USA: +1(669)289-8683
USA: +1(669)289-8683

Activity

To complete this assignment, review the prompt and grading rubric in the

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Module Four Activity Guidelines and Rubric

. When you have finished your work, submit the assignment here for grading and instructor feedback.

CYB 260 Module Four Activity Guidelines and Rubric

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Privacy Laws and Compliance Controls

Overview

A major security breach of the U.S. Office of Personnel Management (OPM) exposed a large amount of personally iden�fiable informa�on (PII) of federal and state employees. The effects of

this breach are s�ll being explored, and the full extent of the damage it caused is unknown. This breach has become an important learning experience for cybersecurity professionals. A

crucial step in developing an adversarial mindset is to examine laws intended to provide controls and minimize data breaches. This module’s resources discuss the steps that can be taken to

minimize the possibility of a data breach.

The Center for Internet Security (CIS) developed a simplified set of best prac�ces to help organiza�ons strengthen their cybersecurity. The CIS Cri�cal Security Controls are standards that

organiza�ons can use to evaluate their compliance with industry regula�ons and privacy laws.

You have been preparing for this assignment by summarizing privacy laws and determining who is responsible for ensuring an organiza�on’s compliance with the law. You must complete this

assignment in your own words. Express your own ideas about how the laws and controls can be applied to this breach. It is a security analyst’s responsibility to explain breaches and the

controls used to mi�gate issues.

The privacy laws you summarized in previous assignments and the CIS Cri�cal Security Controls you learned about in this module are listed below. Use both to complete this ac�vity.

Privacy Laws

Americans With Disabili�es Act, Sec�on 508

Cable Communica�ons Policy Act (1984)

Census Confiden�ality Act

Children’s Internet Protec�on Act (CIPA)

Children’s Online Privacy Protec�on Act (COPPA)

Computer Security Act

Driver’s Privacy Protec�on Act (1994)

E-Government Act (2002)

Electronic Communica�ons Privacy Act (1986)

Federal Informa�on Security Management Act (FISMA)

Freedom of Informa�on Act (1966)

Gramm-Leach-Bliley Act

Health Insurance Portability and Accountability Act (HIPAA)



1/29/25, 11:26 AM Assignment Information

https://learn.snhu.edu/d2l/le/content/1831858/viewContent/38649351/View 1/4

https://app.readspeaker.com/cgi-bin/rsent?customerid=9568&url=https%3A%2F%2Flearn.snhu.edu%2Fcontent%2Fenforced%2F1831858-CYB-260-12259.202511-1%2FModule%2520Four%2520Activity%2520Guidelines%2520and%2520Rubric.html&lang=en_us&readid=d2l_read_element_1

Health Informa�on Technology for Economic and Clinical Health (HITECH) Act

Mail Privacy Statute (1971)

Payment Card Industry Standards

Privacy Act (1974)

Red Flags Rule

Sarbanes-Oxley Act

State Data Breach No�fica�on Laws

U.S. Cons�tu�on

USA Patriot Act

Wiretap Act (1968, Amended)

CIS Controls

1. Inventory and Control of Enterprise Assets

2. Inventory and Control of So�ware Assets

3. Data Protec�on

4. Secure Configura�on of Enterprise Assets and So�ware

5. Account Management

6. Access Control Management

7. Con�nuous Vulnerability Management

8. Audit Log Management

9. Email and Web Browser Protec�ons

10. Malware Defenses

11. Data Recovery

12. Network Infrastructure Management

13. Network Monitoring and Defense

14. Security Awareness and Skills Training

15. Service Provider Management

16. Applica�on So�ware Security

17. Incident Response Management

18. Penetra�on Tes�ng

1/29/25, 11:26 AM Assignment Information

https://learn.snhu.edu/d2l/le/content/1831858/viewContent/38649351/View 2/4

Prompt

Before you begin working on this assignment, review the CIS Controls website and this module’s resources about the OPM data breach. Then address the following cri�cal elements:

I. Briefly summarize (in 1 to 2 paragraphs) the major issues with the OPM breach and how it occurred.

II. Select two of the privacy laws provided above and describe how they relate to the OPM breach.

III. Determine to what extent jurisdic�on plays a role in the applica�on of your selected laws.

IV. Iden�fy which law or laws would have required OPM to report their breach and the steps the organiza�on needs to take to report the issues.

V. Select four of the CIS controls provided above that could have been monitored to help minimize the possibility of the breach. Explain why monitoring these controls would have

helped

minimize the breach.

What to Submit

Your submission should be 2 to 4 pages in length and should use double spacing, 12-point Times New Roman font, and one-inch margins. Any sources should be cited according to APA style.

Use a file name that includes the course code, the assignment number, and your name—for example, CYB_100_Project_One_Neo_Anderson x.

Module Four Activity Rubric

Criteria Proficient (100%) Needs Improvement (70%) Not Evident (0%) Value

Summarize Briefly summarizes the major issues with

the OPM breach and how it occurred

Addresses “Proficient” criteria, but there

are gaps in clarity, logic, or detail

Does not address cri�cal element, or

response is irrelevant

18

Privacy Laws Selects two privacy laws and describes

how they relate to the OPM breach

Addresses “Proficient” criteria, but there

are gaps in clarity, logic, or detail

Does not address cri�cal element, or

response is irrelevant

18

Jurisdic�on Determines to what extent jurisdic�on

plays a role in the applica�on of the

selected laws

Addresses “Proficient” criteria, but there

are gaps in clarity, logic, or detail

Does not address cri�cal element, or

response is irrelevant

18

Report Iden�fies which law or laws would have

required OPM to report their breach, and

the steps the organiza�on needs to take to

report the issues

Addresses “Proficient” criteria, but there

are gaps in clarity, logic, or detail

Does not address cri�cal element, or

response is irrelevant

18

CIS Controls Selects four CIS controls that could have

been monitored to help minimize the

possibility of the breach and explains why

monitoring these controls would have

helped

Addresses “Proficient” criteria, but there

are gaps in clarity, logic, or detail

Does not address cri�cal element, or

response is irrelevant

18

1/29/25, 11:26 AM Assignment Information

https://learn.snhu.edu/d2l/le/content/1831858/viewContent/38649351/View 3/4

https://www.cisecurity.org/controls/

Criteria Proficient (100%) Needs Improvement (70%) Not Evident (0%) Value

Ar�cula�on of Response Submission is free of errors related to

grammar, spelling, and organiza�on and is

presented in a professional and easy-to-

read format

Submission has some errors related to

grammar, spelling, or organiza�on that

nega�vely impact readability and

ar�cula�on of main ideas

Submission has cri�cal errors related to

grammar, spelling, or organiza�on that

prevent understanding of ideas

10

Total: 100%

1/29/25, 11:26 AM Assignment Information

https://learn.snhu.edu/d2l/le/content/1831858/viewContent/38649351/View 4/4

Still stressed from student homework?
Get quality assistance from academic writers!
Order now

Order your essay today and save 25% with the discount code LAVENDER

Order Now