Running head: POLICIES FOR MANAGING PRIVACY
1
POLICIES FOR MANAGING PRIVACY
5
Online Policies for Enabling Financial Companies to Manage Privacy Issues
Name: Sunil Kumar Parisa
Date:03/29/2020
University of Cumberland’s
ABSTRACT
Financial companies are under constant threats in the face of cyber-attacks, which are growing by the day. The companies usually implement measures that primarily focus on the deployment of technologies for suppressing the attacks. They do not consider user policies as essential elements that help curb the vulnerabilities. The policies put in place have a low level of enforceability, which lowers the impact of the plans. The research project will determine the relationship between policy enforceability and the vulnerabilities posed to a system by the internal and external users.
INTRODUCTION
Business companies in the financial sector have the responsibility of ensuring the data that belong to the customers are fully protected. Cyber-crimes are on the rise, and the approaches employed today are not entirely practical. Technological tools and measures are not efficient. They should be complemented by the behavioral standards that suppress the vulnerabilities in all the IT domains (Vincent, Higgs & Pinsker, 2015). Enforceable policies will ensure there is an integration of behavioral and technological measures for promoting data security and privacy.
LITERATURE REVIEW
Financial companies usually emphasize policies that guide the collection of customer and storage as well as access to the data by the internal and external users. These policies are relevant as they promote best practices at both levels. The companies have a belief that these are the areas that need closer monitoring and evaluation. However, the policies put in place are not always enforceable. A lack of enforceability creates a situation where the desired outcomes are not realized (Yeganeh, 2019). It explains why data breaches are still experienced even after such policies are formulated and implemented.
RESEARCH METHOD
To investigate the relationship between enforceability of the policies and the vulnerabilities that business organizations are exposed to, a case study method will be used. It is an essential tool that helps determine a causal relationship (White & McBurney, 2012). Also, it will provide insights that will inform the recommendations that need to be considered by the multiple business organizations in the financial sector. Credible data that are free of confounding variables must be collected, analyzed, and inferences drawn. Two data collection procedures will be utilized as follows.
i. Semi-structured interviews will be conducted to collect diverse data on the design and implementation of user and online policies. The interviewees will offer data that expound on the security and privacy positions of the systems.
ii. Independent observations will be made to inform the behaviors of the users, both internally and externally. The observation.
internship ppt on smartinternz platform as salesforce developer
Running head POLICIES FOR MANAGING PRIVACY1POLICIES FOR M.docx
1. Running head: POLICIES FOR MANAGING PRIVACY
1
POLICIES FOR MANAGING PRIVACY
5
Online Policies for Enabling Financial Companies to Manage
Privacy Issues
Name: Sunil Kumar Parisa
Date:03/29/2020
University of Cumberland’s
ABSTRACT
Financial companies are under constant threats in the face of
cyber-attacks, which are growing by the day. The companies
usually implement measures that primarily focus on the
deployment of technologies for suppressing the attacks. They do
not consider user policies as essential elements that help curb
the vulnerabilities. The policies put in place have a low level of
enforceability, which lowers the impact of the plans. The
research project will determine the relationship between policy
enforceability and the vulnerabilities posed to a system by the
internal and external users.
INTRODUCTION
Business companies in the financial sector have the
responsibility of ensuring the data that belong to the customers
are fully protected. Cyber-crimes are on the rise, and the
approaches employed today are not entirely practical.
Technological tools and measures are not efficient. They should
be complemented by the behavioral standards that suppress the
vulnerabilities in all the IT domains (Vincent, Higgs & Pinsker,
2015). Enforceable policies will ensure there is an integration
of behavioral and technological measures for promoting data
2. security and privacy.
LITERATURE REVIEW
Financial companies usually emphasize policies that guide the
collection of customer and storage as well as access to the data
by the internal and external users. These policies are relevant as
they promote best practices at both levels. The companies have
a belief that these are the areas that need closer monitoring and
evaluation. However, the policies put in place are not always
enforceable. A lack of enforceability creates a situation where
the desired outcomes are not realized (Yeganeh, 2019). It
explains why data breaches are still experienced even after such
policies are formulated and implemented.
