Discussion 2: Policies to Implement Regulatory Requirement
Review the Week 2 readings and the assigned Case Study for background information before responding to this discussion question.
The company’s IT Governance Board has been tasked with developing a set of policies to address IT security requirements arising from
(a) PCI-DSS (credit card and transaction information)
(b) the HIPAA Security Rule (health related information)
(c) the “Red Flags” Rule (consumer credit information: identity theft prevention).
Choose one of the three sources of regulatory requirements listed above. Write a three paragraph briefing statement which summarizes the regulatory requirements as they apply to the company’s collection, processing, management, and storage of personal information about its clients. Your briefing statement should identify the specific types of personal information which are covered by the “rule” or “standard.”
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
Week 2 Readings
http://www.cengage.com/resource_uploads/downloads/1111138214_259148.pdf
https://www.whitehouse.gov/sites/default/files/omb/memoranda/2016/m-16-04.pdf
https://www.whitehouse.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan
http://csrc.nist.gov/groups/SMA/fisma/overview.html
http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/security101.pdf
http://www.bankinfosecurity.com/glba-compliance-tips-for-building-successful-program-a-908/op-1
https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Quick%20Reference%20Guide.pdf
https://www.ftc.gov/tips-advice/business-center/guidance/financial-institutions-customer-information-complying
Answer not yet available
To have this questions done by our pool of professional writers, kindly send us an email.
Email to support@yourhomeworksolutions.com