Assignment 1

Case Study 1: HIPAA, CIA, and Safeguards

This assignment consists of two sections: a written paper and a PowerPoint presentation. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for.

Health Information Technology (HIT) is a growing field within health services organizations today; additionally, health information security is a major concern among health organizations, as they are required to maintain the security and privacy of health information. The Department of Health and Human Services (HHS) provides extensive information about the Health Insurance Portability and Accountability Act (HIPAA). Visit the HHS Website, at www.hhs.gov/ocr/privacy, for more information about HIPAA requirements. In March 2012, the HHS settled a HIPAA case with the Blue Cross Blue Shield of Tennessee (BCBST) for $1.5 million. Read more about this case. As an IT security manager at a regional health services organization, your CIO has asked for the following: an analysis of this incident, an overview of the HIPAA security requirements necessary to prevent this type of an incident, and a briefing for management on the minimum security requirements to be HIPAA complaint.

Section1: Written Paper

1. Write a three to five page paper in which you:

a. Describe the security issues of BCBST in regard to confidentiality, integrity, availability, and privacy based on the information provided in the BCBST case.

b. Describe the HIPPA security requirement that could have prevented each security issue identified if it had been enforced.

c. Analyze the corrective actions taken by BCBST that were efficient and those that were not adequate.

d. Analyze the security issues and the HIPAA security requirements and describe the safeguards that the organization needs to implement in order to mitigate the security risks. Ensure that you describe the safeguards in terms of administrative, technical, and physical safeguards.

Section 2: PowerPoint Presentation

2. Create a six to eight slide PowerPoint presentation in which you:

a. Provide the following on the main body slides:
i. An overview of the security issues at BCBST
ii. HIPAA security requirements that could have prevented the incident
iii. Positive and negative corrective actions taken by BCBST
iv. Safeguards needed to mitigate the security risks

Your PowerPoint presentation must follow these formatting requirements:

• Include a title slide, four to six main body slides, and a conclusion slide.

The specific course learning outcomes associated with this assignment are:

• Summarize the legal aspects of the information security triad: availability, integrity, and confidentiality.

• Use technology and information resources to research legal issues in information security.

• Write clearly and concisely about information security legal issues and topics using proper writing mechanics and technical style conventions.

Assignment 2: Privacy, Laws, and Security Measures

You are an information security manager for a large retail sporting goods store. The sporting goods store is involved in the following in which they:

• Maintain an internal network and an intranet protected by a firewall
• Maintain a Web server in the DMZ that is protected by another firewall
• Accept credit card sales in the store and over the Web via e-Commerce transactions
• Maintain an email server for employee email communication and communication with other business partners and customers
• Maintain a wireless network within the store
• Use RFID for inventory and theft prevention
• Maintain a Facebook presence
• Provide health screening for high blood pressure, high cholesterol, and other potential health risks

The CEO is concerned about the amount of information that is being collected and maintained within the organization.

Write a page paper in which you:

1. Describe the major privacy issues facing organizations today.

2. Analyze the major privacy issues described above and compare that to the potential privacy risks facing the sporting goods store.

3. Explain the security risks and applicable laws that govern the privacy risk.

4. Describe the security measures that the organization needs to implement to mitigate the risks.

Your written paper must follow these formatting requirements:

This course requires use of new Student Writing Standards (SWS). The format is different than other Strayer University courses. Please take a moment to review the SWS documentation for details.

(Note: You'll be prompted to enter your Blackboard login credentials to view these standards.)

o Your paper should include a cover page.

o Your paper should be of sufficient length to fully develop your own ideas that address the items called for in the instructions, and not be filled with "filler" information. Write clearly and concisely.

o The paper should be double-spaced, 12-point font.

The specific course learning outcomes associated with this assignment are:

• Explain the concept of privacy and its legal protections.

• Use technology and information resources to research legal issues in information security.

• Write clearly and concisely about information security legal issues and topics using proper writing mechanics and technical style conventions.

Case Study 1: Requirement Analysis and Gathering for the State Firefighters Association

Read the mini case on The State Firefighters Association located in Chapter 3 of the textbook and complete the assignment.

Write a three to four page paper in which you:

1. Identify the business problems in this case.

2. Determine whether to use a traditional or iterative project method (e.g., RAD and Agile) in this case and explain why or why not.

3. Determine the requirements analysis strategies in this situation and explain why to choose those strategies.

4. Choose the requirements-gathering techniques in this case and explain their pros and cons.

5. Choose the requirements documentation techniques and explain their pros and cons.

The specific course learning outcomes associated with this assignment are:

• Compare and contrast requirements gathering among traditional and iterative project methods.

• Apply the project requirements steps of eliciting, analyzing, documenting, and testing to address and solve a proposed business problem.

• Develop a business requirements document that addresses and solves a proposed business problem.

• Use technology and information resources to research issues in procuring and designing project requirements.

• Write clearly and concisely about project requirements and design topics using proper writing mechanics and technical style conventions.

Assignment 3: COPA and CIPA

The Children's Online Privacy Protection Act (COPPA) and the Children's Internet Protection Act (CIPA) are both intended to provide protections for children accessing the Internet. However, they both have had some opposition.

Write a paper in which you:

1. Describe the main compliancy requirements and the protected information for both COPPA and CIPA.

2. Analyze how COPPA and CIPA are similar and how they are different, and explain why there is a need for two different acts.

