Cybersecurity Laws and Regulations for SMS at University A

Verified

Added on 2022/10/18

AI Summary

This report, prepared for University A's project team, provides cybersecurity insights for the implementation of a new student management system (SMS). It meticulously reviews Australian laws, regulations, and policies, including the Privacy Act of 1988 and the Privacy and data protection act of 2014, which are crucial for data protection and privacy. The report outlines the university's obligations under these laws, emphasizing the importance of compliance and potential consequences of non-compliance. It details procedures and systems the university must adopt, such as IT hardware and software acquisition policies and IT security policies, to ensure full compliance. Furthermore, the report addresses key areas of concern, including student and staff surveys and benchmarking with other universities. The report underscores the importance of due diligence, risk reduction, achieving quality standards, and the impact of compliance on project funding and collaborations. The assignment emphasizes the need for a robust and secure SMS to meet the university's needs and comply with legal requirements.

Running head: Cyber security law enforcement 1
Cyber Security Law Enforcement
[Author Name(s), First M. Last, Omit Titles and Degrees]
[Institutional Affiliation(s)]
Author Note
[Include any grant/funding information and a complete correspondence address.]
Introduction

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Running head: Cyber security law enforcement 2
This report is compiled to guide the project execution team on the new student management
system for A university that is under the proposal. The document is met to provide cybersecurity
insights into the proposed system. This involves reviewing the various regulatory frameworks
that the project team must comply with in order for the project to be a success. This first section
of the document outlines the various laws, regulations, and policies in relation to cybersecurity,
data protection and privacy that the project team must keep in mind when choosing the best
solution for the student management system. The second section describes the roles and
obligations of the university with regard to these laws and regulations. This will entail a brief
reference to the obligation section of these laws and regulations. The third section describes the
importance of compliance to the regulation citing the consequence if there is noncompliance
with the regulations. The fourth section documents the various procedures and systems that the
university must do or seemed to be doing in order to fully comply with the regulations outlined
in this report. Last but not least, the report shall go further and provide any other relevant issues
that the project team must keep in mind when executing this project
Laws and regulations
This section documents the various laws, regulations, and policies that the university must
uphold while executing the project on the new student management system. These laws are both
national and some are international. The policies which are specific laws for the university are
also reviewed for any significance to the report. The key among them includes;
Privacy Act of 1988

Running head: Cyber security law enforcement 3
This Australian privacy act of 1988 provides the fundamental rights of the Australian population
in terms of how data about them should be handled. This personal information that is personally
identifiable information is taken seriously by the Australia government through this law. This
privacy law provides the obligations of various entities involved in data processing of Australia
citizens. This includes the principles under which this data must be collected, handled, stored,
used and the general requirement to ensure the data is only collected and used for the original
purpose for which it is collected (Krausz, 2009).
Privacy and data protection act of 2014
The Australian Privacy and protection act of 2014 provides the citizens and corporation at large
the rights and responsibilities of individuals with regard to the data processing done either
manually or electronically. This act adds onto the privacy act of 1988 by including the
procedures and regulations on how the organizations should use information technology to
properly manage the data of individuals by upholding their privacy and data protection
requirements in the law. This act has even included the outsourcing requirements where
Australia citizen data is to be processed in a foreign jurisdiction, the act has provided a
framework for the corporation to follow to ensure compliance with the law (Abawajy, 2014).

Running head: Cyber security law enforcement 4
Apart from the laws, the university has again set up its internal legal frameworks in terms of
policies that are critical for cybersecurity. The policies include the following
IT hardware and software acquisition policy
This policy by A university stipulates the framework under which software and hardware being
utilized by the university are to be acquired. This is very important for the team to comply with
to ensure the student management system is acquired using the general procedures and
guidelines stipulated in the policy (Goucher, 2016).
IT Security policy
The university IT security policy shall be a guiding star for the project team to ensure the
software to be developed or acquired meets the minimum requirements stipulated by the
university. This policy mitigates any risks that may be associated with the software project.
Obligations
The university has unique obligations under each law, regulation, and policy with regard to the
outlined laws above. The obligations specific to each law is as prescribed below
Privacy Act of 1988
In this law, the university has the obligation to protect the data collected from the entities such as
students and other staff members of the institution. In this act, the university as a public
institution is mandated to put in a procedure that ensures the data kept in the university servers
are not accessed by unauthorized parties and that it is used solely for the purposes which it was
collected (Scholefield and Shepherd, 2019).
Privacy and data protection act of 2014

