Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

Discussion Board Peer Responses

Please see attachment 

Discussion Board Peer Responses

In responding to your peer’s posts, be sure to do the following:

• Ask at least one relevant question regarding their example scenario
and the roles defined within their RACI matrix.

• Discuss similarities and differences between your approach and that
of your peers; be sure to explain your line of thinking.

Peer 1:

Nathaniel

I used scenario 1 where in a healthcare organization, there is a need to
manage patient data securely, but beyond HIPAA, there are no explicit
regulations guiding data privacy practices. While HIPAA has regulations
around what to protect and guidelines around what can be shared, the how
you protect it is more open to a companies discretion.

This is where using the RACI matrix can be very useful. It structures who is
responsible, accountable, consulted, and informed in the development and
implementation of securing of sensitive data. From personal experience,
when there is a breakdown in following RACI matrix and including all
responsible parties, either a product is unable to be delivered or it does not
meet the business needs. For example, in one of my roles a business analyst
(responsible party) met with the customer without the developers (also
responsible party). The business analyst proceeded to tell the customer how
the application could be built, not realizing the data could not be brought
together the way they had described to the customer. This caused multiple
additional meetings and design sessions to get the customer to accept what
actually could be done vs what they had initially been offered. This same
scenario would apply when it comes to safeguarding data by designing the

application properly. A business analyst would not want to meet with a
customer, gather requirements, and commit to the customer what can be
done without including other responsible/accountable parties first. This will
ensure that the data the customer wants follows security guidelines and is
actually available to the customer.

For responsible parties you would have roles such as business analysts and
developers, those that get the work done. For accountable parties you can
have roles such as product owners and project managers, ones that make
sure responsible parties are meeting deadlines and that the project is
completed. For consulted parties you would have roles such as information
security and cybersecurity, making sure the project meets legal/security
guidelines. With how critical legal/security rules are, the consulted parties
would be involved throughout the process and help avoid rework for
developers. Finally you have the informed parties such as business owners
and stakeholders, ones that typically see the big picture of the project and
need to be kept in the loop on the milestones being met.

When there are no guiding regulations about handling sensitive data, start
by questioning if just because something can be done, should it. You can
use data to present the facts in a way that fits your narrative but not
entirely true, which would not be ethical and can result in poor decision
making. There is also the opportunity for data misuse, such as using data
collected in new ways. While this may not be a legal concern, it could be an
issue with how customers perceive it. Someone else had mentioned in their
post a couple weeks ago about Google actually gathering data when
someone is using incognito. This damaged customer trust, which is one of
the hardest things to get back.

Peer 2

Dan

In an e-commerce company that operates in a jurisdiction with limited regulations, accountability,
and responsibility is paramount when handling customer data. The Responsible-Accountable-
Consulted-Informed (RACI) matrix can be vital to keep employees informed on their roles in the
data handling process from the beginning to the final task. One of the main stipulations of the
RACI matrix is that “to foster accountability, tasks should not have more than one A entry in the
matrix to avoid diffusion of responsibility” (Ucertify, 2023). Essentially, by keeping one person
assigned to the A role for each task, the accountability lies solely on them and the blame cannot
be passed around if things fail. The other 3 roles are equally as important, as R is assigned to
people who will do the task, and C is for those who provide insight. I is for employees who will be
informed about the task but will not participate in its completion.

For the example of an e-commerce company, a few examples of individuals/departments
that may be involved in the matrix include a Data Protection Officer (DPO), Information Technology
department (IT), legal counsel, and management. One common task that could be used an
example as of where their RACI matrix responsibilities lie would be the collection of data. The IT
department would be assigned with the R role and be responsible for ensuring the system
collecting the data is secure and safe. The DPO would have the A role and be accountable for the
collection of the data and whether it follows the limited regulations that are in place and that
customer data is being protected. The legal counsel will be the C in the matrix as they will be
consulted by the prior two groups on how to set up the data collection systems per the pre-
established rules and regulations. The final part of the matrix is the I and that belongs to
management who will be informed of the process and success or lack thereof by the previous three
groups in regards to the task at hand.

In this example, because there are limited regulations that are currently in place, it can be
helpful to look at outside resources that can help guide the handling of sensitive data. One such
source is the General Data Protection Regulation (GDPR). While the GDPR may only be in place for
companies residing or doing business in the EU, it provides a great framework for businesses
outside of the EU to follow and build their specific regulations around it. Other industry best
practices can also be followed and consultation from a legal team who specializes in such
information can be invaluable.

References

Ucertify. (2023). Dat-250-14280: Certified Ethical Emerging Technologist. Lesson 8.

Ucertify.

