05 Jun The purpose of this assignment is to utilize regulatory compliance measures and security controls to address risk. In the Topic 4 assignment you com
Assessment Description
The purpose of this assignment is to utilize regulatory compliance measures and security controls to address risk.
In the Topic 4 assignment you completed a FMEA to analyze the risks associated with implementing the selected technology. Building on that is the need to implement security controls to address identified risks. For this assignment, select a key risk you identified that could directly impact customers or an essential part of business operations (e.g., protection of person-identifiable information to prevent customer identify theft).
Using the identified risk as the basis for your assignment, complete the following requirements.
Part 1
Write a 500-word summary that addresses the following:
Explain the regulatory compliance and security controls that should be adhered to in order to address the risk.
Explain why adherence to regulatory compliance measures and security controls is essential from the customer perspective and the business perspective. Provide specific examples to illustrate your ideas.
Part 2
Create a data flow diagram to illustrate how systems will interact with the customer and how the data are passed through the system(s), including how the data will reside in the system of record. Explain the data flow diagram in regard to the key controls in place to address protection of personal identifiable information (PPII).
Part 3
Complete the "Security Controls Mapping Template" using the FMEA from the Topic 4 assignment. Reference appropriate regulatory compliance information (i.e., HIPAA, PCI, SOX) and security control frameworks (i.e., NIST, CIS, COBIT) when completing the template.
General Requirements
Submit the summary, data flow diagram, and "Security Controls Mapping Template" documents.
While APA style is not required for the body of this assignment, solid academic writing is expected, and documentation of sources should be presented using APA formatting guidelines, which can be found in the APA Style Guide, located in the Student Success Center.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
You are required to submit this assignment to LopesWrite. A link to the LopesWrite technical support articles is located in Class Resources if you need assistance.
Attachments
HIPAA Controls
| Security Controls Mapping Template | ||||
| Regulatory Compliance | Security Controls | Safeguard | ||
| Rule (i.e., HIPAA: 164.XXX PCI: Section 1.1.4) | Description | Code (i.e. NIST: AC-4, COBIT: AI6, CIS: CSC 5.1) | Title (i.e., NIST: Information Flow Enforcement, COBIT: Manage Changes, CIS: Minimize administrative priv.) | Policy or Procedure to Develop for Enforcement |
| HIPAA: 164.308(a)(1)(ii)(D) | Have you implemented procedures to regularly review records of IS activity such as audit logs, access reports, and security incident tracking? (R) | NIST: AU-6, AU-7, CA-7, IR-5, IR-6 | AU-6: Audit Review, Analysis, and Reporting AU-7: Audit Reduction and Report Generation CA-7: Continuous Monitoring IR-5: Incident Monitoring IR-6: Incident Reporting | Information Security Audit Policy |