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Running head: Cyber security law enforcement 5
In addition to the privacy act of 1988, where the university is given an obligation by the
Australian government to put in measures that ensure all the data collected by the university in
their normal operations about the users of the system is kept confidential. This means that the
university must put in measures to ensure that not only do they ensure systems and application
they use obey the privacy and data act but also put in mechanisms to ensure the offshore
software acquired by the university meets the standards stipulated by the act which include user
data is kept confidential while on storage or transit. Cloud computing ventures that the university
makes contracts with again according to the law are obligated to meet the standards of cloud
computing operations stipulated in the act (Rathod and Potdar, 2019)
IT hardware and software acquisition policy
In this policy, the university has an obligation to obtain software from known vendors who are
prequalified by the university procurement committee. Under this policy, the university is
obligated to make an effort to procure the best reasonable software from recognized vendors.
The policy requires the university to have service level agreements with the providers of the
software concerning the software to be purchased. It is vital for the university to set up a
committee for the software acquisition which shall be representing the university in the software
acquisition process. This committee comprising of technical persons shall ensure the software
being purchased meets the user requirements, government and university security laws and
policies respectively (Awad and Fairhurst, 2018)
IT Security policy

Running head: Cyber security law enforcement 6
The IT security policy is the main university regulation that the project team must be well vast
with. In this policy, the university has the obligation to conduct risk assessments regarding the
new student management system to be bought or developed. The risks assessment shall ensure
the software meets the thresholds required by the university for the software to perform normally
(Noluxolo Kortjan and Rossouw Von Solms, 2014)
Importance of obligations
Compliance to the set laws and regulation is important for the university as explained below,
First, through compliance, the university shall have done due care and due diligence in terms of
Requirments from the regulations. This makes the university not to be liable to legal and ethical
lawsuits as a result of noncompliance to the government and university policies.
Second, compliance makes the university reduce the risks of noncompliance such as the
acquisition of wrong software or development of software that breaches the set regulations and
laws. Such risks included but not limited to economic loss due to software acquired being barred
from use due to serious security and privacy rights violations (Mokha, 2017).
Third, compliance makes the university achieve the various quality standards and information
security standards offered by the standard organization such as the ISO standards. This standard
makes the university more attractive to local and international students.
Fourth, the project workforce is critical to observe this compliance requirement to enable them to
solicit for the fundings of the project. The financiers will most probably audit the project in terms
of its level of compliance with the set laws and regulations. If found to violate the said laws, the
project teams will face hurdles in convening stakeholders to make a budget for the new student
management system.

Running head: Cyber security law enforcement 7
Compliance to the set laws and procedure increases the university to make more collaborations
among other institutions or research organizations who wish to collaborate with the University of
academics among other things. Since the university shall be using software and applications that
meet the industry standards, it makes such collaborations to be effortless (Johnson, 2013).
Other areas of concern
Apart from the regulations and policies in the university and national which are information
security specific, the project team should consider ensuring the following important areas of the
new project are addressed,
First, the project team ought to conduct a survey among the students and staff who will be the
main beneficiary of the proposed student management system. This makes them give their ideas
onto what modules should be incorporated into the new system to ensure the workflow is not
interrupted. Such survey shall reveal in depth the key weakness of the current system hence
provide a solid case for user requirement for the proposed system (Bada, Sasse and Nurse, 2019).
Second, the task force needs to benchmark with another university who have implemented a
good student management system to transfer that knowledge to be used in the execution of the
project deliverables. This will reduce risk emanating from procurements, financial and scope.
The tasks force shall write a recommendation to project leads on the best alternatives for the
university student management system (Anderson, Baskerville and Kaul, 2017).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Running head: Cyber security law enforcement 8
References
Abawajy, J., 2014. User preference of cyber security awareness delivery methods. Behaviour &
Information Technology, 33(3), pp.236–248.
Anderson, C., Baskerville, R.L. and Kaul, M., 2017. Information Security Control Theory: Achieving a
Sustainable Reconciliation Between Sharing and Protecting the Privacy of Information. Journal of
Management Information Systems, 34(4), pp.1082–1112.
Awad, A.I. and Fairhurst, M.C., 2018. Information Security : Foundations, Technologies and
Applications. IET Security Series. London, United Kingdom: The Institution of Engineering and
Technology.
Bada, M., Sasse, A.M. and Nurse, J.R.C., 2019. Cyber Security Awareness Campaigns: Why do they fail
to change behaviour?
Goucher, W., 2016. Information Security Auditor : Careers in Information Security. BCS Guides to IT
Roles. Swindon: BCS, The Chartered Institute for IT.
Johnson, M., 2013. Cyber Crime, Security and Digital Intelligence. Farnham, Surrey: Routledge.
Krausz, M., 2009. Information Security Breaches : Avoidance and Treatment Based on ISO27001. Ely: IT
Governance Publishing.
Mokha, A.K., 2017. A Study on Awareness of Cyber Crime and Security. Research Journal of
Humanities and Social Sciences, (4), p.459.
Noluxolo Kortjan and Rossouw Von Solms, 2014. A conceptual framework for cyber security awareness
and education in SA. South African Computer Journal, (52).
Rathod, P. and Potdar, A.B., 2019. Study of Awareness of Cyber-Security among Medical Students.
Indian Journal of Forensic Medicine & Toxicology, (1), p.196.
Scholefield, S. and Shepherd, L.A., 2019. Gamification Techniques for Raising Cyber Security
Awareness.