TechFite Case Study
Background of Company:
TechFite is traded on NASDAQ and has approximately 1,000 employees. The company’s core business involves consulting with and advising Internet organizations on promoting and monetizing their online business ventures. Most of the company operates legally and ethically with good internal financial oversight. However, its Applications Division has recently been reported in the news media for undertaking some disturbing business practices. This division consults with start-ups on launching new applications and apps online.
COMPETENCIES 2
4045.1.1 : Compliance Legal Requirements
The graduate describes the legal requirements to address compliance with cybersecurity policies and procedures with an organization.
4045.1.3 : Security Awareness Training and Education (SATE)
The graduate outlines legal issues that should be included within the security awareness training and education (SATE) program of an organization.
4045.1.4 : Ethical Issues for Cybersecurity
The graduate discusses the implications of ethical issues for specific cybersecurity actions within an organization.
INTRODUCTION
Information security professionals must understand how to apply ethical security principles and processes to their organizations. These standards should define the organization’s specific needs and demands to assure data confidentiality, integrity, and availability. An organization’s employees must be aware of the security challenges it is facing. In this task, you will analyze ethical challenges related to information security and develop a training plan for an organization, which will raise awareness of these challenges, convey strategies, and prevent unwanted developments.
SCENARIO
Review the attached “TechFite Case Study” for information on the company being investigated. You should base your responses on this scenario.
REQUIREMENTS
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. The similarity report that is provided when you submit your task can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments (e.g., .docx, .pdf, .ppt).
A. Address ethical issues for cybersecurity by doing the following:
1. Discuss the ethical guidelines or standards relating to information security that should apply to the case study.
a. Justify your reasoning.
2. Identify the behaviors, or omission of behaviors, of the people who fostered the unethical practices.
3. Discuss what factors at TechFite led to lax ethical behavior.
B. Describe ways to mitigate problems and build security awareness by doing the following:
1. Describe two information security policies that may have prevented or reduced the criminal activity, deterred the negligent acts, and decreased the threats to intellectual property.
2. Describe the key components of a Security Awareness Training and Education (SATE) program that could be implemented at TechFite.
a. Explain how the SATE program will be communicated to TechFite employees.
b. Justify the SATE program’s relevance to mitigating the undesirable behaviors at TechFite.
C. Prepare a summary directed to senior management ( suggested length of 1–2 paragraphs) that states TechFite’s ethical issues from Part A and the related mitigation strategies from Part B.
D. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
E. Demonstrate professional communication in the content and presentation of your submission.
File Restrictions
File name may contain only letters, numbers, spaces, and these symbols: ! – _ . * ‘ ( ) File size limit: 400 MB File types allowed: doc, docx, rtf, xls, xlsx, ppt, pptx, odt, pdf, txt, qt, mov, mpg, avi, mp3, wav, mp4, wma, flv, asf, mpeg, wmv, m4v, svg, tif, tiff, jpeg, jpg, gif, png, zip, rar, tar, 7z
RUBRIC
A1:DISCUSSION OF ETHICAL GUIDELINES OR STANDARDS
COMPETENT answer
The discussion logically addresses the ethical guidelines or standards relating to information security that should apply to the case study.
A1A:JUSTIFICATION OF STANDARDS OR GUIDELINES
COMPETENT answer
The justification logically addresses the reasoning of the ethical considerations or guidelines.
A2:DESCRIPTION OF UNETHICAL BEHAVIORS
COMPETENT answer
The identification of the unethical behavior of individuals or groups is accurate.
A3:FACTORS
COMPETENT answer
The discussion of the factors at TechFite that led to lax ethical behavior is clear and logical.
B1:INFORMATION SECURITY POLICIES
COMPETENT
The description addresses 2 information security policies, specific to the case study that may have minimized the criminal activity, negligent acts, and threats to intellectual property.
B2:SATE KEY COMPONENTS
COMPETENT
The description of key components of a SATE program that could be implemented at TechFite is relevant and applicable to the case study.
B2A:SATE COMMUNICATION
COMPETENT
The explanation of how the SATE program will be communicated to TechFite employees is logical.
B2B:SATE RELEVANCE
B2B:SATE RELEVANCE
COMPETENT
The justification of the SATE program’s relevance to mitigating the undesirable behaviors at TechFite is logical.
C:CHALLENGES AND STRATEGIES SUMMARY
COMPETENT answer
A complete summary directed to senior management that states TechFite’s ethical issues and the related mitigation strategies is provided, and the summary aligns with the information provided in Parts A and B.
D: SOURCES
COMPETENT answer
The submission includes in-text citations for sources that are properly quoted, paraphrased, or summarized and a reference list that accurately identifies the author, date, title, and source location as available. Or the candidate does not use sources.
COMPETENT answer
Content reflects attention to detail, is organized, and focuses on the main ideas as prescribed in the task or chosen by the candidate. Terminology is pertinent, is used correctly, and effectively conveys the intended meaning. Mechanics, usage, and grammar promote accurate interpretation and understanding.
