Cis 438 Enthusiastic Study / snaptutorial.com

CIS 438 Week 2 Case Study 1: HIPAA, CIA, and
Safeguards
For more classes visit
www.snaptutorial.com
Case Study 1: HIPAA, CIA, and Safeguards
Due Week 2 and worth 120 points
This assignment consists of two (2) sections: a written paper and a
PowerPoint presentation. You must submit both sections as separate
files for the completion of this assignment. Label each file name
according to the section of the assignment it is written for.
Health Information Technology (HIT) is a growing field within health
services organizations today; additionally, health information security is
a major concern among health organizations, as they are required to
maintain the security and privacy of health information. The Department
of Health and Human Services (HHS) provides extensive information
about the Health Insurance Portability and Accountability Act (HIPAA).
Visit the HHS Website, at www.hhs.gov/ocr/privacy, for more
information about HIPAA requirements. In March 2012, the HHS settled
a HIPAA case with the Blue Cross Blue Shield of Tennessee (BCBST)
for $1.5 million. Read more about this case at
www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/bcbstagrmnt.htm
l. As an IT security manager at a regional health services organization,
your CIO has asked for the following: an analysis of this incident, an
overview of the HIPAA security requirements necessary to prevent this

type of an incident, and a briefing for management on the minimum
security requirements to be HIPAA complaint.
Section1: Written Paper
1. Write a three to five (3-5) page paper in which you:
a. Describe the security issues of BCBST in regard to confidentiality,
integrity, availability, and privacy based on the information provided in
the BCBST case.
b. Describe the HIPPA security requirement that could have prevented
each security issue identified if it had been enforced.
c. Analyze the corrective actions taken by BCBST that were efficient and
those that were not adequate.
d. Analyze the security issues and the HIPAA security requirements and
describe the safeguards that the organization needs to implement in
order to mitigate the security risks. Ensure that you describe the
safeguards in terms of administrative, technical, and physical
safeguards.
e. Use at least three (3) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your written paper must follow these formatting requirements:
•Be typed, double spaced, using Times New Roman font (size 12), with
one-inch margins on all sides; references must follow APA or school-
specific format. Check with your professor for any additional
instructions.
•Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date. The
cover page and the reference page are not included in the required page
length.

Section 2: PowerPoint Presentation
2. Create a six to eight (6-8) slide PowerPoint presentation in which
you:
a. Provide the following on the main body slides:
i. An overview of the security issues at BCBST
ii. HIPAA security requirements that could have prevented the incident
iii. Positive and negative corrective actions taken by BCBST
iv. Safeguards needed to mitigate the security risks
Your PowerPoint presentation must follow these formatting
requirements:
•Include a title slide, four to six (4-6) main body slides, and a conclusion
slide.
The specific course learning outcomes associated with this assignment
are:
•Summarize the legal aspects of the information security triad:
availability, integrity, and confidentiality.
•Use technology and information resources to research legal issues in
information security.
•Write clearly and concisely about information security legal issues and
topics using proper writing mechanics and technical style conventions.
********************************************************

CIS 438 Week 3 Assignment 1 Privacy, Laws,
and Security Measures
Assignment 1: Privacy, Laws, and Security Measures
You are an information security manager for a large retail sporting
goods store. The sporting goods store is involved in the following in
which they:
•Maintain an internal network and an intranet protected by a firewall
•Maintain a Web server in the DMZ that is protected by another firewall
•Accept credit card sales in the store and over the Web via e-Commerce
transactions
•Maintain an email server for employee email communication and
communication with other business partners and customers
•Maintain a wireless network within the store
•Use RFID for inventory and theft prevention

•Maintain a Facebook presence
•Provide health screening for high blood pressure, high cholesterol, and
other potential health risks
The CEO is concerned about the amount of information that is being
collected and maintained within the organization.
Write a three to five (3-5) page paper in which you:
1.Describe the major privacy issues facing organizations today.
2.Analyze the major privacy issues described above and compare that to
the potential privacy risks facing the sporting goods store.
3.Explain the security risks and applicable laws that govern the privacy
risk.
4.Describe the security measures that the organization needs to
implement to mitigate the risks.
5.Use at least three (3) quality resources in this assignment. Note:
Your assignment must follow these formatting requirements:
•Be typed, double spaced, using Times New Roman font (size 12), with
instructions.
•Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date. The
cover page and the reference page are not included in the required page
length.
are:

