Topic 5 ReviewThis topic review is a tool designed to prepare st.docx
1. Topic 5 Review
This topic review is a tool designed to prepare students for the
Topic 5 Quiz. Instructors will grade the topic review for
completion. Save the topic review to your computer and submit
when complete.
When completing this review, answers should be in your own
words or quoted with quotation marks and be drawn from one of
the course readings (textbook and overview referenced below),
or other sources listed in the syllabus. Outside sources,
including internet sites, are not acceptable. When quoting and
paraphrasing, include all authors' last names for citations that
have multiple authors. For quoted citations, be sure to include
the page or paragraph number(s).
The quiz will be graded for accuracy, so take time to seek the
correct answers for this topic review before you attempt the
quiz. Once you start the quiz, do not exit the quiz until the
entire quiz is completed. Exiting out of the quiz before it is
complete may result in a zero grade.
Please type your answers below each question.
1. Summarize Romans 3:20-26.
2. Summarize Matthew 5:44.
3. How does the textbook interpret Matthew 18:21-35 and the
Christian’s ability to forgive others?
4. Describe the Christian view of salvation and how it differs
from the views of other religions.
5. What three words beginning with “R” used in the lesson and
overview summarize the gospel message?
6. Briefly summarize Isaiah 53:4-6.
3. Canyon University (Ed.), The beginning of wisdom: An
introduction to Christian thought and life (2nd ed.). Available
from http://gcumedia.com/digital-resources/grand-canyon-
university/2015/the-beginning-of-wisdom_an-introduction-to-
christian-thought-and-life_ebook_2e.php
Topic 5 Overview. (2017). CWV-101: Christian Worldview.
Phoenix, AZ: Grand Canyon University.
STP IG PROGRAM IMPLEMENTATION – PHASE 1
Student’s name
Institutional affiliation
Date
Abstract
The data revolution is at a peak in this century. In a corporate
world, an information governance (IG) program plays a key role
that creates a discipline by bringing people and tools together to
make the data work better for the business. In a data-driven
world, it’s having numerous metrics in place to measure and
validate the value of data and help manage the lifecycle of the
data through a certain set of standards and policies that helps us
to get the most out of it. To get most of the data benefits, we
must focus its completeness, correctness, relevance, timeliness,
consistent, meaningful and usability. In this project, we will
4. analyze the risk, opportunity, and threat of current
infrastructure of STP and build a road map to reduce STP’s
exposure to vulnerabilities by increasing the overall security
pro5le and reducing the risk profile
Team and Role Selection
According to (Smallwood, 2014), Information Governance
leverages technologies to enforce policies and procedures to
manage information which is risk in compliance with legal and
litigation demand which will be compliant to both external
regulatory requirementsand internal governance objectives. As
the first process in building information governance, I will
build a solid functional team, who can help me to achieve my
project objective. I will select the below 10 people to help me
with this IG project team.
· In-house Financial Analyst and Risk Manager
· Senior Records Manager
· IT Security Expert
· Overland Transport Manager
· Airway Transport Manager
· Overland Transport Manager
· Airway Transport Manager
· Southern Region General Manager (Houston, Florida)
· Western Region General Manager (San Diego, California
· Information Security Specialist.
5. For any data project whether it is big data, analytics or
information governance, understanding the core data and how it
currently resides, its correctness and completeness is the key to
success. So, I will take the help of transport managers and
records manager to understand the current process, risks, and
existing data repositories. For the analysis of the data, I will
take the help of financial analyst and risk manager for better
modeling perspective. Keeping the security expert and IT
security analyst will help me to do a current infrastructure study
and future feasibility analysis. They will help me to decode the
IT infrastructure, study its technological capability, file transfer
mechanisms and understanding renewals. Above all, I need the
SME support on information retention, sensitive data, and
process flow diagrams to better build an infrastructure. Both
western and southern regional managers are going to help me in
that process. They both will work as Business Data Architects
to guide the team in the gap analysis.
Research on State Data Retention and Privacy Laws
As data information grows, privacy rises significantly to be
critical. Current business face challenges of data privacy with
the growing list of regulations. Data protection laws have been
made to curb cybercrimes in general all over the world and data
protection given a priority. Several factors affect the recent
influx of several legislative activities that report security
breaches that compromise personal information. As STP is
doing its business in 3 major states in the USA like KY (STP
State home), CA and TX (STP primary hubs), it should comply
with the federal as well as these state laws when it comes with
information retention and privacy consideration.
