Answer the Below Question. APA format. 300 words. Textbook : Information Governance: Concepts, Strategies and Best Practices; John R.S. Fraser, Betty J. Simkins, Kristina Narvaez; Copyright © 2015 by John R.S. Fraser, Betty J. Simkins, Kristina Narvaez (ISBN 978-1-118-69196-0) Beasley, M. S. (2016). What is Enterprise Risk Management? Retrieved from https://erm.ncsu.edu/az/erm/i/chan/library/What_is_Enterprise_Risk_Management.pdf Question : You are requested to write an essay highlighting key commonalities and key differences between GDPR and CCPA. Select one of the key differences and elaborate further on which you think is more effective. Write Response to below two Discussions seperately.APA format. 100 words each. DISCUSSION 1: CCPA is a law that provides consumers the right to personal details to be gathered, shared, or sold by a company. GDPR is also a privacy law that disallows the gathering and processing of personal information by organizations. The similarity between these laws is that they oblige organizations to adhere to specific guidelines when handling personal data of people. Both of them have the disclosure of transparency requirements (Hammarling, 2019). They protect consumers or data subjects, no matter where they are at the given time. Both of them protect the same categories and kinds of information of natural people. The first difference among these laws is the type of business that should comply. CCPA has applied to primary business that their sale is of personal information or to companies based in California that its revenues are above twenty-five million dollars. GDPR is for all businesses that process information of EU individuals no matter their size and location. GDPR needs websites, organizations, and businesses to have a legal basis for processing data in the European, whereas CCPA does not require prior consent from the consumer (Blanke, 2020). They differ in their financial penalties as GDPR sanction for non-compliance and data breach. In CCPA, a sanction is only done when there is a breach and enables customers to sue an organization for violation (Buresh, 2019). CCPA considers both the consumer and household as entities and can consider the information given by the customer while GDPR focuses on all the data associated with the EU consumer. The most effective difference is the right to prior consent in GDPR versus to opt-out in CCPA. They are incomparable as the right to opt-out goes hand in hand with the right to withdraw consent while that of prior consent has no equivalent in CCPA. The right to prior consent creates all the difference when comparing the rights in these laws as it provides a legal framework grounded on privacy first through user control. References: Blanke, Jordan M. (2020), Protection for 'Inferences Drawn:' A Comparison between the General Data Protection Rule and the California Consumer Privacy Act (January 12, 2020). Available at SSRN: https://ssrn.co.

1. Answer the Below Question. APA format. 300 words.
Textbook :
Information Governance: Concepts, Strategies and Best
Practices; John R.S. Fraser, Betty J. Simkins, Kristina Narvaez;
Copyright © 2015 by John R.S. Fraser, Betty J. Simkins,
Kristina Narvaez (ISBN 978-1-118-69196-0)
Beasley, M. S. (2016). What is Enterprise Risk Management?
Retrieved from
https://erm.ncsu.edu/az/erm/i/chan/library/What_is_Enterprise_
Risk_Management.pdf
Question : You are requested to write an essay highlighting key
commonalities and key differences between GDPR and CCPA.
Select one of the key differences and elaborate further on which
you think is more effective.
Write Response to below two Discussions seperately.APA
format. 100 words each.

2. DISCUSSION 1:
CCPA is a law that provides consumers the right to personal
details to be gathered, shared, or sold by a company. GDPR is
also a privacy law that disallows the gathering and processing
of personal information by organizations. The similarity
between these laws is that they oblige organizations to adhere to
specific guidelines when handling personal data of people. Both
of them have the disclosure of transparency requirements
(Hammarling, 2019). They protect consumers or data subjects,
no matter where they are at the given time. Both of them protect
the same categories and kinds of information of natural people.
The first difference among these laws is the type of business
that should comply. CCPA has applied to primary business that
their sale is of personal information or to companies based in
California that its revenues are above twenty-five million
dollars. GDPR is for all businesses that process information of
EU individuals no matter their size and location. GDPR needs
websites, organizations, and businesses to have a legal basis for
processing data in the European, whereas CCPA does not
require prior consent from the consumer (Blanke, 2020). They
differ in their financial penalties as GDPR sanction for non-
compliance and data breach. In CCPA, a sanction is only done
when there is a breach and enables customers to sue an
organization for violation (Buresh, 2019). CCPA considers both
the consumer and household as entities and can consider the
information given by the customer while GDPR focuses on all
the data associated with the EU consumer.

3. The most effective difference is the right to prior consent in
GDPR versus to opt-out in CCPA. They are incomparable as
the right to opt-out goes hand in hand with the right to withdraw
consent while that of prior consent has no equivalent in CCPA.
The right to prior consent creates all the difference when
comparing the rights in these laws as it provides a legal
framework grounded on privacy first through user control.
References:
Blanke, Jordan M. (2020), Protection for 'Inferences Drawn:' A
Comparison between the General Data Protection Rule and the
California Consumer Privacy Act (January 12, 2020). Available
at SSRN: https://ssrn.com/abstract=3518164.
Buresh, D. L. (2019), A Comparison between the European and
the American Approaches to Privacy. Indon. J. Int'l & Comp.
L., 6, 257.
Hammarling, J. (2019), A comparative study on “the Right of
Access” under the GDPR and the CCPA. Retrieved from
http://lup.lub.lu.se/student-papers/record/9000026
DISCUSSION 2:

