Authentication, Authorization, and Access Control
Organization is the Maryland health dept., social psychology report and the security breach that occurred and the steps in word document Step 5: Compose a Privacy Awareness Report (2 Pages)
Following the report on the impact of social psychology on cybersecurity, you will compose a report on privacy awareness and the implications on cybersecurity policy to further prepare for the discussion with your peers. This report will be used to formulate recommendations later in the project and be included as an appendix to the final presentation in the last step of this project.
In this report, complete the following:
Define ECPA (Electronic Communications Privacy Act) and explain how it affects cybersecurity today. Give an example of how it might come into play at your organization. Suggest how policy at your organization could support ECPA compliance.
Define FISA (Foreign Intelligence Surveillance Act) and explain how it affects cybersecurity today. Give an example of how it might come into play at your organization. Suggest how policy at your organization could support FISA compliance.
Identify any other privacy law that may affect your assigned organization. Give a brief summary of what the law does, how it affects your organization, and how policy could support compliance.
Step 6: Compile an Anonymity Report (2 pages)
To go along with the reports on the impact of social psychology on cybersecurity and the impact of privacy awareness on cybersecurity policy, you will now report on the implication anonymity has on cybersecurity by giving a brief one-paragraph summary on each of the items within the bulleted list below.
Each summary should include a definition, and explanation of how the term relates to the organization, and an explanation of how you will integrate it into the policy recommendations. This report will be used to formulate recommendations in Step 10 and be included as an appendix to the final presentation in Step 12. Review introduction to the internet, a closer look at the World Wide Web, web markup languages, and web and internet services for basic information.
pseudonymity
IP spoofing (IP spoofing and packet sniffing at the network layer)
email protocols
web filters
types of encryption
remailers
Step 10: Formulate Recommendations (No page, just reference for next step)
From the information that you have gathered throughout this project, formulate a recommendation for authentication, authorization, and access control. If you determine that your organization needs no changes in these areas, explain your position and what leadership (and you, as CISO) will continue to monitor to ensure that security standards are commensurate with expectations.
Make sure to consider the needs of restricting data from department to department as appropriate, protecting the organization’s HR data from outside and inside threats in general and allowing for employees to access the data they need while offsite. Also consider the human aspects of cybersecurity from the previous steps. Include a recommendation for an ongoing risk management strategy. You will include your recommendations in your Implementation Guidance Presentation in the last step.
The recommendation must meet the following criteria:
coincide with IT vision, mission, and goals
align with business strategy
incorporate all internal and external business functions
Create the organizational structure to operate the recommendation and align with the entities as a whole
In the next step, you will take your recommendations and use them to create a job aid for HR managers regarding authentication, authorization, and access control so they can spread the information to the various departments.