Instructions: Before beginning this final assignment, be sure to study the required resources for the module. This assignment requires applying the concepts and knowledge acquired not only from this module but also from previous modules. You are required to develop the following parts in detail: Part I: In the first part, you must evaluate several hypothetical cases. Then, you must indicate the business sector in which the company operates, the law being violated, and the control or controls that were violated in the particular scenario. You must also indicate the estimated economic impact in terms of penalties. Part II: In the second part, you must develop a security plan for a hypothetical company. You must complete each of the requested parts of the plan. For support, you can refer to the assignments submitted in previous modules, including the password policy. Submission Method: To complete both parts of this assignment, use the provided template. You can download it. Make sure you use APA when writing your essay. Part 1 Case 1 The Estudiantes Unidos credit union has three branches in Puerto Rico. It offers savings and checking accounts with attractive, low interest rates to all students pursuing academic degrees. The credit union's web portal provides access to the accounts of members with active accounts. A security incident recently occurred because they did not use multi-factor authentication. This led to a brute-force attack against a client's account. CISE 1000L: Cybersecurity Fundamentals and Lab 7.1 Final Assessment: Evaluation of Applicable Laws and Security Plan Value: 90 points against a client's account, and through this access, the client's information and funds were stolen. Case 2 The Students Medical Center has two hospital facilities in Puerto Rico. To facilitate the service provided by the doctors, they were provided laptops to access patient records. Dr. Rodrguez Prez still sees patients, although he is 75 years old. Dr. Rodrguez Prez isn't very computer-savvy, as electronic medical records didn't exist in his time. For that reason, he likes to keep copies of patient documents on his computer in a folder under his name. Last Monday, he rushed off to lunch and a meeting at a well-known restaurant. The doctor left his computer in its bag in the back seat because he didn't want it to bother him while he was having lunch and a meeting. Upon returning to his vehicle, he noticed the front door had a broken lock and that his computer had been stolen. Neither the doctor nor the institution used encryption on the laptops. Case 3 The IT Department of Medical Center 330 contracted the services of Student Tech Support, Inc. Recently, Center 330 experienced an issue with one of its pharmacy servers and needed assistance from Student Tech Support, Inc. to restore the files. The restoration was successful, but as part of the work, at one point, customer files were copied to a 4TB external drive belonging to Student Tech Support, Inc. The technician forgot the data was on the drive and took it with him. After a month, Center 330 received an email demanding payment for their patients' information or it would be sold on the dark web. As evidence, they included copies of the data of several pharmacy patients. CISE 1000L: Cybersecurity Fundamentals and Laboratory 7.1 Final Assessment: Evaluation of Applicable Laws and Security Plan Value: 90 points

Part II Scenario The Students Medical Center has two hospital facilities in Puerto Rico. It has 500 domain users and 300 electronic medical record system clients. The system has a web interface published through a Windows server and the latest version of IIS. The databases run on SQL servers. The organization maintains its backups using Veeam. In addition to this system, the organization has a financial system that runs on Oracle. 50 employees have access accounts to the financial system to perform their daily work. The company's office solution is Office 365, and all employees have licenses to use its tools daily, including email and cloud storage. Its Human Resources system is HR Sense, used by 25 users in the Human Resources office. All of these servers are virtual. Except for the Oracle financial system server, which uses Oracle Linux, the rest are Windows 2019 servers. The company has two data centers: the primary one located at the main medical facility in San Juan and the secondary one in Mayagez. Connectivity between facilities is via a private fiber optic link at 100 Mbps, and the internet connection at the primary facility is 1 Gbps. Both centers have a solution of three physical nodes that constitute the virtual environment and a 200 TB storage solution. All communications equipment is Forti. This includes its L2 and L3 switches and firewalls.

\f\f\f\f