Assignment:
200-word response 1 reference
The family educational rights and privacy act (FERPA) was passed in 1974 with the goal to ensure privacy protection of a student's educational records (Kiel & Knoblauch, 2010). Educational institutions are required by law to maintain the personal integrity and confidentiality of educational records. The Health Insurance Portability and Accountability Act passed in 2002 serves a similar function to FERPA, but pertains to protecting the privacy of patient health records. Ensuring compliance of these acts is of extreme importance as violations or misuse of records can lead to severe civil and legal repercussions. One role of security in many organizations is compliance assurance and protection of assets such as personal identifiable information. These acts ensure strong IT governance practices and information safeguarding while practicing transparency (Fay, 2010). Additional examples of legislation that place responsibility on security to safeguard information are the Sarbanes Oxley Act and Gramm-Leach-Bliley Act.
Training of security officers have certainly improved since the events of 9/11. The security industry experienced rapid growth as they tried to fill the roles that were now available for the counter-terrorism movement that was widespread across the United States. With the growing number of security needs, the standardization of security professionals that is seen today began to take shape. Training is essential in security programs because it ensures tactics and procedure can be understood by the security professional assigned to a post. A common method to achieve this is on-the-job training (OJT) in which a security guard can learn the intricacies of a post with the guidance of an experienced member (Fay, 2010). In addition, training on the legal ramifications of security reduces liability and risk of criminal negligence to civil disputes. Lastly, training can build confidence within a security team and prepare them for different circumstances that may arise.
There are many countermeasures that can be employed by security teams to mitigate electronic espionage. One method is physical intervention such as IT defenses like firewalls, automatic email screening and phishing detection, or locking usb ports to prevent theft of information via a usb. Other methods is through the use of security awareness training. Teaching employee's proper security measures regarding their pc's can prevent mishandling or theft.