Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

Discussion Board Peer Responses

Please see attachment 

Discussion Board Peer Responses

In responding to your peer’s posts, be sure to do the following:

• Ask at least one relevant question regarding their example scenario
and the roles defined within their RACI matrix.

• Discuss similarities and differences between your approach and that
of your peers; be sure to explain your line of thinking.

Peer 1:

Nathaniel

I used scenario 1 where in a healthcare organization, there is a need to
manage patient data securely, but beyond HIPAA, there are no explicit
regulations guiding data privacy practices. While HIPAA has regulations
around what to protect and guidelines around what can be shared, the how
you protect it is more open to a companies discretion.

This is where using the RACI matrix can be very useful. It structures who is
responsible, accountable, consulted, and informed in the development and
implementation of securing of sensitive data. From personal experience,
when there is a breakdown in following RACI matrix and including all
responsible parties, either a product is unable to be delivered or it does not
meet the business needs. For example, in one of my roles a business analyst
(responsible party) met with the customer without the developers (also
responsible party). The business analyst proceeded to tell the customer how
the application could be built, not realizing the data could not be brought
together the way they had described to the customer. This caused multiple
additional meetings and design sessions to get the customer to accept what
actually could be done vs what they had initially been offered. This same
scenario would apply when it comes to safeguarding data by designing the

application properly. A business analyst would not want to meet with a
customer, gather requirements, and commit to the customer what can be
done without including other responsible/accountable parties first. This will
ensure that the data the customer wants follows security guidelines and is
actually available to the customer.

For responsible parties you would have roles such as business analysts and
developers, those that get the work done. For accountable parties you can
have roles such as product owners and project managers, ones that make
sure responsible parties are meeting deadlines and that the project is
completed. For consulted parties you would have roles such as information
security and cybersecurity, making sure the project meets legal/security
guidelines. With how critical legal/security rules are, the consulted parties
would be involved throughout the process and help avoid rework for
developers. Finally you have the informed parties such as business owners
and stakeholders, ones that typically see the big picture of the project and
need to be kept in the loop on the milestones being met.

When there are no guiding regulations about handling sensitive data, start
by questioning if just because something can be done, should it. You can
use data to present the facts in a way that fits your narrative but not
entirely true, which would not be ethical and can result in poor decision
making. There is also the opportunity for data misuse, such as using data
collected in new ways. While this may not be a legal concern, it could be an
issue with how customers perceive it. Someone else had mentioned in their
post a couple weeks ago about Google actually gathering data when
someone is using incognito. This damaged customer trust, which is one of
the hardest things to get back.

Peer 2

Dan

In an e-commerce company that operates in a jurisdiction with limited regulations, accountability,
and responsibility is paramount when handling customer data. The Responsible-Accountable-
Consulted-Informed (RACI) matrix can be vital to keep employees informed on their roles in the
data handling process from the beginning to the final task. One of the main stipulations of the
RACI matrix is that “to foster accountability, tasks should not have more than one A entry in the
matrix to avoid diffusion of responsibility” (Ucertify, 2023). Essentially, by keeping one person
assigned to the A role for each task, the accountability lies solely on them and the blame cannot
be passed around if things fail. The other 3 roles are equally as important, as R is assigned to
people who will do the task, and C is for those who provide insight. I is for employees who will be
informed about the task but will not participate in its completion.

For the example of an e-commerce company, a few examples of individuals/departments
that may be involved in the matrix include a Data Protection Officer (DPO), Information Technology
department (IT), legal counsel, and management. One common task that could be used an
example as of where their RACI matrix responsibilities lie would be the collection of data. The IT
department would be assigned with the R role and be responsible for ensuring the system
collecting the data is secure and safe. The DPO would have the A role and be accountable for the
collection of the data and whether it follows the limited regulations that are in place and that
customer data is being protected. The legal counsel will be the C in the matrix as they will be
consulted by the prior two groups on how to set up the data collection systems per the pre-
established rules and regulations. The final part of the matrix is the I and that belongs to
management who will be informed of the process and success or lack thereof by the previous three
groups in regards to the task at hand.

In this example, because there are limited regulations that are currently in place, it can be
helpful to look at outside resources that can help guide the handling of sensitive data. One such
source is the General Data Protection Regulation (GDPR). While the GDPR may only be in place for
companies residing or doing business in the EU, it provides a great framework for businesses
outside of the EU to follow and build their specific regulations around it. Other industry best
practices can also be followed and consultation from a legal team who specializes in such
information can be invaluable.

References

Ucertify. (2023). Dat-250-14280: Certified Ethical Emerging Technologist. Lesson 8.

Ucertify.

