W5:

Data Collection Plan

Data Collection Plan

Each week, view the video lectures under Learning Activities to learn about the parts of the research paper. This week, you will learn about the Data Collection.

Purpose

The purpose of this assignment is to prepare you for the dissertation process by developing a plan to collect data for your research paper.

Description

The topic of your data plan is your research paper topic. After completing this week’s Learning Activities, develop a data plan describing possible methods of data collection for qualitative research, specifically a case study. Then, narrow the possible methods to one method for your study. Support your data collection methodology with sources.

Deliverable

Prepare a 2-3 page (excluding title, reference, and authorship page) APA style Microsoft Word document with at least 2 references that includes:

Certification of Authorship (sample attached)  Certificate of Authorship x  

Submit your assignment to Grammarly. Revise your assignment based upon the results from Grammarly. Submit evidence that you submitted and used the Grammarly results.

No plagarismuniquehigh quality

Running head: A RESEARCH DRAFT
1

A RESEARCH DRAFT
11

Online Policies for Enabling Financial Companies to Manage Privacy Issues

Name: Sunil Kumar Parisa

Date: 03/29/2020

University of Cumberland’s

Abstract

Data privacy issues are a top concern for all business organizations that rely on digital technologies to meet the daily functions, such as banks and health care institutions. These corporations handle sensitive data that must be protected from unauthorized access by third parties. Such an outcome could lead to loss of data, which might be used to commit cyber-crimes. The customers provide the organizations with their data and expect them to fully uphold their privacy, indicating that privacy should be guaranteed at all times, which also promotes business continuity.

To achieve the goal, the companies put in place measures such as investing in technologies and formulating policies for promoting privacy. These measures apply to internal and external parties. The aim is to encourage positive user behavior that limits the vulnerabilities posed by the users. Most financial companies do not prioritize the action as they consider technologies as the primary measure that suppresses any attempts to infiltrate a system or a network. However, studies have shown that techniques are not enough. There should be additional behavioral efforts that contain vulnerabilities in all the IT domains. It notes the importance of positive behaviors that are promoted by the formulation and implementation of crucial user policies.

The user policies are as relevant as the technologies that are integrated into the system. Users, especially the workers, are vulnerable to social engineering attacks that lure them into providing their details that are then used to access the system, which makes the work easier for a hacker. The customers are also vulnerable to such forms of attacks. When such is successful, the attackers can bypass the security tools and access the system without being detected. It is a clear indication that user policies are essential. The majority of the users are not aware of the dangers posed by their behaviors, such as downloading files or clicking suspicious links on the internet. Such practices can be suppressed through formulating user policies that are communicated to the parties, both internal and external.

The policies are supposed to promote positive user behavior. However, there are concerns about whether the policies are implemented as per the best standards. The procedures usually focus on areas, such as the collection and storage of data and access to data. The two are undertaken by both internal and external parties, which pose a significant danger to the system. The goal of the project is to determine the relationship between the enforceability of the policies and the security and privacy of the network system. A case study design will be used to provide an in-depth investigation into the relationship. Interviews and observations are the essential tools that will be used to collect credible data while addressing all the confounding variables. The analysis will unearth issues that hinder enforceability and recommend policies that are easy to implement and enforce. The objective is to find better strategies that can easily be implemented and suppress negative behaviors that put the system at risk of infiltration.

Introduction

It is public knowledge that business organizations, especially those in the health care and financial sectors, face numerous challenges when it comes to privacy issues. Companies in these sectors face multiple attempts by the cybercriminals who target stealing data stored in the systems. The corporations handle confidential data that could be used for committing crimes, such as impersonation and illegal transfer of money (Noor & Hassan, 2019). It is a significant concern whether financial institutions have effective policies that ensure the data are adequately secured from both internal and external threats.

Today, legislations are evolving, and companies in nearly all sectors will be required to enforce data privacy laws that will call for more to be done in terms of policies and investments. States such as California have introduced data privacy laws that transfer data ownership rights to the customers. It means that an organization cannot use or transfer the data without exclusive permission from the customer. It is one of the developments that the companies have to deal with soon.

