MGT670-International Human Resource Studies

⭳   70 Download     📄   4 Pages / 828 Words

Using the identified risk as the basis for your assignment, complete the following requirements.

Part 1

Write a 500-word summary that addresses the following:

Explain the regulatory compliance and security controls that should be adhered to in order to address the risk.
Explain why adherence to regulatory compliance measures and security controls is essential from the customer perspective and the business perspective. Provide specific examples to illustrate your ideas.

Part 2

Create a data flow diagram to illustrate how systems will interact with the customer and how the data are passed through the system(s), including how the data will reside in the system of record. Explain the data flow diagram in regard to the key controls in place to address protection of personal identifiable information (PPII).

Part 3

Complete the "Security Controls Mapping Template" using the FMEA from the Topic 4 assignment. Reference appropriate regulatory compliance information (i.e., HIPAA, PCI, SOX) and security control frameworks (i.e., NIST, CIS, COBIT) when completing the template.

General Requirements

Submit the summary, data flow diagram, and "Security Controls Mapping Template" documents.

Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.

Answer:

Part 1

• Basic process: 1. Identify the risk

2. Analyze the risk
3. Plan
4. Execute
5. Control.

• Tools: PFMEA ( process failure mode effect analysis) or others
• Communication channel which would be supporting the risk management (Lolli te la., 2015.

• The failure identification should be done deductively
• Allow the potential failure of the process to be seen in a detailed manner.
• It should directly represent the behavior of the process
• It should directly enable the qualitative or quantitative analysis of the process which are involved into the process.
• The methods which are related to the identification of the parts of the process which are related to the risk and can extract the concept of specific failure.

The aspect of adherence to the regulatory compliance measures and the security control is essential due to the factor that no third party can indulge into any type of operation. In most of the cases it can be stated that the data of the user or the customer can be considered one of the most important assists which if accessed by any third party it can a big loss from the point of view of the customer as well as the business prospective.

Example 1: The data of the user should be kept secured so that to prevent unauthorized user from getting access to the data.

Part 2 - DFD

Part 3: Security Controls Mapping Template

References

Mandal, S., & Maiti, J. (2014). Risk analysis using FMEA: Fuzzy similarity value and possibility theory based approach. Expert Systems with Applications, 41(7), 3527-3537.

Schmittner, C., Gruber, T., Puschner, P., & Schoitsch, E. (2014, September). Security application of failure mode and effect analysis (FMEA). In International Conference on Computer Safety, Reliability, and Security (pp. 310-325). Springer, Cham.