StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Secure Computer Systems - Term Paper Example

Cite this document
Summary
The author analyzes the article titled by "Privacy And Security Alert: Analysis Of Amendments To Massachusetts Data Security Regulations". The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.  …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.5% of users find it useful
Secure Computer Systems
Read Text Preview

Extract of sample "Secure Computer Systems"

Secure Computer Systems (Computer Science) - Article of the Name of the Concerned Professor September 20, 2009 Secure Computer Systems (Computer Science) - Article Data security and privacy have emerged as primary concerns in the contemporary era of digitized economies and corporate operations. This issue has grabbed the attention of governments around the world. In the last decade, even in the US, the government has imposed many security and privacy related regulations on the corporations.

As per an article published in Mondaq Business Briefing on September 2, 2009, the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) came out with specific amendments to the Standards to Protect Information of Residents of the Commonwealth, 2001 CMR 17.00. The press release from OCABR made it amply clear that the new amendments are to be applicable to all the big and small businesses that possess or have licensed personal information of any resident of Massachusetts (Mondaq Business Briefing, 2009).

The primary purpose of these amendments is to upgrade the existing data security standards, while taking into cognizance the emerging risks to data, to bring them in consonance with the Federal Trade Commission's Safeguard Rule (Mondaq Business Briefing, 2009). This risk-based approach to data security takes into consideration the overall size and potential of a business, resources accessible to a business, the nature and the magnitude of data collected by or in the possession of a business and an appraisal of the requisite security needs to implement a worthy information security program (Mondaq Business Review, 2009).

As per the OCABR, the compliance to security standards to any business is not to be standardized, but is to be accessed on the basis of the data risks inherent in a business (Mondaq Business Review, 2009). The hallmark of these statutory regulations is that they do acknowledge that the choice or application of any data security and privacy program cannot be standardized for each business (Kairab, 2004). Hence, the lawmakers are aware of the glaring reality that every business is unique so far as its needs for consumer information and data is concerned and thus the businesses should be left free to decide as to what kind of data security program and guidelines they need to put in place.

Even if the governments do not interfere into the arena of data security, the consumers today are more then concerned about the sanctity of their personal data. Thus, the purpose of any statutory arrangements should be more in the nature of the guidelines and awareness drives, whose purpose should be to sensitize the individuals and businesses as to the possible threats to data and the consequences and repercussions of any instance of data theft or loss (Matsura, 2001). The thrust of any government activism ought to be on the corporate and consumer education and not regulation.

Aware corporations will certainly take the appropriate steps to retain competitiveness, while well-informed consumers will naturally gravitate towards businesses that they can trust with their personal information and data. A state policing of the corporate compliance to data security is not only pragmatically impossible, but also oblivious of the essential principles governing free markets. Total Words: 525 Works Cited Kairab, Sudhanshu (2004).

A Practical Guide to Security Assessments. New York: Auerbach Publications. "Privacy and Security Alert: Analysis of Amendments to Massachusetts Data Security Regulations". Mondaq Business Briefing. Mondaq Ltd. 2009. Retrieved Sept. 20, 2009, from HighBeam Research: http://www .highbeam.com Matsura (2001). Security, Rights, and Liabilities in E-Commerce. Toronto: Artech House Publishers. Privacy And Security Alert: Analysis Of Amendments To Massachusetts Data Security Regulations.

Article from: Mondaq Business Briefing Article date: September 2, 2009 As we reported in our August 17, 2009 Client Alert, the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) released amendments to the Standards to Protect Personal Information of Residents of the Commonwealth, 201 CMR 17.00 (the Standards). In addition to extending the compliance deadline from January 1, 2010 to March 1, 2010, the amendment makes some key changes that bear taking note of and that we will examine here.

The OCABR has scheduled a hearing for interested parties to provide oral or written testimony regarding 201 CMR 17.00 on September 22, 2009 at 10:00 a.m. in Room No. 5-6 on the second floor of the Transportation Building at 10 Park Plaza, Boston. Written comments will also be accepted until the close of business on September 25, 2009 at the offices of the OCABR, 10 Park Plaza, Suite 5170, Boston, Massachusetts, 02116, and should be sent to the attention of Jason Egan, Deputy General Counsel, or e-mailed to Jason.