Financial companies, especially those that spread across the country, have always focused on investing in technologies that promote the privacy of the data and the systems. They are deploying technologies, such as cloud computing, which improve the confidentiality of the data. Also, they use Bcrypt technologies to encrypt data via algorithms that will take hackers decades to decrypt a single password. Though they invest in such technologies that cost millions of dollars, there are questions whether they invest in behavioral measures to protect the data systems (Noor & Hassan, 2019). Such actions require the use of online policies that will ensure that internal and external users can adhere to best practices that make them less vulnerable to attacks, especially the social engineering attacks that target unsuspecting users.

For best practices, online policies are considered essential to every financial company. The internal users that are workers, and the external one, that is, customers should be provided with strategies that will guide how they interact with the system. The organization has to enforce the policies and make follow-ups to evaluate the level of compliance. In so doing, the vulnerability that may be introduced by the two parties is significantly reduced. Notably, even the top managers and executives should comply with the policies for them to set a good example and also establish a culture of positive user behaviors.

Literature Review

Data privacy will shape how business conduct their daily activities and processes (Yeganeh, 2019). It is increasingly becoming apparent that companies, especially those that handle sensitive data, will be regulated to avoid the potential data leakages that may expose customers to unauthorized third parties. Financial companies are on the frontline when it comes to this trend as they handle too sensitive information that is a top priority for hackers (Yeganeh, 2019). To address the challenge, most of the institutions have put in place policies for lowering vulnerability in all the seven IT domains.

Customer information collection, use, and storage policies are the most dominating policies. These policies focus on the utilization of the best practices when any customer data are being collected, used, stored, and transmitted (Smallwood, 2014). The reason for this is that most companies have a belief that if the right methods are used during the collection of data, it is easy to handle subsequent processes and tasks. Smallwood adds that the view is not informed by best practices as there are organizations that have experienced breaches even after adopting standard procedures during the collection and storage of data.

Policies on how the customer information is provided to third parties are shared among the financial companies. The procedures usually outline how the data are transferred from one party to the other. A significant issue with these policies is that they do not assess how the third party handles the data. As such, there is a chance that data may be exposed. Under such conditions, the company may not be held liable (Vincent, Higgs & Pinsker, 2015). However, the organizations do not necessarily protect the interests of the customers as their data should never be exposed to any third parties.

Additionally, financial companies have implemented policies on how customers access their data remotely. Such policies outline the standards that customers must follow, such as the multi-factor authentication, which aims at ensuring that no unauthorized users access the data (Suchitra &Vandana, 2016). The policies are communicated to the customers when they provide their data. It is a practical approach that mainly ensures that customers must follow specific guidelines that promote the overall security of the data. However, Timothy Toohey (2014) questions whether the policies apply to the side of the users who are very likely to exhibit behaviors that expose data to threats. For instance, customers may use devices that have weak antimalware tools. Such devices create an avenue that a hacker can use and access the system.

The use of the devices introduce a critical problem, that is, the Internet of Things (IoT) and the security of the networks. IoT refers to the billions of devices that can exchange data without any human intervention. The devices are now used for various purposes, such as accessing networks as well as sending and receiving data (Suchitra & Vandana, 2016). Such devices are also interconnected with a device that is used for accessing a bank network. It indicates the extent of the entire issue where the interconnection of devices poses a greater danger to the existing systems. The financial organizations need to have clear measures and policies that will ensure the users, especially the customers, do not pose any threats to a network (Snedaker, 2014). While it appears a practical measure, it is challenging to implement it, explaining why a good number of organizations have experienced cyber-attacks despite putting in place strict user policies.

Adam Shostack (2014) emphasizes that policies are not necessary if they cannot be fully implemented. It explains the situation that is faced by financial companies as they can enforce policies internally but unable to do when it comes to external parties. As a result, they opt for technologies, such as cloud computing, that provide better in-built security tools that minimize the vulnerabilities posed by the external parties. There should be a practical approach to implementing and enforcing policies. However, such efforts require investment in technologies that will achieve feats, such as flagging IP addresses that are considered a threat to the network (Yeganeh, 2019). Some systems can detect vulnerabilities on the side of the users, but need more development for the desired goals to be realized.

From the above, it is clear that policies are as relevant as the implementation process. Without proper implementation, it is unlikely the desired security and privacy goals will be attained. The project will assess the policies that the organization can put in place that are considered easy to implement and enforce. Such systems will review the position and reputation of a financial company, and how that can be leveraged in a bid to promote compliance of both internal and external parties. The external parties should be accorded priority as they pose an even greater danger.

