- Research the following items to assist in negotiating an appropriate risk assessment for Intuit, Inc.’s cloud-based applications project:
- Laws and regulations to consider when implementing security controls: In certain industries, these laws are mandatory and have legal consequences such as PCI DSS, HIPPA, FERPA, SOX, etc.
- Industry standards and what other competitors in the same business are doing, for example, “company ABC are implementing a 2-factor authentication and encryption so we’re doing it too”
- Ensure the following items are taken into consideration when negotiating:
- The company has reasonable protections in place for security of their information system.
- Budget, time, and resources (human resources; computer, network, and system resources) are allocated appropriately and utilized efficiently. The team needs to be able to measure the project’s success by creating a measurable matrix or KPIs.
- There a balance between security and convenience that won’t interrupt day-to-day activities.
- Information security policy is approved by upper management and enforced throughout the company (with the help of the IT department).
Write a summary of your research findings.
Field of study:
Sunday, January 30, 2022