Assignment Week One
LAB # 1
Creating an IT Infrastructure Asset List and Identifying Where Privacy
Course Name and Number: ___Legal Regulations, Compliance, and Investigation_23______
Student Name: __________Anil Kumar Arumalla_______________________________
Instructor Name: _________Dr. Zadok Hakim______________________________________
Lab Due Date: ______________Sunday, October 28, 2018 at 11:59 p.m________________Overview: In this lab, you created an IT asset/inventory checklist organized within the seven domains of a typical IT infrastructure, you performed an asset identification and classification exercise, you explained how a data classification standard is linked to customer privacy data and security controls, and you identified where privacy data resides and what security controls are needed to maintain compliance.
Lab Assessment Questions
1.What is the purpose of identifying IT assets and inventory?
Answer: An asset is something that can be assigned value, therefore one can determine the importance of the asset in the business or IT infrastructure if the assets was not available anymore. Inventory identifying is simply identifying what you have and how much you will use to perform certain tasks.
2.What is the purpose of an asset classification?
Answer: It labels asset importance on basis of criticality.
3.Why might an organization’s Web site classification be minor, but its e-commerce server be considered critical for your scenario?
Answer: the sever contains very personal information about the customers, and also, it facilitates all online payments. If it affected in any way, the company won’t make any money.
4.Why would you classify customer privacy data and intellectual property assets as critical?
Answer: both privacy data and intellectual property are considered as physical proportions and financial assets, thus essential to the output of the company.
5.What are some examples of security controls for recent compliance law requirements?
Answer: identity management and the ISO 17799
6.How can a data classification standard help with asset classification?
Answer: it can help by creating a standard that will be applied by all business, greatly increasing productivity and streamlining the learning curve. That is, if it is done the same everywhere, then everyone will know how to operate the same systems.
7.Given the importance of a Master SQL database that houses customer privacy data and intellectual property assets, what security controls and security countermeasures can you apply to help protect these assets?
Answer: Authentication, ACLs, and Data Encryption.
8.From a legal and liability perspective, what recommendations do you have for ensuring the confidentiality of customer privacy data throughout the Mock IT infrastructure?
Answer: Documentation and frequent controls testing.
9.What can your organization document and implement to help mitigate the risks, threats, and liabilities typically found in an IT infrastructure?
Answer: training employees on handling of IT infrastructure, and ensuring Security and Policies are enforced.
10.True or false: Organizations under recent compliancy laws, such as HIPAA and the Gramm-Leach-Bliley Act (GLBA), are mandated to have documented IT security policies, standards, procedures, and guidelines.
11.Why is it important to identify where privacy data resides throughout your IT infrastructure?
Answer: so you can be able to implement the correct policies and procedures for protecting the data.