Risk Analysis Paper
In this assignment, you will demonstrate your mastery of the following course outcomes:
Evaluate federal, regional, and state cyberlaws and ethics regulations for their impact on organizations’ IT and computing policies and operations
Assess personal and professional ethical violations for the extent to which they impact IT and computing within organizations
Recommend policies and strategies that align with cyberlaw and ethics guidelines for facilitating compliance and addressing non-adherence
Utilize cyberlaw and ethics guidelines in creating IT-specific codes of ethics for mitigating stakeholder and organizational risk
ABC Healthcare is a startup company with 50 employees. The company’s computer network is shown in Figure 1 below. The healthcare data server contains the
company’s records, including copies of patient health records with personally identifiable data, patient billing, company financials, and forms.
You have been hired as the IT network security officer, reporting directly to the chief information officer (CIO). Currently, there is a network administrator who has very limited experience and worked as a desktop technician prior to joining ABC. This network administrator helped set up the existing network. In addition,
ABC plans to hire a desktop technician and a website developer/programmer who will report directly to the CIO.
There are no policies or guidelines for employees’ usage of the computers and network. Network setup was done by various vendors, and all of the programs
use default usernames and passwords. Wireless access has been set up for staff using wireless laptops. The same wireless access point also provides clients access to the internet. Some staff members bring in their own computers and connect them to the network. Employees use the work systems for personal web browsing and to check personal email accounts.
As part of network security, management set up a video monitoring system throughout the office. Employees are not notified of any monitoring.
There is a copier/printer in the front office that is used by employees. Currently, all unused copies are left next to the copier for recycle
I. Risk Analysis Paper
1. Describe the information technology structure of the organization in the given scenario.
2. Identify specific cyberlaws and ethics regulations that pertain to the organization and its computing operations in the scenario.
3. Organizational ethics violations
i. Classify unethical behaviors with respect to whether they are personal or professional in nature, being sure to support your position with specific examples.
ii. Assess the impact of the unethical behaviors on IT and computing within the organization.
4. Cyberlaw noncompliance
i. Identify instances of cyberlaw noncompliance, being sure to cite the specific regulation(s) being violated.
ii. Assess the impact of the noncompliance on IT and computing within the organization.
5. Acceptable use-of-technology policies research
i. Compare and contrast acceptable use-of-technology policies from various organizations. You can find suggested organizations below or use policies of your own choosing.
ii. Select aspects of the acceptable use-of-technology policies you have researched that you feel could be adapted to meet the needs of the organization, and explain how you would adapt them.
6. Codes of ethics research
i. Compare and contrast IT-specific codes of ethics from various organizations. You can find suggested organizations below or use codes of
ethics of your own choosing.
ii. Select aspects of the codes of ethics you have researched that you feel could be adapted to meet the needs of the organization, and explain how you would adapt them.
Risk Analysis Paper
- Information Technology Structure
ABC Healthcare Organization utilizes wireless networks in its networking or tasks with the Internet and network of the organization, set up with unique usernames and passwords for accessing the network. Also, Beyond Your Own Device(BYOD) is authorized from the organization where a few workers are allowed to access the premise’s system. Due to it’s the open nature of the wireless network, employees can access the system for their personal sake and make wrong use of the network
- Cyber Laws and Ethics regulations
Cyber laws and ethical regulations that pertain to ABC include cyber legislation and crimes, profiles, and motive of attackers, personal ethics, and incident handling and investigation techniques. First, cyber laws make a distinction between physical, tangible and intangible crimes. These regulations indicate all sorts of computer-related crimes. Certified Security professionals must be wholly knowledgeable about the privacy policies and corporate safety and understand what required as an adequate behavior for workers. Secondly, profiles and motives of attackers are regulations that signify the patterns, objectives, and kinds of attack associated with cyber crimes. Additionally, personal ethics are relevant to ABC organization, as they have security experts and finest practices. ABC must be a member of CISSP to set up ethical regulations in it and are obligated to uphold and accept the “Code of Professional Ethics (ISC) 2.” This code also sets up principles for the security officials. Lastly, incident handling and investigations signify the investigation procedures of computer criminalities, which involve the handling processes and evidence handling. (Spotlight article: Domain 8, Laws, Investigations and Ethics)
- Organizational Ethics violations
- Unethical Behaviors at ABC
Since the network at ABC is not secure due to the open accessibility of any worker, the major ethical violation is that any employee can take advantage of the access and utilize it for his or her personal gain. For example, one can offer the access to an outsider for monetary gains.
- The Impact of the Unethical Behaviors on IT and Computing
Unethical behaviors on IT and computing with negatively affect the organization regarding productivity. Since there are some workers, who are allowed to access the Internet and the network, most of them will waste time on social media and emailing which consequently affects productivity. Also, workers can leak out any relevant information for personal gains which later on can tamper with the reputation of the organization (Nicky Jatana and Marlo Johnson Roebuck, 2014). With such openness to workers, it will lead to security issues in the access of information and also manipulation of the information from outside.
