ETHICS AND CYBERSECURITY

Task 2

A1a.

List two organizations; an ethical guideline used by each; and the relevance/tie of each of those guidelines to a specific instance from the case study

Organization 1:

·         Guideline: Act with integrity, honesty, fairness, prudence, and respect for the law. The [CITATION ISC21 l 1033]

·         Case study tie: Sarah Miller, a senior analyst with TechFite's Business Intelligence Unit, was not cited as a role model by the company's ethics committee for her activities.

Organization 2: ISC2

·         Guideline: In organizations with all International and domestic laws

·         Case study tie: Analyst Jack Hudson is a participant of the Strategic and Competitive Intelligence Practitioners, as per the case study. As a member of this particular community, it is incumbent for Jack Hudson to abide by its established standards of conduct.

A2.

List two unethical behaviors/omissions of behavior and the corresponding practices they fostered; and the specific actor that committed the behavior

Example 1

·         Behavior:Several internet-based businesses have experienced an increase in screening and intrusion activities into their IP addresses.

·         Actor(s):  Sarah Miller, Megan Rogers, and Jack Hudson all analyst except for Miller who is a senior annalist.

·         Practice:Using fictitious accounts to monitor the connections of other firms

Example 2

·         Behavior: Permission escalation for dummy accounts

·         Actor(s): Unit for Gathering and Sharing Business Intelligence

·         Practice:In gaining access to the lawful, human resource department, and payroll, these dummy accounts have been given elevated privileges. The BI Unit and these other offices exchange economic and executive records on a routine basis, according to network intrusion detection logs.

A3.

Factor 1:

·         Behavior fostered: His absence of policy has permitted the personnel of the Business Intelligence Unit to engage in unethical and unlawful acts in compliance with applicable laws.

Factor 2:

·         Behavior fostered: For the Business Intelligence Unit, absence of rules has enabled its employees to participate in illicit traffic and privilege escalation in many sectors across the organization.

B1. Describe two information security policies that may have prevented or reduced the criminal activity, deterred the negligent acts, and decreased the threats to intellectual property. 

Policy 1:  Separating duty policy,

Policy 2: Auditing user account policy

An increase in protection against unauthorized user advancement without instruction or consent from the relevant channels can be achieved by implementing these two policy guidelines together. The allocated sector, duty, or task will also assist in preventing any unwanted access to information or computer systems from other departments and agencies.

Negligent actions reduce the possibility of privileges and open access being escalated without authorization and to all employees. A decline in the danger to intellectual property (IP) Controls to prevent open access to intellectual property will be reduced if these two strategies are used.

B2. Describe the key components of a Security Awareness Training and Education (SATE) program that could be implemented at TechFite.

a.  Explain how the SATE program will be communicated to TechFite employees.

b.  Justify the SATE program’s relevance to mitigating the undesirable behaviors at TechFite. 

B2.

SATE component 1:

All staff at TechFite should participate in a safety training program. 

For this training program, a third-party company should lead and provide it. 

There should be a wide range of security-related topics covered in this type of training. Each and every department head should be able to learn the information and skills necessary to conduct their departments in accordance with all applicable legal and ethical guidelines and standards. The training course will be mandatory for all new hires. Anyone who doesn't complete this security training will have to explain why and could be fired if they don't.

SATE component 2:

Awareness

TechFite should hold an Awareness training program that would benefit all employees. A certified and reputable third-party company should head and deliver this training program. This type of training should cover all aspects of the domain of Awareness as it applies to all departments. All employees should be aware of any law or act that applies to their respective department. This should create a means for employees to know what to do when they become aware of any illegal and unethical activities. All employees will be required to receive the training program. Anyone who should fail to receive this security training will be required to submit the reasoning behind not receiving the training and could face termination.

B2a.

SATE Program Communication method: The SATE Program will be disseminated to all employees via meetings with representatives from each department within the business.

B2b.

Example 1

·         Behavior:  access Unauthorized user account

·         SATE relevance: Implementing security training on a regular basis for the IT department would help in mitigation in these situations.

Example 2

·         Behavior: Use of cheat software to access and scan IP addresses belonging to a number of web-based organizations.

SATE relevance: Regular security awareness for all departments would assist ensure that everyone is aware of the laws in place to prevent these kinds of crimes. In the long run, this would reduce the likelihood of unethical or illegal practices being used within the organization.

C. Summarize two or more ethical challenges and recommended mitigation of them; include supporting notes in the presenter’s/speaker’s notes section of presentation.

Ethical Challenge: Unauthorized access to a user's account is the first ethical dilemma.

Recommended mitigation Training Program is Suggested as a Prevention Strategy Implementing required.

Mitigation Strategy: Implementing requires STATE security training classes for the IT department on a regular basis would help raise awareness of these types of activities and the resulting harm they cause to the firm.

Ethical acknowledgment: Acknowledging and participating in illegal and immoral behaviors is an ethical challenge that requires mitigation through the STATE Training Program.

Strategy: In order to mitigate the risk, the organization will establish regular mandatory STATE training programs for all employees in Awareness. Employees will gain a better understanding of how unlawful and unethical behavior affects the organization as a whole if this practice is implemented. This can also help staff understand how to properly report these kinds of incidents. 

References

(ISC)², Inc. (1996-2021). (ISC)² Code Of Ethics. Retrieved from (ISC)²:https://www.isc2.org/EthicsStrategic and Competitive Intelligence Professionals (SCIP). (n.d.). Ethical-Intelligence. Retrieved from SCIP: https://www.scip.org/page/Ethical-Intelligenc