Summary Western Governors University C 841 Legal Issues in Information Security Task 2
1 view 0 purchase
Course
IT C841
Institution
Western Governors University
Western Governors University C 841 Legal Issues in Information Security Task 2.A1: Discussion of Ethical Guidelines or Standards: In regards to the TechFite case study, there are a number of relevant information security moral principles. First, all sensitive or proprietary information encountered...
western governors university c 841 legal issues in information security task 2
Written for
Western Governors University
IT C841
All documents for this subject (5)
Seller
Follow
StudyConnect
Reviews received
Content preview
C841 Legal Issues in Information Security Task 2 Page 1
Western Governors University
C841 Legal Issues in Information Security Task 2
A1: Discussion of Ethical Guidelines or Standards: In regards to the TechFite case
study, there are a number of relevant information security moral principles. First, all
sensitive or proprietary information encountered on the job should be treated with
respect and kept private. Second, professional responsibilities are to be discharged
with integrity and diligence in accordance with all applicable laws. In addition, the
professional reputations of coworkers, employers, and customers should not be
intentionally slandered or brought into question. Moreover, all work should be
conducted in a manner consistent with information security best practices. Finally,
employees should not engage in any activities that may constitute a conflict of interest.
A1a: Justification of Standards or Guidelines: All of these tenets can be found in the
ethics policies of prominent organizations throughout the IT community. For example, the
Information Systems Security Association International (ISSA) Code of Ethics echoes the
sentiment that data privacy must be maintained (ISSA Code of Ethics, 2016). It also
emphasizes the importance of industry best practices and prohibits relationships that could
be construed as a conflict of interest (ISSA Code of Ethics, 2016). The International
Information Systems Security Certification Consortium (ISC)² addresses professional
responsibilities, stating that individuals should “act honorably, honestly, justly, responsibly,
and legally” ((ISC)² Code of Ethics, 1996). The American Society for Industrial Security
(ASIS) speaks to the issue of professional reputations, declaring that personnel must not
“maliciously injure the professional reputation or practice of
, colleagues, clients, or employees” (ASIS Certification Code of
Professional Responsibility, 2018).
A2: Description of Unethical Behaviors: There were a number of individuals and groups
within TechFite whose behavior was unethical. The head of the Applications Division, Carl
Jaspers, failed to safeguard sensitive data, encouraged immoral surveillance techniques and
had a relationship with IT Security Analyst Nadia Johnson that represented a clear conflict of
interest. This relationship was a quid pro quo arrangement where Mr. Jaspers gave Ms.
Johnson gifts and positive reviews in exchange for not reporting the division’s
violations (Jackson, n.d., p. 2). Nadia Johnson accepted these bribes and
subsequently produced false reports that claimed there was no unusual activity within
the division (Jackson, n.d., p. 2). The Business Intelligence (BI) Unit within the
Applications Division accessed other divisions without authorization, viewed private
information without permission, mishandled customer data and performed penetration
tests without obtaining consent (Jackson, n.d., p. 3). Specifically, BI Unit employees
Sarah Miller, Jack Hudson, and Megan Rogers performed vulnerability scans of rival
company’s networks. In addition, Mr. Hudson “coordinates efforts by third parties to
gather intelligence through surveilling and through mining companies’ trash” (Jackson,
n.d., p. 3). Furthermore, the Marketing/Sales Unit did not perform proper separation of
duties and the Financial Unit neglected to audit their payment records.
A3: Factors: The most obvious issue is the lack of an established Code of Ethics at TechFite.
Employers often make the mistake of assuming their staff understand what conduct is
considered acceptable and will abide by these precepts without instruction. While in a perfect
world this would be true, in reality this is not the case. A formal policy must be
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller StudyConnect. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.