Kentucky information retention and privacy laws:
As per KY revised status (18A.020), state that any civil
employee is permitted to examine her files and records if fully
pledged identification is done upon request. One is expected to
make a written response in line with the file on request which is
identified as the security measure placed on the file. These is
6. made so that if any unlawful practices are committed they may
be found without much hustle. Additionally, personal
information and records would be kept for a certain period of
time in the event that the employee is fired just in case the
details maybe needed in the specified period. The information is
therefore detained by the employer but still available to the
employer at any time of need until the date of termination, (KY
Commission on Human Rights Act-339.400).
California Information retention and privacy laws:
The California Consumer Privacy Act of 2018 was an initiative
formed by privacy advocates professional who sought to provide
consumers with visibility enter into groups that could control
their personal information collected and sold by businesses
maybe they were employed by, (”(California Consumer Privacy
Act, 2018). The initiative faced substantial opposition from the
technical industries despite its supporters and members signed
and qualified to be certified for the November ballot (Mathews,
2018).
Texas Information retention and privacy laws:
In Texas, there are number of laws and regulations in place
regarding document retention, privacy protection including tax
audit procedures by the Internal Revenue Service (IRS),
employment laws such as the Fair Labor Standards Act (FSLA).
In addition to these federal laws, numerous state and local laws
apply specifically to every business or organization. In 2011 the
State of Texas also adopted a new law specifically pointing
patent data privacy. The law, which will become active on
September 1, 2012, incorporates the definition of the term
“covered entity” in Texas’ existing health privacy law and could
have a broad impact on many non-HIPAA covered entities
(Lineman, 2012).
In-House counsel advises on project planning:
Despite these complex laws and limitations, it is possible to
create a useful and measurable set of goals for the legal
department of STP to proactively scoping risks to the
organization and its various business models and, more
7. importantly, taking steps to deal with those risks associated to
our project. We need to identify the grey areas after working
with different operational departments to broadly classify this
project scope or deliverable. Here are the things legal
department or in-house counsel to-do list to work on these laws.
· We will work with STP’s human resource team to review and
update company policies and employee agreements.
· Create process and a set of operations to effective manage
legal department budget and planning for better analysis and
spread awareness of IG
· Encourage company’s compliance health check periodically
working with different departments.
· Review company websites, processes, and procedures around
litigations and disruptive events.
· STP needs to encourage customer/client satisfaction survey
and engage closely with the business to identify key-
government related actions.
· Take/update an inventory of the company's intellectual
property and con5den'alinforma'on.
· Create a calendar of actions and improve the quality of data,
its archival procedures working closely with the legal
department of STP.
Identifying Risk Pro8les and Mitigation plans
The primary objective of an effective information governance
policy is to ensure we understand the associated risks well and
frame suitable controls to effectively manage all type of risks,
such that proper models are used to inform and influence
management’s decision-making process. There is a clear
business rationale for ensuring the control environment around
decision making is robust. There is also numerous external
stakeholder expectation that needs to be met and the Model
Governance Policy will also be designed to minimize the risk of
the parent-STP and partnering companies-ISAs. The framework
itself needs to be risk-based and aligned with the enterprise
Risk Management Strategy (RMS) to ensure an adequate
8. balance between the governing efforts and practical usability of
the governance policies.
The framework needs to cover the whole lifecycle of a typical
policy from its inception, use and model retirement. It describes
the positive effects of security and privacy, usability and
reputation on consumer trust in a web site in the online banking
context. Besides this, it also suggests that trust has a positive
effect on consumer commitment (Casalo’ et al., 2007). The risk
management should occur at every interval in the business
management cycle. Risk management is very vital task of
strategic and business planning and therefore, is embedded in
the monitoring and evaluation of performance (Miller, 2015).
Conclusion:
Effectiveness and future sustainability of STP depend on its
current IG plans. STP needs to comply with the set IG standards
all the time as it’s a customer support industry i.e. customers
being at the center of operation. The effectiveness of its ERM
Framework is subject to review by internal and external audit at
least annually to understand the vulnerability and all the
operational gaps. The results of this review should be reported
to the Business Risk Access and Control (BRAC) and the board
of directors. They should continue to be responsible for the
appropriate management of risks relating to non-compliant
operations. I strongly believe risk-related matters continue to be
reported and to adhere to the company’s RMS model code and
privacy protection policies. As a project manager, all these
above-said inputs and criteria are going to prove effective for
successful project execution and delivery.
