COMPETENCIES
________________________________________
4045.1.1 : Compliance Legal Requirements
The graduate describes the legal requirements to address compliance with cybersecurity policies and procedures with an organization.
4045.1.2 : Protection Against Security Incidents
The graduate analyzes applicable laws and policies to legally protect the organization against security incidents.
4045.1.3 : Security Awareness Training and Education (SATE)
The graduate outlines legal issues that should be included within the security awareness training and education (SATE) program of an organization.
4045.1.4 : Ethical Issues for Cybersecurity
The graduate discusses the implications of ethical issues for specific cybersecurity actions within an organization.
INTRODUCTION
________________________________________
This course addresses the laws, regulations, authorities, and directives that inform the development of operational policies, best practices, and training. These standards assure legal compliance and minimize internal and external threats. Information security professionals must understand how to apply ethical security principles and processes to their organizations. These standards should define the organization’s specific needs and demands to assure data confidentiality, integrity, and availability. An organization’s employees must be aware of the security challenges it is facing.
In this task, you will analyze legal constraints and liability concerns that threaten information security within the given organization and develop disaster recovery plans to ensure business continuity. You will analyze ethical challenges related to information security and develop a training plan for an organization, which will raise awareness of these challenges, convey strategies, and prevent unwanted developments.
SCENARIO
________________________________________
Review the attached “TechFite Case Study” for information on the company being investigated. You should base your responses on this scenario.
REQUIREMENTS
________________________________________
No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly.
A. Address ethical issues for cybersecurity by doing the following:
1. Discuss the ethical guidelines or standards relating to information security that should apply to the case study.
a. Justify your reasoning.
2. Identify the behaviors, or omission of behaviors, of the people who fostered the unethical practices.
3. Discuss what factors at TechFite led to lax ethical behavior.
B. Describe ways to mitigate problems and build security awareness by doing the following:
1. Describe two information security policies that may have prevented or reduced the criminal activity, deterred the negligent acts, and decreased the threats to intellectual property.
2. Describe the key components of a Security Awareness Training and Education (SATE) program that could be implemented at TechFite.
a. Explain how the SATE program will be communicated to TechFite employees.
b. Justify the SATE program’s relevance to mitigating the undesirable behaviors at TechFite.
C. Demonstrate your knowledge of application of the law by doing the following:
1. Explain how the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act each specifically relate to the criminal activity described in the case study.
2. Explain how three laws, regulations, or legal cases apply in the justification of legal action based upon negligence described in the case study.
3. Discuss two instances in which duty of due care was lacking.
4. Describe how the Sarbanes-Oxley Act (SOX) applies to the case study.
D. Discuss legal theories by doing the following:
1. Explain how evidence in the case study supports claims of alleged criminal activity in TechFite.
a. Identify who committed the alleged criminal acts and who were the victims.
b. Explain how existing cybersecurity policies and procedures failed to prevent the alleged criminal activity.
2. Explain how evidence in the case study supports claims of alleged acts of negligence in TechFite.
a. Identify who was negligent and who were the victims.
b. Explain how existing cybersecurity policies and procedures failed to prevent the negligent practices.
E. Prepare a summary directed to senior management (suggested length of 1–2 paragraphs) that states TechFite’s ethical issues from Part A and the related mitigation strategies from Part B.
F. Prepare a summary (suggested length of 1–2 paragraphs) directed to senior management that states the status of TechFite’s legal compliance.
G. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
H. Demonstrate professional communication in the content and presentation of your submission.
Last Completed Projects
| topic title | academic level | Writer | delivered |
|---|