Evolving Challenges In Information Security Compliance

With the proliferation of computer-driven organizations and internet-based business information systems, the need for security has increased significantly. In addition, information security compliance is becoming a controversial issue among IT professionals. This paper aims to address the concerns arising from compatibility of security standards, compliance cost, certification approval and human involvement that affect compliance management. A unified approach to information security compliance is suggested for organizations seeking to build strong relationships across business and IT departments, improving in that way a company’s security value

Using Information Governance to Evaluate Patient Care in Amazon's One Medical

This paper explores the information governance (IG) maturity of Amazon's One Medical (AOM), a digital health and telehealth primary care organization. Combining Amazon's technology expertise with One Medical's healthcare services, AOM aims to transform healthcare through a human-centered, technology-powered model. However, successfully integrating Amazon's disruptive approach into the complex healthcare industry is challenging. To examine AOM's IG maturity, we compare and critique patient care in AOM against the ARMA Maturity Model and AHIMA's IGPHC framework. The study discusses the implications of telehealth on the doctor-patient relationship, rising roles of ancillary service teams, commoditization of healthcare, and potential monopolization. It also addresses security risks, compliance challenges, and the impact of technology on disadvantaged populations. Our analysis highlights the growing importance of information management in the evolving intersection between healthcare and technology and suggests potential areas for improvement in AOM's IG maturity.Comment: 26 pages, 1 figure, 3 table

Navigating Legal Implications: The Impact of Enhanced Smartphone Integration on Security in Organizational Networks

The escalating integration of smartphones within organizational frameworks has been driven by their augmented functionality, especially pertinent during the global pandemic. However, this surge in device utilization has concurrently amplified concerns surrounding security, as sensitive data becomes increasingly susceptible. In this context, the study conducted a survey to assess the security implications of smartphone integration while considering the legal aspects. The findings unequivocally substantiate the notion that smartphones pose substantial security risks, particularly when users stray from established protocols, potentially leading to legal consequences. Drawing from prior research emphasizing mobile devices' vulnerability, we advocate for a preemptive legal stance, suggesting the installation of anti-malware software on smartphones as a legally sound countermeasure. By doing so, organizations can thwart potential hacking endeavors, thereby not only fortifying network security but also mitigating legal liabilities and shielding sensitive information in compliance with relevant regulations. The implications of this study extend to organizational management and legal teams, enabling them to enact effective policies that reinforce network security and adhere to evolving legal challenges. This research underscores the significance of striking a balance between technological integration and safeguarding confidentiality within the boundaries of the law, offering essential insights for organizational resilience in an increasingly digitized landscape while avoiding legal pitfalls

Managing Controlled Unclassified Information in Research Institutions

In order to operate in a regulated world, researchers need to ensure compliance with ever-evolving landscape of information security regulations and best practices. This work explains the concept of Controlled Unclassified Information (CUI) and the challenges it brings to the research institutions. Survey from the user perceptions showed that most researchers and IT administrators lack a good understanding of CUI and how it is related to other regulations, such as HIPAA, ITAR, GLBA, and FERPA. A managed research ecosystem is introduced in this work. The workflow of this efficient and cost effective framework is elaborated to demonstrate how controlled research data are processed to be compliant with one of the highest level of cybersecurity in a campus environment. Issues beyond the framework itself is also discussed. The framework serves as a reference model for other institutions to support CUI research. The awareness and training program developed from this work will be shared with other institutions to build a bigger CUI ecosystem

The Impact of IT on Insurance of the Technological Industry

The insurance industry has undergone significant transformations due to the rapid advancement of information technology (IT); This paper explores the multifaceted impact of IT on the insurance sector, covering various aspects such as customer experience, operational efficiency, risk assessment, and data security. Through a comprehensive review of existing literature and industry trends, this paper highlights the ways in which IT has revolutionized insurance processes and business models.” Additionally, this paper delves into the paradigm shift brought about by Insurtech startups, which leverage the convergence of IT and insurance to offer innovative solutions like peer-to-peer insurance and usage-based coverage. These startups are reshaping industry dynamics and compelling traditional insurers to adopt digital innovations to remain competitive. Furthermore, the regulatory landscape and compliance considerations arising from technological disruption are explored. The challenges of navigating data privacy compliance and the collaborative efforts between regulators and industry players in shaping technological policies are discussed. Ethical considerations related to IT-driven insurance are also examined, emphasizing the importance of maintaining transparency, fairness, and accountability in decision-making. Ultimately, this research paper underscores the pivotal role of IT in shaping the insurance industry's future, As technology continues to evolve, insurers that strategically integrate IT tools are better positioned to provide innovative, customer-centric solutions while enhancing operational efficiency, risk assessment accuracy, and data security, By embracing IT-driven transformations, insurers can navigate challenges, tap into opportunities, and maintain a competitive edge in the dynamic and rapidly evolving landscape of the insurance sector

Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

Next Generation Cloud Computing: New Trends and Research Directions

The landscape of cloud computing has significantly changed over the last decade. Not only have more providers and service offerings crowded the space, but also cloud infrastructure that was traditionally limited to single provider data centers is now evolving. In this paper, we firstly discuss the changing cloud infrastructure and consider the use of infrastructure from multiple providers and the benefit of decentralising computing away from data centers. These trends have resulted in the need for a variety of new computing architectures that will be offered by future cloud infrastructure. These architectures are anticipated to impact areas, such as connecting people and devices, data-intensive computing, the service space and self-learning systems. Finally, we lay out a roadmap of challenges that will need to be addressed for realising the potential of next generation cloud systems.Comment: Accepted to Future Generation Computer Systems, 07 September 201