RESEARCH METHOD
To investigate the relationship between enforceability of the
policies and the vulnerabilities that business organizations are
exposed to, a case study method will be used. It is an essential
tool that helps determine a causal relationship (White &
McBurney, 2012). Also, it will provide insights that will inform
the recommendations that need to be considered by the multiple
business organizations in the financial sector. Credible data that
are free of confounding variables must be collected, analyzed,
and inferences drawn. Two data collection procedures will be
utilized as follows.
i. Semi-structured interviews will be conducted to collect
diverse data on the design and implementation of user and
online policies. The interviewees will offer data that expound
on the security and privacy positions of the systems.
ii. Independent observations will be made to inform the
behaviors of the users, both internally and externally. The
observations will collect insightful data that provide details on
the user behaviors and enforceability of the policies.
CONCLUSION
The business organizations in the finance industry do not
exploit user policies that should promote their data security.
3. They do not consider the policies as crucial elements, which
exposes them to cyber threats that mainly exploit user behaviors
such as social engineering attacks. A case study approach will
be adopted as it allows a researcher to gain an in-depth
understanding of a particular problem. The trend will be
thoroughly examined by the data that will be collected,
analyzed, and a determination made. The insights from the data
will inform the recommendations made, which the various
business organizations, especially those in the financial sector,
should consider.
References
Vincent, N. E., Higgs, J. L., & Pinsker, R. (2015). IT
Governance and the Maturity of IT Risk Management Practices.
Journal of Information Systems 31(1), 113-137.
White, T. L., & McBurney, D. H. (2012). Research Methods
(9th ed.). New York, NY: Cengage Learning.
Yeganeh, K. (2019). Major Business and Technology Trends
Shaping the Contemporary World (1st ed.). New York, NY:
Business Expert Press.
Certification of Authorship
Submitted to (Professor’s Name): Dr. Mary Cecil
Course: __ITS 833________________
Student’s Name: __Sunil Kumar Parisa____
Date of Submission_03/29/2020_____________________
Purpose and Title of Submission: __Research
Outline___________________
Certification of Authorship: I hereby certify that I am the author
4. of this document and that any assistance I received in its
preparation is fully acknowledged and disclosed in the
document. I have also cited all sources from which I obtained
data, ideas, or words that are copied directly or paraphrased in
the document. Sources are properly credited according to
accepted standards for professional publications. I also certify
that this paper was prepared by (me) for this purpose.
Students’ Signature:
___________Date____03/29/2020________
Grammarly Screenshot
Running head: A RESEARCH DRAFT
1
A RESEARCH DRAFT
11
Online Policies for Enabling Financial Companies to Manage
Privacy Issues
Name: Sunil Kumar Parisa
Date: 03/29/2020
University of Cumberland’s
Abstract
Data privacy issues are a top concern for all business
organizations that rely on digital technologies to meet the daily
functions, such as banks and health care institutions. These
corporations handle sensitive data that must be protected from
unauthorized access by third parties. Such an outcome could
lead to loss of data, which might be used to commit cyber-
crimes. The customers provide the organizations with their data
5. and expect them to fully uphold their privacy, indicating that
privacy should be guaranteed at all times, which also promotes
business continuity.
To achieve the goal, the companies put in place measures such
as investing in technologies and formulating policies for
promoting privacy. These measures apply to internal and
external parties. The aim is to encourage positive user behavior
that limits the vulnerabilities posed by the users. Most financial
companies do not prioritize the action as they consider
technologies as the primary measure that suppresses any
attempts to infiltrate a system or a network. However, studies
have shown that techniques are not enough. There should be
additional behavioral efforts that contain vulnerabilities in all
the IT domains. It notes the importance of positive behaviors
that are promoted by the formulation and implementation of
crucial user policies.
