Policy and Compliance (Tracey)
Organizations develop regulations, standards and practices for securing their data. These standards enforce access security practices and policies set forth by government agencies and adopted by organizations, of these include DoD and National Security Agency. (Goodrich & Tamassia, 2011). By implementing these standards, a company or agency may be allowed to store and transfer sensitive content. Of these government regulations and standards includes; Federal Information Processing standardization (FIPS) 140 which is a set of standards requiring cryptographic modules used by government organizations. (Goodrich & Tamassia, 2011). National Institute of Standards and Technology (NIST 800 series) is based on a standard practice of computer security policies, procedures, and guidelines, which maintains cost effectiveness and efficiency. Other standards include Health Portability and Accountability Act (HIPAA), a standard for healthcare providers and employers to maintain patient privacy and Protected Health Information (PHI) which sets a standard for protecting personal information.
Data protection and access controls are applied as part implementing government policy regulations, this will address privacy of data concerns noted by Jacket-X employees. As a publicly traded company, Jacket-X must also adhere to SOX regulations.
Jacket-X has grown, and in an effort to keep up with growing demands and the need for increased security they are now implementing an identity management system, however this has raised concern over privacy for their employees. (Cyberspace and Cybersecurity: Interactive Case study II). Jacket-X recently recently became a publicly traded company, therefore must adopt policies and practices as well as a financial management system that is SOX compliant. It is also noted by leadership that there is a concern over business process focusing too much on security, which will obstruct productivity.
As discussed in the previous section, Identity Management and privacy and protection of data issues were noted, as such a new system is being stood up and various vendors are being reviewed. The HR department also discovered issues with payroll last year, though there was no evidence of fraud. (Cyberspace and Cybersecurity: Interactive Case study II). During the assessment, various security policy weaknesses were discovered which will be discussed in more detail in Privacy and Protection of Data sections below.
Sarbanes-Oxley (SOX) (Tracey)
Established in 2002 by congress, Sarbanes-Oxley (Sox) was established by Congress in an effort to sustain ethics and integrity in the financial industry to gain confidence of the public in direct response to the corporate Enron and WorldCom and immediately following, Adelphia and Tyco scandals. (Orin, 2008). Section 404 pertains to earnings, quality and internal control, international investments, and investor and public...