- Cyber law non-compliance
- Instances of Cyber Law Noncompliance
In January 2009, copious emails were delivered to several organizations of the IT department of Bangalore, majorly intimidating terrorists attack messages. Other cybercrimes like theft of password to infiltrate one’s online banking account are evident. Therefore numerous states have formulated and approved copious policies few from Information Technology Act, 2000” and State Police Act (CYBER LAW Liability Of Cyber Cafe Operators). The compliance of cyber law has three fragments namely: Digital Agreements, Due Diligence (Naavi, 2003) and IPR violation.
- The Impact of The Non-compliance on IT And Computing
Cyber compliance affects the continuity of business along with the profitability of the trade; this is temperament of the non-compliance. Additionally, with non-compliance to cyber laws, it allows a member of the organization to utilize any tool on the software of the company and selling it out to the outsiders or an opponent/competitor which can make a company fall or get out of the trade.
- Acceptable use-of-technology policies research
- Compare and contrast acceptable use-of-technology
A comparison will be made by the following organizations: SAN Institute, ISAA(Information Systems Security Association), Pennsylvania College of Technology and AT & T. At SAN institute it authorizes its policy of human resources and information security that concentrates on the and prohibit pre-internet breaches(Lawrence, 2002). On the other hand, ISAA is focused on giving a spot to cultivate collaboration and networking around professional and boundaries such as setting free professional accountabilities with honesty and diligence and uphold universally approved IT existing practices and standards. Pennsylvania College of Technology regards Acceptable Use Policy(AUP) which supports the ethical, lawful, effective and efficient use of information technology sources of Penn College. The rule applies to anyone who uses any information concerning Penn College. AT & T is a build-up which assists the company to attain its target through conforming with regulations and laws pertaining the use of email transmissions, the Internet, text messaging and upholding for its consumers the ability to use internet and network of AT & T bereft of aggravation from other users.
- Acceptable use-of-technology policies adapted by ABC
The best acceptable use-of-technology that best fits at ABC is the AT & T Acceptable Use Policy. AT & T stipulates that they are committed to guarding the customer against any violations by other clients who are applicable at ABC since any worker can access the network and do harm to others.
- Codes of Ethics Research
- Comparison of IT-specific Codes of Ethics from Various Organizations
- SAN Institute
The code of ethics in the SAN Institute concentrate on personal terms in that an individual should know themselves and become honest with their abilities, to conduct trade in a manner which promises that profession of Information Technology. Also, it fosters professionalism and integrity and respect for privacy and confidentiality.
- ISAA Code of Ethics
ISAA suggests the practices that will make confident of the availability of confidentiality of the resources of the organization and integrity.
- K-state IT Employee Code of Ethics,
It stipulates that workers who give innermost support of IT are required to sign and read the “ Employee Code of Ethics,” supervisors must assess the employee in consideration of the Code of Ethics, and the “ employee code of ethics should be evaluated on a yearly basis with the workers.
ABC Healthcare can adapt to the Code of Ethics that focusses on Code of Ethics that promotes accepted information security best practices and standards. Also, Business code of ethics is essential for ABC and the Employee Code of Ethics.
AT&T Acceptable Use Policy. (2008, October 15). Retrieved from www.corp.att.com: http://www.corp.att.com/aup/
AT&T Inc. Code Of Ethics. (n.d.). Retrieved from www.att.com: http://www.att.com/gen/investor-relations?pid=5595
CYBER LAW Liability Of Cyber Cafe Operators. (n.d.). Retrieved from www.lawteacher.net: http://www.lawteacher.net/free-law-essays/technology-law/seminar-paper-cyber-law-liability-law-essays.php
ISSA Acceptable Use Policy. (n.d.). Retrieved from www.issa.org: http://www.issa.org/?page=AcceptableUse
ISSA Code of Ethics. (n.d.). Retrieved from www.issa.org: http://www.issa.org/?page=codeofethics
IT Resources Acceptable Use Policy: Pennsylvania College of Technology. (n.d.). Retrieved from www.pct.edu: https://www.pct.edu/campuslife/studentpolicy/acceptableUse.htm
K-State Information Technology Employee Code of Ethics. (2013, October 29). Retrieved from www.k-state.edu: http://www.k-state.edu/its/ethics/
Lawrence, P. (2002, March). SANS Institute InfoSec Reading Room. Retrieved from www.sans.org: https://www.sans.org/reading-room/whitepapers/acceptable/acceptable-use-responsibility-it-3
Microsoft Standards of Business Conduct. (n.d.). Retrieved from sites.google.com: https://sites.google.com/a/email.vccs.edu/bus100mvargas/home/microsoft-code-of-ethics
Naavi. (2003, January 15). Six Sigma, ROI and Cyber Law Compliancy. Retrieved from www.naavi.org: http://www.naavi.org/cylawcom/six_sigma.htm
Nicky Jatana and Marlo Johnson Roebuck, J. L. (2014, july 14). The Impact of Employees Left to Their Own Devices: Top Ten BYOD Considerations. Retrieved from www.acc.com: http://www.acc.com/legalresources/publications/topten/tioelttod.cfm
SANS: IT Code of Ethics. (2004, April 24). Retrieved from www.sans.org: https://www.sans.org/security-resources/ethics.php?ref=3781