The user policies are as relevant as the technologies that are
integrated into the system. Users, especially the workers, are
vulnerable to social engineering attacks that lure them into
providing their details that are then used to access the system,
which makes the work easier for a hacker. The customers are
also vulnerable to such forms of attacks. When such is
successful, the attackers can bypass the security tools and
access the system without being detected. It is a clear indication
that user policies are essential. The majority of the users are not
aware of the dangers posed by their behaviors, such as
downloading files or clicking suspicious links on the internet.
Such practices can be suppressed through formulating user
policies that are communicated to the parties, both internal and
external.
The policies are supposed to promote positive user behavior.
However, there are concerns about whether the policies are
implemented as per the best standards. The procedures usually
focus on areas, such as the collection and storage of data and
6. access to data. The two are undertaken by both internal and
external parties, which pose a significant danger to the system.
The goal of the project is to determine the relationship between
the enforceability of the policies and the security and privacy of
the network system. A case study design will be used to provide
an in-depth investigation into the relationship. Interviews and
observations are the essential tools that will be used to collect
credible data while addressing all the confounding variables.
The analysis will unearth issues that hinder enforceability and
recommend policies that are easy to implement and enforce. The
objective is to find better strategies that can easily be
implemented and suppress negative behaviors that put the
system at risk of infiltration.
Introduction
It is public knowledge that business organizations, especially
those in the health care and financial sectors, face numerous
challenges when it comes to privacy issues. Companies in these
sectors face multiple attempts by the cybercriminals who target
stealing data stored in the systems. The corporations handle
confidential data that could be used for committing crimes, such
as impersonation and illegal transfer of money (Noor & Hassan,
2019). It is a significant concern whether financial institutions
have effective policies that ensure the data are adequately
secured from both internal and external threats.
Today, legislations are evolving, and companies in nearly all
sectors will be required to enforce data privacy laws that will
call for more to be done in terms of policies and investments.
States such as California have introduced data privacy laws that
transfer data ownership rights to the customers. It means that an
organization cannot use or transfer the data without exclusive
permission from the customer. It is one of the developments that
7. the companies have to deal with soon.
Financial companies, especially those that spread across the
country, have always focused on investing in technologies that
promote the privacy of the data and the systems. They are
deploying technologies, such as cloud computing, which
improve the confidentiality of the data. Also, they use Bcrypt
technologies to encrypt data via algorithms that will take
hackers decades to decrypt a single password. Though they
invest in such technologies that cost millions of dollars, there
are questions whether they invest in behavioral measures to
protect the data systems (Noor & Hassan, 2019). Such actions
require the use of online policies that will ensure that internal
and external users can adhere to best practices that make them
less vulnerable to attacks, especially the social engineering
attacks that target unsuspecting users.
For best practices, online policies are considered essential to
every financial company. The internal users that are workers,
and the external one, that is, customers should be provided with
strategies that will guide how they interact with the system. The
organization has to enforce the policies and make follow-ups to
evaluate the level of compliance. In so doing, the vulnerability
that may be introduced by the two parties is significantly
reduced. Notably, even the top managers and executives should
comply with the policies for them to set a good example and
also establish a culture of positive user behaviors.
Literature Review
Data privacy will shape how business conduct their daily
activities and processes (Yeganeh, 2019). It is increasingly
becoming apparent that companies, especially those that handle
sensitive data, will be regulated to avoid the potential data
leakages that may expose customers to unauthorized third
parties. Financial companies are on the frontline when it comes
8. to this trend as they handle too sensitive information that is a
top priority for hackers (Yeganeh, 2019). To address the
challenge, most of the institutions have put in place policies for
lowering vulnerability in all the seven IT domains.
