11 Jun Conduct a critical analysis of two of your classmates posts by the last day of the workshop, and reply to any valuable feedback received from others about your
- Conduct a critical analysis of two of your classmates’ posts by the last day of the workshop, and reply to any valuable feedback received from others about your plan.
- Each response to your classmates should be at least 150 words in length and include a citation to one credible information source. The response citation should follow APA formatting.
Post 1: Syed Salman Maqsood
Compliance and governance plan
Compliance issues are risks dealing with an organization’s potential exposure to material loss, legal penalties due to its failure to act in accordance with the laws.
Examine the compliance issues for the current technology environment
There may be corrupt or illegal practices which include fraud, bribery or embezzlement. Another risk is the violation of privacy laws. This may be through hacking or viruses that puts the data in an organization at risk. When a company handles sensitive data they are required to install methods that will ensure the protection of the data from attackers. Also, there are environmental concerns which are issues that deal with environmental damage such as pollution. This includes destruction of a natural habitat, waste disposal and the pollution of ground water. One of the best practices to prevent this from occurring is by practicing sustainability and incorporating strategies that teach employees on the methods that ensure environmental protection. Additionally, there are process risks which entails the failure to follow already established procedures or a deviation from the standard processes (Elzamly et al., 2015). For instance, companies are required to have a documented procedure which shows their procedure for accessing networks remotely. If the company abuses the procedures then this can be a process risk.
Explore current legislation related to the communication of data
There is the Data Protection Act which was later replaced by the General Data Protection Regulations. This Act aims at controlling how customer information or their personal data is used by different organizations. It protects people by laying out the rules that protect the way personal data is used. Also there is the Children’s Online Privacy Protection Act that aims at preventing the collection of information from a child under the age of 13 (Hargittai et al., 2011). There are also state laws that prevent the sharing of medical records and governs how patient data can be communicated between different healthcare providers. These strategies inform how the company protects its data by ensuring it abides to state laws and also protecting the data from outside attack.
Elzamly, A., Hussin, B., Abu-Naser, S. S., & Doheir, M. (2015). Predicting Software Analysis Process Risks Using Linear Stepwise Discriminant Analysis: Statistical Methods.
Hargittai, E., Schultz, J., & Palfrey, J. (2011). Why parents help their children lie to Facebook about age: Unintended consequences of the ‘Children’s Online Privacy Protection Act’. First Monday.
Post 2: Mubbasher Hasham
Compliance and Governance Plan
Cyber security compliance and governance plan provide a framework for ensuring data confidentiality through pre-defined security measures by organizational risk management. Preparing a compliance and governance plan helps organizations prepare preventive measures and set up continuous assessment and monitoring of the systems by mitigating data breach threats and analyzing risk. It involves examining the compliance issues and exploring current legislation for formulating a compliance plan.
Examining Compliance Issues and Exploring Current Legislature
For developing a compliance and governance plan, the first step involves examining the compliance issues of an organization and exploring the current legislature as per the current technology environment. As per the Verizon organization’s compliance, it shares the information within Verizon with vendors and partners about customer devices’ 5G connectivity with mobile device operating system providers and app developers so that they can optimize customers’ 5G experience, de-identified information with companies to assist with the delivery of advertising campaigns or aggregate reports(Verizon, 2020). It also discloses the communication with customers’ consent to be under the law and protects the customers and outside regulators and auditors when needed. The customer’s rights while using their services are under California Consumer Privacy Act, Information about the Cable Act, Nevada Privacy Rights, Maine Broadband Customer Privacy Rights and Additional California Privacy Rights.
Steps in Formulating Compliance and Governance Plan
After examining issues related to compliance and understanding various legislatures concerned with it, the next step is formulating a compliance and governance plan by creating a cyber security program and assessing cybersecurity risks. The steps involved in formulating are:
Step 1: Developing a Compliance Team
An organization needs to have a dedicated compliance team possessing skills and knowledge for assessing cybersecurity compliance. This helps maintain a responsive cybersecurity environment towards challenges and threats by assigning responsibilities and creating an agile approach.
Step 2: Analyzing Risk
The risk involved in an organization can be analyzed by identifying assets of information systems and networks used for accessing, and assessing the risk level of the information being collected, stored and transmitted. While analyzing the risk involved, it is essential to determine the impact of the risk and set risk tolerance by categorizing it.
Step 3: Setting Up Security Controls
For handling the risk, an organization needs security measures such as network access control, network firewalls, incident response plan, data encryption, password policies etc.
Step 4: Preparing Policies and Procedures
Preparing procedures and policies helps systematically align, revise, and audit the organization’s compliance with security requirements (NordLayer, 2022).
Step 5: Responding and Monitoring
Active monitoring enables need of improvements and constant revision of established security methods. Through monitoring, the required changes can be implemented and updated for efficient responding to challenges and threats involved.
NordLayer. (2022). Cybersecurity compliance: Everything you need to know. NordLayer. https://nordlayer.com/blog/cybersecurity-compliance-everything-you-need-to-know/