Information security, which involves assuring the confidentiality, integrity, and availability of mission-critical data, is typically a primary concern of regulators. Business executives are responsible for aligning corporate policies to the requirements of regulation and follow up to ensure that the policies and associated controls are being enforced.
Regulatory compliance requires that enterprise IT departments meet certain technical standards that conform to specific requirements that are defined by either an external authoritative governmental or industry organization or by internal enterprise policies. Both internal and external regulations may have significant impacts on enterprise IT operations. Complying with any regulatory rule often constrains IT managers by imposing network and system design features that may be quite costly. Likewise, the cost of not complying with regulations may lead to both civil and criminal penalties.
In this assignment, you will address security issues related to information security-related regulatory compliance.
Preparation
Identify and research a specific information security-related regulatory requirement whose compliance is dictated by one of the following regulatory rules:
Family Educational Rights and Privacy Act (FERPA).
Gramm–Leach–Bliley Act (GLBA).
Health Insurance Portability and Accountability Act (HIPAA).
Payment Card Industry Data Security Standard (PCI DSS).
Sarbanes–Oxley Act (SOX).
Instructions
Write a 3–4 page report in which you discuss the following aspects of network monitoring:
Assume an organization is planning to move a significant IT function, such as data storage or office productivity applications, to a public cloud computing service provider. Identify one of the regulatory rules above as one that would likely govern or be important to the organization and a security control that is appropriate for achieving compliance with it.
Make sure to do the following:
Describe risks and threats associated with moving a significant IT function, such as data storage or office productivity applications, to a public cloud computing service provider.
Explain how your security control protects your cloud data.
Create a logical network diagram that indicates the appropriate placement of your security control.
Explain how a security control enables regulatory compliance.
Additional Requirements
Your assignment should also to meet the following requirements:
Written communication: Written communication should convey the writer’s purpose in an appropriate tone and style that adheres to professional writing standards and incorporates evidence where relevant. Visit the Capella Writing CenterLinks to an external site. for a variety of helpful writing resources.
Format: Submit your assignment in a Word document with well-labeled responses.
Cited sources: All literature cited should be current, with publication dates within the past five years. Visit the Capella University LibraryLinks to an external site. for a variety of research resources.
APA format: Resources, citations, title page, and reference page should be formatted according to current APA style and formatting standards. Visit Evidence and APALinks to an external site. for resources to help you with APA format.
Competencies Measured
By successfully completing this assignment, you will demonstrate your proficiency in the following course competencies and scoring guide criteria:
Competency 1: Apply core concepts, technologies, components, and issues related to communications and data networks.
Describe risks and threats associated with moving a significant IT function, such as data storage or office productivity applications, to a public cloud computing service provider.
Competency 5: Explain how enterprise network security controls serve to meet specific organizational or regulatory requirements.
Explain how your security control protects your cloud data.
Create a logical network diagram that indicates the appropriate placement of your security control.
Explain how a security control enables regulatory compliance.
Competency 6: Communicate effectively and professionally.
Write with few spelling, grammatical, or mechanical errors.