ETHICS AND CYBERSECURITY

Posted on: 27th June 2023

Question

ETHICS AND CYBERSECURITY

COMPETENCIES
4045.1.1 : Compliance Legal Requirements 
The graduate describes the legal requirements to address compliance with cybersecurity policies and procedures with an organization.
4045.1.3 : Security Awareness Training and Education (SATE)
The graduate outlines legal issues that should be included within the security awareness training and education (SATE) program of an organization.
4045.1.4 : Ethical Issues for Cybersecurity
The graduate discusses the implications of ethical issues for specific cybersecurity actions within an organization.

INTRODUCTION
Information security professionals must understand how to apply ethical security principles and processes to their organizations. These standards should define the organization’s specific needs and demands to assure data confidentiality, integrity, and availability. An organization’s employees must be aware of the security challenges it is facing.

In this task, you will analyze ethical challenges related to information security and develop a training plan for an organization, which will raise awareness of these challenges, convey strategies, and prevent unwanted developments.

SCENARIO
Review the attached “TechFite Case Study” for information on the company being investigated.
You should base your responses on this scenario.

REQUIREMENTS
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. The similarity report that is provided when you submit your task can be used as a guide.

You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.

Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments (e.g., .docx, .pdf, .ppt).

A. Address ethical issues for cybersecurity by doing the following:

1. Discuss the ethical guidelines or standards relating to information security that should apply to the case study.
a. Justify your reasoning.

2. Identify the behaviors, or omission of behaviors, of the people who fostered the unethical practices.

3. Discuss what factors at TechFite led to lax ethical behavior.
B. Describe ways to mitigate problems and build security awareness by doing the following: 
1. Describe two information security policies that may have prevented or reduced the criminal activity, deterred the negligent acts, and decreased the threats to intellectual property.
2. Describe the key components of a Security Awareness Training and Education (SATE) program that could be implemented at TechFite.
a. Explain how the SATE program will be communicated to TechFite employees.
b. Justify the SATE program’s relevance to mitigating the undesirable behaviors at TechFite.
C. Prepare a summary directed to senior management (suggested length of 1–2 paragraphs) that states TechFite’s ethical issues from Part A and the related mitigation strategies from Part B.
D. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
E. Demonstrate professional communication in the content and presentation of your submission.

File Restrictions
File name may contain only letters, numbers, spaces, and these symbols: ! - _ . * ' ( )
File size limit: 200 MB
File types allowed: doc, docx, rtf, xls, xlsx, ppt, pptx, odt, pdf, txt, qt, mov, mpg, avi, mp3, wav, mp4, wma, flv, asf, mpeg, wmv, m4v, svg, tif, tiff, jpeg, jpg, gif, png, zip, rar, tar, 7z

image description Top level essay Service Our professional unemployed professors are waiting for your signal to offer you the best academic writing service you so deserve.
illustration of a woman populating a checklist.

Solution

Task 2

A1a.

List two organizations; an ethical guideline used by each; and the relevance/tie of each of those guidelines to a specific instance from the case study

Organization 1:

·         Guideline: Act with integrity, honesty, fairness, prudence, and respect for the law. The [CITATION ISC21 l 1033]

·         Case study tie: Sarah Miller, a senior analyst with TechFite's Business Intelligence Unit, was not cited as a role model by the company's ethics committee for her activities.

Organization 2: ISC2

·         Guideline: In organizations with all International and domestic laws

·         Case study tie: Analyst Jack Hudson is a participant of the Strategic and Competitive Intelligence Practitioners, as per the case study. As a member of this particular community, it is incumbent for Jack Hudson to abide by its established standards of conduct.

A2.

List two unethical behaviors/omissions of behavior and the corresponding practices they fostered; and the specific actor that committed the behavior

Example 1

·         Behavior:Several internet-based businesses have experienced an increase in screening and intrusion activities into their IP addresses.

·         Actor(s):  Sarah Miller, Megan Rogers, and Jack Hudson all analyst except for Miller who is a senior annalist.

·         Practice:Using fictitious accounts to monitor the connections of other firms

Example 2

·         Behavior: Permission escalation for dummy accounts

·         Actor(s): Unit for Gathering and Sharing Business Intelligence

·         Practice:In gaining access to the lawful, human resource department, and payroll, these dummy accounts have been given elevated privileges. The BI Unit and these other offices exchange economic and executive records on routine basis, according to network intrusion detection logs.

A3.

Factor 1:

·         Behavior fostered: His absence of policy has permitted the personnel of the Business Intelligence Unit to engage in unethical and unlawful acts in compliance with applicable laws.

Factor 2:

·         Behavior fostered: For the Business Intelligence Unit, absence of rules has enabled its employees to participate in illicit traffic and privilege escalation in many sectors across the organization.

 

B1. Describe two information security policies that may have prevented or reduced the criminal activity, deterred the negligent acts, and decreased the threats to intellectual property. 

Policy 1:  Separating duty policy,

Policy 2: Auditing user account policy

An increase in protection against unauthorized user advancement without instruction or consent from the relevant channels can be achieved by implementing these two policy guidelines together. The allocated sector, duty, or task will also assist in preventing any unwanted access to information or computer systems from other departments and agencies.

Negligent actions reduce the possibility of privileges and open access being escalated without authorization and to all employees. A decline in the danger to intellectual property (IP) Controls to prevent open access to intellectual property will be reduced if these two strategies are used.

