CYB 260 Module Four Activity Guidelines and Rubric

Privacy Laws and Compliance Controls

Overview

A major security breach that happened within the federal government is the Office of Personnel Management (OPM) data breach, which exposed a large amount of personally identifiable information (PII) of federal and state employees. The effects of this breach are still being explored, and the full extent is still not known. This breach has become an important learning experience. Examining laws that suggest controls to minimize the possibility of data breaches is a crucial part of developing an adversarial mindset and will help with future instances of data breaches. There are numerous articles and research papers on the OPM breach, but the article provided in the prompt explores the breach from the employee perspective and discusses the steps that could have been used to help minimize the possibility of a data breach.

The critical controls defined by the Center for Internet Security (CIS) are used as guidelines for processes that a company can incorporate for data security. The controls are used to determine compliance to a standard put forth by the organization. They are meant to be used as an adaptive tool that will allow an organization to evaluate compliance to a known risk-mitigation level.

You have been preparing for this assignment by summarizing privacy laws and determining who is responsible for ensuring compliance to the law within an organization. It is important that you complete this assignment in your own words. Express your own ideas on how the laws and controls can be applied to this breach. It is the responsibility of a security analyst to be able to explain breaches and the controls used to mitigate issues.

Listed below are the privacy laws you are familiar with and the critical controls you will be learning about to help you complete this activity.

Privacy Laws

Americans With Disabilities Act, Section 508

Cable Communications Policy Act (1984)

• Census Confidentiality Act
• Children’s Internet Protection Act (CIPA)
• Children’s Online Privacy Protection Act (COPPA)
• Computer Security Act
• Driver’s Privacy Protection Act (1994)
• E-Government Act (2002)
• Electronic Communications Privacy Act (1986)
• Federal Information Security Management Act (FISMA)
• Freedom of Information Act (1966)
• Gramm-Leach-Bliley Act
• Health Insurance Portability and Accountability Act (HIPAA)
• Health Information Technology for Economic and Clinical Health (HITECH) Act
• Mail Privacy Statute (1971)
• Payment Card Industry Standards
• Privacy Act (1974)
• Red Flags Rule
• Sarbanes-Oxley Act
• State Data Breach Notification Laws
• U.S. Constitution
• USA Patriot Act
• Wiretap Act (1968, Amended)
• CIS Controls
• Inventory and Control of Hardware Assets

Inventory and Control of Software Assets

Continuous Vulnerability Management

1. Controlled Use of Administrative Privileges
2. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
3. Maintenance, Monitoring, and Analysis of Audit Logs
4. Email and Web Browser Protections
5. Malware Defenses
6. Limitation and Control of Network Ports, Protocols, and Services
7. Data Recovery Capabilities
8. Secure Configuration for Network Devices, such as Firewalls, Routers, and Switches
9. Boundary Defense
10. Data Protection
11. Controlled Access Based on the Need to Know
12. Wireless Access Control
13. Account Monitoring and Control
14. Implement a Security Awareness and Training Program
15. Application Software Security
16. Incident Response and Management
17. Penetration Tests and Red Team Exercises
18. Prompt
19. Before you begin working on this assignment, read the article Inside the Cyberattack That Shocked the US Government and review the CIS Controls website. Then address the following:
20. Briefly summarize (in one to two paragraphs) the major issues with the OPM breach and how it occurred.

Select two of the privacy laws provided above and describe how they relate to the OPM breach.

Determine to what extent jurisdiction plays a role in the application of your selected laws.

Identify which law or laws would have required OPM to report their breach, and the steps the organization needs to take to report the issues.

Select four of the CIS controls provided above that could have been monitored to help minimize the possibility of the breach. Explain why monitoring these controls would have helped minimize the breach.

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.