Week-5-Practical-Connection

.docx

School

University of the Cumberlands *

*We aren’t endorsed by this school

Course

633

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

5

Uploaded by SuperHumanJellyfish3761

Report
Week 5 Practical Connection. Francis Osaji, Ph.D. Information Security Student. Course Title: Legal Reg, Compliance, Invest. Course Code: ISOL633-B02. Instructor: Prof. Elizabeth Duncan. The University of the Cumberlands, Kentucky. 11/26/2023.
2 Introduction I work as a Cybersecurity Incident Responder at Systemdigits Inc., an Information technology organization. Our services include cybersecurity, information technology support, cloud support, network support, computer repair, artificial intelligence, and software development. At Systemdigits, we manage vast amounts of clients' data, mostly stored in the cloud, though we run a hybrid data storage system where we also have on-premises data storage. There are many frameworks and strict laws to observe since most of these data are personal information (PI). To gain consumer trust and abide by the frameworks we use in managing data, like the NIST, ISO 27001, and the state breach notifications laws, we created different policies to help us in data at rest and transit security. In today's digital age, organizations increasingly rely on information technology to conduct their operations. However, this reliance also exposes them to cybersecurity threats, including data breaches, cyber-attacks, and privacy violations. As a result, there is a growing need for cybersecurity professionals, particularly cybersecurity incident responders, to possess a deep understanding of legal frameworks governing information security and privacy. The foundation of legal knowledge for cybersecurity professionals lies in understanding the American legal system and the key privacy laws that impact their work. The United States legal system comprises federal, state, and local laws, judicial interpretations, and regulatory guidelines. For instance, familiarizing oneself with federal laws such as the Health Insurance Portability and Accountability Act (HIPAA), the Children's Online Privacy Protection Act (COPPA), and the Gramm-Leach-Bliley Act (GLBA) is essential for ensuring compliance with regulations that govern the protection of sensitive data in healthcare, children's online activities, and financial institutions, respectively (Rosenzweig, 2015).
3 As a cybersecurity incident responder at Systemdigits, knowledge of privacy impact assessments and the security and privacy of consumer financial information is integral. Privacy impact assessments (PIAs) are crucial to identify and mitigate privacy risks associated with collecting and using personal data. Furthermore, understanding the regulations surrounding consumer financial information, as the GLBA outlines, enables cybersecurity professionals to safeguard sensitive financial data effectively and respond to incidents involving its compromise (Bamberger & Mulligan, 2015). With the proliferation of digital platforms and online services, compliance with laws such as COPPA and the Children's Internet Protection Act (CIPA) is paramount for organizations like Systemdigits. These regulations govern the collection and protection of children's online data and implementation of internet safety measures in schools and libraries. Maintaining a comprehensive IT asset inventory is crucial for cybersecurity incident responders, as it facilitates identifying and protecting critical digital assets (Grimmelmann, 2008). The Health Insurance Portability and Accountability Act (HIPAA) and the Gramm- Leach-Bliley Act (GLBA) establish stringent requirements for protecting healthcare and financial information, respectively. Cybersecurity incident responders must be well-versed in these regulations to ensure the secure handling of sensitive data and to respond effectively during a security breach (Huston, 2017). In addition to federal laws, cybersecurity incident responders at Systemdigits must know relevant state laws, legal regulations, and breach notification requirements. Many states have enacted data protection and breach notification laws, which may impose additional obligations on organizations operating within their jurisdictions. Understanding these laws is crucial for compliance and for ensuring that appropriate breach notification procedures are followed in the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help