Binary Conversions

The conversion of numbers is common in mathematics and has been used for many generations.  During the creation of computers number conversion became even more common and necessary.  Although once the internet came about and allowed sharing data the ability to convert these numbers became a bit easier for the end user.  There are many ways of which you can convert numbers between number bases, and it is fairly simple in doing so. 

Although it may be simple it can seem just a bit confusing at first.  Remember as an adult you have been using base 10 since you were a child, even though it may not seem like it.  For example, base 10 is simply numeric values from 0 to 9, but since we do not have a single digit to express 10 like the romans "X" then we add 1 to the tenth place and zero out the ones place.  As another example, when you are adding 1 to 19, the 1 is technically added to the tenths place and the ones column is zeroed out.

Now that we have the basic concept of base 10 understood, let's take a look at base-two which is also known as binary.  Just as we use base 10 regularly throughout our lives as mentioned above, base 2 "binary" is very similar.  Instead of the highest digit being a 9 and when a 1 is added it rounds to 10, with binary the highest digit is 0 so when a 1 is added it rounds to one.  This is caused by there being no single digit for two in binary. 

With the two first bases described and understood we can now discuss conversion from base 10 to base 2 (binary) and back again.  Our first base 10 number being five, base ten converted to binary.  Start off with dividing the desired base such as two into the number we want to convert.  This division will require we use remainders like we did when we were all in elementary school.  If we take the 2 from base 2 and divide it into 5 that gives us 2 R 1, then we divide the 2 by 2 again, which gives us 1 R 0, then we divide the 1 by 2 which gives us 0 R 1.  Leaving us with the following remainders 1,0,1.  Thus being the binary conversion of 5 base 10 equals 101 base 2.

Converting base 10 back to binary almost seems a bit simpler, but it takes a keen eye to understand it.  I will use our previous numbers to make it a bit easier to understand.  Our binary number is 101 base 2 which can be listed as, (1x 2²) + (0x2¹) + (1x2⁰) = (1x4) + (0x2) + (1x1) = 4 + 0 + 1 = 5.  Now after reviewing this how did I manage to turn 101 to the equation above?  The digits 101 times two to the place power and add.

When converting a binary number to a decimal has similar rules that apply.  I will use the previous binary number of 101 that we used above.  Now for each number we have a list of power of two, for example 2² , 2¹, 2⁰ which is 4,2,1.  Take these numbers and plug them in (4x1)+(2x0)+(1x1) = (4)+(0)+(1) = 5.  This method is simply going backwards from base 10 to binary and binary back to base 10.

Considering binary is base 2 and hexadecimal is base 16 and they are both powers of 2 this is a simpler conversion than binary to decimal.  Since hexadecimal numbers can either be numbers of 0-9 or even characters A-F, you can convert binary strings to hexadecimals.  First off you need at least a four digit binary number.  We will start with 1010 and add a "small number" to the top right of each digit a different power of 2, signifying their place as so, 1⁸0⁴1² 0¹.  This tells you how many of each number you have, which turns to 8020.  Now you can add the four numbers together as so, 8+0+2+0= 10.  All in all the binary number 1010 would convert to 10 which is an A in the hexadecimal system.

It is extremely important to be able to convert numbers and truly understand the numeric conversion methods.  All information and data is sent and stored in binary.  If an IT professional is unable to convert numbers as mentioned, then it would be more difficult to troubleshoot and decode many necessary parts of the IT world.  Also, if becoming a system programmer the ability to easily convert these numbers and translate them in their heads would allow them to easily understand the system.  This is definitely important if you would like to be able to code in assembly or machine code.

 

References

Binary to Decimal Conversion. (n.d.). Retrieved February 5, 2017, from Electronics Tutorials: http://www.electronics-tutorials.ws/binary/bin_2.html

Bogomolny, A. (n.d.). Implementation of Base Conversion. Retrieved February 5, 2017, from Cut the Knot: http://www.cut-the-knot.org/recurrence/conversion.shtml

Englander, I. (2014). The Architecture of Computer Hardware, Systems Software, & Networking An information technology approach. Don FowleY.