Customer information collection, use, and storage policies are
the most dominating policies. These policies focus on the
utilization of the best practices when any customer data are
being collected, used, stored, and transmitted (Smallwood,
2014). The reason for this is that most companies have a belief
that if the right methods are used during the collection of data,
it is easy to handle subsequent processes and tasks. Smallwood
adds that the view is not informed by best practices as there are
organizations that have experienced breaches even after
adopting standard procedures during the collection and storage
of data.
Policies on how the customer information is provided to third
parties are shared among the financial companies. The
procedures usually outline how the data are transferred from
one party to the other. A significant issue with these policies is
that they do not assess how the third party handles the data. As
such, there is a chance that data may be exposed. Under such
conditions, the company may not be held liable (Vincent, Higgs
& Pinsker, 2015). However, the organizations do not necessarily
protect the interests of the customers as their data should never
be exposed to any third parties.
Additionally, financial companies have implemented policies on
how customers access their data remotely. Such policies outline
the standards that customers must follow, such as the multi-
factor authentication, which aims at ensuring that no
unauthorized users access the data (Suchitra &Vandana, 2016).
The policies are communicated to the customers when they
provide their data. It is a practical approach that mainly ensures
that customers must follow specific guidelines that promote the
9. overall security of the data. However, Timothy Toohey (2014)
questions whether the policies apply to the side of the users who
are very likely to exhibit behaviors that expose data to threats.
For instance, customers may use devices that have weak
antimalware tools. Such devices create an avenue that a hacker
can use and access the system.
The use of the devices introduce a critical problem, that is, the
Internet of Things (IoT) and the security of the networks. IoT
refers to the billions of devices that can exchange data without
any human intervention. The devices are now used for various
purposes, such as accessing networks as well as sending and
receiving data (Suchitra & Vandana, 2016). Such devices are
also interconnected with a device that is used for accessing a
bank network. It indicates the extent of the entire issue where
the interconnection of devices poses a greater danger to the
existing systems. The financial organizations need to have clear
measures and policies that will ensure the users, especially the
customers, do not pose any threats to a network (Snedaker,
2014). While it appears a practical measure, it is challenging to
implement it, explaining why a good number of organizations
have experienced cyber-attacks despite putting in place strict
user policies.
Adam Shostack (2014) emphasizes that policies are not
necessary if they cannot be fully implemented. It explains the
situation that is faced by financial companies as they can
enforce policies internally but unable to do when it comes to
external parties. As a result, they opt for technologies, such as
cloud computing, that provide better in-built security tools that
minimize the vulnerabilities posed by the external parties. There
should be a practical approach to implementing and enforcing
policies. However, such efforts require investment in
technologies that will achieve feats, such as flagging IP
addresses that are considered a threat to the network (Yeganeh,
2019). Some systems can detect vulnerabilities on the side of
10. the users, but need more development for the desired goals to be
realized.
From the above, it is clear that policies are as relevant as the
implementation process. Without proper implementation, it is
unlikely the desired security and privacy goals will be attained.
The project will assess the policies that the organization can put
in place that are considered easy to implement and enforce.
Such systems will review the position and reputation of a
financial company, and how that can be leveraged in a bid to
promote compliance of both internal and external parties. The
external parties should be accorded priority as they pose an
even greater danger.
Research Method
The study will employ a case study design, which allows for the
exploration and understanding of a complex set of issues. It is
mainly a useful approach when a researcher needs to gain an in-
depth knowledge of a problem (White & McBurney, 2012). The
goal of the researcher is to find out the effectiveness of the user
and online policies that financial organizations put in place. It
will investigate whether the enforceability of the policies has a
direct impact on the security of the networks. The approach is a
multiple-case design that will utilize a longitudinal examination
of the selected case studies, which are financial organizations
that have implemented online policies to safeguard data. The
analysis will tell whether the policies help lower the levels of
vulnerability. The researcher will access descriptive case
studies and scrutinize the data at both deep and surface levels.
