Policy and Compliance (Tracey)

1923 Words8 Pages
Policy and Compliance (Tracey)
Organizations develop regulations, standards and practices for securing their data. These standards enforce access security practices and policies set forth by government agencies and adopted by organizations, of these include DoD and National Security Agency. (Goodrich & Tamassia, 2011). By implementing these standards, a company or agency may be allowed to store and transfer sensitive content. Of these government regulations and standards includes; Federal Information Processing standardization (FIPS) 140 which is a set of standards requiring cryptographic modules used by government organizations. (Goodrich & Tamassia, 2011). National Institute of Standards and Technology (NIST 800 series) is based on a standard practice of computer security policies, procedures, and guidelines, which maintains cost effectiveness and efficiency. Other standards include Health Portability and Accountability Act (HIPAA), a standard for healthcare providers and employers to maintain patient privacy and Protected Health Information (PHI) which sets a standard for protecting personal information.
Data protection and access controls are applied as part implementing government policy regulations, this will address privacy of data concerns noted by Jacket-X employees. As a publicly traded company, Jacket-X must also adhere to SOX regulations.
Observations (Tracey)
Jacket-X has grown, and in an effort to keep up with growing demands and the need for increased security they are now implementing an identity management system, however this has raised concern over privacy for their employees. (Cyberspace and Cybersecurity: Interactive Case study II). Jacket-X recently recently became a publicly traded company, th...

... middle of paper ...

... Case study II. Video posted in University of Maryland University College NSCI 170 6981 online classroom, archived at: http://webtycho.umuc.edu
Eddy, N. (2012). Businesses Lack Confidence in Data Security: Report. Eweek, 1.
Goodrich M.T., Tamassia, R. (2011). Fundamental Concept. Holcomb, J. (Eds.), Introduction to Computer Security (pp. 445-483).
Lenn, L. E. (2013). Sarbanes- Oxley Act 2002 (SOX) -10 years later. Journal Of Legal Issues & Cases In Business, 21-14.
Li, C., Peters, G. F., Richardson, V. J., & Weidenmier Watson, M. (2012). THE CONSEQUENCES OF INFORMATION TECHNOLOGY CONTROL WEAKNESSES ON MANAGEMENT INFORMATION SYSTEMS: THE CASE OF SARBANES-OXLEY INTERNAL CONTROL REPORTS. MIS Quarterly, 36(1), 179-204.
Orin, R. M. (2008). Ethical Guidance and Constraint Under the Sarbanes-Oxley Act of 2002. Journal of Accounting, Auditing & Finance, 23(1), 141-171.
Open Document