Research Method

The study will employ a case study design, which allows for the exploration and understanding of a complex set of issues. It is mainly a useful approach when a researcher needs to gain an in-depth knowledge of a problem (White & McBurney, 2012). The goal of the researcher is to find out the effectiveness of the user and online policies that financial organizations put in place. It will investigate whether the enforceability of the policies has a direct impact on the security of the networks. The approach is a multiple-case design that will utilize a longitudinal examination of the selected case studies, which are financial organizations that have implemented online policies to safeguard data. The analysis will tell whether the policies help lower the levels of vulnerability. The researcher will access descriptive case studies and scrutinize the data at both deep and surface levels.

To gather the required data, interviews, and observations will be conducted. The interviews will involve IT experts and professionals who have been in the industry in the last three to five years. Structured interviews will be scheduled and will be requested to provide data on the vulnerability of the systems concerning the online policies that have been put in place. To avoid and suppress the presenting confounding variables, the researcher will structure the interview questions in a manner that will only provide information on the networks. The questions will avoid any personal information as it might introduce bias. Also, the interviews will centralize the data and privacy position of the system and ask questions that closely relate to it.

On the other hand, the researcher will make observations on two levels. Permission to examine the system will be requested so that the physical infrastructural design can be determined. The goal of this is to ensure the system is designed in a manner that suppresses any vulnerabilities, hence guarantee that other parties typically introduce vulnerabilities, that is, the users. Also, the user behaviors of both internal and external parties will be assessed, and data were taken. The data will be compared to that provided during the interviews. The researcher expects to see a level of consistency and patterns that can help decide whether the policies put in place are effective in suppressing system vulnerabilities.

The analysis of the collected data will inform the new policies that should be formulated and implemented. The new plans should have a high level of enforceability as a measure of minimizing the vulnerabilities posed by the internal and external users. Also, they will indicate the user behaviors that need to be observed in all the users. Failure to see the new practices means that the desired goals and objectives are unlikely to be realized within the stipulated time.

Conclusion

The user policies are essential elements in the promotion of data privacy and security for financial organizations. The institutions should not focus only on the data security technologies. Still, they should also invest in the development of positive user behaviors through formulating enforceable policies at both the internal and external levels. The project will collect data that will determine whether the enforceability of the policies directly impact the vulnerability of a system. A case study design will be adopted as it will enable the researcher to carry out an in-depth analysis. Also, it will allow the researcher to outline recommendations that can be considered by the organizations in the finance industry.

References

Noor, M. M., & Hassan, W. H. (2019). Current research on Internet of Things (IoT) security: A survey. Computer Networks 148(15), 283-294.

Sartor, M., & Orzes , G. (2019). Quality Management: Tools, Methods and Standards. New York, NY: Emerald Publishing Limited .

Shostack, A. (2014). Threat Modeling: Designing for Security . New York, NY: Wiley.

Smallwood, R. F. (2014). Information Governance. New York, NY: Wiley & Sons.

Snedaker, S. (2014). Business Continuity and Disaster Recovery Planning for IT Professionals (2nd ed.). London, UK: Syngress.

Suchitra, C., & Vandana , C. P. (2016). Internet of Things and Security Issues. International Journal of Computer Science and Mobile Computing 5(1), 133-139.

Toohey, T. J. (2014). Understanding Privacy and Data Protection. New York, NY: Thomson Reuters.

Vincent, N. E., Higgs, J. L., & Pinsker, R. (2015). IT Governance and the Maturity of IT Risk Management Practices. Journal of Information Systems 31(1), 113-137.

White, T. L., & McBurney, D. H. (2012). Research Methods (9th ed.). New York, NY: Cengage Learning.

Yeganeh, K. (2019). Major Business and Technology Trends Shaping the Contemporary World (1st ed.). New York, NY: Business Expert Press.

Certification of Authorship

Submitted to (Professor’s Name): Dr. Mary Cecil

Course: __ITS 833________________

Student’s Name: __Sunil Kumar Parisa____

Date of Submission_03/29/2020_____________________

Purpose and Title of Submission: __Research Paper First Draft___________________

Certification of Authorship: I hereby certify that I am the author of this document and that any assistance I received in its preparation is fully acknowledged and disclosed in the document. I have also cited all sources from which I obtained data, ideas, or words that are copied directly or paraphrased in the document. Sources are properly credited according to accepted standards for professional publications. I also certify that this paper was prepared by (me) for this purpose.

