Tft2 Task 1 - 891 Words

TFT2 Task 1 Western Governors University TFT2 Task 1 Introduction: Due to policy changes, personnel changes, systems changes, and audits it is often necessary to review and revise information security policies. Information security professionals are responsible for ensuring that policies are in line with current industry standards. Task: A. Develop new policy statements with two modifications for each of the following sections of the attached â€Å"Heart-Healthy Insurance Information Security Policy†: 1. New Users 2. Password Requirements B. Justify each of your modifications in parts A1 and A2 based on specific current industry standards that are applicable to the case study. C. When you use sources, include all†¦show more content†¦The new user policy section has been modified to require manager approval and validation of the user’s access request based upon the user’s role. Previously the policy only required manager approval for user’s requiring administrator privileges. In accordance with Health Insurance Portability and Accountability Act (HIPAA) standards on access controls, users will have the minimum access required to perform the functions of their job in order to protect against unnecessary access to electronic protected health information (ePHI). The new user policy has also been modified to include security and awareness training requirements. HIPAA includes addressable administrative standards for security and awareness training of all members of the workforce to include periodic security reminders, protection from malware, log-in monitoring and password management (HHS, 2007). The password policy has been modified to increase length and complexity requirements from eight character passwords made up of only upper and lowercase characters to twelve character passwords including numbers and special characters. Even complex eight character passwords can be cracked using modern tools (Murphy, 2015). To most effectively protect and safeguard data as required by HIPAA, the Gramm–Leach–Bliley Act (GLBA) and the Payment Card Industry Data Security Standard (PCI DSS), passwords must be long.Show MoreRelatedTft2 Task 11519 Words   |  7 PagesUpdated Heart Healthy Information Security Policy Due to personnel, policy and system changes, and audits, Heart Healthy has voluntarily updated their information security policy to be in-line with the current information security laws and regulations. Currently Heart-Healthy Insurance, a large insurance company, plans to review and provide recommendations for an updated information security policy in the area ‘s of: Current New Users Policy The current new user section of the policy states:   Read MoreTft2 Task 1627 Words   |  3 Pagessign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator level access.† The following changes are based upon the PCI-DSS Compliace: 1. Usage policies must be developed for critical technologies and defined for proper use of these technologies (PCI DSS 12.3). With this first policy an organization with prohibit or allow the usage of equipment and/or accounts depending on the individual’sRead MoreEssay about Tft2 - Heart Healthy Task 11524 Words   |  7 Pagespolicy to be in-line with the current information security laws and regulations. Currently Heart-Healthy Insurance, a large insurance company, plans to review and provide recommendations for an updated information security policy in the area ‘s of: 1. Current New Users Policy – The current new user section of the policy states: â€Å"New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need accessRead MoreTft2 Task3 Essay1348 Words   |  6 PagesTFT2 Task 2 Thomas Garner Student ID: 336227 Information Security Modification Recommendations Service Level Agreement Between Finman Account Management, LLC, Datanal Inc., and Minertek, Inc. After careful review of the current Service Level Agreement(SLA) â€Å"A Service Level Agreement for Provvision of Specified IT Services Between Finman Account Management, LLC, Datanal, Inc., and Minertek, Inc.† we have determined that standard Information Technology security measures have not beenRead MoreTft2 Task 41387 Words   |  6 PagesTFT2 Task 4 As the chief information security officer for VL Bank, we were notified by several of our commercial customers of unauthorized wire transfers in an amount greater than $290,000. This is very concerning since we take pride in our information security. As soon as we were notified of the fraudulent transactions my security team, along with the network engineers, performed a thorough investigation of how such attack had occurred. Once we were able to view all logs and audit data it cameRead MoreTft2 Task 44005 Words   |  17 PagesTFT2 Cyber Law Task 4 Jordan Dombrowski Western Governors University Situation Report It has come to my attention from the security analysts of VL Bank and victims that commercial customers of VL Bank have been involved in identity theft and fraud. Multiple user accounts were created without authorization claiming the identity of our customers. These fake accounts were used to make twenty-nine transfers of $10,000 each, equaling $290,000. The bank transfers were being sent to several U.S