  • Nathaniel

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

LAB

See attached. Lab3: Defining a Security Policy Framework In this lab, you will research security policy frameworks. Next, you will determine the appropriate security policy definitions to mitigate specific risks, threats, or vulnerabilities. You will organize your results into a framework that can become part of a layered security strategy.

Health Information Tech

For this assignment discussion board, you will be selecting a specialty drug to research and share with the class.  After selecting a specialty drug, answer the following questions.  Remember, specialty drugs are high-cost drugs (more than $1,000/month) that treat rare chronic diseases. (Please make sure to include question numbers in

Discussion

What would be your approach to introduce potential information systems security (ISS) risks to management? Also, how could you enforce the security controls if policies were created based on your recommendations?  Course Textbook(s) Johnson, R., & Easttom, C. (2022). Security policies and implementation issues (3rd ed.). Jones & Bartlett Learning.

Health Insurance Exchange

See attached  Instructions For this assignment, you will research and analyze four insurance plans offered by a federally facilitated health insurance exchange (marketplace). Download the Excel “Health Insurance Exchange Assignment Template” which includes a completed submission example on one sheet and a blank template for you to complete. Part One:

cybersecurity

Page 1 of 1 Background In the past several years, the list of companies whose internal systems have been hacked has grown rapidly. Unfortunately, investment in security measures is only part of the answer. To be effective, managers in charge of cybersecurity need to adjust their mindsets and become as

Health

See attached instructions  Objectives  To gain familiarity with the Health Insurance Exchange (Marketplace) website (healthcare.gov).  To reinforce the process of “buying” insurance.  To understand the cost-sharing differences (or lack thereof) between plans.  To practice analysis of plans for decision making. Instructions For this assignment, you will

diagram types

  For this week’s discussion, we have decided to move forward with the software development. We are looking at some tools that allow us to better look at the upcoming project. There are several diagrams that all have different purposes of showing other things about the project. Of the following

CO

Capstone Design and Analysis of a Simple Computer System Objective: Students will design, simulate, and analyze the architecture of a simplified computer system, applying concepts from Stephen D. Burd’s materials such as the CPU, memory hierarchy, I/O, and instruction set architecture (ISA). Components: 1. System Design: . CPU Design: Create

error

Error Task  Introduction In this task, you will analyze and resolve duplicates and errors within a master patient index (MPI) in preparation for implementation into a health information exchange (HIE). Additionally, you will evaluate the quality of a data dictionary and create a presentation to summarize your findings.    The

Information Systems Assignment

See attached · Watch the video below: Using Microsoft Word, write two paragraphs total of at least 250 words each (more is acceptable) to address the following prompts: · 1st paragraph: What are the health care entities involved in Joey’s continuum of care?  Identify and describe these entities and the

CSIS 484

Discussion Thread: System Design and Interaction with God CSIS 484 Discussion Assignment Instructions The student will complete 2 standard Discussions in this course. The student will post one thread of at least 400 words by 11:59 p.m. (ET) on Thursday of the assigned Module: Week. The student must then post

Data models

Need to design Erwin and one one excel, data models.  1. star schema 2. Normalised 3. denotmalised i have attached two reports and I will need you to design the data models for  report A and report B. the attachments talk about the file layout for report a and report

Research

Healthcare settings  In this task, you will use a scenario and hypothetical data in a spreadsheet to identify and analyze trends from a healthcare setting. You will also create a memo that summarizes all your findings.    The purpose of this task is to recognize the impact of healthcare IT

Project Management

  The cost, time, and scope of a project are how the Project Manager controls a project. There are tools that are needed to help keep the project on time and on budget. If you are managing a large project, would you prefer Gantt charts or PERT/CPM charts to represent

Competencies

Please see attached details DAT 250 Project Two: Organizational Scenarios Scenario A: AmityTech Solutions (CCPA and GDPR) AmityTech Solutions is a well-established technical management company based in North America, providing comprehensive data management services to businesses across various industries. AmityTech specializes in offering secure data solutions, robust server infrastructure management,

Module 02 Course Project – Statement of Work and Project Plan

Table of Contents Introduction/Background 1 Scope of Work 2 Period of Performance 2 Place of Performance 2 Work Requirements 2 Schedule/Milestones 2 Acceptance Criteria 2 Other Requirements 2 Module 02 SOW [Insert Name] Network Administration Capstone Module 02 SOW [Insert Name] Network Administration Capstone 2 Introduction/Background Introduction/Background: The Statement of

Please see attached

Answer the following questions below with answers that states and justifies your position on the questions posted below. Support your ideas. Your post should be at least 500 words (maximum 550 words), formatted and cited in current APA style with support from at least 2 academic sources · What is