Ic wouldc likec toc discussc thec topicc ofc thec FISMAc Act.c Thisc actc acknowledgesc informationc
securityc asc ac matterc ofc nationalc security.c Thus,c itc authorizesc allc federalc agenciesc toc
ensuec ac processc ofc protectingc theirc informationc systems.Thec FISMAc Actc hasc ac hugec
impactc onc thec organizationc Ic chosec inc lastc weeksc assignment.c Ic chosec USAAc whichc isc
ac financialc institutionc that’sc servesc membersc ofc thec militaryc alongc withc theirc family.c
Thec FISMAc ACTc hasc ac hugec impactc inc thisc organizationc becausec theyc handlec ac lotc ofc
people’sc personalc informationc names,c phonec numbers,c emailc addresses,c homec addresses,c
creditc andc debitc cardc information,c andc more.c Thisc actc ensuresc peoplec likec myselfc toc
feelc ac lotc morec comfortablec knowingc thatc allc ofc myc informationc isc inc thec handsc ofc
othersc becausec Ic knowc thatc itc isc beingc secured.c Thisc actc keepsc ourc informationc safec froc
hackersc andc helpsc toc protectc usc fromc identityc theft.c Therec isc andc alwaysc willc ac riskc
whenc comesc toc sharingc informationc onlinec butc itc makec mec feelc knowingc thatc thatc arec
lawsc andc regulationsc thatc preventc thatc fromc happening.c Fromc whatc Ic knowc aboutc
Virginiac Medicaidc thec peoplec whoc arec responsiblec forc upholdingc thec lawsc isc thec statec
andc thec Departmentc forc medicalc assistance.c Theyc havec toc makec surec thatc everyonec
followsc guidelinesc forc HIPPAc andc followc thec regulationsc ofc providersc accountc
information.c Ifc thec rulesc weren’tc upheldc manyc membersc socialc securityc andc medicalc
historyc canc bec spreadc acrossc thec statec orc evenc thec world.c Ic believec thatc thec USc hasc
stricterc regulationsc whenc itc comesc toc ethicsc onc thec internet.c Ac lotc ofc otherc countriesc
doesn’tc reallyc censorc whatc youc canc findc orc doc onc thec internet.c Beingc thatc Ic workedc forc
Medicaidc wec havec toc makec surec thatc everyonec informationc wasc properlyc discardedc
anythingc thatc showedc anyc typec ofc informationc wasc protectedc byc HIPPAc andc wec hadc toc
followc thatc toc ac highc standardc wec can’tc evenc talkc aboutc thec personc casec onc breaks.c Ic
wouldc likec toc stickc withc thec topicc onc HIPPAc laws.c Ic thinkc thatc thec lawsc standc forc
themselves.c Ic knowc thatc Ic havec familyc membersc whoc hasc usedc thisc andc gotc alotc offc ofc
theirc creditc becausec ofc thisc Actc orc law.c Ic havec neverc triedc toc usec itc orc writec ac letterc
toc themc butc Ic havec beenc thinkingc aboutc whatc Ic wouldc say.c Ic knowc Ic wouldc kindlyc askc
themc toc removec thosec hospitalsc billsc offc ofc myc credit.c Ic wouldc likec toc thinkc thatc thisc
wouldc helpc alotc ofc Americansc fc thisc actuallyc workc becasuec majorityc ofc ourc billsc onc
ourc creditc probablyc comesc fromc hospitalsc bills.c Ic knowc Ic doc notc havec Bluec crossc orc
anythingc likec thatc soc ifc Ic getc sickc andc Ic havec toc usec thec emergencyc roomc becausec thec
insurancec thatc Ic havec willc notc coverc itc soc Ic justc endc upc withc anotherc bill.c Manyc
Americansc willc notc evenc goc toc thec emergencyc roomc becasuec itsc soc highc byc thec timec
youc getc thec billc inc thec mail.c Ic chosec Healthc Insurancec Portabilityc andc Accountabilityc
Act,c a.k.a.c HIPAAc asc thec USc lawc thatc Ic wouldc coverc forc myc discussionc boardc post.c
HIPAAc isc ac uniquec setc ofc regulationsc thatc protectc patientc privacy.c HIPAAc establishesc
ac setc ofc rulesc thatc protectc patientc healthc data.c Therec isc thec Privacyc Rule,c thatc handlesc
thec disclosurec ofc patientc healthc informationc andc data.c Thec privacyc rulec alsoc establishesc
ac setc ofc standardsc thatc givesc thec patientc controlc overc theirc information.c Thec privacyc
rulec inc enforceablec toc Healthcarec providers,c Healthc Plans,c Healthcarec clearinghouses,c
andc businessc associatesc ("Cdc.gov",c 2020).c HIPAAc alsoc coversc permittedc usesc andc
disclosuresc ofc data.c Thisc isc importantc forc securityc professionalsc becausec ifc therec isc ac
leakc ofc informationc it’sc ac violationc ofc HIPAA.c Ifc forc instancec ac hackerc penetratedc thec
networkc ofc ac healthcarec providerc andc stolec data,c thec healthcarec providerc isc responsiblec
forc informingc thec peoplec affectedc byc thec leakc ofc thec data.
