Information security, which involves assuring the confidentiality, integrity, and availability of mission-critical data, is typically a primary concern of regulators. Business executives are responsible for aligning corporate policies to the requirements of regulation and follow up to ensure that the policies and associated controls are being enforced.
Regulatory compliance requires that enterprise IT departments meet certain technical standards that conform to specific requirements that are defined by either an external authoritative governmental or industry organization or by internal enterprise policies. Both internal and external regulations may have significant impacts on enterprise IT operations. Complying with any regulatory rule often constrains IT managers by imposing network and system design features that may be quite costly. Likewise, the cost of not complying with regulations may lead to both civil and criminal penalties.
In this assignment, you address security issues related to information security-related regulatory compliance.
Preparation
Identify and research a specific information security-related regulatory requirement whose compliance is dictated by one of the following regulatory rules:
Family Educational Rights and Privacy Act (FERPA).
GrammâLeachâBliley Act (GLBA).
Health Insurance Portability and Accountability Act (HIPAA).
Payment Card Industry Data Security Standard (PCI DSS).
SarbanesâOxley Act (SOX).
Assume an organization is planning to move a significant IT function, such as data storage or office productivity applications, to a public cloud computing service provider. Identify one of the regulatory rules above as one that would likely govern or be important to the organization and a security control that is appropriate for achieving compliance with it.
Make sure to do the following:
Explain how your security control protects your cloud data.
Create a logical network diagram that indicates the appropriate placement of your security control.
Explain how your security control enables regulatory compliance.
Sample Solution
This article explores further the concept of bounded rationality and rational behaviour. Theories of bounded rationality argue that cognition can be limited by incomplete information regarding alternative choices. Furthermore, rationality can be bounded by actorâs forgoing the cost of searching for optimal outcomes by settling on a sub-optimal outcome; thus becoming a theory of optimal approximation. The authors consider the decision making dynamics of chess, offering an alternative approach to rationality. Studies have shown that strong chess players rarely consider all possible strategies before making a move, rather they only generate and examine a relatively small number of possible moves, choosing the first move they regard as satisfactory. The game of chess is able to merge the three limits of perfect rationality together: that is the uncertainty over the consequences of alternatives, incomplete information on alternatives and computation disrupted by complexity. The authors thus argue that, regardless of the position a player is in, they will always be limited by their own rationality. The paper then, interestingly, attempts to use theories of bounded rationality to better understand design. The theory of design, the authors argue, can be assimilated to a satisficing theory of rational choice. Whenever complete designs are reached, they are not evaluated by comparison with alternatives, but rather are exclusively compared to the standards which are defined by the designerâs aspirational levels. Satisficing is therefore an integral part of the search process. This model can also be applied to management science, where possible plans are gradually built up, with many alternatives being immediately dismissed throughout. To mitigate this limit to rationality, management science utilises simulation to explore a limited set of alternatives. However, even this, lacks the ability to discover new alternatives. This article, when positioned amongst broader literature, offers a refreshingly new contribution to the field. Design has rarely been analysed with a rational decision-making model, however this paper demonstrates how bounded-rationality findings relating to chess can be effectively ove>
GET ANSWER
This article explores further the concept of bounded rationality and rational behaviour. Theories of bounded rationality argue that cognition can be limited by incomplete information regarding alternative choices. Furthermore, rationality can be bounded by actorâs forgoing the cost of searching for optimal outcomes by settling on a sub-optimal outcome; thus becoming a theory of optimal approximation. The authors consider the decision making dynamics of chess, offering an alternative approach to rationality. Studies have shown that strong chess players rarely consider all possible strategies before making a move, rather they only generate and examine a relatively small number of possible moves, choosing the first move they regard as satisfactory. The game of chess is able to merge the three limits of perfect rationality together: that is the uncertainty over the consequences of alternatives, incomplete information on alternatives and computation disrupted by complexity. The authors thus argue that, regardless of the position a player is in, they will always be limited by their own rationality. The paper then, interestingly, attempts to use theories of bounded rationality to better understand design. The theory of design, the authors argue, can be assimilated to a satisficing theory of rational choice. Whenever complete designs are reached, they are not evaluated by comparison with alternatives, but rather are exclusively compared to the standards which are defined by the designerâs aspirational levels. Satisficing is therefore an integral part of the search process. This model can also be applied to management science, where possible plans are gradually built up, with many alternatives being immediately dismissed throughout. To mitigate this limit to rationality, management science utilises simulation to explore a limited set of alternatives. However, even this, lacks the ability to discover new alternatives. This article, when positioned amongst broader literature, offers a refreshingly new contribution to the field. Design has rarely been analysed with a rational decision-making model, however this paper demonstrates how bounded-rationality findings relating to chess can be effectively ove>
