C841 Task 1 FINAL.docx C841 Legal Issues in Information Security €“ C841 Task 1 Wes

Document Content and Description Below

ORGANIZATION GUIDELINES AND STANDARDS Organization 1 SANS Institute is a well-known organization that provides intensive training designed to help IT security professionals master the practical ste... ps necessary for defending systems and networks against the most dangerous threats. SANS Guidelines One guideline that struck out to me is “I will conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism.” Furthermore, not to use availability and access to information for personal gains through corporate espionage. Tie to Case Study Within the case study, Carl Jasper used his position to have other employees create dummy accounts for the sole purpose of information gathering on outside governments as well as internal departments including, HR, and finance. Organization 2 GIAC is also a well-known organization that provides certifications to validate the realworld skills of IT security professionals. GIAC’s Guidelines In GIAC’s code of ethics states “The scope and responsibilities of an information security professional are diverse and afford a great deal of responsibility and trust in protecting the confidentiality, integrity and availability of an organization’s information assets.” Tie to Case Study There are two situations in the case study that go against GIAC’s guidelines. The first is when Carl Jasper signed a non-disclosure agreement with two companies, and later leaked that information to the competitors. The second is the lack of safeguarding sensitive and proprietary information belonging to clients. TechFite did not take the responsibility of protecting the confidentiality of client information. This study source was downloaded by 100000831777157 from CourseHero.com on 07-14-2022 23:47:17 GMT -05:00 https://www.coursehero.com/file/98820573/C841-Task-2-1st-submissionpdf/ PAGE 2 BEHAVIORS OF UNETHICAL PRACTICES Behavior 1 There was a lack of documentation on internal oversight, especially in the BI unit. Within the BI unit every workstation had full admin rights, there was no principles of least privilege or separation of duties. Actors The first actor in this case is Nadia Johnson, she was the one responsible for providing the proper documentation and checking for internal vulnerabilities. The second actor is Carl Jasper as he was the one who was using Nadia Johnson for his own agenda. Nadia helped Carl by overlooking the internal system. Practice This behavior showcases the failure in trust of protecting the organizations information assets. The actor failed to adhere to the ethical principles of best practices and standards. Behavior 2 The BI unit used dummy accounts to gain access to groups within their organization, without proper authorization. They escalated their privileges to gain access to financial and executive documentation. Actors The whole BI unit are the actors here, all employees are IT security professionals, they should know what is ethical and what is not. Even if a superior is giving the orders. Practice This behavior shows that the actors are violating the overall IT security code of ethics. Protect information of employers, clients, and users. FACTORS THAT LED TO LAX BEHAVIOR Factor 1 The first factor that led to lax [Show More]

Last updated: 1 year ago

Preview 1 out of 6 pages