c c c c c c c c c c c c c Myc employerc isc responsiblec forc followingc HIPAAc lawsc becausec theyc
handlec healthc insurancec informationc forc eachc employee.c Additionally,c sincec COVIDc
we’vec learnedc thatc theyc cannotc disclosec ifc someonec isc missingc workc duec toc ac positivec
COVIDc diagnosis.c Thisc isc ac stranglec intersectionc betweenc ethicsc andc law.c Wec arec facingc
ac globalc pandemicc butc ifc wec encounterc someonec whoc hasc fallenc illc duec toc thec virus,c
ourc employerc isc legalc obligatedc notc toc tellc us.c It’sc almostc ironicc butc theyc havec toc followc
HIPAA.c Ac diversec rangec ofc lawsc andc regulationsc existc thatc havec ac majorc impactc onc
informationc securityc professionalsc suchc asc Paymentc Cardc Industryc Datac Securityc
Standardc (PCIc DSS).c Federalc Informationc Securityc Managementc Actc (FISMA),c etc.c Thec
organisationsc operatingc inc differentc industriesc andc thec appointedc informationc securityc
professionalsc havec thec onusc toc upholdc thesec laws.
Thec impactc ofc lawsc andc regulationsc relatingc toc cybersecurityc isc ofc paramountc importancec
forc thec organization.c Thec properc adherencec toc thec lawsc safeguardsc thec entityc fromc
threatsc andc risksc fromc cybercriminalsc andc onlinec hackers.
Thec ethicsc andc politicsc relatingc toc cyber,c maritime,c spacec andc physicalc aspectsc
significantlyc differc inc thec U.Sc andc thec otherc partsc ofc thec globe.c Accordingc toc Breyc
(2015),c thec valuec systemc thatc existsc inc eachc nationc comesc intoc playc andc moldsc thec
ethicsc andc politicalc landscapec (Breyc etc al.,c 2015).
Ic personallyc havec experiencec withc thec Paymentc Cardc Industryc Datac Securityc Standardc
whichc isc anc importantc lawc thatc intendsc toc createc ac safec environmentc forc processingc orc
storingc creditc cardc detailsc byc companiesc (Staff,c 2012).c Sincec Ic usec ac creditc cardc toc
makec mostc purchasec transactionsc online,c thec lawc affectsc mec atc anc individualc level.c Ic
transactc withc onlyc thec companiesc thatc adherec toc thec PCIc DSSc lawc soc thatc myc
confidentialc paymentc detailsc wouldc notc bec compromisedc andc misusedc byc anyc
unauthorizedc party.c Apple'sc policy'sc arec taughtc toc youc throughc trainingc beforec theyc sendc
youc outc toc dealc withc customers.c Therec arec ac lotc ofc differentc rolesc withinc thec companyc
butc itsc upc toc youc asc thec employeec toc followc thec policy'sc putc inc place.c Onec ofc therec
bestc onesc isc wherec youc asc thec userc ofc yourc Applec IDc isc soulfullyc havec controlc ofc yourc
ownc informationc atc yourc fingerc tips.c Applec hasc madec itc toc wherec asc thec Employeec canc
onlyc doc soc muchc toc helpc thec Accountc holder,c itc isc upc toc thec Accountc holderc toc updatec
theirc ownc informationc withc therec Account.c Thec lawsc andc regulationsc ofc thec Federalc
Informationc Securityc Managementc Actc (FISMA)c wouldc doc thec mostc impactc sincec itsc ac
growingc industry.c Makingc surec thatc allc employeesc followc keepingc Informationc Assetsc
safec byc confirmingc eachc casec customerc ifc releasingc anyc information.c Applec Makesc youc
takec continuec trainingc everyc monthc toc makec surec youc arec andc knowc yourc policy'sc whenc
dealingc withc customers.c Puttingc intoc placec wherec youc arec gradedc makingc surec youc
followc thec policy,c ifc youc needc workc inc ac certainc areac thenc youc doc morec training.c Sincec
Applec Isc Internationalc everyc Regionc hasc theirc ownc Specificc Policiesc putc inc placec thatc
