Security Audit Part 2 Final

Table of Contents

Security Audit (Part II) Carolynn Anderton, Mike Murdock, David WatkinsCMGT/582Instructor: Dr. Steve Powelson University of Phoenix09/30/2019Security Audit (Part II)Microsoft is required to conform with current privacy laws and regulation and other state-mandated to ensure the organization is meeting regulatory compliances. Outlined below, we will be discussing some of those laws and regulation that are required, and we will be evaluating and summarizing them with a value of non-complaint or needs improvement metric which would be generated from the security assessment along with recommendations on how to improve upon them to maintain Microsoft’s current and future business status governing compliances and legal regulations. Analyze the ethical trends behind consumer and corporate privacy:With corporations like Microsoft, it is critical to obtain the ethical trends behind the consumer and have the corporate privacy that way all assets can be protected and this can have a better way of the corporation to guide and have a rapport with the employees and the customers. Consumer reports have a privacy act that will protect the company’s assets and have the better option to keep the corporate secrets safely protected. The analyzation has the concept behind the trends that will allow the ability to control the company’s wellbeing. This also allows the ability to have the company observe and gain a better perspective on how the company is making financially and this will help with any kind of issues regarding the company’s best interest and the employee’s peace of mind. Microsoft is a great way to analyze and gain a perspective on how much this corporation means to college students, doctors, nurses, lawyers and other powerful professionals. This is a great way to invest in the company’s profitable interest. Describe the various privacy regulations:Microsoft has various privacy regulations; for example, customer date is kept in secrecy because the products are kept with specific data that will have to collect data by law and this is critical because Microsoft has a protection plan that is very useful for the client to have. It is important to make sure to understand the policies regarding Microsoft and the privacy regulations. These regulations have the understanding on gaining information regarding the data and this can lead into a protection regarding Microsoft’s privacy regulation. That privacy regulation is important to the company and the customers who buy from Microsoft. This can lead to great business aspect with the various privacy regulations that Microsoft has with the company and this also improve onward momentum with a great rapport to follow by. Examine ethical considerations for maintaining confidentiality and customer/individual data.Microsoft collects large amounts of customer data in the day to day operations of the company. Microsoft collects information to enhance the customer experience for their products such as: Skype, Office, Xbox, Bing, OneDrive, and other applications. The data collected is used to enhance the customer experience of these applications, and not for direct marketing. In addition, Microsoft provides clear Opt. In/Out information for the collection of Personal Information and the use of the data. The company also collects payment information and customer details to support that payment. Microsoft follows the following 6 values for data collection:Control – put the customer in of privacy with easy to use tools and choices.Transparency – Be transparent about the data collection and its use so the customer can make informed decisions.Security – Protect customer information and use strong Security encryption to protect it.Strong Legal Protections – Microsoft will respect the local privacy laws.No Content Based Target – Send only marketing information for what customer opted in for a product. Benefits to you – When data is collected it is collected to provide a better user experience in the products (“”, 2019).Finally, Microsoft meets the ethical standards for collecting data. They limit personnel access to customer data, use data encryption to protect the information, collect only the data necessary, and ensure the customer has a choice by providing a clear Opt. In/Out statement for the customers (Vinnik, 2018). ConclusionPrivacy laws and regulation are needed to mandate and put into effect efforts to protect the average individuals or entity’s rights to privacy of their person or business information. Microsoft must understand that the methods of processing, recording, retrieving or storing information will need to be heavily protected and in doing so it must follow the privacy laws and regulations set forth by the regulatory compliance standards. It will always be the organization’s responsibility legally to properly dispose of customers and employee’s private data which is being used by the organization to conduct their daily business operations once it is no longer required. This would include health records, employee records, background checks, financial statements, and credit reports which may have other compliance perplexities. Microsoft in addition, will be subjected to the responsibilities of individuals that fall victim to identity theft when the organizational data is breached. ReferencesEnnever, F. K., Nabi, S., Bass, P. A., Huang, L. O., & Fogler, E. C. (2019). Developing Language to Communicate Privacy and Confidentiality Protections to Potential Clinical Trial Subjects: Meshing Requirements under Six Applicable Regulations, Laws, Guidelines and Funding Policies. Journal of Research Administration, 50(1), 20–44. Retrieved From:, B., & Mitchell, V. (2019). Your Data Is My Data: A Framework for Addressing Interdependent Privacy Infringements. Journal of Public Policy & Marketing, 38(4), 433–450. (2019). Retrieved from, T. (2018). Best Practices for Ethical Data Collection and Use. Retrieved from