Using the identified risk as the basis for your assignment, complete the following requirements.
Write a 500-word summary that addresses the following:
Explain the regulatory compliance and security controls that should be adhered to in order to address the risk.
Explain why adherence to regulatory compliance measures and security controls is essential from the customer perspective and the business perspective. Provide specific examples to illustrate your ideas.
Create a data flow diagram to illustrate how systems will interact with the customer and how the data are passed through the system(s), including how the data will reside in the system of record. Explain the data flow diagram in regard to the key controls in place to address protection of personal identifiable information (PPII).
Complete the "Security Controls Mapping Template" using the FMEA from the Topic 4 assignment. Reference appropriate regulatory compliance information (i.e., HIPAA, PCI, SOX) and security control frameworks (i.e., NIST, CIS, COBIT) when completing the template.
Submit the summary, data flow diagram, and "Security Controls Mapping Template" documents.
Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
The risk sector which is taken into consideration in the aspect is the security of the data and the customer identify theft.
In order to analysis the risk management there are basically few processes which should be incorporated. The processes are stated below:
- Basic process: 1. Identify the risk
- Analyze the risk
- Tools: PFMEA ( process failure mode effect analysis) or others
- Communication channel which would be supporting the risk management (Lolli te la., 2015.
Generally it can be stated that the risk represents the factor which is related to the occurrence and of any undesired event which directly triggers the different types of failure. The aspect of risk analysis can be stated to be used to directly find out the failure and to prevent these types of failure from occurring in the future. There are different types of fault analysis which can be include the sector of Fault tree analysis (FTA) which can be stated as a top down method which can be used for the purpose of relationship identification between different events of failure such as the customer identify theft. The extension of the FMEA can be FMECA (Failure mode, effects and critical analysis) which is achieved from the adding of the criticality of the analysis. The main advantage which can be achieved from the concept is that the purely qualitative FMEA can be converted into quantitative.
The regulatory compliance and the security control that should be adhered as are following.
- The failure identification should be done deductively
- Allow the potential failure of the process to be seen in a detailed manner.
- It should directly represent the behavior of the process
- It should directly enable the qualitative or quantitative analysis of the process which are involved into the process.
- The methods which are related to the identification of the parts of the process which are related to the risk and can extract the concept of specific failure.
The aspect of adherence to the regulatory compliance measures and the security control is essential due to the factor that no third party can indulge into any type of operation. In most of the cases it can be stated that the data of the user or the customer can be considered one of the most important assists which if accessed by any third party it can a big loss from the point of view of the customer as well as the business prospective.
Example 1: The data of the user should be kept secured so that to prevent unauthorized user from getting access to the data.
Example 2: The organization to tend to task advantage of the concept should use the basic framework which is related to the risk identification and the factors of the mitigation of the risk factors (Vahdani, Salimi & Charkhchian, 2015).
Part 2 - DFD
Figure 1: DFD Diagram
(Source: BY AUTHOR)
Part 3: Security Controls Mapping Template
Lolli, F., Ishizaka, A., Gamberini, R., Rimini, B., & Messori, M. (2015). FlowSort-GDSS–A novel group multi-criteria decision support system for sorting problems with application to FMEA. Expert Systems with Applications, 42(17-18), 6342-6349.
Mandal, S., & Maiti, J. (2014). Risk analysis using FMEA: Fuzzy similarity value and possibility theory based approach. Expert Systems with Applications, 41(7), 3527-3537.
Schmittner, C., Gruber, T., Puschner, P., & Schoitsch, E. (2014, September). Security application of failure mode and effect analysis (FMEA). In International Conference on Computer Safety, Reliability, and Security (pp. 310-325). Springer, Cham.
Vahdani, B., Salimi, M., & Charkhchian, M. (2015). A new FMEA method by integrating fuzzy belief structure and TOPSIS to improve risk evaluation process. The International Journal of Advanced Manufacturing Technology, 77(1-4), 357-368.
This problem has been solved.
Cite This work.
To export a reference to this article please select a referencing stye below.
Urgent Homework (2022) . Retrive from https://www.urgenthomework.com/sample-homework/mgt670-international-human-resource-studies
"." Urgent Homework ,2022, https://www.urgenthomework.com/sample-homework/mgt670-international-human-resource-studies
Urgent Homework (2022) . Available from: https://www.urgenthomework.com/sample-homework/mgt670-international-human-resource-studies
Urgent Homework . ''(Urgent Homework ,2022) https://www.urgenthomework.com/sample-homework/mgt670-international-human-resource-studies accessed 29/09/2022.