Words: 1112
Abstract The purpose of this paper is to create a policy that will ensure Firkin’s compliance with governmental regulations concerning cyber security as well for the protection of the company and its customers. Introduction Firkin is a “corporation which develops, produces, and markets specialized Jackets used in waste disposal and other safety-related applications” (COMIC, 4). Like most modern companies, Firkin utilizes technology for increased efficiency in production, networking among employees, and to store and maintain important data.
For example, databases contain employee and customer information as well as sensitive information about the research concerning Firkin’s new glove designs and coatings. It is of extreme importance that Firkin be able to keep sensitive information confidential to prevent loss of financial interest through lawsuits or loss of profit. If Firkin fails to keep certain information confidential the loss of employee and customer confidence in the company and the potential loss of technological edge over competition can be extremely damaging and difficult to recover from.
There are a large number of modern threats to the cyber infrastructure of any company and the number of threats is ever increasing. Recent cases of hacking show how common cyber attacks have become and why it is important to take steps to prevent Firkin from being a victim of such attacks. Epsilon, “the largest email marketing service company in the world” fell victim to an attack in early March of 2011 (“Email marketing firm”), and Sony was dealt a huge blow the very next month when about 70 million of their customer’s credit information was compromised (“70 Million Palpitations”).
Lastly, in June of 2011 Google announced that Chinese hackers had compromised the Gamma accounts of U. S. Politicians using an attack called Spear Pushing (“Google Announced”). These major attacks happened within the span of a few months and there continues to be cases of attacks like the ones listed above. There are very serious repercussions for a company when they are attacked in such a manner as Sony. For example, Palpitations users in New York filed suit against the Sony claiming negligence (Management, 2011).
In order for Firkin to protect its self against these and other attacks, there must be a sound cyber security policy in place in order to ensure that the company is actively protecting its own interests in all the accessory areas. In order to have a complete cyber security policy, Firkin must take into account two major issues: compliance with federal laws and regulations and protection of the company’s interests against cyber threats (Firkin’s cyber security policy will focus heavily on the human aspects of cyber threats).
The U. S. Government has enacted several laws that companies must enforce in order to better ensure the security of their own company as well as the security of its customers which are likely to be U. S. Citizens. So it is in the best interest of Firkin to ensure that such laws are enforced to increase the security of the company and to decrease Firkin’s liability as well as avoid potential fines. Secondly, it is important for the cyber security policy to and provide practical solutions to each human vulnerability or threat.
It is of first importance to protect Firkin and its employees and customers but that protection should not stifle Firkin from being able to conduct normal business. In the end, the aim will be to create a cyber security policy for Firkin which addresses all the necessary issues and retains a balance of sufficient security without over restricting the business. Federal Compliance Laws Regulatory compliance is an important part of business no matter how large or small, ensuring that employees take all steps required to follow laws and regulations is vital.
Violating one regulation, however small it may seem, can result in fines and other repercussions. Regulatory compliance covers a wide range of rules. Numerous government legislation acts exists that provide the regulations that all companies must abide by. It is important that compliance standards are met, as it will serve to protect employee and customer personal information from access by unauthorized parties. Failure to comply can lead to fines, imprisonment, or both.
Federal Information Security Act (FISCAL) is a legislation signed into law as part of the Electronic Government Reform ACT of 2002. FISCAL describes broad context to protect sensitive information from man-made and natural threats. FISCAL makes permanent of the information security management responsibilities introduced and delegates assignments to several agencies ensuring that all data is secure. The act requires that agency officials keep risks low or at satisfactory levels.
The National Institute of Standards and Technology (NIST) defines the actions toward fulfillment tit FISCAL: Risk Assessments Security Awareness Training Policies and Procedures Security Plans Contingency Plans Incident Response Procedures Remediation Procedures Annual Security Testing Since its establishment, Federal information systems and databases have been integrated into non-federal agencies, including law enforcement, and businesses (“Detailed overview,” 2010). The Health Insurance Portability and Accountability Act (HAIFA), provides regulation for the use and release of an individual’s medical information.
The goal is to guarantee that an individuals’ healthcare information is secure and still permitting he flow of healthcare information that is necessary to protect the publics welfare and boost the quality of healthcare. HIPPO finds a compromised that allows important use of the information, while protecting the privacy of those who seek medical care. (“Summary of the,”) World scandals. The Serbians-Cooley Act is organized into eleven titles and protects from errors in accounting to fraudulent practices.
IT and financial departments are affected due IT departments the daunting task of having to produce and preserve a archive of corporate files in a way that is lucrative and that complies tit the requirements set forth by the legislation. The Serbians-Cooley Act states that all records can only be saved for five years. SOX allow enough information about transactions that would allow one to identify where misstatements due to fraud or human error could occur. There is information and controls set forth to detect or prevent fraud (“What is sox,” 2010).
The Electronic Communications Privacy Act (CPA) prohibits a third party from disclosing or diverting communications without proper authorization. The law was enacted in 1986 covering a wide area of electronic communications. Electronic immunization meaner the transfer of “writings, images, sounds, and signals intelligence transmitted by any communication system that affects interstate or foreign commerce. ” CPA forbids the unauthorized access and particular release of communication content. The Act protects communications in transit as well as in storage (“Federal Statues,” 2012).