Fill in Order Details

  • Submit paper details for free using our simple order form

Make Payment Securely

  • Add funds to your account. There are no upfront payments. The writer will only be paid once you have approved your paper

Writing Process

  • The best qualified expert writer is assigned to work on your order
  • Your paper is written to standard and delivered as per your instructions

Download your paper

  • Download the completed paper from your online account or your email
  • You can request a plagiarism and quality report along with your paper
Posted on by admin

Effect of Legislation on Organizations

Project 1: Effect of Legislation on Organizations

Insert NameCSIA 412 6381

Introduction

The purpose of this paper is to provide an analysis of the effects of key takeaways from the Presidential Policy Directive 21, Executive Order, and the May 2011 Cyber Security Legislative Proposal on the Department of Health and Human Services. Specifically, this paper seeks to analyze and evaluate the effects of refining and clarifying functional relationship across the Federal Government, creating a baseline framework to reduce cyber risk to critical infrastructure, privacy and civil liberties, and critical infrastructure and cybersecurity. This paper is designed to provide an overview of the policies that accompany each key takeaway, the reason the takeaway was chosen, as well as the effects it has had on the Department of Health and Human Services since its inception.

Points of Analysis

The following points of analysis have been collected from the Presidential Policy Directive (PPD) 21, Executive Order (EO) 13636, and the May 2011 Cyber Security Legislative Proposal respectively. These particular points were chosen because of the effects each proposed action has not only on the entity that should be implementing it but also the effect it has on the whole nation when implemented improperly, or not at all.

Refine and clarify functional relationships across the Federal Government to advance the national unity of effort to strengthen critical infrastructure security and resilience (The White House, 2013).

This particular point of analysis was chosen because it highlights the need for systems to work together fluidly and without interruption. If there is an interruption in any system for any reason, this particular point highlights how that affects the government as a whole.

Baseline framework to reduce cyber risk to critical infrastructure (Obama, 2013).

Creating and maintaining a set of standards is imperative to every sector of business whether government, private, or public. By maintaining a set standard, organizations and individuals alike know what is required of them and the industry as a whole is advanced as all professionals are operating under the same system of expectations.

Privacy and civil liberties protections (Obama, 2013).

Risk management is imperative for any internet security program to be effective and functional. Without a risk management plan in place, organizations leave themselves open to various attacks that threaten the consumers they serve as well as the veracity of their services.

Critical infrastructure and cybersecurity plans (Cyber Security Legislative Proposal, 2011).

Much like risk management plans, a complete and active cyber security plan is essential to any organization because it means that the entity is protected and actively monitored. Without an active plan in place, the organization and all of it’s pertinent data is likely to be poached by outside parties.

Analysis/Research

Refining and clarifying relationships

The greatest relationship in place for the Department of Human and Health Services (HHS) as it pertains to the directives outlined in the EO is the relationship with the Office of Civil Rights (OCR). The oversight and management responsibilities as it pertains to the Security Act and HHS, provide OCR with the ability to perform regulatory audits, reconcile issues of noncompliance, and/or impose monetary penalties as deemed necessary (Salmon, 2013). According to Salmon’s (2013) report, however, OCR has failed to fully meet the requirements as outlined, thereby leaving various aspects of HHS’ internet security program vulnerable and at risk for greater threats. As HHS is part of the critical infrastructure of the national government, this leaves the national government open to threat as well. The purpose of refining and clarifying relationships was to instill a system of accountability and advisement in order to strengthen the nation’s infrastructure (The White House, 2013), and though oversight from OCR could have been an amazing asset for the department of HHS, because the responsibility has not been carried out, HHS suffers. As a result of OCR’s lack of routine and preventative audit, various vulnerabilities were identified in HHS’ system and HHS consequently failed various evaluation points of its own (Salmon, 2013). The original effect of this policy meant that HHS would no longer have to rely upon its own resources in order to identify potential threats, however the value of the policy is yet to be observed in this instance.

Baseline framework to reduce cyber risk to critical infrastructure

This mandate originally meant a complete overhaul of the HHS security framework as it now worked to not only be compliant with HIPAA guidelines and directives but also those that were not being instituted as the standard by government officials (Department of Health and Human Services, 2014 May). Addressing this particular mandate meant that HHS strengthened pre-existing relationships while simultaneously forming new ones as they worked in collaboration in order to create a resilient and efficient network. In particular, this mandate birthed a chain of monthly joint briefings which address cyber threats, ways to improve network security, as well as identifying and prioritizing federal resources for cybersecurity (Department of Health and Human Services, 2014 May).

Privacy and civil liberties protection

This area is the one in which HHS has received its hardest hit due to its lack of a risk management protocol and program. According to the evaluation completed by the GAO (2006), HHS lacked a significant amount of internet controls and network security. This lack of security, presents a large window of opportunity for outside parties to gain access to the system. In addition to not having clear and defined security and/or risk management protocol in place, HHS also did not have a fully operational internet security program, thankfully PPD-21 changed all of this. According the HHS website (2014 March), the PPD-21 prompted a series of security system strategic goals aimed at improving the system’s network as well as increasing the viability and security of pertinent data. PPD-21’s call for data security while also sharing information, caused HHS to evaluate their current practices and then move to enhance their current practices in order to support improvements in health as well as fight fraudulent activities (Department of Health and Human Services, 2014 March).