Essay Form Review

As there are many different types of essay forms such as expository, persuasive, compare/contrast, critical/evaluative, descriptive, or even cause/effect (Kaplan University Writing Center, 2010).  Therefore, researching these essay forms within, “The Kaplan Guide to Successful Writing”, before reading the required article seemed to be the best course of action.  The many different types of essay forms available allow writers the ability to express researched information or opinions in various methods.  After reading and reviewing the required article, “Organizations' information security policy compliance: Stick or carrot approach?” by (Yan Chen, Winter 2012 - 13), I found it to be quite a heavy read.  Although, the article did contain very informative information that I may use in the future to come.  Throughout reading the article there were many keys towards the essay form expository and I plan to explain further.

An expository essay form utilizes facts instead of opinions and its overall purpose is to inform the audience about the subject matter.  Also, it is not utilized for argumentative usage of any kind and it is a great way to learn about different perspectives.  This type of essay is used by many students as it is great to explore a large variety of topics.  Audiences for an expository essay is a very general one as it can depend on the chosen topic.  As with most essays it is always best to assume the audience does not have any prior knowledge within the topic (Kaplan University Writing Center, 2010).

As we all fully understand the basics of an expository essay form, relating the essay and form together can be quite easy if its laid out for you.  For example, an expository form utilizes research during the beginning of the essay and will apply any type of facts throughout without persuasion.  Just as the beginning paragraphs within the article of, “Organizations' information security policy compliance: Stick or carrot approach?” (Yan Chen, Winter 2012 - 13), provides an introduction of the authors, an abstract, then facts from research found within another article about an information security concern. Therefore, they move forward with discussing information security policy compliance and its organization.  The author Yan Chen, utilizes a list of facts and explains the research found for each piece of information within the information security policy compliance option.

The fact of the matter is that the entire essay of thirty-three pages contains a numerous amount of information in many different depictions.  All the way from words/sentences, pictures/figures, tables/spreadsheets, and even graphs/modes.  To further explain the examples of an expository essay form these would show the following.  Figures and research models are provided throughout the essay along with hypothesis.  As the research progresses for the information security compliance essay there are test results available for others to view.  Along with many other tables that compare results between the punishments, rewards, and enforcement.  Overall, with the amount of research data shown it provides enough evidence to be an expository.

In conclusion, I honestly had a slight feeling that it could be two essay forms but I stuck with one essay form to play it on the safe side.  The entire article itself is full of research and information, Organizations' information security policy compliance: Stick or carrot approach?, and not once does it have any persuasion, cause/effect, critical/evaultive, but could be considered a bit descriptive considered the length.  Overall, the article is a great read and will be very beneficial to my future.  With the recent problems and issues lately, I may change my Master’s major and look into Information Security.

References

Jennifer Propp, J. T. (2010). Essay Forms. In The Kaplan Guide to Successful Writing (pp. 349-388). New York: Kaplan Publishing, a division of Kaplan, inc.

Yan Chen, K. (.-W. (Winter 2012 - 13). Organizations' information security policy compliance: Stick or carrot approach? Journal of Management Information Systems, 29(3), 157 - 188. doi:10.2753/MIS0742-1222290305

Secure Information

Abstract:

A majority of the key points of this research essay is to explain to Sara and Bob the importance of HIPAA and PCI DSS compliance.  Including the legality and regulatory documentation utilized behind the scenes along with it.  Many questions that will be asked during the time of research will be the following.  What is HIPAA and how does it relate to business objectives?  What IT products and/or services help with HIPAA compliance?  What is PCI DSS and how does it relate to business objectives?  What IT products and/or services help with PCI DSS?  Are there legal responsibilities when adopting IT for HIPAA and/or PCI DSS?  Are there ethical responsibilities when adopting IT for HIPAA and/or PCI DSS.  As a way to understand the risks, what happens if HIPAA is violated?  As a way to understand the risks, what happens if there is a credit card breach?  What other acts, laws, regulations, or rules do you need to know?  If your company branches out to other countries, what are the implications?  Participants involved would be the IT Director who is performing the research then the main 3 managers will read over the contents to become familiar with the information. 

Keywords HIPAA, PCI DSS.

