Tech.edited (1)
rtf
keyboard_arrow_up
School
New York University *
*We aren’t endorsed by this school
Course
2
Subject
Information Systems
Date
Nov 24, 2024
Type
rtf
Pages
7
Uploaded by Mutisya2018
Ethics and Cybersecurity
Student's Name
Course
Instructor
Institution
Date
1. Discuss the ethical guidelines or standards relating to information security that
should apply to the case study.
The first ethical guideline is from the EC-Council, which mandates firms to
respect the privacy, intellectual property, and data of their clients (Georg et al., 2018).
The firms should not transfer or sell the client's data without consent from the client. In
the case study, Carl Jaspers breached this guideline by creating fake accounts to get the
privilege to access sensitive information from finance and human resource departments.
Sara Miller, the senior analyst also breached this guideline when she performed a system
penetration examination using the Metasploit tool of various internet-based firms.
Additionally, Miller's other workmates including Jack Hudson and Megan Rogers
participated in similar activities to gather and analyze other firms' stored information
without legal authorization or consent.
The other guideline that relates to this case mandates firms that are involved with
client personal data to protect such data by avoiding any unauthorized access or breaches
(Lee et al., 2016). The firms must not divulge or use clients' data without explicit and
personal consent. By unlawfully selling and publishing sensitive information and trade
secrets of TechFite clients like Orange Leaf Software LLC, Carl Jasper breached this
guideline.
2. Identify the behaviors, or omission of behaviors, of the people who fostered the
unethical practices.
The social connection that Nadia Johnson and Carl Jaspers have is an example of
unethical practice. Due to the relationship they share, Nadia is pushed to cover all the
illegal activities that Carl is involved in. The action by Carl to provide a positive
evaluation and give gifts to her managers regarding Nadia represents unethical conduct,
which makes Nadia not generate her routine report regarding the internal activities of
TechFite. Additionally, Carl's behavior of creating fake accounts to access sensitive
information from HR and finance departments is also unethical.
Another unethical behavior is seen when Sara and her workmates illegally scan
other firms' networks to access data from these firms without authorization. Complying
with codes of ethical conduct would see Sarah attaining proper consent, agreement, and
authorization before scanning other firms' networks.
3. Discuss what factors at TechFite led to lax ethical behavior.
TechFite did not put in place policies aimed at regulating the relationship between
its employees and this resulted in Carl indirectly pushing Nadia to cover his unethical
behaviors by submitting a falsified audit report. A faulty execution of the threats and
vulnerabilities management scanning procedures and policy at TechFite allowed Sarah
and her workmates to engage in illegal and unethical scanning practices. An effective
execution of this policy would help TechFite regulate detect and punish any illegal
scanning activities.
There is no implemented and efficient user accounts administration procedures
and policy at TechFite. The company does not have an account identity policy to limit
and prevent employees from illegally creating fake accounts to access sensitive data. This
factor contributed to Carl creating two fake accounts to access the company's Finance and
HR department's sensitive information without authorization.
1. Describe two information security policies that may have prevented or reduced
the criminal activity, deterred the negligent acts, and decreased the threats to
intellectual property.
The account and identity management policy may have prevented unethical
activities that threatened TechFite's intellectual property. Implementing this policy goes a
long way to assisting a company in auditing every user account and activity, thus
detecting the creation of illegal accounts like those created by Carl at TechFite (Pöhn &
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Hommel, 2020). Additionally, this policy is important in monitoring every user account
and activity, asses the list that contains consent given to users, and protecting the
company as well as the confidential information of their clients.
A policy that regulates employee relationships should be implemented. This
policy is important in promoting positive work environments free from exploitation and
conflict of interest (Lancelot et al., 2021). It also helps to discourage any form of
relationship that can result in an employee aiding or failing to report unethical and illegal
activities as was seen in the case of Carl and Nadia. This policy also restricts employees
from illegally sharing confidential data without authorization.
2. Describe the key components of a Security Awareness Training and Education
(SATE) program that could be implemented at TechFite.
The company should implement information security protection education and
training as a key aspect of SATE, to raise the awareness of employees regarding the
safety of confidential information (Ghafir et al., 2018). From such education and training,
the employees will acquire knowledge regarding the best practices needed to protect the
firm's confidential information such as data encryption. Additionally, it will aid in helping
workers to secure client accounts and their confidential data. During the training, the
employees will learn about cybersecurity and risks regarding information security such as
phishing and social engineering that can lead to cyberattacks.
The company can communicate the SATE program to workers using various
means including print newsletters, videos, promotional posters, emails, and infographics.
Irrespective of the means used by the company, it must convey vital information
regarding the SATE program to the workers appropriately and clearly (Ghafir et al.,
2018). For instance, TechFite can organize yearly or monthly announcement emails
containing compulsory due dates that remind every employee of their responsibilities to
participate in the SATE training program.
The SATE program's relevance is the fact that there will be risks related to
cybersecurity and how to comply with TechFite's security policies. The training will help
in improving the firm's internal policies aimed at protecting private client information
(Ghafir et al., 2018). For instance, the training will make Nadia understand that it's her
requirement and obligation to report any illegal activity that compromises the firm's
confidential data. The SATE training program will also help in strengthening policies that
prevent the illegal creation of accounts that compromise sensitive TechFite data as was
seen in the case of Carl who created two fake accounts to gain access to unauthorized
data.
C. Prepare a summary directed to senior management (suggested length of 1–2
paragraphs) that states TechFite’s ethical issues from Part A and the related
mitigation strategies from Part B.
The senior management should be informed of the company's lack of ethical
standards that allow employees to engage in unethical practices thus compromising the
firm's information confidentiality. Additionally, the lack of a code of conduct that
regulates employee behaviors and relationships contributes to the employees engaging in
unethical and illegal behaviors such as submitting falsified reports to protect their
relationships as was seen in the case of Carl and Nadia where the latter submitted fake
reports to protect Carl who she was engaged in a relationship with.
The senior management should implement SATE education and training programs
to educate employees regarding cybersecurity and bring to their awareness cybersecurity
risks. This will help in protecting company and client confidential and private data and
prevent unethical behaviors that compromise such private data. This is because
implementing and sustaining the SATE training program will the company to ensure that
all employees adhere to the set ethical codes of conduct to avoid unethical and illegal
practices such as creating fake accounts to access the firm's confidential data and
submitting fake reports.
References
Georg, T., Oliver, B., & Gregory, L. (2018). Issues of implied trust in ethical hacking
.
The ORBIT Journal, 2
(1), 1-19.
Lee, W. W., ZANKL, W., & CHANG, H. (2016). An ethical approach to data privacy
protection.
Pöhn, D., & Hommel, W. (2020, August). An overview of limitations and approaches in
identity management. In
Proceedings of the 15th International Conference on
Availability, Reliability and Security
(pp. 1-10).
Lancelot, J., Stoker, G., Smith, G., Nichols, C., Clark, U., Vetter, R., & Wetherill, W.
(2021). Preparation for a Cybersecurity Apprenticeship Program (PCAP). In
Proceedings
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
of the EDSIG Conference ISSN
(Vol. 2473, p. 4901).
Ghafir, I., Saleem, J., Hammoudeh, M., Faour, H., Prenosil, V., Jaf, S., ... & Baker, T.
(2018). Security threats to critical infrastructure: the human factor.
The Journal of
Supercomputing, 74
, 4986-5002.