•Explain the concept of privacy and its legal protections.
•Use technology and information resources to research legal issues in
•Write clearly and concisely about information security legal issues and
topics using proper writing mechanics and technical style conventions
********************************************************
CIS 438 Week 4 Assignment 2: COPA and CIPA
Assignment 2: COPA and CIPA
The Children’s Online Privacy Protection Act (COPPA) and the
Children’s Internet Protection Act (CIPA) are both intended to provide
protections for children accessing the Internet. However, they both have
had some opposition.
Write a three to five (3-5) page paper in which you:

Describe the main compliancy requirements and the protected
information for both COPPA and CIPA.
Analyze how COPPA and CIPA are similar and how they are different,
and explain why there is a need for two (2) different acts.
Describe what you believe are the most challenging elements of both
COPPA and CIPA to implement in order to be compliant.
Speculate on why COPPA and CIPA define protection for different ages;
COPPA defines a child as being under the age of 13 and CIPA defines a
minor as being under the age of 17.
Identify the main opposition to COPPA and CIPA based on research
and speculate on whether they will be changed in the future based on the
opposition.
Use at least three (3) quality resources in this assignment. Note:
Be typed, double spaced, using Times New Roman font (size 12), with
instructions.
Include a cover page containing the title of the assignment, the student’s
name, the professor’s name, the course title, and the date. The cover
page and the reference page are not included in the required page
length.
are:
Explain the concept of privacy and its legal protections.

Describe legal compliance laws addressing public and private
institutions.
Use technology and information resources to research legal issues in
Write clearly and concisely about information security legal issues and
********************************************************
CIS 438 Week 6 Case Study 2 Data Breaches
and Regulatory Requirements
The National Institute of Standards and Technology (NIST) provides an
extensive amount of information, resources, and guidance on IT and
information security topics. The Federal Information Security
Management Act (FISMA) provides standards and guidelines for
establishing information security within federal systems. However, there
have been, and continues to be, numerous security incidents including
data breaches within federal systems. Review the information about
FISMA at the NIST Website, located at

http://csrc.nist.gov/groups/SMA/fisma/index.html. Additionally, review
the information, located at http://www.govtech.com/blogs/lohrmann-on-
cybersecurity/Dark-Clouds-Over-Technology-042212.html, about the
data breaches within government systems.
Select one (1) of the data breaches mentioned to conduct a case
analysis, or select another based on your research, and research more
details about that incident to complete the following assignment
requirements.
Write a three to five (3-5) page paper on your selected case in which
you:
Describe the data breach incident and the primary causes of the data
breach.
Analyze how the data breach could have been prevented with better
adherence to and compliance with regulatory requirements and
guidelines, including management controls; include an explanation of
the regulatory requirement (such as from FISMA, HIPAA, or others).
Assess if there are deficiencies in the regulatory requirements and
whether they need to be changed, and how they need to be changed, to
mitigate further data breach incidents.

instructions.
length.
are:
institutions.
Examine the principles requiring governance of information within
organizations.
********************************************************
CIS 438 Week 7 Assignment 3 Intellectual
Property Laws and Security Measures

Assignment 3: Intellectual Property Laws and Security Measures
Intellectual property law is a major issue facing organizations, and
many organizationshave been fined significant amounts for violations of
intellectual property law. As an information security manager in an IT
consulting company, your executive management team is concerned
about the potential intellectual property violations in the organization.
To address these concerns, they have asked you to develop an
intellectual property policy to implement within the organization.
Develop a two to four (2-4) page policy in which you:
Provide an overview of intellectual property law.
Describe who the policy applies to.
Create policy, standards, and guidelines concerning:
Patents
Trademarks
Copyrights
Ownership of company material
Develop intellectual property violation reporting procedures.
Develop intellectual property infringement ramifications.

instructions.
length.
are:
Analyze intellectual property laws.
********************************************************
CIS 438 Week 9 Assignment 4: Information
Security Governance

Information security management and governance are not simply
implemented tasks within organizations. An information security
governance program is a program that must be thoroughly planned,
include senior-level management involvement and guidance, be
implemented throughout the organization, and be updated and
maintained. The International Organization for Standards (ISO) and the
International Electrotechnical Commission (IEC) has created
information security governance standards. Review the information
security governance information provided by ISACA, located
athttp://www.isaca.org/Knowledge-
Center/Research/Documents/InfoSecGuidanceDirectorsExecMgt.pdf.
Write a 3-5 page paper in which you:
Define the information security governance and management tasks that
senior management needs to address.
Describe the outcomes and the items that will be delivered to the
organization through the information security program.
Develop a list of at least five (5) best practices for implementing and
managing an information security governance program within an
organization.
Develop a checklist of items that needs to be addressed by senior
management, including priorities and needed resources.

