Cybersecurity Risk Analysis: Contract Laws, TPRM, and Asset Protection

Verified

Added on 2023/04/08

AI Summary

This report provides an analysis of cybersecurity risks, focusing on the importance of contract laws, third-party risk management (TPRM), and asset protection. It examines the legal requirements for data disclosure, including HIPAA and GLBA, and the role of contracts in safeguarding sensitive information. The report explores emerging issues in contract laws, particularly concerning cloud security, and the role of TPRM in mitigating risks associated with third-party vendors. It also covers topics such as protecting against social and network attacks, security from exfiltration, asset retirement, and modifications of insurance contracts. The analysis emphasizes the need for proactive measures to protect IT infrastructure and prevent data breaches, highlighting the financial and reputational consequences of security failures.

Running head: RISK ANALYSIS UNDER CYBER-SECURITY
Risk analysis under cyber-security
Name of the student:
Name of the university:
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1RISK ANALYSIS UNDER CYBER-SECURITY
Understanding the aims of role of contract and information asset
Contract laws and role of third party risk management
1. Required disclosure and permitted by law with obtaining consent:
Different types of disclosures needed and to be permitted by law to retrieve consent are
demonstrated below.
Protecting business and customer information:
The first one is HIPAA or Health Insurance Portability and Accountability Act. It comprises
of various important provisions. They are abuse, Medicaid integrity fraud or program and abuse,
portability along with administrative simplification. It is further categorized into different rules of
standards. They are HITECH Enforcement rule, Unique Identifiers rule, TCS or Transactions and
code sets, security rules, and privacy rules. However, it not suitable for personal identification. This
is because it mainly deals with insurance portability, administrative simplification, protecting of
electronic records and security of health information.
Secondly there is GLB Act or GLBA or Gramm-Leach-Bliley Act. Apart from this it is also
referred to as Financial Modernization Act. This federal law needs economic institutions in
explaining how the business can secure and protect the private data of customers. However, it is
problematic with personal data. This is because it is applicable to the overall company. This is
irrespective of the fact that they are financial institutions receiving just data. Its rules of safeguard
needs the institutions to develop, deploy and maintain security to protect customer data. Apart from
this the act can limit the business through disclosing the nonpublic personal data to various third
parties who are nonaffiliated.

2RISK ANALYSIS UNDER CYBER-SECURITY
Protection from Social and network attack:
This happens as any cybercriminal utilizes the infrastructure, application and system
weakness. This is to infiltrate the network of business.
Security from exfiltration:
The exfiltration indicates the situation as any cybercriminal gets access to any computer. As
the hackers retrieves the information, tis attack is considered to be successful (Miller).
Asset retirement:
The organizations must retire the resources as this provides no future advantages to the
business. For this, fair market value and value of salvage must be obtained for the resource.
Modifications of insurance contracts:
This affects the balance sheet of the company. As the organizations have been using the
balance sheet for determining the overall financial value included by the operations of the company.
It is needed to investigate the reason why the insurance has been changed and what future and
present implications can take place.
2. Emerging issues with contract laws and concerns with cloud security:
The legal issues stay on the foremost place on the list. This occurs as the hurdles and troubles
under contractual management are considered. Here, the contractors must be knowing what laws are
applicable in the nation where the present project is held. There are also various issues regarding

3RISK ANALYSIS UNDER CYBER-SECURITY
what legal formalities are needed to carry out the functions and operations of the project (Zhao et
al.).
It is understood that the contracts for solutions of private cloud and system resellers and
integrators have permitted more opportunities to negotiate than the contracts with the providers of
private cloud. Regarding due diligence, as there are constraints on the capability in negotiating with
the terms of cloud providers, it is crucial to conduct the proper due diligence over the provider.
Further, data privacy has been staying at the center stage. This is important to analyze the liability
for obligations of data privacy allocated between the business and provider (Turner). This also
includes who is liable for data security. Further, the commitments of performances are complicated
to seek. They should be assured that the business is comfortable with the commitment of service
level performance as provided by the provider of clouds. Lastly, it must be seen that the regulators
are noticing.
3. Role of TPRM or Third Party Risk management:
The TPRM can maximize benefits gained from various products, services and relationships
with simultaneous minimizing of related risks. It is seen that as the complexity, scope and scale of
the relationship rises, the relevant risks and significance of smart vendor management must rose
proportionately. Apart from this, the conventional core processing of banks and services of
information technology, operational activities of outsourcing of banks must include various elements
(Turner). The rise in the use of outsourcing third-party vendors and the significance of the
relationships between banks and the vendors have intensified the necessity of the organizations. This
is to possess a largely efficient vendor of third-party programs of risk management in place.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4RISK ANALYSIS UNDER CYBER-SECURITY
4. Reference:
Miller, Lauren. "Cybersecurity Insurance: Incentive Alignment Solution to Weak Corporate Data
Protection." Available at SSRN 3113771 (2018).
Turner, J. Rodney. Contracting for project management. Routledge, 2017.
Turner, Rodney. "Farsighted project contract management." Contracting for Project Management.
Routledge, 2017. 33-57.
Zhao, Xuesong, Jieyi Pan, and Yongtao Song. "Dependence on Supplier, Supplier Trust and Green
Supplier Integration: The Moderating Role of Contract Management Difficulty." Sustainability 10.5
(2018): 1673.