CIS 438 Security Regulation Compliance Term Paper

Strayer CIS 438 Information Security Legal Issues, Term Paper: Security Regulation Compliance
Due Week 10, Two Parts: Paper, 17 pages, 3701 words. PowerPoint Presentation, 15 slides.
In the day-to-day operations of information security, security professionals often focus the majority of their time dealing with employee access issues, implementing security methods and measures, and other day-to-day tasks. They often neglect legal issues that affect information security. As a result, organizations often violate security-related regulations and often have to pay heavy fines for their non-compliance. Thus, as a Chief Information Officer in a government agency, you realize the need to educate for senior leadership on some of the primary regulatory requirements, and you realize the need to ensure that the employees in the agency are aware of these regulatory requirements as well.
Section 1: Written Paper
1. Write a six to eight (6-8) page paper in which you:
a. Provide an overview that will be delivered to senior management of regulatory requirements the agency needs to be aware of, including:
i. FISMA
ii. Sarbanes-Oxley Act
iii. Gramm-Leach-Bliley Act
iv. PCI DSS
v. HIPAA
vi. Intellectual Property Law
b. Describe the security methods and controls that need to be implemented in order to ensure compliance with these standards and regulatory requirements.
c. Describe the guidance provided by the Department of Health and Human Services, the National Institute of Standards and Technology (NIST), and other agencies for ensuring compliance with these standards and regulatory requirements.
d. Use at least five (5) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your written paper must follow these formatting requirements:
 Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; references must follow APA or school-specific format. Check with your professor for any additional instructions.
 Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required page length.
CIS438_Week_10_Term_Paper_Presentation-sm
Section 2: PowerPoint Presentation
2. Create an eight to ten (8-10) slide security awareness PowerPoint presentation that will be presented to the agency’s employees, in which you:
a. Include an overview of regulatory requirements and employee responsibilities, covering:
i. FISMA
ii. Sarbanes-Oxley Act
iii. Gramm-Leach-Bliley Act
iv. PCI DSS
v. HIPAA
vi. Intellectual Property Law

Download Now
(sent via email)

Discussion one:

The computer forensics investigative process includes five steps: Identification,
Preservation, Collection, Examination, and Presentation.
Describe the most important aspect of each step.

1. Identification: Identify the type of incident being investigated, this defines
the scope of the analysis. Like any other investigation, computer forensics must
manage the area as a crime scene. He or she will take digital photographs and
documentazy evidence safe. This includes printouts, notes and records in the
scene.
2. Preservation: make sure no one tampers with the evidence, electronically
stored data can easily be destroyed or lost if the electronic device in question is
not preserved properly.
3. Collection: All devices, cables, peripheral devices must be collected, protected
(bagged) and identified (tagged) and transported securely for further
examination. Some devices need to stay powered on to preserve the data, steps
need to be taken to ensure additional adds, changes or deletes do not occur on
the device collected. Chain of custody has to be preserved.
4. Examination: Create duplicate images of the electronic media, verification
against original storage media, prove the duplicate image accurately represents
the original media. An third party reviewer must be able to follow the exact
steps the examiner followed and come up with the exact same results.
s. Presentation: Based on the results of the analysis process, conclusions can be
determined, about the actions that are needed to correct, remediate or report
the results of the investigation. The presentation process includes the potential
for sharing results with legal authorities and testifying in court
Decide which step you believe is most challenging as a whole, and describe
why.
Examination: Individuals may attempt to hide data that contain incriminating
information they do not want others to find. One method that is commonly used
to hide data is to rename a file of a particular type to another, thus changing the
extension of a file. For example, an individual may store child pornography
pictures on a computer, but to keep others from finding them, may change the
.jpg extension to .xls for Microsoft Excel Renaming the file makes it nearly
impossible for someone to search through and determine the correct file type.
Describe the importance of forensics examinations in legal proceedings and
what investigators can do during each step to avoid potential problems during
legal proceedings.

The science of computer forensics is meticulous and requires tremendous
amounts of patience and dedication. Specialists must be extremely careful to
preserve the original file or device, because that is all with which they have to
work. Therefore, it is extremely important to first create exact images of the
information and work with that information on a different type of media.
Specialists work hard to find vital information and gather enough evidence for
prosecution or disciplinary action.
Ensure that no forensics evidence is damaged, destroyed, or otherwise
compromised by the procedures used during the investigation; never work on
the original evidence; establish and maintain a continuing chain of custody; and
document everything. These rules are especially important because they help
ensure that the data will be gathered in a structured manner, even though there
is not currently a solid set of standards. Currently, the US National Institute of
Standards and Technology (NIST) creates the various standards for the
technology industry in the US. More standards need to be adopted for this field
to make the gathered evidence and the compiled information used in court
more credible in the eyes of the judge, jury and opposing attorneys.

Discussion Two:

From the e-Activity, describe the capabilities and functions of the computer
forensics tool you downloaded and explain where the tool is most beneficial in
the investigation process.

Encase Forensic
1.Acquire and examine data swiftly from the widest array of computers,
smartphones, and tablets of any digital forensics software solution
2.Increase confidence in your findings by using the proven, court-referenced
digital forensics standard
3.Uncover more potential evidence faster using advanced search capabilities
4.Boost productivity by previewing results as data is being acquired. Once
image files are created, you can search and analyze multiple drives or media
simultaneously
s.Improve efficiency by automating common investigative tasks with
EnScript@, the scripting solution build into EnCase Forensic
6.Preserve evidence integrity with court-accepted EnCase® evidence file
formats (Lot, Lxot, Eat, and Exot)
In my opinion the most Encase tool is most beneficial in the examination
phase. EnCASE Forensics is one of the top tools used for forensic analysis, as
the tools have already been authenticated by experts in many court cases.
Describe the considerations that organizations and investigators must take into
account when determining the appropriate tools to use, while knowing that the
tool will be used to support legal proceedings.

Many examiners use a variety of tools and it is important that the reviewer
understands their genesis and purpose. The tools a forensic examiner uses
should be explicitly stated in the report to assist the reviewer in understanding
potential issues surrounding the conclusions the forensic tool is being used to
support.
The Daubert factors aid in the gatekeeping analysis for digital forensic expert
testimony in certain situations. To the extent that forensic science methods
have been tested in similar factual circumstances, and that those methods have
been subjected to peer-review, and/or have a known error rate, it seems
appropriate that the court take these factors into account when such methods
are presented as expert evidence. As digital forensic science advances,
information about methodology should become available as common
techniques mature. General acceptance of a technique may be relevant in the
types of cases that arise again and again, such as spoliation of evidence cases
requiring file recovery or forensic comparison. Nonetheless, cases involving the
expert testimony of computer scientists are rife with unique factual situations
that may require an innovative approach by the expert. Consequently, it is
critical that the bench and the bar determine whether the facts of a case are
such that a traditional technique can be applied before determining whether a
Daubert analysis is necessary.