This document is not to be used in lieu of your Learning Resources. It supersedes Tip Sheets
and Overview.
Overview of TFT2 - Cyberlaw, Regulations, and Compliance
Course Mentors
Yolanda DuPree, ext 2067,
Bryan Jensen, ext
1956, Ronald
Mendell, ext 5963,
Performance Assessment
Seven (7) Weeks to complete COS / Four (4) Tasks
Refer to Rubric (in Taskstream) for Tasks Requirement Details
Tasks – submit via Taskstream
You should submit your first attempt of each task on your own. If
your task is returned by the grader and you need help in revising
your task, please contact your Course Mentor.
• When using sources to support ideas and elements in an assessment, the
submission MUST include APA formatted in-text citations with a corresponding
reference list for any direct quotes or paraphrasing. It is not necessary to list
sources that were consulted if they have not been quoted or paraphrased in
the text of the assessment.
• No more than a combined total of 30% of a submission can be directly
quoted or closely paraphrased from sources, even if cited correctly. No more
than 10% can come from a single source.
• To prove competency:
• Task 1 - Students must make a score of 2.0 for each section of the rubric.
• Task 2 - Students must make a score of 2.0 for each section of the rubric.
• Task 3 - Students must make a score of 2.0 for each section of the rubric.
• Task 4 - Students must make a score of 3.0 for each section of the rubric.
Learning Resources (LR)
Be sure to obtain your LRs. To download these documents, navigate to the
“Learning Resources” link, under the Preparing for Success. (Left side of page –
menu). See screen print below. You should see the login credentials near the
bottom of the page. Save these documents, as you will need them again for your VLT2
course.
SO/IEC 27002 Standard
Enroll in the ISO/IEC 27002 learning resource. Below are instructions
regarding how to download the documents. You will see this in your COS.
,Automatically Enrolled Resources
You will access materials within these LRs, as they are linked throughout your COS.
You may be prompted to log in to the WGU student portal to access the resources.
You are able to access Skillport to search for other books that may be helpful.
VitalSource E-Text
SkillSoft and Books 24x7
Pacing Guide
The pacing guide suggests a weekly structure to pace your
completion of learning activities. It is provided only as a
suggestion.
Other Resources:
WGU Library
Student Success
Center WGU Writing
Center
NIST Special Publication 800-53
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
HIPAA Security Rule Overview
http://library.ahima.org/doc?oid=300262#.V0-GnVI3sZx
+++++++++++++++++++++++++++++
, Task 1
Introduction:
Due to policy changes, personnel changes, systems changes, and audits it is often
necessary to review and revise information security policies. Information security
professionals are responsible for ensuring that policies are in line with current industry
standards.
Scenario
Heart-Healthy Insurance Information Security Policy
You are the manager of the information security analyst team for a large health insurance
company. Your supervisor has asked you to review and provide recommendations for
changes to the company’s information security policy. The intent of this review is to ensure
that the policy complies with current regulatory requirements, obtains the benefits of
industry specific standards, utilizes a recognized framework, is relevant for your company,
and meets the requirements of all relevant regulations and standards. The review’s outcome
should be to recommend modifications to the policy to ensure alignment with relevant
regulatory requirements.
The policy is a large document that discusses confidentiality, integrity, and availability
across the spectrum of the electronic information systems that your company utilizes.
Among the services that your company provides are patient-history evaluations for chronic
illness indicators, insurance rate underwriting, paying claims to healthcare providers,
accepting premium payments from employers, and accepting copayments from claimants.
In addition to regulatory requirements, the U.S. Department of Health and Human Services
(HHS) has set some national standards for identification of employers, providers,
transactions, procedure codes, and place of service codes.
The company you work for holds information that is protected by regulatory requirements.
This information includes individual privacy information, personal health information,
financial information, and credit information. Information about employees and patients,
also known as demographics, contain personally identifiable information, which is covered
under the U.S. Federal Privacy Laws. Health information that is personally identifiable, also
known as PHI, is required to be protected under HIPAA and HITECH. Because the company is
an insurance company the government classifies the company as a financial institution, it is
required to comply with the GLBA. Also, the company takes credit cards to pay for
premiums and deductibles and consequently must be PCI-DSS compliant. Of greatest
concern to your supervisor are the sections of the policy that stipulate how a new user is
provided access to information systems and the password requirements for those systems.
New Users
The current new user section of the policy states:
“New users are assigned access based on the content of an access request. The submitter
must sign the request and indicate which systems the new user will need access to and what
level of access will be needed. A manager’s approval is required to grant administrator level
access.”
Password Requirements
The current password requirements section of the policy states:
“Passwords must be at least eight characters long and contain a combination of upper- and
lowercase letters. Shared passwords are not permitted on any system that contains patient
information. When resetting a password, users cannot reuse any of the previous six
passwords that were used. Users entering an incorrect password more than three times will
be locked out for at least 15 minutes before the password can be reset.”
