Below are the instructions given by my professor, please follow them to work on this task.
Find an article that discusses current issues regarding HIPAA, SOX or other regulations that IT
departments need to be aware of in regards to setting user domains, limitations, privileges etc. You
can also find an article that discusses a recent event involving a failure to comply.
Please provide the URL of the article and write a 2 to 3 paragraph summary giving your opinion of
what happened or should have happened.
Every year, IT Security department face a new challenge in making predictions of
new potential threats and finding possible solutions to the same threats. Whereas there is
constant need to invest in new security controls, IT departments need to ensure compliance
audits and liabilities. Regulations such as PCI, HIPAA, SOX will continue to receive
potential breaches, IT departments, therefore, need to ensure that they conduct their internal
2Running Head: IT Regulatory and Compliance Challenges
audit and compliance reviews. More importantly is the need to ensure that log information
and setting up of analytics capabilities.
IT Regulatory and Compliance Requirements
IT Departments will need to move from the traditional defend-the-perimeter approach
to security protection as well as compliance and adopt virtualized security controls and
centralized security functions. IT managers need to continually audit their own IT
infrastructure to identify inefficiencies, redundancies as well as extra controls. They need to
streamline reporting and auditing processes while seeking to increase productivity and reduce
costs. There is need to respond quicker in the case of a security breach. Organizations need to
invest to ensure growth in cloud computing and compliance (Daudelin, 2014).
Log management needs to ensure that physical and technical safeguards, technical policies as
well as network and transmission security. IT Departments need to ensure more automation
by removing the human element to provide the increase of data reliability. There is need to
ensure that security software including firewalls, antivirus applications, intrusion and
prevention systems as well as operating systems on servers, workstations and network
equipment are secured from external attacks through log analysis. IT Departments needs to
create layers of access approvals to ensure controls and processes in access privileges
Cases of Non-Compliance with Regulations
New York and Presbyterian Hospital (NYP) and Columbia University were jointly
found culpable of violating HIPAA laws when 6,800 records of patients were inadvertently
exposed to the public. The breach happened as a result of a poorly configured computer
server that was personally owned by one of the doctors. This was a result of NYP lack of
capacity to assess and monitor all its systems, applications as well as its equipment. It was
discovered that the hospital lacked the requisite policies and procedures that authorize access
3Running Head: IT Regulatory and Compliance Challenges
to patients’ data. The two organizations were fined $4.8 million. NYP and Columbia
University could have invested time in ensuring its periodic internal audits and compliance
reviews (Kohgadai, n.d).
Daudelin, A., (2014, January). HIPAA, SOX & PCI: The Coming Compliance Crisis in IT
Security: New mandates around datacenter virtualization, enterprise apps, and BYOD
will stretch IT security staffs and budgets to the max in 2014.
Kohgadai, A., (n.d). HIPAA Violations Examples and Cases – 8 Cautionary Tales. Retrieved
4Running Head: IT Regulatory and Compliance Challenges