My next "easy" target was TFT2: Cyberlaw. This is an area that I'm quite familiar with due to my second interest: law. There are a total of 4 separate tasks, each with multiple deliverables. The first three tasks are relatively easy. My task 1 paper was 4 pages, task 2 had 5, and task 3 had just 3 pages. The "boss" task was a bit more work, with a total of 7 pages.
The core of this course teaches you to understand the different components of law and how to effectively prepare your organization by implementing security guidelines and incident responses.
Again, the tip here is to be elaborate in your responses and use your sources. The easiest points are on using the APA guidelines correctly, and run a spellchecker before you submit.
Task 1 requires you to change the security policy. It is quite easy to find applicable regulations and standards, I used the PCI-DSS. Once a standard is identified, it is trivial to change and amend the existing security policy to match the chosen standard. Do not forget to include the regulations you used as a reference.
Task 2 requires you to create policies which would have prevented a breach in the system of a health insurance company. This is a clear hint that HIPAA is applicable (as mentioned in the courses) and that the network needs to be properly secured. Again, the PCI-DSS may apply, as well as any other security recommendation.
Task 3 requires changes to an SLA. This is quite trivial, assuming you read the applicable parts in the course. In my case, just three pages were enough.
Task 4, the final task for this course, has multiple deliverables. All can be combined in one paper. The trick here is to justify your statements using references and a logical buildup of your arguments. For example, I first mentioned State laws, then Federal laws and lastly international treaties which were applicable. The preventive measures part is not entirely covered by the course, but your technical imagination should be very helpful. In the end, the task is to propose measures, not to implement them or ensure management buy-in. However, be sure to provide an explanation on why you think your measures will help.
I had all of my submissions returned completed the first time.
Like your blog post. I am in CyberLaw now and find this helpful. I have been stuck on where to get started in actually writing the policies for Task 1.
ReplyDelete