Task:
and Overview.
Overview of TFT2 - Cyberlaw, Regulations, and Compliance
Course Mentors
Yolanda DuPree, ext 2067,
Bryan Jensen, ext
1956, Ronald
Mendell, ext 5963,
Performance Assessment
Seven (7) Weeks to complete COS / Four (4) Tasks
Refer to Rubric (in Taskstream) for Tasks Requirement Details
Tasks – submit via Taskstream
You should submit your first attempt of each task on your own. If
your task is returned by the grader and you need help in revising
your task, please contact your Course Mentor.
• When using sources to support ideas and elements in an assessment, the
submission MUST include APA formatted in-text citations with a corresponding
reference list for any direct quotes or paraphrasing. It is not necessary to list
sources that were consulted if they have not been quoted or paraphrased in
the text of the assessment.
• No more than a combined total of 30% of a submission can be directly
quoted or closely paraphrased from sources, even if cited correctly. No more
than 10% can come from a single source.
• To prove competency:
• Task 1 - Students must make a score of 2.0 for each section of the rubric.
• Task 2 - Students must make a score of 2.0 for each section of the rubric.
• Task 3 - Students must make a score of 2.0 for each section of the rubric.
• Task 4 - Students must make a score of 3.0 for each section of the rubric.
Learning Resources (LR)
Be sure to obtain your LRs. To download these documents, navigate to the
“Learning Resources” link, under the Preparing for Success. (Left side of page –
menu). See screen print below. You should see the login credentials near the
bottom of the page. Save these documents, as you will need them again for your VLT2
course.
SO/IEC 27002 Standard
Enroll in the ISO/IEC 27002 learning resource. Below are instructions
regarding how to download the documents. You will see this in your COS.
,Automatically Enrolled Resources
You will access materials within these LRs, as they are linked throughout your COS.
You may be prompted to log in to the WGU student portal to access the resources.
You are able to access Skillport to search for other books that may be helpful.
VitalSource E-Text
SkillSoft and Books 24x7
Pacing Guide
The pacing guide suggests a weekly structure to pace your
completion of learning activities. It is provided only as a
suggestion.
Other Resources:
WGU Library
Student Success
Center WGU Writing
Center
NIST Special Publication 800-53
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
HIPAA Security Rule Overview
http://library.ahima.org/doc?oid=300262#.V0-GnVI3sZx
+++++++++++++++++++++++++++++
, Task 1
Introduction:
Due to policy changes, personnel changes, systems changes, and audits it is often
necessary to review and revise information security policies. Information security
professionals are responsible for ensuring that policies are in line with current industry
standards.
Scenario
Heart-Healthy Insurance Information Security Policy
You are the manager of the information security analyst team for a large health insurance
company. Your supervisor has asked you to review and provide recommendations for
changes to the company’s information security policy. The intent of this review is to ensure
that the policy complies with current regulatory requirements, obtains the benefits of
industry specific standards, utilizes a recognized framework, is relevant for your company,
and meets the requirements of all relevant regulations and standards. The review’s outcome
should be to recommend modifications to the policy to ensure alignment with relevant
regulatory requirements.
The policy is a large document that discusses confidentiality, integrity, and availability
across the spectrum of the electronic information systems that your company utilizes.
Among the services that your company provides are patient-history evaluations for chronic
illness indicators, insurance rate underwriting, paying claims to healthcare providers,
accepting premium payments from employers, and accepting copayments from claimants.
In addition to regulatory requirements, the U.S. Department of Health and Human Services
(HHS) has set some national standards for identification of employers, providers,
transactions, procedure codes, and place of service codes.
The company you work for holds information that is protected by regulatory requirements.
This information includes individual privacy information, personal health information,
financial information, and credit information. Information about employees and patients,
also known as demographics, contain personally identifiable information, which is covered
under the U.S. Federal Privacy Laws. Health information that is personally identifiable, also
known as PHI, is required to be protected under HIPAA and HITECH. Because the company is
an insurance company the government classifies the company as a financial institution, it is
required to comply with the GLBA. Also, the company takes credit cards to pay for
premiums and deductibles and consequently must be PCI-DSS compliant. Of greatest
concern to your supervisor are the sections of the policy that stipulate how a new user is
provided access to information systems and the password requirements for those systems.
New Users
The current new user section of the policy states:
“New users are assigned access based on the content of an access request. The submitter
must sign the request and indicate which systems the new user will need access to and what
level of access will be needed. A manager’s approval is required to grant administrator level
access.”
Password Requirements
The current password requirements section of the policy states:
“Passwords must be at least eight characters long and contain a combination of upper- and
lowercase letters. Shared passwords are not permitted on any system that contains patient
information. When resetting a password, users cannot reuse any of the previous six
passwords that were used. Users entering an incorrect password more than three times will
be locked out for at least 15 minutes before the password can be reset.”
Task:
