Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

Discussion Board Peer Responses

Please see attachment 

Discussion Board Peer Responses

In responding to your peer’s posts, be sure to do the following:

• Ask at least one relevant question regarding their example scenario
and the roles defined within their RACI matrix.

• Discuss similarities and differences between your approach and that
of your peers; be sure to explain your line of thinking.

Peer 1:

Nathaniel

I used scenario 1 where in a healthcare organization, there is a need to
manage patient data securely, but beyond HIPAA, there are no explicit
regulations guiding data privacy practices. While HIPAA has regulations
around what to protect and guidelines around what can be shared, the how
you protect it is more open to a companies discretion.

This is where using the RACI matrix can be very useful. It structures who is
responsible, accountable, consulted, and informed in the development and
implementation of securing of sensitive data. From personal experience,
when there is a breakdown in following RACI matrix and including all
responsible parties, either a product is unable to be delivered or it does not
meet the business needs. For example, in one of my roles a business analyst
(responsible party) met with the customer without the developers (also
responsible party). The business analyst proceeded to tell the customer how
the application could be built, not realizing the data could not be brought
together the way they had described to the customer. This caused multiple
additional meetings and design sessions to get the customer to accept what
actually could be done vs what they had initially been offered. This same
scenario would apply when it comes to safeguarding data by designing the

application properly. A business analyst would not want to meet with a
customer, gather requirements, and commit to the customer what can be
done without including other responsible/accountable parties first. This will
ensure that the data the customer wants follows security guidelines and is
actually available to the customer.

For responsible parties you would have roles such as business analysts and
developers, those that get the work done. For accountable parties you can
have roles such as product owners and project managers, ones that make
sure responsible parties are meeting deadlines and that the project is
completed. For consulted parties you would have roles such as information
security and cybersecurity, making sure the project meets legal/security
guidelines. With how critical legal/security rules are, the consulted parties
would be involved throughout the process and help avoid rework for
developers. Finally you have the informed parties such as business owners
and stakeholders, ones that typically see the big picture of the project and
need to be kept in the loop on the milestones being met.

When there are no guiding regulations about handling sensitive data, start
by questioning if just because something can be done, should it. You can
use data to present the facts in a way that fits your narrative but not
entirely true, which would not be ethical and can result in poor decision
making. There is also the opportunity for data misuse, such as using data
collected in new ways. While this may not be a legal concern, it could be an
issue with how customers perceive it. Someone else had mentioned in their
post a couple weeks ago about Google actually gathering data when
someone is using incognito. This damaged customer trust, which is one of
the hardest things to get back.

Peer 2

Dan

In an e-commerce company that operates in a jurisdiction with limited regulations, accountability,
and responsibility is paramount when handling customer data. The Responsible-Accountable-
Consulted-Informed (RACI) matrix can be vital to keep employees informed on their roles in the
data handling process from the beginning to the final task. One of the main stipulations of the
RACI matrix is that “to foster accountability, tasks should not have more than one A entry in the
matrix to avoid diffusion of responsibility” (Ucertify, 2023). Essentially, by keeping one person
assigned to the A role for each task, the accountability lies solely on them and the blame cannot
be passed around if things fail. The other 3 roles are equally as important, as R is assigned to
people who will do the task, and C is for those who provide insight. I is for employees who will be
informed about the task but will not participate in its completion.

For the example of an e-commerce company, a few examples of individuals/departments
that may be involved in the matrix include a Data Protection Officer (DPO), Information Technology
department (IT), legal counsel, and management. One common task that could be used an
example as of where their RACI matrix responsibilities lie would be the collection of data. The IT
department would be assigned with the R role and be responsible for ensuring the system
collecting the data is secure and safe. The DPO would have the A role and be accountable for the
collection of the data and whether it follows the limited regulations that are in place and that
customer data is being protected. The legal counsel will be the C in the matrix as they will be
consulted by the prior two groups on how to set up the data collection systems per the pre-
established rules and regulations. The final part of the matrix is the I and that belongs to
management who will be informed of the process and success or lack thereof by the previous three
groups in regards to the task at hand.

In this example, because there are limited regulations that are currently in place, it can be
helpful to look at outside resources that can help guide the handling of sensitive data. One such
source is the General Data Protection Regulation (GDPR). While the GDPR may only be in place for
companies residing or doing business in the EU, it provides a great framework for businesses
outside of the EU to follow and build their specific regulations around it. Other industry best
practices can also be followed and consultation from a legal team who specializes in such
information can be invaluable.