Secure Information

Working with hospitals, call centers, software companies, help desks, and many more positions you will come across the need to understand HIPAA compliance.  Even outside the hospital work force, from the nurse, doctors, labs, and other positions.  When it comes to the PCI DSS this policy can be found in numerous positions across the workforce.  Whether they are business owners, help desk, system engineers, and/or one of the few higher in corporation.  Utilizing today’s technology users have the ability to access their medical files directly from their mobile device.  Although, they do recommend having a secure mobile device while doing so, such as not saving passwords on the device.  Install security if possible for the mobile device, and ensure you have a strong enough password before accessing the app or web portal. (Terry, 2015)

Understanding HIPAA

HIPAA is technically the following, (Health Insurance Portability and Accountability Act of 1996), this is a legislation within the United States of America that protects a citizen’s medical privacy (Rouse, 2017).  Also, it was sought out to ensure the patients data would be protected thereafter and secured through provisioning safeguarded medical information. The HIPAA act was signed by President Bill Clinton on August 21, 1996.  Since the health data and business breaches recently were caused by malicious cyberattacks it is best to protect business with information technology security.  Therefore, any business or location that stores health data should ensure protecting the information inside the server, according to the HIPAA compliance laws.  Considering, CARE4ALL Distributors servers contain patient’s data they will need to obtain their business objectives they must abide by HIPAA’s compliance laws. (Jim Q. Chen, 2017)

When it comes to HIPAA compliance there are many products and services within Information Technology that can provide assistance to maintain the compliance’s safety and security.  Such as, the information technology hardware firewall’s setup specifically to not allow incoming or outgoing traffic, except specifically for employee’s only.  Software firewall’s that are setup the same way, except they would have a bit of extra security since the employee’s will be working from home.  Anti-virus/malware programs to avoid being infected by any type of malicious software.  An Information Technology policy that would strictly prohibit any type of unauthorized usage onsite or offsite; all the while containing the entire HIPAA compliance law agreement.  Including letting anyone other than themselves use their computers, even when they are at home.  Any information of which they may see while working is confidential and should not be repeated no matter the costs.  Even if they may know the person and they think this person should know the information they saw, it should not be repeated to them at all. (Spandorfer, 2016)

Understanding PCI DSS

When cyber criminals started becoming interested in attacking credit card systems, it was time to start protecting and securing our point of sale terminal systems.  Therefore, the PCI DSS system came into play, which is known as PCI (Payment Card Industry) DSS (Data Security Standard).  In order to stay in compliance with the PCI DSS to avoid vulnerabilities which will allow businesses to protect the cardholder’s data.  There are standards set across the point of sale system (Hardware) and the software system used.  Then when the data is sent from the payment system (credit card terminal), across the network to the merchant they utilize another set of standards to ensure the system is fully operational and secure.  This affects the business objectives as we will need to be sure our system is PCI DSS compliant.  We do not want any of our customers data stolen and used maliciously. (Clapper & Richmond, 2016)

As with staying within the HIPAA compliance, the PCI DSS network will require the same secure network, with little modifications.  Considering, the hardware firewall will be setup at the main business location and configured accordingly to ensure no incoming or outgoing malicious traffic will be allowed.  Such as, prohibiting any type of direct access to the router itself unless you know the specific port number it is hidden on.  Next, we will prohibit employees and anyone on the network access between cardholder data, system components, and the internet.  Each device, including but not limited to computers, laptops, mobile devices, tablets, and cell phones will have a software firewall installed on employee owned devices, to ensure the security of the network.  All equipment supplied by the vendors will need their passwords changed to ensure the strength of their passwords.  Update every device to ensure everything is up to date.  Utilizing strong cryptography encrypt every device on a non-console administrative. (PCI Security Standards Council, 2010)

Legal and Ethical Responsibilities

Depending on the legal responsibilities the business is considering when adopting such information technology for HIPAA and/or PCI DSS.  Considering, if for some reason the data being protected is breached and that information is taken by the hacker.  This hacker has the ability to do what he/she pleases with the information health date or credit card information.  The business is held legally liable for the data that was taken.  These costs can be extremely high and extensive, even when the information remains significant.  Therefore, if it is a large breach and it happens to reach the public by media, then the case would become even costlier.  If the breach seems to be of interest to the federal government, then the FTC (Federal Trade Commission) would then investigate further to ensure the data breach was not the of the company. (Willey & White, 2013)

When a corporation hires an employee, they expect them to follow certain ethical responsibilities as written within the employee handbook.  Considering, any company or corporation that works with specialized data that is covered under HIPAA or PCI/DSS they are responsible for the employee’s actions with that data.  For instance, if the new employee were to gain access to the data and share the information with friends this would be unethical of them.  Especially, if the employee or the employees friend were to use this information for illegal purposes or personal gain.  Although, there are more specialized cases where ethic’s play a larger role, but even the smallest instances can cause a problem.

