Develop a plan to deploy public key infrastructure (PKI) and encryption solutions to protect data and
information.
Assignment Requirements
In this assignment, you play the role of chief information technology (IT) security officer for the Quality Medical
Company (QMC). QMC is a publically traded company operating in the pharmaceutical industry.
QMC is expanding its arena of work through an increase in the number of clients and products. The senior
management of the company is highly concerned about complying with the multitude of legislative and
regulatory laws and issues in place. The company has an internal compliance and risk management team to
take care of all the compliance-related issues. The company needs to make important decisions about the bulk
of resources they will need to meet the voluminous compliance requirements arising from the multidimensional
challenge of expansion.
QMC will be required to conform to the following compliance issues:
Public-company regulations, such as the Sarbanes-Oxley (SOX) Act
Regulations affecting financial companies, companies that make loans and charge interest, such as the U.S.
Securities and Exchange Commission (SEC) rules and Gramm-Leach-Bliley Act (GLBA)
Regulations affecting health care privacy information, such as Health Insurance Portability and Accountability
Act (HIPAA)
Intellectual Property Law that is important for information asset protection particularly for organizations in the
pharmaceutical and technology industry
Regulations affecting the privacy of information, including personal identification information, such as
personally identifiable information (PII) regularly collected from employees, customers, and end users
Corporate governance policies including disclosures to the board of directors and the auditors and the policies
related to human resources, governance, harassment, code of conduct, and ethics