Reference
Smallwood, R. F. (2019). Information governance: Concepts,
strategies, and best practices. Hoboken, NJ: John Wiley & Sons.
Kentucky Laws Requiring Retention of Employee Records. (KY
Human Rights, 2012). Retrieved from
9. https://louisville.edu/5nance/payroll/5les/kyreten'onlaws
Luis V. Casaló, Carlos Flavián, Miguel Guinalíu, (2007) "The
role of security, privacy, usability and Reputation in the
development of online banking", Online Information Review,
Vol. 31 Issue: 5, pp.583-603,
https://doi.org/10.1108/14684520710832315
Lineman, D. J. (2012, April 15). Data Protection Laws.
Retrieved from https://texasceomagazine.com/departments/data-
protec'on-laws/
Miller, S. (2015, June). Thomson Reuters Legal
Solution
s. Retrieved from https://store.legal.thomsonreuters.com/law-
products/news-views/corporate-counsel/in-house-counsel-to-do-
list-for-2016
Mathews, K. J. (2018, July 13). The California Consumer
Privacy Act of 2018. Retrieved from
https://privacylaw.proskauer.com/2018/07/ar'cles/data-privacy-
laws/the-california-consumer-privacy act-of-2018/
10. STP IG PROGRAM IMPLEMENTATION
–
PHASE 1
Student’s name
Institutional affiliation
Date
UNIVERSITY OF THE CUMBERLANDS
ITS 833 – INFORMATION GOVERNANCE
SEMESTER PROJECT – PHASE III
11. COMPANY DESCRIPTION FOR SECURITY TRANSPORT
PROFESSIONALS, INC.
Below is the same company description that you were given at
the beginning of Phase I. It has been reproduced herein below
simply as a matter of convenience for you as you complete
Phases II and III.
Security Transport Professionals Incorporated (STP), has its
home office located in Lexington, Kentucky and in addition has
more than 3,000 employees located in each of its branch offices
located in Houston, Texas and San Diego, California.
STP is primarily a nationwide freight hauler. Its customers are
comprised of major market retailers particularly in the medical
and pharmaceutical industry, the federal government, and
several state governments. STP operates a fleet of trucks and
private cargo planes that it uses to move “goods” belonging to
its customers from one destination to another across the
continental United States. Its fleet of truck carriers are located
in Lexington, Kentucky with it planes located in Louisville,
Kentucky.
STP carries and transports highly controlled, narcotics and
scheduled prescription drugs, toxic, radioactive, nuclear, and
12. top secret materials from one facility belonging to its customer
to another. The method of transport depends on the type of
cargo being hauled. In addition to hauling/forwarding its
customer’s products/goods, STP is required from time to time to
store its customer’s goods for brief periods of time. Two years
ago STP began contracting with a number of subcontractors
hereafter referred to as either “limited joint partners (LJPs)” or
“independent subcontractor alliances (ISAs)” for the purpose of
expanding its freight forwarding, storage, and delivery service.
Due to the confidential nature of the freight that it transports,
STP vets its employees, as well as any subcontractors (LJPs and
ISAs) that it engages.
STP’s business objectives and goals include the confidential,
safe and secure movement of its customer goods, from the
customer/distributor to the customer/distributor’s own client or
purchaser, or from one of its customer’s locations to another of
the customer’s locations in a timely and efficient manner using
cost-effective methods. Alternatively, STP may transfer this
responsibility to one of its limited joint partners (LJPs) or
independent subcontractor alliances (ISAs), if it is more cost-
effective and the income differential is within acceptable limits.
There are 3 LJPs with which STP had entered into contracts.
LJPs are corporate organizations in the same industry that offer
13. essentially the same services as STP, and who are generally
competitors of STP. However, when the job requires resources
that exceed those of STP or its competitor, the two will enter
into an agreement to jointly undertake the contract together, and
will together provide the same full range of services, with both
entering into the same contract or joint venture with the
customer.
