits: secuirty of the network must be subject to frequent audits and the updates must be immediately acted upon after every review. The IT audit records must record information for monitored systems.
Disaster planning: proper in time disaster recovery plan must be at hand.
The risks that the nation may face due to the lack of any of the above are as below:
Network intrusions are most common kind of threats these days faced by all organizations. Also, many government organizations use privately built software to conduct operations. These softwares are thought least vulnerable, prone to attacks every now and then. The best example of such data leaks is the organization wikileaks which hosts many high security documents.
The efforts involved in producing this document have been evenly distributed among every member in the team. The responsibilities include: