1. Case Study #1: Are Privacy Impact Assessments (PIA) useful as a policy tool?
A client has asked your cybersecurity consulting firm
to provide it with a 2 to 3 page white paper which discusses the usefulness of Privacy Impact Assessments
(PIA) as a policy tool. The purpose of this white paper is to inform
attendees at an inter-agency workshop on writing Privacy Impact Assessments for their IT investments. These
assessments are required by the E-Government
Act of 2002 (See https://www.whitehouse.gov/omb/memoranda_m03-22)
and must be submitted to the Office of Management and Budget (OMB) each year by
agencies as part of their E-Government
Act compliance reports. OMB, in turn, forwards a summary of these reports
to Congress as part of the administration’s E-Government
Act Implementation Report (see https://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/final_fy14_e-gov_act_report_02_27_2015.pdf
Read / Review the Week 1 readings.
Research the requirements in federal law to
protect the privacy of individuals. Here are some sources that you may find
Exist for Enhancing Protection of Personally Identifiable Information (GAO-08-536)
Protecting the Confidentiality of Personally Identifiable Information (PII) (NIST
Research how Privacy
Impact Assessments are used by privacy
advocates and other members of the public who lobby lawmakers or otherwise
seek to influence public policy. Here are some sources to get you started:
three or more additional sources which provide information about best practice
recommendations for ensuring the privacy of information processed by or stored
in an organization’s IT systems and databases. These additional sources can
include analyst reports and/or news stories about recent attacks / threats,
data breaches, cybercrime, cyber terrorism, etc. which impacted the privacy of
individuals whose information was stored in federal IT systems and databases.
Write a two to three page
summary of your research. At a minimum, your summary must include the
introduction or overview of privacy which
provides definitions and addresses the laws, regulations, and policies which
require federal IT managers to protect the privacy of individuals whose
information is processed or stored in federal IT systems. This introduction
should be suitable for an executive audience.
separate section which addresses the contents of Privacy Impact Assessments and
how they are currently used by the federal government and members of society.
analysis of whether or not privacy impact
assessments provide useful information to privacy advocates, lawmakers, and
others who develop or influence privacy policies and laws in the United States.
Federal Officials who participate in the policy making process include: OMB
Staff, White House Staff, Congressional Committees and their staff members,
Members of Congress (Representatives & Senators).
A discussion of best practice recommendations
for ensuring the privacy of information processed by or stored in an
organization’s IT systems and databases. These recommendations should be well
supported by information from your research.
paper should use standard terms and definitions for cybersecurity and privacy.
The following sources are recommended:
ISACA Glossary http://www.isaca.org/pages/glossary.aspx
on Security and Privacy in Public Cloud Computing http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf
Submit For Grading
Submit your case study in MS
Word format (.docx or .doc file) using the Case Study #1 Assignment in your
assignment folder. (Attach the file.)
Use standard APA formatting for
the MS Word document that you submit to your assignment folder. Formatting
requirements and examples are found under Course Resources > APA Resources.
are expected to write grammatically correct English in every assignment that
you submit for grading. Do not turn in any work without (a) using spell check,
(b) using grammar check, (c) verifying that your punctuation is correct and (d)
reviewing your work for correct word usage and correctly structured sentences
and paragraphs. These items are graded under Professionalism and constitute 20%
of the assignment grade.
are expected to credit your sources using in-text citations and reference list
entries. Both your citations and your reference list entries must comply with
APA 6th edition Style requirements. Failure to credit your sources will result
in penalties as provided for under the university’s Academic Integrity policy.
You have been invited to participate in a “lightning round” presentation for a conference attended by federal government IT managers and staff. For this activity you must prepare a 3 to 5 paragraph briefing statement which answers the following questions. Use information from the weekly readings and Case Study #1.
1. What is a privacy impact assessment (PIA)?
2. Name and briefly describe 3 best practices for federal government IT managers who are charged with preparing a PIA.
3. Name and briefly describe 3 “worst” practices for protecting privacy of individuals whose information is collected, processed, transmitted, and stored in federal government IT systems and databases.
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
Name: Discussion Participation (Single Topic)