3. Describe what you believe are the most challenging elements of both COPPA and CIPA to implement in order to be compliant.

4. Speculate on why COPPA and CIPA define protection for different ages; COPPA defines a child as being under the age of 13 and CIPA defines a minor as being under the age of 17.

5. Identify the main opposition to COPPA and CIPA based on research and speculate on whether they will be changed in the future based on the opposition.

6. Use at least three quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

The specific course learning outcomes associated with this assignment are:

• Explain the concept of privacy and its legal protections.

• Describe legal compliance laws addressing public and private institutions.

• Use technology and information resources to research legal issues in information security.

• Write clearly and concisely about information security legal issues and topics using proper writing mechanics and technical style conventions.

Assignment 4: Business Process and Functional Modeling

Advanced Business Systems (ABS) is a consulting and staffing company providing specialized staffing and consulting services to clients in a variety of different industries. It has offices in major U.S. metro areas and has ongoing relationships with Fortune 500 companies. Its areas of services range from software development and network engineering to geo-information systems. It has 50 plus regional offices in U.S. and five offices in Canada. It plans to expand to other countries in the future.

When an ABS client company determines that it will need a contractor or temporary professional, it issues a staffing request against the contract it had previously negotiated with ABS. The contract manager in ABS reviews the staff request and ensures that the request is valid with its current contract with its client from the database.

• If the request is not valid, the contract manager sends the staffing request back to the client and explains the reasons and asks for the need for starting a new contract.

• If the request is valid, the contract manager will start recruiting requests by putting the request into its staffing database. The staffing request is then sent to ABS placement department.

In the placement department, the placement specialists will check the job requirements and candidate's qualifications.

• If there is a qualified candidate, the specialist will notify the candidate and put a note in the database.

• If a qualified candidate cannot be found or not immediately available, the specialist notifies contract managers and the recruiting department; the recruiting department starts searching outside immediately.

The recruiting department normally has 30 days to find an outside candidate and send the qualified candidates to the placement department to review. If an internal qualified candidate is confirmed with his / her availability, the confirmation will be sent to the arrangement department. In the arrangement department, the candidate works with the specialists to further confirm the placement details, such as starting date, location, compensation (e.g., per diem), and travel arrangement. The final confirmation will be sent to the client along with a billing schedule. If the client agrees with the arrangement, he/she acknowledges the arrangement with contract managers in the contract department. The contract manager then puts a memo into its database and closes the request.

Write a four to five page paper in which you:

1. Create a use-case diagram to include at least three (3) actors for the system described in this case through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.

2. Create an activity diagram for the business process described in this case through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.

3. Develop a use-case description for each major use case.

4. Verify and validate the functional models for this case.

5. Create a high-level requirements document which captures the major functions of the system.

The specific course learning outcomes associated with this assignment are:

• Procure, document, and scope IT project requirements with use cases.

• Use technology and information resources to research issues in procuring and designing project requirements.

• Write clearly and concisely about project requirements and design topics using proper writing mechanics and technical style conventions.

Discussions

Discussion 1: "Functional vs. Nonfunctional Requirements"

Respond to the following:

• Explain why both functional and nonfunctional requirements are important in IT development. Include at least two (2) examples to support your answer. Please make sure that your examples are different from other students.

Discussion 2: "Workplace Monitoring"

Respond to the following:

Companies invest in human capital as well as computer infrastructure employees use to make money for the company. As you've learned this week, some companies monitor employees activities. What degree of monitoring do you think is appropriate? Why do you feel this way? Additionally, what did you learn was actually legal? What factors affect the legality of workplace monitoring based on your learning about the American legal system this week?

Discussion 3: "Personally Identifiable Information (PII) Compromised "

Respond to the following:

Your Personally Identifiable Information (PII) is out there. Since people want to avail themselves of various business opportunities, and companies require knowing you are you before they will conduct business, there must be a way to make sure they're actually talking to you before allowing their product or service to be exposed. What is the primary way you safeguarded your PII before you took this class? Now that you've done your learning for this week, will you be making any changes? Share your thoughts with the class. FERPA protects your privacy in the educational arena. What have your experiences been with this law? Have you found it too difficult to conduct your college experience due to FERPA, or do you think FERPA isn't stringent enough?

Discussion 4: "UML and OMG"

Respond to the following:

• Identify the benefits that UML brings to the software development industry. Speculate UML's development and its future influence in the IT world. Give an example on how a company can benefit from using UML and OMG.

Discussion 5: "Structural Model"

Respond to the following:

• Determine the relationships between aggregation, generalization, and association. Explain how each type of association is depicted on a class diagram. Provide example(s) to support your answer. Please make sure that your example is different from other students.

Discussion 6: "Corporate Fraud"

Respond to the following:

As we've examined this week, legislation centers mostly around fraud in the corporate arena when it comes to technology. The government seems to want to ensure businesses are operating honestly. Search the web for an example of corporate fraud in the news in the past few years. A good search term is SOX. Read about what the company was doing that was considered fraud. Beyond the law, describe how you feel the company was behaving. Were they doing the right thing by all the people involved? Employees, customers, shareholders, the general public, etc. Can you think of a way a company may intend to do the right thing, but wind up on the wrong side of the law? Be sure to share your complete URL to the article with your post so interested classmates can go right to your article.

Format your assignment according to the following formatting requirements:

1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.

2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.

3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.