Egan@state.ma.us. Although the press release from OCABR clearly focused on a beneficial effect to small business, the amendments and extension apply to all businesses that "own or license" personal information of a resident of Massachusetts. Along with its press release, OCABR has also issued a list of FAQs. We have provided a complete text of the FAQs for your convenience here. The agency makes clear that one of the purposes of the amendment was to take a risk-based approach to the Standards, consistent with the Federal Trade Commission's Safeguards Rule.

This is familiar territory to those who have been implementing compliance programs under Gramm-Leach-Bliley, Regulation S-P of the Securities and Exchange Commission, any of the Interagency Guidance issued by the bank regulatory agencies, HIPAA, or the Red Flag Rules. The "risk-based approach" in the Standards, as amended, addresses: adding consideration of the size and scope of the business, amount of resources, nature and quantity of data collected or stored, and the need for security when creating an information security program; removing a number of specific provisions for the written information security program, all of which will now be "guidance" only; specifying that all (not just encryption) computer system security requirements should be included in the written information security program "to the extent technically feasible"; adding and amending some definitions, including making the definition of encryption "technology-neutral.

" According to the OCABR, compliance with the Standards will be judged according to these risk-based factors. There is still no one-size-fits-all written information security plan (WISP) or risk assessment. Definitions The definition of "personal information" has remained the same (first name or initial and last name combined with sensitive data like a Social Security number or financial account number). New definitions for "own or license" and for "service provider" have been added, and both are quite broad and should be reviewed.

Service Providers There has been a significant change with respect to service providers. The current iteration of the Standards contains "due diligence" type language, requiring that businesses use "all reasonable measures" to "ensure" that service providers are "capable" of providing security consistent with the Standards. The amendments delete the "due diligence" requirement, but have added back in a requirement from earlier versions to impose contractual obligations to maintain appropriate security measures on service providers with access to or that use "personal information.

" However, if the contract is entered into prior to March 1, 2010, it will be deemed to be in compliance with this obligation until March 1, 2012, even if no such language exists in the contract. Therefore, businesses are given two-and-a-half years notice to amend all service provider contracts that include services which allow access to or use of "personal information." These requirements are consistent with third-party vendor requirements under federal law. Computer System Requirements The amendments do not define "technically feasible," but the FAQs address this concept and define it by stating, "if there is a reasonable means through technology to accomplish a required result, then that reasonable means must be used.

" The OCABR further elaborates this in the FAQs by indicating that while it is very clear that there is encryption technology for laptops, they recognize that "at this period in the development of encryption technology, there is little, if any, generally accepted encryption technology for most portable devices, such as cell phones, Blackberries, net books, iPhones and similar devices." The OCABR further warns that if encryption for portable devices is not available, then "personal information" should not be placed on such devices.

The FAQs elaborate on a point that is not readily apparent from the amended Standards, but they have addressed in public outreach seminars: backup tapes that include "personal information" must be encrypted on a prospective basis. Written Information Security Programs The amendments have removed some requirements for information security programs. It will no longer be necessary to include in the written program limitations on the amount of "personal information" collected or the length it is retained.

Even if not in a written program, these concepts should be considered an important guidance, and certainly remain issues that arise when the FTC reviews the reasonableness of a data security policy. Likewise, it will also no longer be a requirement under the Standards to identify in the written program where "personal information" is retained. As the OCABR correctly notes, however, it would be difficult to implement a risk-based data security program without first understanding where the personal information is located.

The new FAQs also clarify the following important issues, including the following: Portable devices that contain personal information of Massachusetts residents must be encrypted where it is reasonable and technically feasible to do so. Since little technology exists to reasonably encrypt portable devices other than laptops, businesses should consider restricting sending to and storage of personal information on devices such as Blackberries, PDAs, or USB/thumb drives. An account is a financial account, and thus must be protected under the WISP, if unauthorized access could result in an increase of financial burden or a misappropriation of monies, credit, or other assets.

