Law and Compliance Assignment

Law and Compliance

DESCRIPTION

This project will afford you the opportunity to learn about U.S. Computer laws and compliance regulations that are relevant to computer security.

The Project

First, you will research, write a synopsis of, and submit your work regarding the following laws and regulations in a file titled, “Project 3-Milestone 1 Synopses of Laws and Regulations”:

• HIPAA / FERPA
• Computer Security Act
• Sarbanes – Oxley (SOX)
• Gramm – Leach – Bliley (GLBA)
• Privacy (COPPA)
• Payment Card Industry Data Security Standard (PCI DSS)
• State, US and international standards / jurisdictions
• Laws and Authorities
• US Patriot Act
• BYOD issues (Bring Your Own Device)
• Americans with Disabilities Act, Section 508

Some suggested start sites

These sites are representative, not inclusive.

1. HIPAA – Health Insurance Portability and Accountability Act

http://www.hhs.gov/ocr/privacy/hipaa/understanding/

2. FERPA – Family Educational Rights and Privacy Act

http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html

3. Computer Security Act

http://www.gao.gov/products/IMTEC-88-61BR

FISMA – Federal Information Security Management Act

http://searchsecurity.techtarget.com/definition/Federal-Information-Security-Management-Act

4. SOX – Sarbanes – Oxley

http://www.soxlaw.com/

5. GLBA – Gramm-Leach-Bliley

http://www.fdic.gov/regulations/compliance/manual/pdf/VIII-1.1.pdf

http://www.business.ftc.gov/documents/bus67-how-comply-privacy-consumer-financial-information-rule-gramm-leach-bliley-act

6. COPPA – Children’s Online Privacy Protection Act

http://www.coppa.org/

http://epic.org/privacy/kids/

7. PCI DSS – Payment Card Industry Data Security Standard

https://www.pcisecuritystandards.org/

https://www.pcisecuritystandards.org/security_standards/

8. State, US and international standards / jurisdictions

http://www.mass.gov/anf/research-and-tech/cyber-security/security-for-state-employees/security-policies-and-standards/

http://www.mass.gov/anf/research-and-tech/cyber-security/

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2446631

http://www.gao.gov/htext/d10606.html

http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf

9. Laws and Authorities

http://fas.org/sgp/crs/natsec/R40427.pdf

http://www.whitehouse.gov/sites/default/files/omb/legislative/letters/dhs-cybersecurity-authority.pdf

http://www.hsgac.senate.gov/media/majority-media/committee-reports-legislation-to-enhance-dhs-cyber-personnel-authorities

10. US Patriot Act

http://www.justice.gov/archive/ll/highlights.htm

11. BYOD issues (Bring Your Own Device)

http://www.ey.com/Publication/vwLUAssets/EY_-_Bring_your_own_device:_mobile_security_and_risk/$FILE/Bring_your_own_device.pdf

https://www.privacyrights.org/bring-your-own-device-risks

12. ADA – Americans with Disabilities Act, Section 508

http://www.access-board.gov/guidelines-and-standards/communications-and-it/about-the-section-508-standards/section-508-standards

The document you create for this part of the project is one you should save as a valuable tool for reference as you move into employment in the IT field.

Then, you will then answer a set of questions regarding the laws you have researched. The questions are listed below and can also be found on Blackboard in the file: “Project 3-Milestone 2 Questions.” You will document your source(s) for your answers by copying and pasting the web address of your source(s) beneath each answer.

Answer these questions regarding the laws you have researched.

Document the source(s) for your answers by copying and pasting the web address of your source(s) beneath each answer.

1. Explain why Massachusetts Eye and Ear Infirmary (MEEI), known in the Boston area as the highly respected Mass Eye and Ear, was required pay $1.5 million dollars to the US Department of Health and Human Services in 2012? What law guided this decision?

2. How did the Supreme Court interpret FERPA in the case of Owasso Independent School District v Falvo?

3. Does a college or university have to release the name of a student who authors and sends an e-mail complaining about an instructor to the instructor’s supervisor? Explain why, citing a court case and the relevant law governing the ruling.

4. The Computer Security Act of 1987 was repealed by the Federal Information Security Management Act of 2002 (FISMA). What is the purpose of this new act? What are the nine compliance steps outlined by the National Institute of Standards and Technology (NIST)?

5. The Sarbanes-Oxley Act (2002), SOX, designed mainly by Senator Paul Sarbanes and Representative Michael Oxley introduced major changes to the regulation of corporate governance and financial practice. How did it impact J.P. Morgan in 2012? Give two examples of how SOX protects whistleblowers.

6. Gramm – Leach – Bliley Act (GLBA) compliance is mandatory. Financial institutions must have a policy to place to protect an individual’s financial information from possible threats in security and data integrity. Briefly explain the three major components of GBLA that regulate the collection, disclosure and protection of that financial information.

7. Who does COPPA protect? How does COPPA protect these people?

The act, effective April 21, 2000, applies to the online collection of personal information by

8. US Patriot Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Public Law Pub.L. 107–56) was hastily written by Congress in the aftermath of the 9/11 attacks. In 2011, President Obama extended for four years three provisions of the Patriot Act. Briefly explain those three extended provisions.

9. Explain the advantages and disadvantages of BYOD.

10. How does Section 508 of the ADA – Americans with Disabilities Act, impact federal agencies?

THE MILESTONES AND DUE DATES

	Milestone	Suggestions	Due
1	Write a synopsis of each law/regulation	Filename: “Synopses of Laws and Regulations”	2/16/16
2	Answer questions regarding the laws/regulations	Filename: “Laws and Regulations Questions”	2/16/16

ASSESSMENT: Assignment Rubric

	Beginning 20-29	Developing 30-39	Accomplished 40-49	Exemplary 50	Score
Research	Synopses for between 4 and 5 laws and regulations completed	Synopses for  between 6 and 7 laws and regulations completed	Synopses for between 8 and 9 laws and regulations completed	Synopses for all assigned laws and regulations completed accurately.
Questions	Between 4 and 5 questions answered accurately.	Between 6 and 7 questions answered accurately.	Between 8 and 9 questions answered accurately.	All questions answered accurately