B2. Describe the key components of a Security Awareness Training and Education (SATE) program that could be implemented at TechFite.

a.  Explain how the SATE program will be communicated to TechFite employees.

b.  Justify the SATE program’s relevance to mitigating the undesirable behaviors at TechFite. 

B2.

SATE component 1:

All staff at TechFite should participate in safety training program. 

For this training program, third-party company should lead and provide it. 

There should be wide range of security-related topics covered in this type of training. Each and every department head should be able to learn the information and skills necessary to conduct their departments in accordance with all applicable legal and ethical guidelines and standards. The training course will be mandatory for all new hires. Anyone who doesn't complete this security training will have to explain why and could be fired if they don't.

SATE component 2:

Awareness

TechFite should hold an Awareness training program that would benefit all employees. A certified and reputable third-party company should head and deliver this training program. This type of training should cover all aspects of the domain of Awareness as it applies to all departments. All employees should be aware of any law or act that applies to their respective department. This should create a means for employees to know what to do when they become aware of any illegal and unethical activities. All employees will be required to receive the training program. Anyone who should fail to receive this security training will be required to submit the reasoning behind not receiving the training and could face termination.

B2a.

SATE Program Communication method: The SATE Program will be disseminated to all employees via meetings with representatives from each department within the business.

B2b.

Example 1

·         Behavior:  access Unauthorized user account

·         SATE relevance: Implementing security training on a regular basis for the IT department would help in mitigation in these situations.

Example 2

·         Behavior: Use of cheat software to access and scan IP addresses belonging to a number of web-based organizations.

SATE relevance: Regular security awareness for all departments would assist ensure that everyone is aware of the laws in place to prevent these kinds of crimes. In the long run, this would reduce the likelihood of unethical or illegal practices being used within the organization.

C. Summarize two or more ethical challenges and recommended mitigation of them; include supporting notes in the presenter’s/speaker’s notes section of presentation.

Ethical Challenge: Unauthorized access to a user's account is the first ethical dilemma.

Recommended mitigation Training Program is Suggested as a Prevention Strategy Implementing required.

Mitigation Strategy: Implementing requires STATE security training classes for the IT department on a regular basis would help raise awareness of these types of activities and the resulting harm they cause to the firm.

Ethical acknowledgment: Acknowledging and participating in illegal and immoral behaviors is an ethical challenge that requires mitigation through the STATE Training Program.

Strategy: In order to mitigate the risk, the organization will establish regular mandatory STATE training programs for all employees in Awareness. Employees will gain a better understanding of how unlawful and unethical behavior affects the organization as a whole if this practice is implemented. This can also help staff understand how to properly report these kinds of incidents. 

References

(ISC)², Inc. (1996-2021). (ISC)² Code Of Ethics. Retrieved from (ISC)²:https://www.isc2.org/EthicsStrategic and Competitive Intelligence Professionals (SCIP). (n.d.). Ethical-Intelligence. Retrieved from SCIP: https://www.scip.org/page/Ethical-Intelligenc

Prof. Jordan

Prof. Jordan

1539 reviews | 0 orders
  • Do you need help with an
    online class, essay or assignment?

  • Find the right expert among 500+

    We hire Gradewriters writers from different fields, thoroughly check their credentials, and put them through trials.

    View all writers

Tough Essay Due? Hire Tough Essay Writers!

We have subject matter experts ready 24/7 to tackle your specific tasks and deliver them ON TIME, ready to hand in. Our writers have advanced degrees, and they know exactly what’s required to get you the best possible grade.

Profile picture of ProfWriter

ProfWriter

5

( Reviews)

Staff Level Intermediate

Total orders 0

Competences
Philosophy
English
Archaeology
Profile picture of ProfWriter1

ProfWriter1

5

( Reviews)

Staff Level Intermediate

Total orders 0

Competences
Astronomy
Agriculture
Military sciences
Profile picture of Revaz Pataradze

Revaz Pataradze

5

( Reviews)

Staff Level Elite

Total orders 0

Competences
History
Sociology
Health sciences and medicine
Profile picture of Pro. Nicole

Pro. Nicole

5

( Reviews)

Staff Level Advanced

Total orders 0

Competences
Human Resources (HR)
Macro & Micro economics
Management
Profile picture of Nicole Ashton

Nicole Ashton

5

( Reviews)

Staff Level Advanced

Total orders 0

Competences
English
Archaeology
Gender & Sexual Studies
Profile picture of Prof. Jordan

Prof. Jordan

5

( Reviews)

Staff Level Elite

Total orders 0

Competences
English
Linguistics
Gender & Sexual Studies
Profile picture of Andrea Gibson

Andrea Gibson

5

( Reviews)

Staff Level Elite

Total orders 0

Competences
Linguistics
Archaeology
Sociology
Profile picture of Hanna preston

Hanna preston

5

( Reviews)

Staff Level Advanced

Total orders 0

Competences
English
Archaeology
Political Science
Profile picture of Gilbert Rights

Gilbert Rights

5

( Reviews)

Staff Level Elite

Total orders 0

Competences
English
Business
Marketing
Profile picture of Dr. Payne

Dr. Payne

5

( Reviews)

Staff Level Advanced

Total orders 0

Competences
Linguistics
Gender & Sexual Studies
Business
View all writers

Find the right expert among 500+

We hire Gradewriters writers from different fields, thoroughly check their credentials, and put them through trials.

View all writers