theyc havec toc followc whenc dealingc withc customers.c Everyc casec customerc isc handledc
dependingc onc whatc regionc theyc arec in.c Ifc someonec inc thec U.Sc orc Canadac callc inc andc
needc helpc wouldc followc thec samec stepsc toc helpc thec customerc withinc thec policyc forc bothc
regions.c Withc myc experiencec Ic knowc thatc Ic amc unablec toc doc soc muchc withinc myc jobc
field.c Cantc helpc ac customerc outc unlessc theyc havec ac Accountc ifc notc createc onec beforec
proceeding.c Havingc toc logc eachc issuec andc reasonc thec customerc isc callingc in.c Makingc
surec notc toc givec anyc informationc outc unlessc toldc byc thec customerc directlyc orc verifiedc
withinc thec system.c Thec U.Sc hasc ac lotc ofc laws,c rules,c andc regulationsc thatc companiesc
havec toc followc toc keepc theirc informationc systemsc protected.c Somec companiesc mustc meetc
requirementsc forc morec thanc onec regulationc orc law.c Somec companiesc usec importantc
regulationsc thatc impactc cyberc domainc suchc asc FACTAc (Fairc andc Accuratec Creditc
Transactionc Act)c whichc isc intendedc toc helpc consumersc avoidc identityc theft.c Accuracy,c
privacy,c limitsc onc informationc sharing,c andc newc consumerc rightsc toc disclosurec arec
includedc inc thec legislation.c Andc businessesc thatc possessc consumerc infoc mustc properlyc
disposec information.c FACTAc isc anc amendmentc toc thec FCRAc whichc addedc restrictionsc
toc preventc fraud.c PCI-DSSc (Paymentc Cardc Industryc Datac Securityc Standard)c isc anc
informationc securityc standardc forc organizationsc thatc handlec brandedc creditc cardsc fromc
thec majorc cardc schemes.c Thec PCIc Standardc isc mandatedc byc thec cardc brandsc butc
administeredc byc thec Paymentc Cardc Industryc Securityc Standardsc Council.c Thec standardc
wasc createdc toc increasec controlsc aroundc cardholderc datac toc reducec creditc cardc fraud.c Ac
companyc canc choosec toc adaptc itsc businessc ethicsc forc eachc countryc inc whichc itc doesc
business.c Companiesc andc employeesc arec judgedc byc ethicalc standardsc byc homec country.c
Somec companiesc setc ethicalc regulationsc globallyc whenc goingc internationalc toc preventc
risks.c Ic believec therec arec manyc lawsc andc regulationsc thatc impactc informationc securityc
professionals,c onec ofc thosec beingc HIPAA.c Thec organizationc Ic chosec inc weekc 1c wasc myc
workplace,c Kaiserc hospital.c Ic knowc firstc handc whatc HIPAAc pertainsc to,c andc howc wec
continuec toc upholdc itc onc ac dailyc basis.c HIPPAc wasc enactedc inc 1996,c andc isc intendedc
toc improvec thec efficiencyc andc effectivenessc ofc thec healthc carec system.c Recognizingc thec
electronicc technologyc couldc erodec thec privacyc ofc healthc information,c thec lawc alsoc
incorporatesc provisionsc forc guardingc thec securityc andc privacyc ofc personalc healthc
information.c Workingc atc thec pharmacyc Ic needc toc makec arec patientc informationc doesn'tc
fallc intoc thec wrongc hands,c situationsc like,c givingc thec wrongc medicationc toc ac patient,c
leavingc myc computerc screenc onc forc wonderingc eyes,c notc blackingc outc patientc
informationc thatc canc leadc backc toc ac patient.c Thec paymentc cardc industryc datac securityc
standardc isc anotherc onec wec utilizec sincec wec arec constantlyc usec creditc cardsc asc ac formc
ofc payment.c Ethicsc andc politicsc acrossc variousc domainsc ofc statesc andc globalc nationsc
differc fromc thosec inc thec U.S.,c studiesc onc ethicsc andc computerc usec revealc thatc peoplec ofc
