Hi. See attached
CYB 260 Project One Guidelines and Rubric Privacy Perspective CYB 260 Project One Guidelines and Rubric Privacy Perspective Overview In 2017, internet traffic was generated at a rate of 3,138,420 GB per minute (Domo, n.d.). As the technologies and techniques that are used to collect, catalog, and analyze the growing amounts of data become more powerful and widespread, the data we generate will play a progressively more important role economically, socially, and personally. With the expansion in the quantity and the possible uses of personal data, the risk to privacy has likewise risen drastically. The difficulty of categorizing information as public versus private (given specific contexts) and the elevated costs associated with the preservation of privacy only make the issue more complex. For this project, you will take a stakeholder role in a business on the forefront of a privacy issue. You will need to articulate a point of view that reflects your professional stance on privacy, the laws relevant to the issue, and the business implications of your recommendation. The project incorporates one milestone, which will be submitted in Module Three. The project will be submitted in Module Five. In this assignment, you will demonstrate your mastery of the following course competency: Articulate an informed position on contemporary issues of privacy and its relation to organizational mission Scenario In a previous module, your instructor provided you with the scenario that you used for the Project One Milestone. You will continue your analysis of this scenario for this project. You will situate yourself as an executive-level security consultant with the primary responsibility of advising senior management in cybersecurity matters. As a member of the internal stakeholder board for the proposal presented in the scenario, you will be able to offer essential input. Based on the information and resources from the scenario and your work from the milestone, prepare a memorandum to the internal stakeholder board specifying your position on the acceptability of the proposal in the scenario. Prompt You must address the critical elements listed below. The codes shown in brackets indicate the course competency to which each critical element is aligned. In a memo to the internal stakeholder board, defend your position on the proposed partnership. Your memo should address the balancing of privacy from the security practitioner's perspective alongside the corporate mission and business goals. 1 In your memo, be sure to address the following questions: I. Are the privacy laws sufficient to ensure that the sharing and use of data will meet the fair information practice principles of the organization? [CYB-260-02] II. What are the minimum privacy safeguards you would recommend be in place for the individuals’ control over their data? [CYB-260-02] III. In your opinion, is the proposal a good decision for the organization? Weigh the privacy considerations from a security practitioner’s perspective as well as the corporate mission and business goals in justifying your position. [CYB-260-02] Project One Rubric Guidelines for Submission: Your submission should be 1 to 3 pages in length and should use double spacing, 12-point Times New Roman font, and one-inch margins. Sources should be cited according to APA style. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_100_Project_One_Neo_Anderson.docx. Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value Privacy Laws [CYB-260-02] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Defends stance on the sufficiency of privacy laws in ensuring that the sharing and use of data will meet the fair information practice principles of the organization Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 30 Minimum Privacy Safeguards [CYB-260-02] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Recommends the minimum privacy safeguards to be in place for the individuals’ control over their data Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 30 Decision for the Organization [CYB-260-02] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Justifies a position on the acceptability of the proposal including considerations of the financial gains, customer expectations, and the corporate mission Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 30 Articulation of Response Submission is free of errors related to grammar, spelling, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to grammar, spelling, or organization Submission has some errors related to grammar, spelling, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to grammar, spelling, or organization that prevent understanding of ideas 10 Total 100% 2 Reference Domo. (n.d.). Data Never Sleeps 6.0. Retrieved from https://www.domo.com/learn/data-never-sleeps-6 3 https://www.domo.com/learn/data-never-sleeps-6 CYB 260 Project One Guidelines and Rubric Privacy Perspective Overview Scenario Prompt Project One Rubric Reference CYB 260 Module Three Worksheet CYB 260 Module Three Worksheet Complete the table below by filling in the three blank columns for each law. Law Briefly describe the law. Whose rights are covered by the law? Who in an organization is responsible for ensuring compliance with the law? Red Flags Rule Payment Card Industry Standards Children’s Online Privacy Protection Act (COPPA) Children’s Internet Protection Act (CIPA) Federal Information Security Management Act (FISMA) State Data Breach Notification Laws U.S. Constitution CYB 260 Project One Scenario One Fit-vantage Technologies is a quickly growing competitor in the personal fitness-tracking industry. As the company gets closer to launching its newest device, the Flame watch, the Fit-vantage executives have been approached by Helios Health Insurance Inc. to form a partnership. This partnership proposes a program allowing Helios subscribers to purchase a Fit-vantage Flame at a discount in exchange for access to the anonymous data collected from participating customers. An internal stakeholder board has been formed to determine whether the partnership is in the best interest of Fit-vantage. Discussions at the stakeholder meetings have raised the following questions for consideration: What are the concerns around the privacy of customer data, including the data of Helios subscribers and Flame owners who are not part of the Helios program? As health insurance companies are considered covered entities under HIPAA, what new legal compliance requirements does this partnership require? How profitable will this partnership be? What is the likely effect on the company’s value to stockholders? What effects will this partnership have on the current customer base? How would this partnership align with Fit-vantage’s mission and core values? In this scenario, you will assume the role of an executive-level security consultant with the primary responsibility of advising senior management in cybersecurity matters. Since you are a member of the internal stakeholder board for the proposed partnership, your input is essential. A customer survey and financial outlook have been prepared to help inform your recommendations. To complete this project, review the following documents, which have been provided by your instructor: Fit-vantage company profile, which contains the mission statement, core values, and a draft of the Fit-vantage privacy statement Financial outlook based on the Helios partnership Summary of the HIPAA Privacy Rule