D14.1: Discussion Topic 1:
In regards to laws and regulations… Complying with the law is obviously important, but in my industry (healthcare), sometimes this is a gray area. In my professional field, HIPPA regulates how we handle personally identifiably information. Encryption both at rest and in transit, is required in many cases. However, consider the nature of healthcare, and the urgency of providing emergency care. I have witnessed many times, where a physician in the emergency department needed to consult on case, and the most expedient method was to simply email the patient’s test results, images, etc., without any encryption or protection of their data. How do you feel about this situation? Is non-compliance ever justified? How could these issues be mitigated, without impacting the mission of the organization?
D14.2: Discussion Topic 2:
Read RFC 1087: Ethics and the Internet. Is the document still relevant today? Is this document still something that Internet users would understand today? How could it be improved?
D14.3: Discussion Topic 3:
You are a security consultant with the Security Advisors Co. and have been asked to help investigate a recent security incident that took place at the law firm of Dewey, Cheatham, and Howe. In your assignment you have been assigned to work with the vice president of IT.
The security incident that you are investigating appears to be a case of an intruder who broke into a company computer to remove and destroy information on an upcoming legal case. A forensic examination revealed that the incident was actually an inside job that was perpetrated by one of the new programmers, who is a relative of the VP of IT.
When you wrote your findings and presented them to your client, the VP of IT asked you to change the findings in your report to show that the perpetrator could not be found. The VP has promised future work for your company and a good recommendation for your work if you comply.
What will you do next?