differentc nationalitiesc havec differentc perspectives,c somec countriesc arec morec relaxedc thanc
otherc whenc dealingc withc intellectualc propertyc copyc restrictions.c Thec rolec ofc thosec
responsiblec forc upholdingc thec lawsc wouldc bec thec individualsc whoc workc thec company.c
Atc thec companyc thatc Ic chose,c Northropc Grummanc makesc surec personnelc whoc worksc forc
thec companyc knowsc thec laws,c waiversc andc agreementsc ofc thec company’sc policies.c Thec
lawsc andc regulationsc thatc Ic thinkc wouldc havec thec mostc impactc toc myc companyc wouldc
bec thec Federalc Informationc Securityc Managementc Actc (FISMA).c Inc 2002,c FISMAc
requiresc federalc agenciesc toc implementc ac programc toc providec securityc forc theirc
informationc andc informationc systems,c includingc thosec providedc orc managedc byc anotherc
agencyc orc contractor.c Proceduresc andc plansc toc ensurec continuityc ofc operationsc forc
informationc systemsc thatc supportc thec organization'sc operationsc andc assets.c Northropc hadc
establishedc periodicc riskc assessmentsc classesc andc testsc onlinec everyc sixc monthsc orc
yearly.c Anotherc lawc thatc I’vec chosenc isc Healthc Insurancec Portabilityc Andc Accountabilityc
Actc (HIPAA).c Itc isc intendedc toc improvec thec efficiencyc andc effectivenessc ofc thec healthc
carec system,c providesc federalc protectionsc forc personalc healthc informationc heldc byc
coveredc entitiesc andc givesc patientsc anc arrayc ofc rightsc withc respectc toc thatc information.c
Thec rulec permitsc thec disclosurec ofc personalc healthc informationc neededc forc patientc carec
andc otherc importantc purposes.c Thec lawsc andc regulationsc thatc mostc impactc Verizonc wouldc
bec thec Communicationsc Act,c COPPA,c andc thec Electronicc Fundc Transferc Act,c Regulationc
E.c Therec arec manyc otherc regulationsc andc lawsc thatc Verizonc mustc abidec by,c butc Ic
decidedc toc talkc aboutc thec threec listed.c Upholdingc thesec lawsc wouldc bec thec responsibilityc
ofc thec companyc andc itsc executivec branchc mainly,c butc toc somec extentc thec variousc
workersc throughoutc Verizon.c Thec Communicationsc Actc wouldc comec intoc playc becausec
Verizonc isc ac telecommunicationsc company,c andc partc ofc ourc infrastructure.c Verizonc alsoc
hasc assetsc andc providesc servicesc inc otherc countries,c soc thec lawsc ofc thosec areasc wouldc
applyc asc well.c COPPAc seemsc likec itc shouldc touchc anythingc youc couldc findc onlinec sincec
itc isc therec toc protectc children.c Thec Electronicc Fundc Transferc Act,c Regulationc Ec wouldc
alsoc apply,c becausec Verizonc doesc mostc ofc itsc billingc onlinec andc hasc serversc fullc ofc
customer’sc sensitivec paymentc information.c Whenc workingc forc Verizonc wec reliedc onc thec
legalc departmentc toc keepc usc withinc regulationsc andc communicatec anyc neededc changesc
toc upperc managementc soc theyc couldc thenc passc thec informationc downc thec ladder.c Thisc
informationc wasc alsoc availablec onc SharePointc sites.c Ic alwaysc rememberc thatc ignorancec
ofc ac lawc isc notc anc excusec toc breakc thec lawc andc onec willc bec heldc accountable.c Thec
rolec isc forc everyonec toc upholdc therec endc ofc thec lawc forc companiesc andc organizationsc
toc followc itc andc forc whoc createdc thec guidelinesc toc enforcec it.c Forc myc organizationc onec
keyc aspectc isc transactions,c withc googlec payc asc transactionsc itc isc criticalc toc keepc creditc
cardc andc debitc cardc informationc secure.c Onec regulation/lawc thatc followsc underc thosec
