Research Proposal on "Information Security Policy"
Research Proposal 10 pages (3320 words) Sources: 10 Style: APA
[EXCERPT] . . . .
systemic challenges that ChoicePoint is facing must be dealt with at a fundamental level, with major restructurings of processes, strategies, and systems to accomplish this change. Compounding these internal challenges are the need for staying aligned with and influencing as much as possible the legislation regarding personal data privacy. The many data breaches the company has experienced both internally and from fraudulent activity makes it a focal point of the U.S. Congress' efforts to reduce the risk of identity theft and violation of personal data access.In analyzing this case the legitimacy of the industry critic's concerns will be discussed, in addition to an assessment of existing processes and their impact on individual's privacy. Recommendations are also made with regard to legislative changes needed to protect individual privacy yet also allow enough latitude for the personal data industry to still respond to the needs of corporate and government customers.
ChoicePoint's Systemic Challenges
Having been formed as a spin-off from Equifax, ChoicePoint rapidly filled the unmet data needs of the insurance industry, concentrating on the data needs of the automobile and homeowner segments, two of the largest insurance segments in the U.S. Having initially developed credit reporting products for these segments at Equifax, ChoicePoint began as a company with a full suite of reports and data analysis services for the property and casualty (P&C) industry. Included in these services and data analysis products were risk assessment profiles, statistical analysis of claims reporting for financial forecasting and fraud prevention, and the continual refi
download full paper ⤓
In addition to its successful spin-off from Equifax, ChoicePoint has also been successful with the many processes required to completed mergers & acquisitions (M&a). With 50 total acquisitions as of the timeframe of this case study, many of which include Web 2.0-based technologies, ChoicePoint is well positioned to gain significant market share in all segments of its business as companies rely more on the Internet for interactive services. Templar and iMap are two examples of this type of acquisition on the part of ChoicePoint. Following these, the company acquired VitalCheck, which was based on an Internet platform that allow for birth, marriage, divorce and death certificates to be ordered online. Despite the ability to execute exceptionally well in M&a activities, the company still struggled with the integration of their expanding lines of business into a single platform of services that could be effectively governed. In this disconnect of services, databases, methodologies of data collection and analysis, the catalyst of ChoicePoints' many problems began to surface. In fact the entire personal data industry was suffering from a lack of integration across business units and also across data collection, analysis and representation methodologies as well. This was exacerbated in ChoicePoint due to the speed of acquisitions and the lack of governance at the corporate level. Further, there was no consistent data protection policy at ChoicePoint. Worse, ChoicePoint had not defined how it would be able to internally manage, audit and report on its own Information Security Management Systems Initiative (ISMS). This was a strategic liability not only ChoicePoint had but their competitors as well; leaving the entire industry prone to over-regulation by Congress. The essence of a scalable and security ISMS is illustrated in its ability to stay agile enough to respond to external factors influencing an organization yet strong enough to protect critical information assets (Bellone, Basquiat, Rodriguez, 2008). In effect the entire industry had invited criticism by not managing to audit and enforce ethical standards on its own. As the case study show, there is a very high certainty the U.S. Congress will enforce stricter and difficult-to-implement standards of ethical and privacy performance relative to the performance of companies in this industry than a comparable set as defined by the industry itself. That's because the industry has a much greater appreciation of its unique systems, standards, processes and requirements than the U.S. Congress. To ignore the need for self-regulation and more active ISMS initiatives including audits, the entire industry risked regulatory burdens that might force it to consolidate due to increased costs. Clearly Derek Smith needs to take the lead for the industry and provide a model for corporate governance including the development of ISMS initiatives that encompass audits. To just define audits however are not enough; Derek Smith needs to become the evangelist of the ISO 17799 standard for security management. He must also stress the fact that the successful implementation of an ISMS is also validated through a series of audit processes that are based on British Standard 7799 (BS7799) which serves as the basis for Information Security Management Standard (ISO17799) directly based on the British Standard, and ISO 27001, the International Standards Organization standard for ISMS installation and operations. Underscoring compliance to these standards (Brenner, 2007) is the need for defining a strategic governance, risk and compliance (GRC) plan. Of the many aspects of this plan, the critical component is the need for periodic internal audits to ensure an organization stays in compliance with the ISO standards (Da Veiga, Eloff, 2007). To avert the over-regulation of the industry, Derek Smith must become the catalyst of change not only in his company but across the entire industry. To date there is no compliance in place to either standards within ChoicePoint or the industry, in addition to little if any self-regulation or auditing. Due to these factors, the privacy of individuals is seriously in jeopardy online and the industry critics are for the most part correct. There is a significant gap in the systems and processes needed for managing ISMS initiatives, plus the fact they need to tie into a broader and more strategic plan for governance, risk and compliance (GRC). What is in fact needed is a governance framework (Da Veiga, Eloff, 2007) in conjunction with ISMS initiatives so that lapses in security are far less likely to happen.