Potential Risks

There are many potential risks when it comes to HIPAA’s security and overall privacy within a corporation.  If there is any type of violation towards HIPAA there will be an investigation to check the damage of the HIPAA breach.  If for instance the determined breach was reported to be of low probably of any sort of compromise of the data.  Than the corporation will be responsible for patching the breach, replacing any data loss, and would receive a minimum violation fine of $50,000.  Depending on the investigation and the level of the breach with the risks involved the violation fines can be much higher, such as $1.5 million.  There is a specific location called the Office for Civil Rights which they would be responsible for the entire enforcement of HIPAA’s privacy and security rules, including the investigation. (Cascardo, 2014)

Credit card breaches are more likely to happen when the company is a smaller business as the studies have shown.  When there are risks such as a credit card breach within a company it requires further investigation to ensure they did not have a full data breach.  Once they are able to confirm if there was a data breach or if it was specifically one credit card they have to check PCI compliance.  Small merchants have to prove that they are PCI compliant by performing a self-assessment of their entire system.  Larger companies are required to hire a Qualified Security Assessor (QSA) in order to validate their compliance and produce a Report on Compliance (ROC). (Clapper & Richmond, 2016)

Conclusion and Related Topics

Corporations need to be aware of many other regulations, rules, acts, and laws to ensure security and privacy of data.  Also, just as every citizen of the United States of America, businesses have to abide by the same laws and regulations.  Although, there are quite a few more acts and laws that businesses would have to protect the company, employees, and their product/services.  Filing taxes on a yearly basis is another law that businesses have to follow no matter the size of the business or how long they have been in business.  Reporting employee’s information to the IRS with the correct documentation, W2, 1099, and so forth, to ensure their data is reported correctly.

When a company is ready to branch out and expand to other companies to become international.  There are many steps and tons of paperwork in order to fully become an official company that would be considered an international company.  There may be a trademark protection law that would require it to be registered in order to ensure they understood what it meant.  Compliance programs such as the (FCPA) U.S. Foreign Corrupt Practices Act, which is specifically to prohibit the acts of bribery of any foreign government officials and anyone within the public international organizations.  Also, any item imported or exported is subjected to a law regulated through customs.  The U.S. government has restrictions against importing and exporting to certain countries, so keep this in mind.  It is highly suggested to hire someone who is well aware of all the laws and regulations.  Considering, there are substantial consequences and possible suspension of exporting and importing privileges. (Andrew J. Sherman, 2001)

References

Andrew J. Sherman, D. S. (2001, July 16). Expanding Abroad III: Legal Issues. Kauffman , 1. Retrieved November 3, 2017, from https://www.entrepreneurship.org/articles/2001/07/expanding-abroad-iii-legal-issues

Cascardo, D. (2014). HIPAA investigation risks are increasing: Make sure to avoid the "Wall of Shame". Management Briefs, 119-123.

Clapper, D., & Richmond, W. (2016). Small business compliance with PCI DSS. Journal of Management Information and Decision Sciences, 19(1), 54-67.

Jim Q. Chen, A. B. (2017). HIPAA security compliance challenges: The case for small healthcare providers. International Journal of Healthcare Management, 10(2), 135-145.

PCI Security Standards Council. (2010). Understanding the payment card industry. PCI DSS Quick Reference Guide, 34.

Rouse, M. (2017, October 27). HIPAA (health insurance portability and accountability act). Retrieved from Search Health IT Tech Target: http://searchhealthit.techtarget.com/definition/HIPAA

Spandorfer, J. L. (2016). HIPAA compliance and training: A perfect storm for professionalism education? The Journal of Law, Medicine & Ethics, 652-656. doi:10.1177/1073110516684812

Terry, M. (2015). HIPAA and your mobile devices. Podiatry Management, 99-104. Retrieved from www.podiatrym.com

Willey, L., & White, B. J. (2013). Do you take credit cards? Security and compliance for the credit   card payment industry. Journal of Information Systems Education, 24(3), 181-188.