CYB 260 PROJECT 2 ANTHONY VELOTTI
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
260
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
3
Uploaded by avelotti1592
Anthony Velotti
CYB 260 Legal and Human Factors
6-3 Project 2 Legal and Ethical Brief
SNHU
The partnership between Fit-vantage and Helios Health Insurance is now in place.
Before the release of the new Flame Watch I have been tasked to review the service level
agreement completed by Helios and address three critical CIS controls and how they will be
implemented. The three CIS controls that will be focused on are Control 4, which focuses on the
controlled use of administrative privileges, Control 14, controlled access based on the need to
know, and Control 17, section 6 which involves training the staff on identifying social
engineering attacks. I will address each Control by providing a clear explanation of the control
and how Fit-vantage will be implementing these controls in order to protect the network from
data breaches and other forms of attacks involving the PII of our new customers.
Data privacy is a key element in ensuring the success of our partnership. Helios will be
actively gaining PII information from all our customers. The sensitive information will contain
birthdays, social security numbers, addresses and other personal information that needs to be
protected. The company needs to ensure we follow HIPPA and all guidelines in protecting our
customers sensitive information. When a data breach occurs, it can affect a company and have a
major impact on its success. One way a data breach can occur is lack of concern with
administrative privileges. A key element will ensure the proper employees have administrative
access. It is also important we have employees update and change passwords every 90 days
which will help prevent password cracking. Multi-factor authentication will be used for all
employees to access the network which will add another layer of protection.
The next focus needs to be on how we secure the data. As this data contains sensitive
information encryption will help keep the data safe. In order for a customer to log in to their
account we will require users to have a password and an additional verification sent to their
email or phone which will verify the user and allow access. With encryption and multi-factor
authorization the data will be secure and add additional layers of protection from possible data
breaches. CIS Control 14 focuses on the security of data, encrypting sensitive information while
in transit or at rest. It will be important to create a log which will list all employees and times
that sensitive data was accessed or changed. Securing this data will be a key point in the success
of this partnership.
The company’s ethical mindset needs to be fair to all parties involved. In order for us as a
company to feel confident we need to have training for all employees. The training will focus on
employees being able to identify social engineering attacks. The training will occur once a year
which all employees will need to complete. New employees will need to complete the training
before receiving their initial assignment. The training will help with the protection of the
sensitive information as employees will be aware what to look out for and not to open emails or
files with links from unknown sources.
In the conclusion of this brief the company needs to ensure data remains private, secure
and the ethics of this company remains intact. We need to comply with HIPPA laws and train all
employees on all social engineering attacks. Implementing these changes will provide our
customers with peace of mind in regards to their personal information being stored on our
network.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help