1 / 10100%
I would like to discuss the topic of the FISMA Act. This act acknowledges
information security as a matter of national security. Thus, it authorizes all
federal agencies to ensue a process of protecting their information
systems.The FISMA Act has a huge impact on the organization I chose in
last weeks assignment. I chose USAA which is a financial institution that’s
serves members of the military along with their family. The FISMA ACT
has a huge impact in this organization because they handle a lot of
people’s personal information names, phone numbers, email addresses, home
addresses, credit and debit card information, and more. This act ensures
people like myself to feel a lot more comfortable knowing that all of my
information is in the hands of others because I know that it is being
secured. This act keeps our information safe fro hackers and helps to
protect us from identity theft. There is and always will a risk when comes
to sharing information online but it make me feel knowing that that are
laws and regulations that prevent that from happening. From what I know
about Virginia Medicaid the people who are responsible for upholding the
laws is the state and the Department for medical assistance. They have to
make sure that everyone follows guidelines for HIPPA and follow the
regulations of providers account information. If the rules weren’t upheld
many members social security and medical history can be spread across the
state or even the world. I believe that the US has stricter regulations
when it comes to ethics on the internet. A lot of other countries doesn’t
really censor what you can find or do on the internet. Being that I
worked for Medicaid we have to make sure that everyone information was
properly discarded anything that showed any type of information was
protected by HIPPA and we had to follow that to a high standard we
can’t even talk about the person case on breaks. I would like to stick
with the topic on HIPPA laws. I think that the laws stand for themselves.
I know that I have family members who has used this and got alot off
of their credit because of this Act or law. I have never tried to use it
or write a letter to them but I have been thinking about what I would
say. I know I would kindly ask them to remove those hospitals bills off
of my credit. I would like to think that this would help alot of Americans
f this actually work becasue majority of our bills on our credit probably
comes from hospitals bills. I know I do not have Blue cross or anything
like that so if I get sick and I have to use the emergency room because
the insurance that I have will not cover it so I just end up with another
bill. Many Americans will not even go to the emergency room becasue its
so high by the time you get the bill in the mail. I chose Health
Insurance Portability and Accountability Act, a.k.a. HIPAA as the US law
that I would cover for my discussion board post. HIPAA is a unique set
of regulations that protect patient privacy. HIPAA establishes a set of rules
that protect patient health data. There is the Privacy Rule, that handles the
disclosure of patient health information and data. The privacy rule also
establishes a set of standards that gives the patient control over their
information. The privacy rule in enforceable to Healthcare providers, Health
Plans, Healthcare clearinghouses, and business associates ("Cdc.gov", 2020).
HIPAA also covers permitted uses and disclosures of data. This is important
for security professionals because if there is a leak of information it’s a
violation of HIPAA. If for instance a hacker penetrated the network of a
healthcare provider and stole data, the healthcare provider is responsible for
informing the people affected by the leak of the data.
My employer is responsible for following HIPAA
laws because they handle health insurance information for each employee.
Additionally, since COVID we’ve learned that they cannot disclose if
someone is missing work due to a positive COVID diagnosis. This is a
strangle intersection between ethics and law. We are facing a global
pandemic but if we encounter someone who has fallen ill due to the
virus, our employer is legal obligated not to tell us. It’s almost ironic but
they have to follow HIPAA. A diverse range of laws and regulations exist
that have a major impact on information security professionals such as
Payment Card Industry Data Security Standard (PCI DSS). Federal Information
Security Management Act (FISMA), etc. The organisations operating in
different industries and the appointed information security professionals have
the onus to uphold these laws.
The impact of laws and regulations relating to cybersecurity is of paramount
importance for the organization. The proper adherence to the laws safeguards
the entity from threats and risks from cybercriminals and online hackers.
The ethics and politics relating to cyber, maritime, space and physical
aspects significantly differ in the U.S and the other parts of the globe.
According to Brey (2015), the value system that exists in each nation
comes into play and molds the ethics and political landscape (Brey et al.,
2015).