categoriesc isc Paymentc cardc industryc datac securityc standard.c PCI/DSSc isc ac setc ofc
requirementsc forc securityc withc paymentsc andc accountc data,c thec regulationc wasc developedc
byc PCIc securityc standardsc councilc withc majorc creditc companiesc suchc asc Masterc cardc
andc Visa.c Alongc withc thec otherc regulations,c DMCAc isc ac internationalc effortc withc byc
WIPOc toc reducec copyrightc likec thec U.Sc copyrightc lawc itc isc fromc ac globalc scale,c Fallingc
underc thec cyberc domain.c Withc trademarksc andc privacyc infringementsc itc protectsc everyc
citizenc andc theirc personalc data.c Myc personalc experiencec isc withc regulationsc likec laborc
regulationsc wec arec toc followc certainc regulationsc suchc asc laborc laws.c Thec criminalc abusec
ofc informationc technologyc andc thec necessaryc legalc responsec arec issuesc thatc havec beenc
discussedc everc sincec thec technologyc wasc introduced.c Overc thec lastc 50c years,c variousc
solutionsc havec beenc implementedc atc thec nationalc andc regionalc levels.c Thec Unitedc Statesc
discussedc ac draftc billc designedc specificallyc toc addressc cybercrime.c Interpolc discussedc thec
phenomenac andc possibilitiesc forc legalc response.c Ethicsc andc politicsc acrossc variousc
domainsc (space,c cyber,c maritime,c andc physical)c ofc statesc andc globalc nationsc differc fromc
thosec inc thec U.S.c isc thec factc thatc itc wasc notc ac byproductc ofc anyc nationalc orc internationalc
institutions.c Itc didc notc stemc seamlesslyc fromc anyc predictablec field.c Nevertheless,c nowc
thatc itc hasc arrived,c itc isc inextricablyc linkedc toc thec futurec ofc internationalc interaction,c
whetherc friendlyc orc adversarial;c cooperativec orc competitive.c Andc Nationsc thatc arec eitherc
unablec orc unwillingc toc challengec thec U.S.c inc theatersc ofc conventionalc warfarec arec
commandingc substantialc attentionc inc cyberspace.c Countriesc arec increasinglyc leveragingc
cyberspacec asc ac short-of-warc domain.c Thec advantagesc aboundc forc irregularc andc
asymmetricc warfare.c Cyberc activityc alsoc provokesc ac lowerc riskc ofc attributionc orc
retaliationc thanc traditionalc domains.c Forc thisc week’sc discussionc topicc onc fundamentalc
U.S.c laws,c securityc laws,c regulations,c andc guidelinesc thatc impactc thec cyberc domainc
in Thec Securityc Laws,c Regulationsc andc Guidelinesc Directory onc thec CSOc fromc IDGc
website,c Ic chosec toc discussc HIPPAc andc HITECH.c Myc experiencec withc HIPPAc hasc beenc
ongoingc forc thec pastc fourc yearsc everc sincec Ic wasc anc insurancec brokerc andc oncec Ic
transitionedc intoc myc currentc rolec assistingc medicalc providers.c HIPPAc canc bec brokenc
downc intoc fivec sectionsc whichc arec Electronicc transactionc andc codec setsc standards,c
privacyc rule,c securityc rule,c nationalc identifierc requirements,c andc enforcementc rule.c Thesec
fivec sectionsc arec importantc toc securityc professionalsc becausec theyc setc upc thec frameworkc
onc howc youc arec allowedc toc handlec PHI.c HITECHc isc anc expansionc uponc HIPPAc thatc
wasc enactedc inc 2009.c Underc HITECHc stricterc guidelinesc wherec implementedc onc
healthcarec providersc andc individualsc thatc handlec orc processc medicalc information.c Somec
keyc thingsc thatc wherec enforcedc underc HITECHc wasc datac breachc notificationc requirementc
forc ac breachc ofc unsecuredc patientc healthc information,c limitationsc onc salec ofc patientc
healthc information,c andc increasec inc legalc penaltiesc forc willfulc neglect.c
