Research

1. Research the following items to assist in negotiating an appropriate risk assessment for Intuit, Inc.’s cloud-based applications project:
   • Laws and regulations to consider when implementing security controls: In certain industries, these laws are mandatory and have legal consequences such as PCI DSS, HIPPA, FERPA, SOX, etc.
   • Industry standards and what other competitors in the same business are doing, for example, “company ABC are implementing a 2-factor authentication and encryption so we’re doing it too”
2. Ensure the following items are taken into consideration when negotiating:
   • The company has reasonable protections in place for security of their information system.
   • Budget, time, and resources (human resources; computer, network, and system resources) are allocated appropriately and utilized efficiently. The team needs to be able to measure the project’s success by creating a measurable matrix or KPIs.
   • There a balance between security and convenience that won’t interrupt day-to-day activities.
   • Information security policy is approved by upper management and enforced throughout the company (with the help of the IT department).

Summary

Write a summary of your research findings.