Students’ Signature: ___________Date____03/29/2020________

Grammarly Use Screenshot

Running head: POLICIES FOR MANAGING PRIVACY
1

POLICIES FOR MANAGING PRIVACY
5

Online Policies for Enabling Financial Companies to Manage Privacy Issues

Name: Sunil Kumar Parisa

Date:03/29/2020

University of Cumberland’s

ABSTRACT

Financial companies are under constant threats in the face of cyber-attacks, which are growing by the day. The companies usually implement measures that primarily focus on the deployment of technologies for suppressing the attacks. They do not consider user policies as essential elements that help curb the vulnerabilities. The policies put in place have a low level of enforceability, which lowers the impact of the plans. The research project will determine the relationship between policy enforceability and the vulnerabilities posed to a system by the internal and external users.

INTRODUCTION

Business companies in the financial sector have the responsibility of ensuring the data that belong to the customers are fully protected. Cyber-crimes are on the rise, and the approaches employed today are not entirely practical. Technological tools and measures are not efficient. They should be complemented by the behavioral standards that suppress the vulnerabilities in all the IT domains (Vincent, Higgs & Pinsker, 2015). Enforceable policies will ensure there is an integration of behavioral and technological measures for promoting data security and privacy.

LITERATURE REVIEW

Financial companies usually emphasize policies that guide the collection of customer and storage as well as access to the data by the internal and external users. These policies are relevant as they promote best practices at both levels. The companies have a belief that these are the areas that need closer monitoring and evaluation. However, the policies put in place are not always enforceable. A lack of enforceability creates a situation where the desired outcomes are not realized (Yeganeh, 2019). It explains why data breaches are still experienced even after such policies are formulated and implemented.

RESEARCH METHOD

To investigate the relationship between enforceability of the policies and the vulnerabilities that business organizations are exposed to, a case study method will be used. It is an essential tool that helps determine a causal relationship (White & McBurney, 2012). Also, it will provide insights that will inform the recommendations that need to be considered by the multiple business organizations in the financial sector. Credible data that are free of confounding variables must be collected, analyzed, and inferences drawn. Two data collection procedures will be utilized as follows.

i. Semi-structured interviews will be conducted to collect diverse data on the design and implementation of user and online policies. The interviewees will offer data that expound on the security and privacy positions of the systems.

ii. Independent observations will be made to inform the behaviors of the users, both internally and externally. The observations will collect insightful data that provide details on the user behaviors and enforceability of the policies.

CONCLUSION

The business organizations in the finance industry do not exploit user policies that should promote their data security. They do not consider the policies as crucial elements, which exposes them to cyber threats that mainly exploit user behaviors such as social engineering attacks. A case study approach will be adopted as it allows a researcher to gain an in-depth understanding of a particular problem. The trend will be thoroughly examined by the data that will be collected, analyzed, and a determination made. The insights from the data will inform the recommendations made, which the various business organizations, especially those in the financial sector, should consider.

References

Vincent, N. E., Higgs, J. L., & Pinsker, R. (2015). IT Governance and the Maturity of IT Risk Management Practices. Journal of Information Systems 31(1), 113-137.

White, T. L., & McBurney, D. H. (2012). Research Methods (9th ed.). New York, NY: Cengage Learning.

Yeganeh, K. (2019). Major Business and Technology Trends Shaping the Contemporary World (1st ed.). New York, NY: Business Expert Press.

Certification of Authorship

Submitted to (Professor’s Name): Dr. Mary Cecil

Course: __ITS 833________________

Student’s Name: __Sunil Kumar Parisa____

Date of Submission_03/29/2020_____________________

Purpose and Title of Submission: __Research Outline___________________

Certification of Authorship: I hereby certify that I am the author of this document and that any assistance I received in its preparation is fully acknowledged and disclosed in the document. I have also cited all sources from which I obtained data, ideas, or words that are copied directly or paraphrased in the document. Sources are properly credited according to accepted standards for professional publications. I also certify that this paper was prepared by (me) for this purpose.

Students’ Signature: ___________Date____03/29/2020________

Grammarly Screenshot