|There are two views of security which can seem incompatible. This assignment explores both.|
- One view is that compliance deals with the extent to which your operations comply with externally defined requirements, such as those imposed by laws (HIPAA, GLB etc.) or contract (PCIDSS as an example.) So, in this view, the objective is to provide assurance to management that the organization is following externally-originated requirements.
- Another view is that compliance reviews should focus on whether the company’s own policies and procedures are being complied with and not focus on external standards, regulations or laws.
I would like you to write a briefing paper for me to explain whether these two views can both be reconciled without undue duplication of effort. Feel free to do some Internet research to back your opinions.
- Your paper should not exceed 3 pages.
- Your paper should have a main text (not counting title pages and references list) of 1000-1250 words. Going beyond 1250 words is not recommended and probably means that you need to re-think your scope and tighten your presentation. Going below 900 probably means that you need more exposition or detail.
- Please submit as either a Microsoft Word or .pdf file. Please submit in 11-point Times New Roman font, double-spaced. 1-inch margins on top, bottom, left and right. Running heads are class name (left), page number (center) and your first initial and last name (right).