The Personal Data Industry Needs to Change
The Fair Credit Reporting Act (FCRA) revolutionized the credit and personal data industry, opening up credit for middle- and lower-income consumers, who became the greatest beneficiaries from this act (Streeter, 2003). In conjunction with the FCRA acting as a catalyst of growth in the industry, there was also the need for better and more accurate monitoring of activity as fraud escalated when greater availability of credit data occurred (Moye, 2006). Despite the growth of the personal data industry there was a complete lack of oversight in place, no industry-wide ISMS best practices or standards, and worst of all, now strategic planning for GRC at the chief executive or board of directors of level in any company in the industry. Not a single company had gone through an ISMS Implementation Cycle as a result of the lack of strategic governance in every company in the industry. As a result of these factors, sales of illegally obtained personal information flourished (Warren, 2007) leaving victims having to fend for themselves in many cases. Further, there had been discussions across the industry of using Generally Accepted Accounting Principles (GAAP) to counter the lack of process efficiency and lack of control monitoring (Prosch, 2008). The aggregate effect of the credit reporting laws becoming more attuned to allowing for credit to be granted to lower- and middle-income families had been embraced as a catalyst for industry growth yet had not served as an equally critical motivation for changing the governance, auditing and ISMS initiatives in the industry (Moye, 2006).
ChoicePoint's challenges also showed how the entire personal data industry value chain was in need of a complete re-vamping of processes and systems to ensure a higher level of data privacy was achieved. When considering the value chain, from the data providers, through the many agents and bankers who often re-sold bundles of ChoicePoint data through their own channels, it's clear that the entire industry had a complete lack of understanding regarding individual data privacy (Cole, 2004). The value chain for personal data has conflicting methodologies and analysis as well which further added to the potential of personal data being compromised as it was collected, analyzed, sold and re-sold (Cocheo, 2004).… READ MORE
Quoted Instructions for "Information Security Policy" Assignment:
Kindly provide a review of the assigned case study. Also, address the following questions: 1. How legitimate are the concerns voiced by the industry's critics? 2. To what extent is the industry a threat to individual's privacy? 3. As a privacy advocate, what legislative changes would you favor? 4. In Derek Smith's position, what would you recommend to the US Congress regarding regulation of the personal data industry? *****
How to Reference "Information Security Policy" Research Proposal in a Bibliography
“Information Security Policy.” A1-TermPaper.com, 2008, https://www.a1-termpaper.com/topics/essay/systemic-challenges-choicepoint/2494. Accessed 28 Sep 2024.
Related Research Proposals:
Security Policy Term Paper
Security Policy
IT Security Policy
The following security policy defines how strategic it resources and technologies are aligned to supporting organizational objectives and goals. Implicit in this security policy is… read more
Term Paper 4 pages (1080 words) Sources: 4 Topic: Computers / IT / Internet
Security Policy Term Paper
Computers and the Internet
Security Policies
Even though the significance of information security for businesses is more and more recognized, the difficulty of issues involved means that the size and… read more
Term Paper 4 pages (1313 words) Sources: 4 Topic: Business / Corporations / E-commerce
Security Policies Given the Highly Sensitive Nature Essay
Security Policies
Given the highly sensitive nature of the work at the company, what other actions might you add to this policy?
There are a number of different procedures that… read more
Essay 2 pages (749 words) Sources: 2 Topic: Computers / IT / Internet
Access Control in Information Security Research Paper
Access Control in Information Security
In the contemporary business environment, sensitive and confidential information have become the intangible assets that organizations use to achieve competitive advantages. Typically, accurate information and… read more
Research Paper 8 pages (2594 words) Sources: 10 Topic: Computers / IT / Internet
Security Policy Dr. Fossett's Dental Office Term Paper
Security Policy of a Dental Office
Information Technology Security for XYZ's Dental Office will be achieved by implementing these controls, policies, procedures and standards. This approved Security policy reflects the… read more
Term Paper 3 pages (1254 words) Sources: 0 Topic: Computers / IT / Internet
Sat, Sep 28, 2024
If you don't see the paper you need, we will write it for you!
We can write a new, 100% unique paper!