In this module, you explored selecting security controls as it relates to the Risk Management Framework used by the Federal Government and other organizations to manage risk. The security control base
THE PAYROLL CATEGORIES AND CIA TRIAD NAME: INSTITUTION COURSE NUMBER COURSE TITLE: INSTRUCTOR’S NAME: DUE DATE: THE PAYROLL CATEGORIES AND CIA TRIAD Payroll categories Some payroll categories within St John’s healthcare facility shall include taxes, wages, deductions, employer expenses, and accruals. According to the law, an organization must create payroll categories where different employees are assigned the due amounts of finances. Within our organization, these categories shall help determine the specific amount assigned to every employee and make the process automated to prevent potential delays and human-related errors. However, it’s essential to understand that before the exposes, wages and accruals are expended as paychecks, they must be assigned to different workers. The first category shall include wage creation determined by the salary and hourly performance of the involved individuals. Within our facility, other wages will include overtime, bonus, commissions and salaries. Secondly, the accruals will be created based on employees’ accumulated hourly performance that helps them receive special payments and packages like sick leave and vacations. Therefore the number of hours one works weekly shall determine the accruals for the vacation payment. The third category is the creation of the deductions, which are the amounts of money that must be subtracted from the employee’s paycheck. However, this amount does not include the taxation rates. Finally, the employer expenditure shall include the amounts of money deducted from the organization for having employees. The amount is not subtracted from employees’ payments, although it affects their contributions, for example, the pension contributions. The impact levels Confidentiality According to Srinivas et al. (2019), it is the process of ensuring that employees’ payroll information is kept privately against access from unauthorized parties. The financial information of any healthcare information, including the employee’s payroll, should often be securely stored and should not be received directly or indirectly by other parties. Additionally, most workers normally need their private database to be kept securely. Therefore, if it is exposed, this may damage organizational reputations and break the confidentiality agreement between the organization and the employee involved. Sometimes there may be lawsuits from the process when some employees realize that the management is underpaying them despite delivering similar value to the organization. Integrity Integrity is ensuring that employees’ payroll data is not changed, duplicated or added maliciously. Integrity ensures that the amount the organization expects should be paid to the employees is the correct amount. However, when there are changes, the employee may receive a lower or higher amount which has different consequences. When an employee receives a higher amount without reports, the organization may undergo losses, especially when auditing is not done. When employees are underpaid, they are more likely to get less motivated in their workplace. Therefore integrity seeks to ensure that the agreed and expected amount is calculated and delivered to the relevant parties. Sometimes the employees within the IT offices are more likely to manipulate the system to overpay themselves; that is why external and internal auditing are significant. Lisdorf (2021). Availability According to Force (2018), it is the task of ensuring that data regarding employees’ payroll is always accessible. For example, accessing the data may be difficult when hardware or software failures. It may lead to delayed payment, which also demotivates employees. Every time a salary payment date is postponed, employees’ productivity is reduced significantly, which may lead to increased suffering of the patients and a lost reputation of the organization. To promote availability, there is a need to have a comprehensive data backup system for retrieval in case failure occurs. References Force, J. T. (2018). Risk management framework for information systems and organizations. NIST Special Publication, 800, 37. https://www.itdojo.com/oolruchu/2019/01/NIST_SP_800-37r2.pdf Lisdorf, A. (2021). Securing the Cloud. In Cloud Computing Basics (pp. 131-143). Apress, Berkeley, CA. https://link.springer.com/chapter/10.1007/978-1-4842-6921-3_11 Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future generation computer systems, 92, 178-188. https://www.sciencedirect.com/science/article/pii/S0167739X18316753