Independent subcontractor alliances (ISAs) differ from Limited
Joint Partners (LJPs) in that an ISA is not a direct competitor of
STP. Rather, the ISA is a company that offers a subset of
services to STP, or contracts with STP to provide it with
necessary resources to perform the particular job at hand. For
example, an ISA may be a warehousing company that provides
only storage facilities for STP. Alternatively, an ISA may be a
company that is engaged in service and repairs for STP’s trucks
and planes, and/or provide sterilization and cleaning services
for STP’s trucks and planes upon completion of a job, where
STP had transported hazardous or toxic materials, requiring
specific types of sterilization or cleaning services for its
transport vehicles. There are other types of ISA that STP
engages and contracts with. With regard to ISAs, STP is the
only organization that will contract with its customer or who
will be identified to the customer. STP’s customer should never
be aware that STP has subcontracted some of its services from
14. the ISA. There will be no negotiations, contracts or agreements
between STP’s customers and STP’s ISAs. STP will then enter
into its own separate subcontractor contract with its ISA, and
the ISA is not identified to STP’s customer. There is no
definitive number of ISAs that contract with STP. The specific
ISAs used (if any) will vary depending on the geographic
location or area of the country involved and the availability and
cost of the ISA available to service the area.
STP is also under pressure from several of its competitors in the
industry. The competitive market is driving STP to improve its
routes, delivery methods, fleet vehicles, and other facets of its
business to increase profits (a strategic goal) and to reduce
costs. The company realizes that its information technology
infrastructure has been neglected for some time and that many
operating locations are running on outdated hardware and
software. On several occasions last year, STP suffered no less
than four network compromises through one of its LJP Internet
sites that led to the disclosure of sensitive and strategic
information on contracts and mergers.
The chief information officer (CIO) made a strategic
presentation to the board of directors and executive management
to first assess the aging infrastructure and then, develop a
multi-year phased approach to have all of STP’s own sites
15. running the same hardware and software platforms. Of course,
STP has no control over the hardware or software platforms
used by its LJPs and ISAs, although they must be able to
communicate with each other.
Information about the assessment indicates that the current state
core infrastructure (switches, routers, firewalls, servers, and so
on) must be capable of withstanding 10-15% growth every year
for the next seven years with a three-to-four-year phased
technology refresh cycle.
There is a hodgepodge of servers, switches, routers, and internal
hardware firewalls. Nearly all of the infrastructure is woefully
out-of-date in terms of patches and upgrades. This operational
neglect has unduly increased the risk to the network, in terms of
confidentiality, integrity, and availability. Since this will be a
multi-year technology upgrade project, something must be done
to reduce STP’s exposure to vulnerabilities to increase the
overall security profile and reduce the risk profile.
Now that the funding has been approved for the infrastructure
assessment, the CIO has decided that it might be a good idea to
implement an Information Governance Program into the
organization, assuming he can sell the corporation on its
benefits. To that end, the CIO has hired you as IG Project
16. Manager to assist in initial preparatory stages.
STP Job Roles: In addition to the CIO, below is a list of
individuals at STP to whom you have been introduced. The CIO
has informed you that you can call upon any or all of the
individuals who hold these job roles/titles for assistance and
may name any of them to be on your project team. You may also
call upon any of the heads of the various business units for
assistance, as well as a designated contact person for each of
STP’s LJPs and ISAs.
-
house Counsel
-
house Financial Analyst and Risk Manager
17. l Manager (Houston, Florida)
* This individual is also a member of STP’s Board of Directors.
UNIVERSITY OF THE CUMBERLANDS
ITS 833 – INFORMATION GOVERNANCE
SEMESTER PROJECT – PHASE II
Please review the description of the organization that is the
subject of your semester project. The description of that
organization, Security Transport Professionals, Incorporated,
(STP) is described in the instructions for Phase I that you have
already completed.
18. 1. This phase will involve performing a records inventory. The
organization is far too large to undertake a records inventory for
the entire company. You will need to make a determination of
which program or division or functional area whether that be (a)
the narcotic/drugs that you ship/store, (b) the top secret
materials that you ship/store, or (c) the toxic or dangerous
materials that you ship/store to include in its records inventory.
Once you have made that determination, decide which of the
managers/personnel previously identified that you will need to
contact/interview and work with in order to complete the
records inventory for the functional area that your group has
selected. It will most likely include more than one of the
personnel/departments listed above. As project manager you
have decided to collect information using a two-step approach
where you first send out survey questions and then once you
have received the responses you will follow up by conducting
interviews.
