Term Paper: Security Regulation Compliance
This assignment consists of two sections: a written paper and a PowerPoint presentation. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for.
In the day-to-day operations of information security, security professionals often focus the majority of their time dealing with employee access issues, implementing security methods and measures, and other day-to-day tasks. They often neglect legal issues that affect information security. As a result, organizations often violate security-related regulations and often have to pay heavy fines for their non-compliance. Thus, as a Chief Information Officer in a government agency, you realize the need to educate for senior leadership on some of the primary regulatory requirements, and you realize the need to ensure that the employees in the agency are aware of these regulatory requirements as well.
Section 1: Written Paper
1. Write a six to eight page paper in which you:
a. Provide an overview that will be delivered to senior management of regulatory requirements the agency needs to be aware of, including:
i. FISMA
ii. Sarbanes-Oxley Act
iii. Gramm-Leach-Bliley Act
iv. PCI DSS
v. HIPAA
vi. Intellectual Property Law
b. Describe the security methods and controls that need to be implemented in order to ensure compliance with these standards and regulatory requirements.
c. Describe the guidance provided by the Department of Health and Human Services, the National Institute of Standards and Technology (NIST), and other agencies for ensuring compliance with these standards and regulatory requirements.
d. Use at least five quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your written paper must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; references must follow APA or school-specific format. Check with your professor for any additional instructions.
• Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date. The cover page and the reference page are not included in the required page length.
Section 2: PowerPoint Presentation
2. Create an eight to ten slide security awareness PowerPoint presentation that will be presented to the agency's employees, in which you:
a. Include an overview of regulatory requirements and employee responsibilities, covering:
i. FISMA
ii. Sarbanes-Oxley Act
iii. Gramm-Leach-Bliley Act
iv. PCI DSS
v. HIPAA
vi. Intellectual Property Law
Your PowerPoint presentation must follow these formatting requirements:
• Include a title slide, six to eight main body slides, and a conclusion slide.
The specific course learning outcomes associated with this assignment are:
• Explain the concept of privacy and its legal protections.
• Describe legal compliance laws addressing public and private institutions.
• Analyze intellectual property laws.
• Examine the principles requiring governance of information within organizations.
• Use technology and information resources to research legal issues in information security.
• Write clearly and concisely about information security legal issues and topics using proper writing mechanics and technical style conventions.