APU Concept of Trust In Engineering Information Security Responses

**Need 250 word response with one cited reference** Jacobs (2015) points out that one definition of “trust” is: “Confidence in the integrity, ability, character, and truth of a person or thing (The American Heritage Dictionary, Houghton Mifflin, 1983). The majority of the time, personal information is recklessly sent around system to system without much thought put into the actions. We rely on credentials and cybersecurity to fulfill our security needs. Many of our actions are now completed digitally without ever physically see a person, but we “trust” this person because we sent the information to the correct email address. Trust in an organization must be handled differently. I believe that most important area to focus on is training. It is changing individual’s mindset form “trusting” everyone or everything to becoming more aware of the potential hazards. This is most likely why it is called information awareness. Many mistakes are made out of ignorance and are not intended to be malicious. This obviously excludes the always present danger of unauthorized access. Training all members of the organization, from the CEO to the janitor, will exhibit a sense of “trust.” This will provide everyone with the skillset of protecting information which builds trust within. Do not keep sensitive information laying around, send over untrusted networks, use external hard drives if feasible, always assume the information being sent over email could be viewed by a third party, etc. Based on securing the environment, I believe training is priority. This will create “trust” within the organization and working environment. Using proper protocols when sending information, being diligent in safeguarding information, and following company information security guidelines are important. It can be near impossible to regain “trust” when lost within an organization. The same actions are taken when customers loose “trust” in large corporations or banking institutions. They typically find alternatives and no amount of security will regain the “trust” that was lost. Matt References Jacobs, S. (2015). Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance (1st ed., Vol. 13). John Wiley & Sons. https://doi.org/10.1002/9780470947913. **Need 250 word response with one cited reference** In this week’s forum we are asked to discuss the concept of “trust” as it applies to information assurance. Stuart Jacob writes in Chapter 3 of his book _Engineering Information Security, The Application of Systems Engineering Concepts to Achieve Information Assurance_ that “trust is an ambiguous term, and we are better served by talking about specific security goals, objectives, and security services” (Jacobs, 2016). Information assurance differs from security assurance. According to Bishop “Security assurance or assurance is confidence that an entity meets its security requirements based on specific evidence provided by the application of assurance techniques” while information assurance refers to the ability to access information and preserve the quality and security of that information” (Bishop, 2018). The key to gaining and keeping trust is to continuously foster an environment where trust is valued and communicated to all stakeholders. I see having a privacy strategy as an important part of information assurance. Clients/customers have come to expect that their personally identifiable information (PII) will be safeguarded and that private information will not be shared without consent. Information security is critical in storing, processing, and managing PII data which can exist in both paper and electronic form. Many industries have legal or compliance requirements that require PII to be protected with additional security requirements. Even when a company is not legally responsible for safeguarding PII, they can suffer reputational damage in case of a data breach. “The ever increasing occurrence of data breaches involving personally identifiable information (PII) has contributed to billions of dollars of shareholder loss, millions of dollars of regulatory fines and an increased risk of identity theft for the individual’s whose sensitive data was exposed” (Tunggal, 2020). We have audit clients that are nonprofit hospitals. They would be subject to compliance with the Health Insurance Portability and Accountability Act of 1966 (HIPPA). Prior to HIPAA, there were no generally accepted set of security standards or general requirements for protecting health information in the health care sector. PII in a physical form is referred to as “protected health information” or PHI while electronic PHI is called e-PHI. PHI/ePHI is actually a subset of PII. We look for controls that ensure compliance and minimize exposure for PII as well as PHI/ePHI. Is there physical security for paper records as well as computerized records? We recommend collecting the least amount of personal data possible. Does the healthcare organization have a document retention and disposal policy; do they periodically review their PII holdings? Beyond policies and procedures, employee awareness training is also essential as employees must understand not only what constitutes PII/PHI but what they need to do to safeguard it. Regards, SueT References Bishop, M. (2018). _Computer Security [Art and Science]_ (2nd edition). Boston, MA: Addison-Wesley Professional. Jacobs, S. (2016). _Engineering Information Security, The Application of Systems Engineering Concepts to Achieve Information Assurance_ (2nd edition). IEEE Press, Institute of Electrical and Electronics Engineers, Inc. Hoboken, NJ: Wiley. Tunggal, A.T. (2020, February 19). What is Personally Identifiable Information (PII). _UpGuard Blog_. Retrieved from https://www.upguard.com/blog/personally- identifiable-information-pii

In case you have a similar question and need it answered for you just click Order Now. At Academizzed.com we have all the most qualified academic writers and tutors, for all your assignments, essays, cases studies, discussion posts, project proposals, research papers, discussion posts, nursing assignments, admission essays, blog articles, and other forms of academic work.