References

Ucertify. (2023). Dat-250-14280: Certified Ethical Emerging Technologist. Lesson 8.

Ucertify.

  • Nathaniel

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

Policy Politics

Assignment: Multimedia Keynote Presentation Objective: to evaluate the student’s knowledge of being politically competent as a health care leader and to build his or her online presentation skills You are a senior health care leader working at a prominent hospital in Chicago. You have been asked to speak at the

III

see attached. For this assignment, you will write a critique of the article “9/11: Look Back and Learn,” which appears in the Required Unit Resources section of this unit. Your article critique must address the components listed below. · The article’s premise, significant points in support of the premise, and

Technology and Ethics

· Please read all of the instructions and review the linked documents at the end of the assignment. You will need to use the paper template for your paper. · Assignment purpose: · As technical professionals, we are often called to research and report on topics associated with our projects.

ITEC final powerpoint

   TOPICS TO DISCUSS: PROJECT STAKE HOLDERS, CHANGE MANAGEMENT, PROJECT PROCUREMENT MANAGEMENT PLANNING. (POWERPOINT MUST INCLUDE PRESENTER NOTES)

Unit IV

See attached Unit IV Journal In what ways have telecommunications and networks transformed organizational strategies, particularly in the realms of data management and information security? Provide specific examples and explain the importance of telecommunications technology in organization. How should organizations adapt their strategies to leverage these advancements while mitigating associated

Unit III

See attachment Unit III Case Study It is important to understand what information systems are and why they are essential for running and managing a business. It is also important to understand the different systems that support different groups or levels of management. In addition, digital technology and the Internet

DB 2

See Attached Discussion Board 2 • Your initial post should be at least 300 words in length. • Your initial post should include at least one APA-formatted scholarly, professional, or textbook reference with accompanying in-text citation to support any paraphrased, summarized, or quoted material. There has been much legal activity

power point

 Using your GA2 project plan as a basis, you are to create a 20-minute slide show presentation for your clients, as if you were ‘selling’ your product/service. 

Operating System Host Firewalls

  There are many recommendations, guidelines, and best practices for firewall management. Some argue that an operating system’s host firewall software may offer sufficient security. Therefore, they suggest, all options should be evaluated before discounting the operating system’s host firewall software. List and explain five typical firewall guidelines or best

ITEC

procurement management Choose a project with a relatively simple description (building a LAN, designing a web page, inventing a new communication device, etc.).  Which type of contract structure (Fixed total price, Fixed unit price, Fixed price with incentive, Fixed fee with price adjustment) and what procurement documents (Request for Proposal,

VIII

see attached. What kind of steps would you take to illustrate how an organization could use the Cybersecurity Framework to create a new cybersecurity program or improve an existing program. What are some of the key messages and ideas that you will take away from this course? What surprised you

Design a web frame

Based on the site map I give you have to be able to design a web frame. Prompt given: After you’re done with your Site map, the next step for your term project is to design wireframes based on your site map. Use any drawing tools, such as Visio or

public finance

Module 1 Assignment Details · Due Sunday by 11:59pm   Weekly Objectives Students will: · Define public administration and why it is important. · Define and explain key terminology related to public budgeting and finance administration.  · Differentiate between the four stages of public budgeting (preparation, approval, execution, and audit/evaluation) and describe their

VII

see attached. CybersecurityPolicies Without Borders This assignment measures your mastery of ULOs 2.1, 2.2, 2.3, 5.3, and 6.2. Unlike countries, the Internet is not confined to specific national borders or geopolitical boundaries defying traditional governance. Perform research in the CSU Online Library and the Internet, and answer the following questions:

Information Systems VI Aassignment

see attached. Course Textbook(s) Lewis, T. G. (2020). Critical infrastructure protection in homeland security: Defending a networked nation (3rd ed.). Wiley.

power point

Video Presentation As a synthesis of the prior five weeks, each student will create an informational video presentation. The video presentation must be a Senior Executive Level presentation to a real world company/organization. If students are unfamiliar with that style of presentation, they are to research it.  Application of Learning:

V

see attached During the Bush and Obama administrations and because of 9/11, the Department of Homeland Security (DHS) assumed lead responsibilities for many of the CIKR sectors assigning Sector-Specific Agencies (SSAs) to establish sector-specific protocols for protection. However, most of these sectors have the DHS as its SSA. Under this

IV Journal

see attached. Should the private sector be proactively involved in all phases of preparedness for attack avoidance (either physical or cyber-based) or should the private sector act solely as a resource when called upon by the public/government sector? Why, or why not? Your journal entry must be at least 200