Computer Information System

Verified

Added on 2023/04/06

AI Summary

This document discusses various aspects of computer information systems and cybersecurity. It covers topics such as executive orders for cyber security, the NIST FISMA Cybersecurity Framework, HIPPA, SOX, PCI-DSS, GGP 13, U.S. State Laws, the cyber security framework, the cost of non-compliance, and items to be reviewed during a cybersecurity compliance audit.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: COMPUTER INFORMATION SYSTEM
COMPUTER INFORMATION SYSTEM
Name of student
Name of University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1COMPUTER INFORMATION SYSTEM
Executive order state within the context of cyber security:
The executive order state within the context of cyber security is the order passed by the
US president for cyber practices to protect the infrastructure from cyber security threats (Min,
Chai & Han,2015). The executive order passed takes off more than reviews than setting up any
particular policies in motion. It is the policy of US government to set up secure federal network
to have secure critical infrastructure in hospital, powerplants any in other important sectors.
NIST FISMA Cybersecurity Framework and its Performance:
The National Economic Security of United Stattes depends on the reliable functioning of
the critical infrastructure and as cyber security threats that have become more prevalent in the
recent years, the nation’s economy is on the verge of risk. To address this threats the president
issed the executive order based on the NIST FISMA cyber security framework. The NIST
FISMA Cybersecurity Frame work evolved as a collection of standards with best practices and
endorsements that help in improving the cybersecurity of any organisation.
HIPPA:
The Health Insurance Portability and Accountability Act of 1996 or HIPPA is the
legislation under the United States that provides a set of security and privacy standards in order
to protect an individual’s medical record which is provided to the health care providers (Vittor,
Sukumara & Sudarsan, 2017). The action for HIPPA violation can reach up to many extremes.
The rules regarding its security and privacy are enforced by the department of Health and Human
Services.
SOX:
SOX or Sabanes-Oxley Act of 2002 passed under the legislation by the Congress
of United States, controls the assurance and accuracy of the reports related to finance and

2COMPUTER INFORMATION SYSTEM
discloses and mandates the audits depending on the control. On failing the SOX compliance
penalties and fines may be applied which can rise to about $5million and may also cause to 20
years of jail.
PCI-DSS: PCI-DSS also known as Payment Card Industry Data Security Standard is the
standard meant to follow by almost all organizations including retailers who retail via online
method (Sukumara, Sudarsan, Starck, 2017). The standard is categorized to follow while
processing, storing and transferring credentials of customers using their credit cards. The
application of the PCI-DSS standard improves the way of payment with advanced security
throughout the process of transaction (Best practices for Cybersecurity, 2018). The Payment
Card Industry Security Standard Council maintains the PCI-DSS standard. In this case the
compliance is enforced by the credit card owner and the brands related to the payment card.
GGP 13
GGP 13 can be describes as asset of 12 controls that is usually recommended by the
United Kingdom government. It consists of various technologies and processes. This aims in
improving the company risk management and it responses in information security attacks (Vittor,
Sukumara & Sudarsan, 2017). There are certain standards for GGP 13 and this provides various
guidelines for the risk management.
U.S. State Laws
The state cyber security laws along with proposed legislation aim in resolving
notifications regarding security breaches. Cyber security is maintained for the purpose
maintaining the critical infrastructure, practices of data disposal, identity theft and some similar
practices. Several state laws attempt in coding various aspects of FISMA.

3COMPUTER INFORMATION SYSTEM
Cyber security framework
The cyber security framework is a specific voluntary guidance on the basis of several
existing guidelines as well as practices for various organizations. This framework aims in
managing as well as reducing cyber security in a better way (Sukumara, Sudarsan, Starck, 2017).
This framework is developed with the help of coordinated effort among various businesses and
government, this framework comprises of numerous measures, practices and rules that can be
utilized in order to showcase the safety of respective foundations. The framework has an
organized, repeatable, adaptable and effective approach which helps the house proprietors as
well as administrators of numerous critical foundations to oversee hazards related to cyber
security (Best practices for Cybersecurity, 2018). The main objectives of cyber security include
describing the current security posture of the respective organization, reducing communication
risk that exists within an organization, assessing progress towards the targeted posture,
maintaining continuous improvement in the organization and describing target security posture.
Cybersecurity framework are subdivided into various parts, the subparts include PCI DSS, ISO
27001/27002, Critical Security Controls (CIS) and NIST Framework.
Cost of Non-Compliance
Effect of non-compliance or the aspect of not following various standards can result in
incurring a certain amount of cost. The costs might include shutting down permanently or
temporarily in the scenario of cyber attack. The companies must go through various the recent
security breaches faced by companies like Equifax, this would help the organizations to know
how they can halt their daily operations, pay high remediation costs and lose revenue. Some
examples of other company standards include HIPAA security and privacy (Vittor, Sukumara &

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4COMPUTER INFORMATION SYSTEM
Sudarsan, 2017). The violation of HIPAA by various healthcare provisions can result in fine of
around $250,000; violations of similar standard can be up to $25,000
Items to be reviewed during cybersecurity compliance audit
Agencies usually supply a certain template for carrying out the audit, for numerous c
companies the compliance requirements from the non-FISMA standards as well as regulations
might be included that re relevant to their framework. The FISMA standards according to NIST
include FIPS 199, FIPS 200, SP 800-18, SP 800-30, SP 800-37, SP 800-39, SP 800-47, SP- 800-
53 and some more.

5COMPUTER INFORMATION SYSTEM
References
Best practices for Cybersecurity (2018). Compliance Audits. Retrieved from
https://www.blackstratus.com/best-practices-cybersecurity-compliance-audits/
Crişan, A. R., &Fülöp, M. T. (2014). The role of the audit committee in corporate governance–
case study for a sample of companies listed on BSE and the London stock exchange-
FTSE 100. Procedia Economics and Finance, 15, 1033-1041.
DSS, P. (2016). Payment Card Industry Data Security Standards. International Information
Security standard.
Min, K. S., Chai, S. W., & Han, M. (2015). An international comparative study on cyber security
strategy. International Journal of Security and Its Applications, 9(2), 13-20.
Sukumara, T., Sudarsan, S. D., Starck, J., & Vittor, T. R. (2017). Cyber security–security
strategy for distribution management system and security architecture
considerations. CIRED-Open Access Proceedings Journal, 2017(1), 2653-2656.
Vittor, T. R., Sukumara, T., Sudarsan, S. D., & Starck, J. (2017, April). Cyber security-security
strategy for distribution management system and security architecture considerations.
In 2017 70th Annual Conference for Protective Relay Engineers (CPRE) (pp. 1-6). IEEE.

1 out of 6

Computer Information System

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Related Documents

Relationship between NIST and FISMA

CYBER SECURITY.

The Relation Between FISMA and NIST

Security Risk Analysis

How Department of Homeland Security Should Handle Cyber Threats to Protect the National Infrastructure

Computer Security: Protecting Systems and Information

+13062052269

info@desklib.com