4. The GDPR as specific aspects would not be generally applicable
with reference to the context that has been purely personal or
even related with the household. CCPA on the other hand would
be completely applicable for the non commercial activities as
well. Exemption in this context with reference to GDP are
would only be referring to the individuals while the other ccpa
would be recovering the business aspects as well which has
been processed with the personal data (cookiebot, 2020).
CCPA will be tracking down the emergency applications that
have been associated with the benefits of the on information
while the agenda would be associated with the encouragement
of strong privacy as well as greater transparency. Proper
management of consumers and ownership on the other hand with
reference to personal information would also help in bringing
down the ability required. The context of each and every
conditions which has been associated with the business
disclosure in the personal information would also help in
management of connectivity which has been required as far as a
data has not been sold to parties. Third party management
would also help in knowing down the personal information
which has been collected and the access ability of personal
information that has to be collected based on request. We
should also make sure that whatever has been known in terms of
the personal information should not be opt out but however
equal service and price should be given to the privacy rights
(varonis, 2020).
The California consumer privacy act would also define the

5. business as far as a profit entity which would collect the
personal data which has been related to the consumer as well.
Therefore, the business related contact which has been
associated with the threshold would also be subjected to
compliance because there are annual exemptions (varonis,
2020).
References
Cookiebot. (2020). CCPA vs GDPR. Retrieved from,
https://www.cookiebot.com/en/ccpa-vs-gdpr/
varonis. (2020). California consumer privacy act. Retrieved
from,
https://www.varonis.com/blog/ccpa-vs-gdpr/
Please make your response posts substantive. A substantive post
will do at least TWO of the following:

6. Ask an interesting, thoughtful question pertaining to the topic
Provide an outside source (for example, an article from the UC
Library) that applies to the topic, along with additional
information about the topic or the source (please cite properly
in APA)
At least one scholarly source should be used in the initial
discussion thread. Be sure to use information from your
readings and other sources from the UC Library. Use proper
citations and references in your post.
APA format, 150 words each.
Discussion 1)
The reality is that all the cyber physical security systems also
contain a human component from their design and
implementation through to deployment, usage, maintenance,
evolution and decommissioning. Within this complex socio-
technical system all three components are not only potential
points of weakness but may also attack maliciously any other
component (Frey et al.,2016). However, the sheer scale,
velocity of adoption and pervasiveness of the IoT presents,
combined with on-system resource limitations, fundamental
challenges to software engineering and how best to ensure the
safety and security of the IoT.

7. Recently new methods are analyzed to the role of latent design
conditions in impacting security perceptions of operators in
industrial control systems and highlighted the challenges posed
by smart CPS, notably their emergent design arising from
dynamic aggregation of a range of devices and services and the
focus on automation that aims to “hide” complexity models
from the users. Whilst usability is considered a key non-
functional requirement during software engineering and there is
a body of research on usable security, emergent design and
automation pose key challenges with regards to security
behaviors in smart CPS (Kohn et al.,2000).
Security measures are designed in five principles for security
ergonomics within smart CPS be developed collaboratively by
the software engineering, human factors and security
communities. Proactive security ergonomic design, not reactive
remedy. Design should encourage secure behaviors. By default,
secure non-erroneous user behaviors are encouraged and where
possible enforced, Non-alignment by default (Schneier, 2016).
As human error is inevitable, security ergonomic design should
prevent alignment of active error and latent failures. External
design validation. Standard software development practices
such as automated and unit testing can help with this validation
although care must be taken that these themselves are not
biased.
References:

8. S. Frey, A. Rashid, A. Zanutto, J. Busby and K. Follis, "On the
role of latent design conditions in cyber-physical systems
security", Proceedings of the 2nd International Workshop on
Software Engineering for Smart Cyber-Physical Systems, pp.
43-46, 2016.
L. T. Kohn, J. M. Corrigan, M. S. Donaldson et al., To err is
human: building a safer health system, National Academies
Press, vol. 6, 2000.
B. Schneier, Security economics of the internet of things, 2016,
[online] Available:
https://www.schneier.com/blog/archives/2016/10/security_econ
om_1.html.
Discussion 2)
Should organizations invest in physical security? Physical
security is essential in organizations since it protects the
company’s assets, information, people, buildings, facilities,
sites, and premises. Nevertheless, it’s worth investing in since it
is essential to safeguard the availability of resources, integrity,
and confidentiality (Moses & Rowe, 2016). Furthermore,
physical security facilitates comprehensive accountability and
security for the overall company. It also ensures that the

9. organization’s information is secure from natural calamity and
human misuses such as espionage, vandalism, and sabotage.
Technology, procedures, and people are integrated to design a
successful physical security system effectively. Hence, the
objectives, characteristics, evaluation, and analysis of the
system should be measured before design. Furthermore, the
models available for the design of physical security are
technical, administrative, and physical controls. Technical
controls major on access control, which entails various layers of
security (Lalonde, 2018). The measures that can be applied to
safeguard the organization include audit systems, intrusion
detection, and smart-cards. Moreover, the administrative
controls encompass measures to design and control physical
attacks based on on-site planning, location, and design of
business facilities. The countermeasures that can be applied
include facility planning methods employed to distinguish the
systematic relationship between applications and connections in
business.
Physical controls restrict access to the organization’s facilities,
which has numerous layers of protection of non-employees and
employees based on their access level. The countermeasures to
ensure physical controls include setting up a fence around the
facility, protect entry doors with card readers, and ensuring
employees use badge authorization to access the facility.
Moreover, CCTV surveillance is an effective method to provide
physical security outside and inside the business facility (Jason
& Gigliotti, 2017).

10. References
Jason, R., & Gigliotti, R. (2017). Approaches to Physical
Security. Research Gate, 67-84.
Lalonde, M. (2018). Combining Strengths: Cyber and Physical
Security Convergence. Research Gate.
Moses, S., & Rowe, D. (2016). Physical Security and
Cybersecurity: Reducing Risk by Enhancing Physical Security
Posture through Multi-Factor Authentication and other
Techniques. International Journal for Information Security
Research, 667-676.