To gather the required data, interviews, and observations will be
conducted. The interviews will involve IT experts and
professionals who have been in the industry in the last three to
five years. Structured interviews will be scheduled and will be
11. requested to provide data on the vulnerability of the systems
concerning the online policies that have been put in place. To
avoid and suppress the presenting confounding variables, the
researcher will structure the interview questions in a manner
that will only provide information on the networks. The
questions will avoid any personal information as it might
introduce bias. Also, the interviews will centralize the data and
privacy position of the system and ask questions that closely
relate to it.
On the other hand, the researcher will make observations on two
levels. Permission to examine the system will be requested so
that the physical infrastructural design can be determined. The
goal of this is to ensure the system is designed in a manner that
suppresses any vulnerabilities, hence guarantee that other
parties typically introduce vulnerabilities, that is, the users.
Also, the user behaviors of both internal and external parties
will be assessed, and data were taken. The data will be
compared to that provided during the interviews. The researcher
expects to see a level of consistency and patterns that can help
decide whether the policies put in place are effective in
suppressing system vulnerabilities.
The analysis of the collected data will inform the new policies
that should be formulated and implemented. The new plans
should have a high level of enforceability as a measure of
minimizing the vulnerabilities posed by the internal and
external users. Also, they will indicate the user behaviors that
need to be observed in all the users. Failure to see the new
practices means that the desired goals and objectives are
unlikely to be realized within the stipulated time.
Conclusion
The user policies are essential elements in the promotion of data
privacy and security for financial organizations. The institutions
12. should not focus only on the data security technologies. Still,
they should also invest in the development of positive user
behaviors through formulating enforceable policies at both the
internal and external levels. The project will collect data that
will determine whether the enforceability of the policies
directly impact the vulnerability of a system. A case study
design will be adopted as it will enable the researcher to carry
out an in-depth analysis. Also, it will allow the researcher to
outline recommendations that can be considered by the
organizations in the finance industry.
References
Noor, M. M., & Hassan, W. H. (2019). Current research on
Internet of Things (IoT) security: A survey. Computer Networks
148(15), 283-294.
Sartor, M., & Orzes , G. (2019). Quality Management: Tools,
Methods and Standards. New York, NY: Emerald Publishing
Limited .
Shostack, A. (2014). Threat Modeling: Designing for Security .
New York, NY: Wiley.
Smallwood, R. F. (2014). Information Governance. New York,
NY: Wiley & Sons.
Snedaker, S. (2014). Business Continuity and Disaster Recovery
Planning for IT Professionals (2nd ed.). London, UK: Syngress.
Suchitra, C., & Vandana , C. P. (2016). Internet of Things and
Security Issues. International Journal of Computer Science and
Mobile Computing 5(1), 133-139.
Toohey, T. J. (2014). Understanding Privacy and Data
Protection. New York, NY: Thomson Reuters.
13. Vincent, N. E., Higgs, J. L., & Pinsker, R. (2015). IT
Governance and the Maturity of IT Risk Management Practices.
Journal of Information Systems 31(1), 113-137.
White, T. L., & McBurney, D. H. (2012). Research Methods
(9th ed.). New York, NY: Cengage Learning.
Yeganeh, K. (2019). Major Business and Technology Trends
Shaping the Contemporary World (1st ed.). New York, NY:
Business Expert Press.
Certification of Authorship
Submitted to (Professor’s Name): Dr. Mary Cecil
Course: __ITS 833________________
Student’s Name: __Sunil Kumar Parisa____
Date of Submission_03/29/2020_____________________
Purpose and Title of Submission: __Research Paper First
Draft___________________
Certification of Authorship: I hereby certify that I am the author
of this document and that any assistance I received in its
preparation is fully acknowledged and disclosed in the
document. I have also cited all sources from which I obtained
data, ideas, or words that are copied directly or paraphrased in
the document. Sources are properly credited according to
accepted standards for professional publications. I also certify
that this paper was prepared by (me) for this purpose.
Students’ Signature:
___________Date____03/29/2020________
Grammarly Use Screenshot