In the day-to-day operations of information security, security professionals often focus the majority of their time dealing with employee access issues, implementing security methods and measures, and other day-to-day tasks. They often neglect legal issues that affect information security. As a result, organizations often violate security-related regulations and often have to pay heavy fines for their non-compliance. Thus, as a Chief Information Officer in a government agency, you realize the need to educate for senior leadership on some of the primary regulatory requirements, and you realize the need to ensure that the employees in the agency are aware of these regulatory requirements as well.
1. Write at least five (5) page paper in which you: a. Provide an overview that will be delivered to senior management of regulatory requirements the agency needs to be aware of, including: i. FISMA ii. Sarbanes-Oxley Act iii. Gramm-Leach-Bliley Act iv. PCI DSS v. HIPAA vi. Intellectual Property Law b. Describe the security methods and controls that need to be implemented in order to ensure compliance with these standards and regulatory requirements. c. Describe the guidance provided by the Department of Health and Human Services, the National Institute of Standards and Technology (NIST), and other agencies for ensuring compliance with these standards and regulatory requirements.