  • Nathaniel

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

VIII

see attached Prepare a three- to four-page essay that addresses the following questions. · Which emerging threat (e.g., cyberterrorism, domestic violent extremism, AI misuse) do you believe poses the greatest long-term risk to homeland security, and why? · How can homeland security professionals balance innovation with ethical responsibility? · How

HLS VII

see attached Policy Memo: Rising Terrorist Threat This writing assignment measures your mastery of ULOs 1.1, 1.2, 1.3, and 4.2. In this assignment, you will craft a professional policy memorandum advising a senior government official (e.g., Secretary of Homeland Security, State Homeland Security Advisor, or Governor) on how to respond

In-the-Wild Studies

 In a field study or an in-the-wild study, how can designers ensure they acquire accurate data concerning the product? Briefly describe some concerns associated with properly conducting field studies. 

Evaluation Methods

  Overview In this activity, you identify methods to evaluate your application interface that align with stated requirements and specifications. This activity will inform next week’s assignment, where you are asked to create an evaluation plan for your application. Instructions Explain 5 appropriate ways or methods to evaluate your chosen

VII

see attached There are numerous artificial intelligence applications used in homeland security for defense, intelligence, diplomacy, surveillance, cybersecurity, and other areas in both the public and private sector. For this assignment, you will create a PowerPoint presentation which examines current and emerging artificial intelligence (AI) and machine learning technologies being

Formative and Summative Evaluations

 What are the differences between formative evaluations and summative evaluations? At which stage in product development do you believe that evaluations should use controlled settings instead of natural settings? Why? 

V HLS

see attached The Office of Innovation and Collaboration is the Department of Homeland Security (DHS) Science and Technology (S&T) Directorate’s conduit to a broad network of external partners. It provides the homeland security community outreach and access to partnerships with world-class subject matter experts, resources, and innovative tools. Discuss why

VI

see attached. For this assignment, you will develop a PowerPoint presentation consisting of 10 to 12 slides that examines one of the 16 critical infrastructure sectors designated by the U.S. Department of Homeland Security. You will explore key threats to the sector and its cybersecurity vulnerabilities. You will propose realistic

Information Systems IT assignment

Case Study Analysis — Jaguar Land Rover Cyberattack Assignment Overview In August 2025, Jaguar Land Rover experienced a ransomware and data exfiltration attack that forced a complete shutdown of IT and manufacturing systems across its global operations. This disruption caused significant financial losses and supply chain delays. Analyze the incident

V

see attached For this discussion, reflect on how the United States has approached intelligence sharing since 9/11 and consider whether the balance between security and individual rights has been successfully maintained. Think about the roles that fusion centers, joint terrorism task forces (JTTFs), and local law enforcement play in identifying

excel

c ase study – Survey Analysis This case study will grant you the opportunity to utilize your critical thinking and data analysis skills. In business, surveys are often a common way to gauge consumer sentiment. In the provided data set, you will analyze Excel data gathered from a customer satisfaction

IV

see attached. In this unit’s lesson, we explored constitutional law, civil liberties, and ethical decision-making in homeland security. These issues become especially acute during large-scale disaster scenarios, where federal and local agencies are called upon to make time-sensitive decisions under conditions of uncertainty, chaos, and public vulnerability. These actions must

4

see attached. Reflect on your beliefs regarding the ethical implications of the United States using unmanned aerial vehicles (UAVs) on foreign soil to counter terrorist attacks in defense of our own or foreign ally interests. How do you believe other nations perceive the United States’ use of UAVs to monitor

HIMS 655 ASS5

As a HIM director of a healthcare system, you have been assigned to lead a team of individuals to develop a rationale for a Health Data Governance Program. In your first team meeting the agenda is to discuss various aspects of successful Health Data Governance Program.  Discuss with your team

The Role of UX in Software Development

  Review this week’s assignment, Application Requirements and Specifications. Discuss the role that the user experience (UX) plays in the development of software requirements. How can UX considerations be effectively integrated into your Requirements and Specifications?

HLS III

see attached. For this assignment, select a disaster or terrorism incident (e.g., Hurricane Katrina, Hurricane Maria, Texas Winter Storm) and analyze how each phase of the emergency management cycle was executed. Additionally: · Evaluate FEMA’s role in support of both local and state agencies and associated legal frameworks. · Examine

3

See attached. In 2001, lone wolf terrorist and bioweapons expert Dr. Bruce Ivins, mailed several United States Postal Services (USPS) letters and parcels filed with anthrax spores to news media outlets, democratic senators, and others. This terrorist incident was considered a weapon of mass destruction (WMD) attack, as anthrax is

II

see attached. The United States homeland security enterprise is intentionally decentralized, relying on a complex interplay between federal and state agencies, local authorities, and community stakeholders. The National Incident Management System (NIMS), the National Response Framework (NRF), and the whole-community approach are designed to create integration and interoperability but not