I personally have experience with the Payment Card Industry Data Security
Standard which is an important law that intends to create a safe
environment for processing or storing credit card details by companies (Staff,
2012). Since I use a credit card to make most purchase transactions online,
the law affects me at an individual level. I transact with only the
companies that adhere to the PCI DSS law so that my confidential payment
details would not be compromised and misused by any unauthorized party.
Apple's policy's are taught to you through training before they send you
out to deal with customers. There are a lot of different roles within the
company but its up to you as the employee to follow the policy's put
in place. One of there best ones is where you as the user of your
Apple ID is soulfully have control of your own information at your finger
tips. Apple has made it to where as the Employee can only do so much
to help the Account holder, it is up to the Account holder to update
their own information with there Account. The laws and regulations of the
Federal Information Security Management Act (FISMA) would do the most
impact since its a growing industry. Making sure that all employees follow
keeping Information Assets safe by confirming each case customer if releasing
any information. Apple Makes you take continue training every month to
make sure you are and know your policy's when dealing with customers.
Putting into place where you are graded making sure you follow the policy,
if you need work in a certain area then you do more training. Since
Apple Is International every Region has their own Specific Policies put in
place that they have to follow when dealing with customers. Every case
customer is handled depending on what region they are in. If someone in
the U.S or Canada call in and need help would follow the same steps
to help the customer within the policy for both regions. With my experience
I know that I am unable to do so much within my job field. Cant help
a customer out unless they have a Account if not create one before
proceeding. Having to log each issue and reason the customer is calling
in. Making sure not to give any information out unless told by the
customer directly or verified within the system. The U.S has a lot of
laws, rules, and regulations that companies have to follow to keep their
information systems protected. Some companies must meet requirements for
more than one regulation or law. Some companies use important regulations
that impact cyber domain such as FACTA (Fair and Accurate Credit
Transaction Act) which is intended to help consumers avoid identity theft.
Accuracy, privacy, limits on information sharing, and new consumer rights
to disclosure are included in the legislation. And businesses that possess
consumer info must properly dispose information. FACTA is an amendment
to the FCRA which added restrictions to prevent fraud. PCI-DSS (Payment
Card Industry Data Security Standard) is an information security standard for
organizations that handle branded credit cards from the major card schemes.
The PCI Standard is mandated by the card brands but administered by the
Payment Card Industry Security Standards Council. The standard was created
to increase controls around cardholder data to reduce credit card fraud. A
company can choose to adapt its business ethics for each country in which
it does business. Companies and employees are judged by ethical standards
by home country. Some companies set ethical regulations globally when
going international to prevent risks. I believe there are many laws and
regulations that impact information security professionals, one of those being
HIPAA. The organization I chose in week 1 was my workplace, Kaiser
hospital. I know first hand what HIPAA pertains to, and how we continue
to uphold it on a daily basis. HIPPA was enacted in 1996, and is
intended to improve the efficiency and effectiveness of the health care
system. Recognizing the electronic technology could erode the privacy of
health information, the law also incorporates provisions for guarding the
security and privacy of personal health information. Working at the pharmacy
I need to make are patient information doesn't fall into the wrong hands,
situations like, giving the wrong medication to a patient, leaving my
computer screen on for wondering eyes, not blacking out patient information
that can lead back to a patient. The payment card industry data security
standard is another one we utilize since we are constantly use credit cards
as a form of payment. Ethics and politics across various domains of states
and global nations differ from those in the U.S., studies on ethics and
computer use reveal that people of different nationalities have different
perspectives, some countries are more relaxed than other when dealing with
intellectual property copy restrictions. The role of those responsible for
upholding the laws would be the individuals who work the company. At
the company that I chose, Northrop Grumman makes sure personnel who
works for the company knows the laws, waivers and agreements of the
company’s policies. The laws and regulations that I think would have the
most impact to my company would be the Federal Information Security
Management Act (FISMA). In 2002, FISMA requires federal agencies to
implement a program to provide security for their information and information
systems, including those provided or managed by another agency or
contractor. Procedures and plans to ensure continuity of operations for
information systems that support the organization's operations and assets.