An insurance policy number is a financial account number if it grants access to a person's finances, or results in an increase of financial burden or a misappropriation of monies, credit or other assets. Compliance with HIPAA does not eliminate a company's obligation to comply with the Regulations if the company owns or licenses personal information of a Massachusetts resident. While the effective date of the Regulations has been postponed to March 1, 2010, there is a considerable amount of work that companies, including many located outside Massachusetts, will need to do to comply.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Secure Computer Systems Term Paper Example | Topics and Well Written Essays - 500 words, n.d.)
Secure Computer Systems Term Paper Example | Topics and Well Written Essays - 500 words. Retrieved from https://studentshare.org/information-technology/1511677-secure-computer-systems-essay
(Secure Computer Systems Term Paper Example | Topics and Well Written Essays - 500 Words)
Secure Computer Systems Term Paper Example | Topics and Well Written Essays - 500 Words. https://studentshare.org/information-technology/1511677-secure-computer-systems-essay.
“Secure Computer Systems Term Paper Example | Topics and Well Written Essays - 500 Words”, n.d. https://studentshare.org/information-technology/1511677-secure-computer-systems-essay.
  • Cited: 0 times

CHECK THESE SAMPLES OF Secure Computer Systems

Partitions and Principles for Secure Operating Systems

Thus, being an intermediary between the users of computer applications and the resources of the computer systems, the OS offers the following three fundamental services to the users: 1.... This report "Partitions and Principles for Secure Operating systems" presents various essential system administration tasks offered by different operating systems and concludes that with the improvements in the tools available in modern operating systems has been eliminated to a great extent....
9 Pages (2250 words) Report

Methodologies to Minimize the Chances of Database Breach Recurrence

The over-reliance on information technology presents great threats to private and confidential data besides the possible damages to the physical properties such as computer systems and applications.... It is therefore, imperative for higher education institutions to familiarize themselves with the constantly changing threats besides the high cost associated with leaving data and systems unprotected.... The considerable number of system hacks and data breaches experienced by higher educational institutions can be attributed to such factors as resource plague issues experienced by IT department within the institutions, budgetary constraints and desperate database systems among other factors (Gahm, 2010)....
8 Pages (2000 words) Case Study

Should All Hacking be Banned

The United States legal definition describes computer hacking as the deliberate access of computer systems without authority or exceeding authorised access.... Hacking is the practice of manipulating computer systems and software to perform contrary to what they were initially created for....
8 Pages (2000 words) Literature review

Healty Care Informatics

Health Care Informatics is the study relating to the application of Information Technology to Health Care Information.... The increasing computerization of health care data, combined with the emergence of new telecommunications applications and technologies create vast opportunities for the provision of health care (Manning, 1997)....
4 Pages (1000 words) Essay

The Bell-Lapadula Model for Laboratory Information Management Systems

hellip; This makes it possible for scientists to explore data rates that otherwise may be too fast or too slow for proper scientific examination. In recent years, the Bell-LaPadula model has been employed more and more in scientific laboratories, and has also dominated efforts to build Secure Computer Systems for laboratory use.... The objective of this research is to ascertain the ways in which the bell-lapadula model can be applied to Laboratory Information Management systems....
3 Pages (750 words) Essay

Convergence: The Use of Both Technology and Physical Security

Intrusion detectors/ electronic surveillance comprise of alarm systems, which function by alerting security personnel when unauthorized entrants attempt to trespass a secured area.... Without prompt response from security personnel, alarm systems prove futile in preventing unauthorized...
9 Pages (2250 words) Research Paper

Computer Security and Protecting Its Data and Information: Proper Measures and Strategies

This essay describes computer systems and the relevant measures and plans which can be used to secure the computer systems.... computer systems face many challenges that make them vulnerable security risks.... To ensure that these risks are controlled the systems, proper measures and strategies should be put in place to protect the systems.... hellip; According to Halibozek (2008), the most common risks to computer security include and not limited to computer viruses, hackers, and crackers, vandalism, environment, and depreciation....
7 Pages (1750 words) Research Paper

Should All Hacking Be Banned

The United States legal definition describes computer hacking as the deliberate access of computer systems without authorization or exceeding authorized access.... Hacking is the practice of manipulating computer systems and software to perform contrary to what they were initially created for.... The most significant of them is that a hacker is more dependent on the networking of computer systems while a cracker focuses on software to inflict damage....
7 Pages (1750 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us