CIS 324 Success Begins / snaptutorial.com
- 1. CIS 324 Week 2 Case Study 1 HIPAA, CIA, and Safeguards For more classes visit www.snaptutorial.com This assignment consists of two (2) sections: a written paper and a PowerPoint presentation. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Health Information Technology (HIT) is a growing field within health services organizations today; additionally, health information security is a major concern among health organizations, as they are required to maintain the security and privacy of health information. The Department of Health and Human Services (HHS) provides extensive information about the Health Insurance Portability and Accountability Act (HIPAA). Visit the HHS Website, at www.hhs.gov/ocr/privacy, for more information about HIPAA requirements. In March 2012, the HHS settled a HIPAA case with the Blue Cross Blue Shield of Tennessee (BCBST) for $1.5 million. Read more about this case at www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/bcbstagrmnt.htm l. As an IT security manager at a regional health services organization, your CIO has asked for the following: an analysis of this incident, an overview of the HIPAA security requirements necessary to prevent this type of an incident, and a briefing for management on the minimum security requirements to be HIPAA complaint.
- 2. Section1: Written Paper 1. Write a three to five (3-5) page paper in which you: a. Describe the security issues of BCBST in regard to confidentiality, integrity, availability, and privacy based on the information provided in the BCBST case. b. Describe the HIPPA security requirement that could have prevented each security issue identified if it had been enforced. c. Analyze the corrective actions taken by BCBST that were efficient and those that were not adequate. d. Analyze the security issues and the HIPAA security requirements and describe the safeguards that the organization needs to implement in order to mitigate the security risks. Ensure that you describe the safeguards in terms of administrative, technical, and physical safeguards. e. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. MUST HAVE IN TEXT CITATIONS!!! Your written paper must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; references must follow APA or school- specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required page length. Section 2: PowerPoint Presentation
- 3. 2. Create a six to eight (6-8) slide PowerPoint presentation in which you: a. Provide the following on the main body slides: i. An overview of the security issues at BCBST ii. HIPAA security requirements that could have prevented the incident iii. Positive and negative corrective actions taken by BCBST iv. Safeguards needed to mitigate the security risks Your PowerPoint presentation must follow these formatting requirements: Include a title slide, four to six (4-6) main body slides, and a conclusion slide. The specific course learning outcomes associated with this assignment are: Summarize the legal aspects of the information security triad: availability, integrity, and confidentiality. Use technology and information resources to research legal issues in information security. Write clearly and concisely about information security legal issues and topics using proper writing mechanics and technical style conventions. ********************************************************
- 4. CIS 324 Week 4 Assignment 2 COPA and CIPA For more classes visit www.snaptutorial.com The Children’s Online Privacy Protection Act (COPPA) and the Children’s Internet Protection Act (CIPA) are both intended to provide protections for children accessing the Internet. However, they both have had some opposition. Write a three to five (3-5) page paper in which you: Describe the main compliancy requirements and the protected information for both COPPA and CIPA. Analyze how COPPA and CIPA are similar and how they are different, and explain why there is a need for two (2) different acts. Describe what you believe are the most challenging elements of both COPPA and CIPA to implement in order to be compliant. Speculate on why COPPA and CIPA define protection for different ages; COPPA defines a child as being under the age of 13 and CIPA defines a minor as being under the age of 17.
- 5. Identify the main opposition to COPPA and CIPA based on research and speculate on whether they will be changed in the future based on the opposition. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; references must follow APA or school- specific format. Check with your professor for any additional instructions. MUST HAVE IN TEXT CITATIONS! Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required page length. ******************************************************** CIS 324 Week 6 Case Study 2 Data Breaches and Regulatory Requirements
- 6. For more classes visit www.snaptutorial.com Case Study 2: Data Breaches and Regulatory Requirements Due Week 6 and worth 120 points The National Institute of Standards and Technology (NIST) provides an extensive amount of information, resources, and guidance on IT and information security topics. The Federal Information Security Management Act (FISMA) provides standards and guidelines for establishing information security within federal systems. However, there have been, and continues to be, numerous security incidents including data breaches within federal systems. Review the information about FISMA at the NIST Website, located at http://csrc.nist.gov/groups/SMA/fisma/index.html. Additionally, review the information, located athttp://www.govtech.com/blogs/lohrmann-on- cybersecurity/Dark-Clouds-Over-Technology-042212.html, about the data breaches within government systems. Select one (1) of the data breaches mentioned to conduct a case analysis, or select another based on your research, and research more details about that incident to complete the following assignment requirements. Write a three to five (3-5) page paper on your selected case in which you: Describe the data breach incident and the primary causes of the data breach.
- 7. Analyze how the data breach could have been prevented with better adherence to and compliance with regulatory requirements and guidelines, including management controls; include an explanation of the regulatory requirement (such as from FISMA, HIPAA, or others). Assess if there are deficiencies in the regulatory requirements and whether they need to be changed, and how they need to be changed, to mitigate further data breach incidents. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; references must follow APA or school- specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required page length. The specific course learning outcomes associated with this assignment are: Describe legal compliance laws addressing public and private institutions. Examine the principles requiring governance of information within organizations.
- 8. Use technology and information resources to research legal issues in information security. Write clearly and concisely about information security legal issues and topics using proper writing mechanics and technical style conventions. ******************************************************** CIS 324 Week 10 Term Paper SecurityRegulation Compliance For more classes visit www.snaptutorial.com This assignment consists of two (2) sections: a written paper and a PowerPoint presentation. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for.
- 9. In the day-to-day operations of information security, security professionals often focus the majority of their time dealing with employee access issues, implementing security methods and measures, and other day-to-day tasks. They often neglect legal issues that affect information security. As a result, organizations often violate security- related regulations and often have to pay heavy fines for their non- compliance. Thus, as a Chief Information Officer in a government agency, you realize the need to educate for senior leadership on some of the primary regulatory requirements, and you realize the need to ensure that the employees in the agency are aware of these regulatory requirements as well. Section 1: Written Paper 1. Write a six to eight (6-8) page paper in which you: a. Provide an overview that will be delivered to senior management of regulatory requirements the agency needs to be aware of, including: i. FISMA ii. Sarbanes-Oxley Act iii. Gramm-Leach-Bliley Act
- 10. iv. PCI DSS v. HIPAA vi. Intellectual Property Law b. Describe the security methods and controls that need to be implemented in order to ensure compliance with these standards and regulatory requirements. c. Describe the guidance provided by the Department of Health and Human Services, the National Institute of Standards and Technology (NIST), and other agencies for ensuring compliance with these standards and regulatory requirements. d. Use at least five (5) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your written paper must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; references must follow APA or school- specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover
- 11. page and the reference page are not included in the required page length. Section 2: PowerPoint Presentation 2. Create an eight to ten (8-10) slide security awareness PowerPoint presentation that will be presented to the agency’s employees, in which you: a. Include an overview of regulatory requirements and employee responsibilities, covering: i. FISMA ii. Sarbanes-Oxley Act iii. Gramm-Leach-Bliley Act iv. PCI DSS v. HIPAA vi. Intellectual Property Law
- 12. Your PowerPoint presentation must follow these formatting requirements: Include a title slide, six to eight (6-8) main body slides, and a conclusion slide. The specific course learning outcomes associated with this assignment are: Explain the concept of privacy and its legal protections. Describe legal compliance laws addressing public and private institutions. Analyze intellectual property laws. Examine the principles requiring governance of information within organizations. Use technology and information resources to research legal issues in information security. Write clearly and concisely about information security legal issues and topics using proper writing mechanics and technical style conventions. ********************************************************