The case study company is also concerned about the confidentiality and integrity of the data. What policies and controls are needed to meet the regulatory requirements imposed by the recent initial public offering (IPO)? In an effort to ensure the confidentiality of data both internally and externally, discuss how you can effectively protect the data in motion and at rest.
Create the following sections:
- Security Policies, Procedures, and Regulatory Compliance
- List and describe the regulatory requirement that was introduced by the IPO.
- List and describe at least 5 policies that the company needs.
- From the list of policies, list and describe at least 3 controls that the company needs to implement.
- Describe the data at rest and data in motion and how they can be protected.
Regulatory Requirements Introduced by IPO
According to the Sarbanes-Oxley Act, the new regulations are implemented to safeguard the financial records and data of the company. The management of the company is liable for the accuracy of the data and will be held responsible in case any misleading, inaccurate, and jeopardized data is found. The IPO comes in this place by aiding the company in these concerns. These regulations cannot work for you to make the information correct. However, it can ensure that the data and records do not get jeopardized by the external and internal hackers. Through these regulations, security measures can be put in place. The requirement needs proper training for the employees to ensure effective implementation of the security policy. The policy is approved by the chief executive of the company (Black Stratus, 2018).
As per the new principles of the regulatory requirements, the consumers can disallow their web suppliers to share any personal and sensitive individual data like their browsing and application history, the information related to their utilization of the web through portal devices or others. Other than this, these regulations also require confinement of the exchanges made specifically in the financial and health data. The details may include the social security numbers, personal details, and contents of emails. The regulation guides the service providers on the type of information they intend to collect and what is the reason behind it. It is done to find a way in which the clients are advised of data breaches. These regulations are focused on aligning the phone companies and the Internet providers who generally obey the strict guidelines of the unapproved sale or use of the call data. The new regulations are aimed at securing the information of the employees of the organization (Apple Inc, 2017).
Policies that the company needs
It is evident that in the last few years, there have been some very high-profile data breaches which involved major corporations. If this shows that large corporations are more targeted for data breaches by thieves and hackers, then it is quite misleading in fact. In reality, the hackers are more focused on independent companies as these do not have the knowledge and the assets to secure their data comprehensively (Solomon, 2013). For the development of any security plan, it is needed that the company understands its threats and how it can protect its company from these threats as these threats have an impact on the bottom-line operations of the organization. The top five policies which are devised and can be adapted for secure use of the Internet can be.
- Malicious Code Policy: For this, the company needs to install and use a quality anti-virus program, firewalls, and anti-spyware programs on its systems. Furthermore, it should also ensure that all systems are updated on a regular basis and have all the recent patches.
- Network Security: The Company has access to the network from any host device, but no unauthorized users’ access is allowed. VPN is used for providing information for remote access to the VPN connections.
- Use of Technology: Through the use of networks, computers, emails, telephones, and internet, acceptable and unacceptable technology should be identified, and employees should be made aware of these. The consequences of the improper use of the technology should be properly communicated to the employees. It is to be noted that no one shares its credentials with anyone else.
- General Policies of IT: The password structure is to be clearly guided. The structure of the password needs to follow the following criteria: 8 characters minimum, minimum 2 characters, minimum 2 Block letters, minimum 2 lower cases and minimum 2 special characters.
- The requirement of the digital signature and encrypted messages on email sharing.
- Proper application security measures are in place.
- Database credentials are required, and workstation HIPPA security measures are put in place.
Control Policies Apple Inc need
From the policies mentioned above, the regulations which are most needed by Apple Inc for implementing its security controls include procedural controls, visual controls, and embedded controls. The procedural controls are put in place to make sure that the result is in real form by using the isolation of outside parties, and the related topics from each other. Visual controls are put in place to physically see the company’s operations regarding its security through dashboards, checklists, scorecards, budgets, etc. Embedded controls are the ones which are used for the protection of the company from any inappropriate decision making. These controls are based on automated data backup and provide periodic reporting (Wasserman, 2018).
Data Protection
The protection of data when it is used or is at rest or motion is very crucial. The most efficient way to do so is to encrypt data transmission and the data itself. It will ensure that access to the data of the company is made difficult. Even if a hacker gets into the system, the hacker would not be able to access the data if it cannot decode it. It is important to note that the computer is needed to be secure when the employee leaves the office or desk because if anyone has access to the workstation and desk, then the hacker need not worry about stealing files. In comparison, if the data is in motion or at rest, it is imperative to make sure that proper security measures are taken for the protection of data.
References:
Apple Inc. (2017). Apple Inc 10K Report 2017. Retrieved from http://files.shareholder.com/downloads/AAPL/6128778344x0xS320193-17-70/320193/filing.pdf
Black Stratus. (2018). SOX Compliance Requirements. Retrieved from https://www.blackstratus.com/sox-compliance-requirements/
Solomon, G. (2013, March 11). 10 requirements for a successful IPO. Retrieved from http://fortune.com/2013/03/11/10-requirements-for-a-successful-ipo/
Wasserman, E. (2018). How to Prepare a Company for an Initial Public Offering. Retrieved from https://www.inc.com/guides/preparing-for-initial-public-offering.html
+447462439809