(a) State whether you intend to focus on the narcotic/drug area,
top secret materials for the government, or toxic or dangerous
materials/chemicals.
(b) Identify which of the above department(s)/areas/units that
19. you will need to survey and subsequently interview, depending
on which one of the three functional areas you have decided to
focus your attention on.
(c) For the functional area that you have selected you want to be
able to speak intelligently to the knowledge personnel within
that department and ask appropriate and relevant questions.
Therefore, you need to do some preparation and brainstorming
before making contact with the departments/units that you have
identified as essential. To that end, identify (using diagram,
table, hierarchy chart, taxonomy, or other form that is most
descriptive) the “record types” that you expect are created and
maintained in each of the departments/areas/units that you have
decided to focus on. Use descriptive names for each record type
and tell the type of information that would be retained in each
record type. This can be as specific as creating a taxonomy for
the record if you should decide to do so (see Appendix A in
your text book), or you may conduct research and determine
what other structure would be appropriate in order to convey
this information. The most effective way to convey this
information to me would be in the form of a table that identifies
the Record Type, Responsible Department, and the Event that
triggers the creation of each record type. [For example, if we
were dealing with a health care provider (WHICH WE ARE
NOT, I am only using this unrelated example to give you an
20. idea of what I want you to do), an example of a record type that
your doctor’s office might keep would be an Insurance Record
that would include things like information about the Insurer,
information about the patient, information about the insured if
different from the patient, information about the plan options
and conditions of coverage, information about the insured
history of using this insurance in the past and the prior payment
record.] [Another example: You will find a record type used on
page 172 of your text book to describe a workers’ compensation
insurance company’s accident/injury report as part of its record
retention schedule.]
(d) Develop a Records Inventory Survey Form that you are
going to use in surveying the departmental unit(s) you have
identified above. The purpose for your survey is to be able to
identify the kinds of records (contracts, financial reports,
memorandum, invoices, etc.), which department owns the
records, which departments access the records, what application
creates the record, where the record is stored physically and
logically, date created, last changed, whether it is a vital record,
and whether there are other forms of the record. You want to be
able to use this information to make decisions related to
retention and disposal of the records. Explain who will receive
the survey and why. The survey will be sent about one month
prior to the follow up interviews. This will allow for two (2)
21. weeks to complete and return the survey and two weeks to
tabulate and review it, and to tweak your interview questions,
depending on the results of the survey. Explain the rationale
for the questions that you included in your survey.
(e) Develop an initial set of interview questions that you plan to
use as a follow up to the initial survey that you drafted in (d)
above.
(f) Based upon the records you have identified above, develop a
record retention schedule and for the record types. Include in
this the method of destruction when the record is marked for
destruction. Explain whether you are going to use event-based
retention for any of your record types and if so why, and
identify the triggering event. For this question, you need to
discuss the legal requirements and compliance considerations.
THE RESEARCH PAPER: While your research paper will
undoubtedly include a number of tables, diagrams, lists and
other illustrations, the paper is to be written in narrative form.
The illustrations may be included in appendix at the end of the
paper, or may imbedded in the body. But please don’t forget
that the paper itself is written in narrative form. Include
citations to your research.
22. The paper should be written in narrative form using the APA
format. Please use ample subsections or subheading as
appropriate. Your paper should have a 1-in margin on top,
bottom, left and right margins. The paper should be double
spaced. Use a cover page with a title, and the name of each
team member who contributed to your project/paper. Each page
should have a page number in the bottom right margin. The
paper should also include a table of contents, which includes
subject headings, subheadings or subtopics, references or
sources, and illustrations as well as page numbers for each.
For each major area or section of your paper explain identify
the options you have considered, where applicable. Discuss the
alternatives you considered, giving pros and cons of each, and
provide information from the research you conducted that
assisted you in arriving at your conclusion as to why one
alternative was selected over another. You MUST cite the
sources for your research any time you make reference to your
research, whether that be through direct quotations or in
summary. Your work should include no fewer than five (5)
sources. While there is no minimum or maximum length for
your paper, I anticipate that you cannot complete the assign in
under ten (10) pages, excluding illustrations.
The research paper should be submitted using the link
contained in the CONTENT section of iLearn. It will not be