Critical infrastructure and cyber security plans

This final area of analysis is one that has affected HHS the most as it works to enhance its security program to meet the needs of its consumers. As outlined by Salmon’s (2013) evaluation and the evaluation completed by the GAO (2006), the HHS was extremely susceptible to attack from outside parties due to its lack of cybersecurity infrastructure. The growth and improvement from 2006 to 2013 can be measured from the comments made by Salmon versus the problems identified by the GAO. Though HHS still has a lot of work to do as it pertains to being compliance, the improvements made in response to the mandates created are noticeable. For example, though the HHS has still not fully implemented its program, there are pieces such as password protection, data encryption, and collaboration with various entities that have been put into place in order to ensure that the organization moves closer to compliance than it has been in the past (Department of Health and Human Services, 2014 March).

Conclusion

The purpose of any government mandate as it pertains to national security and the nation’s infrastructure is to provide a system of networks that function to improve the quality of service and life for the American people. The purposes of the various mandates addressed in this paper are to increase the stability of the government by strengthening collaboration between various entities, creating a standard of practice and protocol for cybersecurity professionals, protecting the privacy and civil liberties of consumers, and creating solid and well-developed cybersecurity plans. Though the Department of Health and Human Services has quite a ways to go before it is in full compliance with the components of each of the mandates, it has come progressed significantly from where it stood eight years ago.

References

Cybersecurity legislative proposal. (2011 May). Retrieved from https://learn.umuc.edu/d2l/le/content/47852/viewContent/2363913/View

Department of Health and Human Services. (2014 March 10). Strategic goal 4: Ensure efficiency, transparency, accountability, and effectiveness of HHS programs. Retrieved from: http://www.hhs.gov/strategic-plan/goal4.html

Department of Health and Human Services (2014 May 12). HHS activities to enhance cybersecurity. Retrieved from: http://www.phe.gov/Preparedness/planning/cip/Pages/eo13636.aspx

GAO. (2006). Department of health and human services needs to fully implement its program (GAO-07-267). Washington, DC. Retrieved from: http://www.gao.gov/new.items/d06267.pdf

Obama, B. (2013, February 19). Executive order 13636 – Improving critical infrastructure cybersecurity. Federal Register. 78(33). Retrieved from: https://learn.umuc.edu/d2l/le/content/47852/viewContent/2363928/View

Salmon, T.M. (2013). The office for civil rights did not met all federal requirements in its oversight and enforcements of the health insurance portability an accountability act security rule. Washington, DC. Retrieved from: https://oig.hhs.gov/oas/reports/region4/41105025.pdf

The White House. (2013, February 12). Briefing Room. Retrieved 01 22, 2015, from The White House: http://www.whitehouse.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil

ORDER A SIMILAR PAPER AND DELEGATE FULFILMENT OF YOUR ASSIGNMENT TO EXPERT ACADEMIC WRITERS. PLAGIARISM-FREE, GUARANTEED A, TIMELY DELIVERY.

strategic planning visioning session

WHAT OUR CURRENT CUSTOMERS SAY

  • Google
  • Sitejabber
  • Trustpilot
Zahraa S
Zahraa S
Absolutely spot on. I have had the best experience with Elite Academic Research and all my work have scored highly. Thank you for your professionalism and using expert writers with vast and outstanding knowledge in their fields. I highly recommend any day and time.
Stuart L
Stuart L
Thanks for keeping me sane for getting everything out of the way, I’ve been stuck working more than full time and balancing the rest but I’m glad you’ve been ensuring my school work is taken care of. I'll recommend Elite Academic Research to anyone who seeks quality academic help, thank you so much!
Mindi D
Mindi D
Brilliant writers and awesome support team. You can tell by the depth of research and the quality of work delivered that the writers care deeply about delivering that perfect grade.
Samuel Y
Samuel Y
I really appreciate the work all your amazing writers do to ensure that my papers are always delivered on time and always of the highest quality. I was at a crossroads last semester and I almost dropped out of school because of the many issues that were bombarding but I am glad a friend referred me to you guys. You came up big for me and continue to do so. I just wish I knew about your services earlier.
Cindy L
Cindy L
You can't fault the paper quality and speed of delivery. I have been using these guys for the past 3 years and I not even once have they ever failed me. They deliver properly researched papers way ahead of time. Each time I think I have had the best their professional writers surprise me with even better quality work. Elite Academic Research is a true Gem among essay writing companies.
Got an A and plagiarism percent was less than 10%! Thanks!
prevnext

ORDER NOW

CategoriesUncategorized

Consider Your Assignments Done

“All my friends and I are getting help from eliteacademicresearch. It’s every college student’s best kept secret!”

Jermaine Byrant
BSN

“I was apprehensive at first. But I must say it was a great experience and well worth the price. I got an A!”

Nicole Johnson
Finance & Economics

ORDER NOW

Our Top Experts

See Why Our Clients Hire Us Again And Again!


OVER

10.3k
Reviews

RATING
4.89/5
Average

YEARS
13
Mastery

Success Guarantee

When you order form the best, some of your greatest problems as a student are solved!

Reliable

Professional

Affordable

Quick

See our Results

ORDER YOUR ASSIGNMENT NOW

Using this writing service is legal and is not prohibited by any law, university or college policies. Services of Elite Academic Research are provided for research and study purposes only with the intent to help students improve their writing and academic experience. We do not condone or encourage cheating, academic dishonesty, or any form of plagiarism. Our original, plagiarism-free, zero-AI expert samples should only be used as references. It is your responsibility to cite any outside sources appropriately. This service will be useful for students looking for quick, reliable, and efficient online class-help on a variety of topics.