Northrop had established periodic risk assessments classes and tests online
every six months or yearly. Another law that I’ve chosen is Health
Insurance Portability And Accountability Act (HIPAA). It is intended to
improve the efficiency and effectiveness of the health care system, provides
federal protections for personal health information held by covered entities
and gives patients an array of rights with respect to that information. The
rule permits the disclosure of personal health information needed for patient
care and other important purposes. The laws and regulations that most
impact Verizon would be the Communications Act, COPPA, and the
Electronic Fund Transfer Act, Regulation E. There are many other regulations
and laws that Verizon must abide by, but I decided to talk about the
three listed. Upholding these laws would be the responsibility of the
company and its executive branch mainly, but to some extent the various
workers throughout Verizon. The Communications Act would come into play
because Verizon is a telecommunications company, and part of our
infrastructure. Verizon also has assets and provides services in other countries,
so the laws of those areas would apply as well. COPPA seems like it
should touch anything you could find online since it is there to protect
children. The Electronic Fund Transfer Act, Regulation E would also apply,
because Verizon does most of its billing online and has servers full of
customer’s sensitive payment information. When working for Verizon we relied
on the legal department to keep us within regulations and communicate any
needed changes to upper management so they could then pass the
information down the ladder. This information was also available on
SharePoint sites. I always remember that ignorance of a law is not an
excuse to break the law and one will be held accountable. The role is
for everyone to uphold there end of the law for companies and
organizations to follow it and for who created the guidelines to enforce it.
For my organization one key aspect is transactions, with google pay as
transactions it is critical to keep credit card and debit card information
secure. One regulation/law that follows under those categories is Payment
card industry data security standard. PCI/DSS is a set of requirements for
security with payments and account data, the regulation was developed by
PCI security standards council with major credit companies such as Master
card and Visa. Along with the other regulations, DMCA is a international
effort with by WIPO to reduce copyright like the U.S copyright law it
is from a global scale, Falling under the cyber domain. With trademarks
and privacy infringements it protects every citizen and their personal data.
My personal experience is with regulations like labor regulations we are to
follow certain regulations such as labor laws. The criminal abuse of
information technology and the necessary legal response are issues that have
been discussed ever since the technology was introduced. Over the last 50
years, various solutions have been implemented at the national and regional
levels. The United States discussed a draft bill designed specifically to
address cybercrime. Interpol discussed the phenomena and possibilities for
legal response. Ethics and politics across various domains (space, cyber,
maritime, and physical) of states and global nations differ from those in
the U.S. is the fact that it was not a byproduct of any national or
international institutions. It did not stem seamlessly from any predictable
field. Nevertheless, now that it has arrived, it is inextricably linked to the
future of international interaction, whether friendly or adversarial; cooperative
or competitive. And Nations that are either unable or unwilling to challenge
the U.S. in theaters of conventional warfare are commanding substantial
attention in cyberspace. Countries are increasingly leveraging cyberspace as a
short-of-war domain. The advantages abound for irregular and asymmetric
warfare. Cyber activity also provokes a lower risk of attribution or retaliation
than traditional domains. For this week’s discussion topic on fundamental
U.S. laws, security laws, regulations, and guidelines that impact the cyber
domain in The Security Laws, Regulations and Guidelines Directory on the
CSO from IDG website, I chose to discuss HIPPA and HITECH. My
experience with HIPPA has been ongoing for the past four years ever
since I was an insurance broker and once I transitioned into my current
role assisting medical providers. HIPPA can be broken down into five
sections which are Electronic transaction and code sets standards, privacy
rule, security rule, national identifier requirements, and enforcement rule. These
five sections are important to security professionals because they set up the
framework on how you are allowed to handle PHI. HITECH is an
expansion upon HIPPA that was enacted in 2009. Under HITECH stricter
guidelines where implemented on healthcare providers and individuals that
handle or process medical information. Some key things that where enforced
under HITECH was data breach notification requirement for a breach of
unsecured patient health information, limitations on sale of patient health
information, and increase in legal penalties for willful neglect.
Students also viewed