HIPAA specifies pаrticulаr medicаl technоlоgies fоr each of the security requirements to ensure the privacy of the health-care information.
Yоu hаve been hired by the BIGSOCIAL (а Sоciаl Media firm). The cоmpany provides global services to customers via numerous web based applications. Selected usage data will be provided in real time to third party sites, where it will be presented to the user, or accessed by appliances at the customers’ home for display. a) Discuss the confidentiality and integrity policies that should be associated with the data and messages in such a system (i.e. what kinds of principals access data in such a system, what kinds of data and messages exist in the system and for each class of data, which principals should have what kinds of access). b) On Monday, a company Database Administrator, observes the CSO make a copy of the customer data file and market research data file onto a non-company USB. The CSO announces on Friday afternoon that they are leaving to explore other interests. The Database Administrator never mentioned the copying to the USB drive to anyone, should he raise the issue now? What party or parties might he talk to (if he elects to communicate)? c. Suggest an approach for implementing the authentication mechanism and define the type of testing necessary to ensure that the data is protected.