instructions.
length.
are:
organizations.
topics using proper writing mechanics and technical style conventions
********************************************************
CIS 438 Week 10 Term Paper Security
Regulation Compliance

Term Paper: Security Regulation Compliance
This assignment consists of two (2) sections: a written paper and a
PowerPoint presentation. You must submit both sections as separate
files for the completion of this assignment. Label each file name
according to the section of the assignment it is written for.
In the day-to-day operations of information security, security
professionals often focus the majority of their time dealing with
employee access issues, implementing security methods and measures,
and other day-to-day tasks. They often neglect legal issues that affect
information security. As a result, organizations often violate security-
related regulations and often have to pay heavy fines for their non-
compliance. Thus, as a Chief Information Officer in a government
agency, you realize the need to educate for senior leadership on some of
the primary regulatory requirements, and you realize the need to ensure
that the employees in the agency are aware of these regulatory
requirements as well.
Section 1: Written Paper
1. Write a six to eight (6-8) page paper in which you:
a. Provide an overview that will be delivered to senior management of
regulatory requirements the agency needs to be aware of, including:

i. FISMA
ii. Sarbanes-Oxley Act
iii. Gramm-Leach-Bliley Act
iv. PCI DSS
v. HIPAA
vi. Intellectual Property Law
b. Describe the security methods and controls that need to be
implemented in order to ensure compliance with these standards and
regulatory requirements.
c. Describe the guidance provided by the Department of Health and
Human Services, the National Institute of Standards and Technology
(NIST), and other agencies for ensuring compliance with these
standards and regulatory requirements.
d. Use at least five (5) quality resources in this assignment. Note:
instructions.
length.

2. Create an eight to ten (8-10) slide security awareness PowerPoint
presentation that will be presented to the agency’s employees, in which
you:
a. Include an overview of regulatory requirements and employee
responsibilities, covering:
i. FISMA
iv. PCI DSS
v. HIPAA
requirements:
Include a title slide, six to eight (6-8) main body slides, and a conclusion
slide.
are:
institutions.

organizations.
********************************************************
CIS 438 Week 10 Term Paper Security
Regulation Compliance.zip
Term Paper: Security Regulation Compliance
Due Week 10 and worth 160 pointsThis assignment consists of two (2)
sections: a written paper and a PowerPoint presentation. You must
submit both sections as separate files for the completion of this
assignment. Label each file name according to the section of the
assignment it is written for.

information security, security professionals often focus the majority of
their time dealing with employee access issues, implementing security
methods and measures, and other day-to-day tasks. They often neglect
legal issues that affect information security. As a result, organizations
often violate security-related regulations and often have to pay heavy
fines for their non-compliance. Thus, as a Chief Information Officer in a
government agency, you realize the need to educate for senior
leadership on some of the primary regulatory requirements, and you
realize the need to ensure that the employees in the agency are aware of
these regulatory requirements as well.
Section 1: Written Paper
1. Write a six to eight (6-8) page paper in which you:
a. Provide an overview that will be delivered to senior management of
regulatory requirements the agency needs to be aware of, including:
i. FISMA
iv. PCI DSS
v. HIPAA
b. Describe the security methods and controls that need to be
implemented in order to ensure compliance with these standards and
regulatory requirements.
c. Describe the guidance provided by the Department of Health and
Human Services, the National Institute of Standards and Technology

(NIST), and other agencies for ensuring compliance with these
standards and regulatory requirements.
d. Use at least five (5) quality resources in this assignment. Note:
instructions.
length.
2. Create an eight to ten (8-10) slide security awareness PowerPoint
presentation that will be presented to the agency’s employees, in which
you:
a. Include an overview of regulatory requirements and employee
responsibilities, covering:
i. FISMA
iv. PCI DSS
v. HIPAA

requirements:
Include a title slide, six to eight (6-8) main body slides, and a conclusion
slide.
are:
institutions.
organizations.
********************************************************

Cis 438 Enthusiastic Study / snaptutorial.com

Recommended

Recommended

More Related Content

Similar to Cis 438 Enthusiastic Study / snaptutorial.com

Similar to Cis 438 Enthusiastic Study / snaptutorial.com (10)

Recently uploaded

Recently uploaded (20)

Cis 438 Enthusiastic Study / snaptutorial.com