Legal Issues in Information Security
Legal Issues in Information Security
A1. Define CFAA and ECPA and how they relate to the incidents.
CFAA specific incident
Enacted in 1986, the Computer Fraud and Abuse Act (CFAA) was an amendment to the first federal computer fraud law to addresses hacking. The CFAA categorizes and criminalizes computer crimes as distinct offenses. These crimes pertain to “protected computers”, such as federal computers, financial computers, and computers used in interstate or foreign commerce.
Name at least one criminal actor: Carl Jaspers
Name at least one criminal activity:
How achieved:
Name at least one victim:
How is that victim impacted or potentially impacted?
Was anyone negligent?
If so, how?
Summary of CFAA Event
<Write section summary here. Include ALL the details identified above for CFAA.>
ECPA specific incident
Law’s full name:
Law’s definition with APA in-text reference:
Name at least one criminal actor:
Name at least one criminal activity:
How achieved:
Name at least one victim:
How is that victim impacted or potentially impacted?
Was anyone negligent?
If so, how?
Summary of ECPA Event
<Write section summary here. Include ALL the details identified above for ECPA.>
A2.
List the 3 specific laws you will discuss and the specific activity that justifies legal action.
Law 1
Name of Law:
Definition of law with APA in-text reference:
Illegal activity at TechFite:
Evidence and justification for perusing legal action:
Summary of Law 1 Event
<Write section summary here. Include ALL the details identified above for law 1.>
Law 2
Name of Law:
Definition of law with APA in-text reference:
Illegal activity at TechFite:
Evidence and justification for perusing legal action:
Summary of Law 2 Event
<Write section summary here. Include ALL the details identified above for law 2.>
Law 3
Name of Law:
Definition of law with APA in-text reference:
Illegal activity at TechFite:
Evidence and justification for perusing legal action:
Summary of Law 3 Event
<Write section summary here. Include ALL the details identified above for law 3.>
A3.
Definition of Duty of Care
<Write definition of Duty of Care here with APA in-test reference.>
Lack of Duty of Care example 1
Name at least one DoC actor:
Name at least one DoC negligent activity:
How achieved:
Name at least one victim:
How is that victim impacted or potentially impacted?
Summary of Lack of Duty of Care Event 1
<Write section summary here. Include ALL the details identified above for lack of DoC 1.>
Lack of Duty of Care example 2
Name at least one negligence actor:
Name at least one negligence activity:
How achieved:
Name at least one victim:
How is that victim impacted or potentially impacted?
Summary of Lack of Duty of Care Event 2
<Write section summary here. Include ALL the details identified above for lack of DoC 2.>
A4. Describe how the Sarbanes-Oxley Act (SOX) applies to the case study.
Summary of SOX Violations
<Describe how the Sarbanes-Oxley Act (SOX) applies to the case study. Think about how SOX applies to the company with respect to activities observed that constitute violations of the act. i.e. was there any activity that occurred that would illegally exaggerate the company’s appeal to persuade investors or to create a possible avenue for embezzlement? What is SOX’s stance on auditing as compared to TechFite’s auditing policies, practices, or lack thereof? Keyword search financial within the case study.>
B1a. (CRIMINAL)
List two of the CRIMINAL activities that occurred; the actor that committed the activity; and the victim of the activity
Criminal Activity 1
- Activity:
- Actor(s):
- Victim (s):
Summary of Criminal Activity 1
<Write section summary here. Include ALL the details identified above for criminal activity 1.>
Criminal Activity 2
- Activity:
- Actor(s):
- Victim (s):
Summary of Criminal Activity 2
<Write section summary here. Include ALL the details identified above for criminal activity 2.>
B1b. (CRIMINAL)
List TWO specific missing cybersecurity policies related to CRIMINAL laws and accompanying recommended procedures and what activity they will address.
Missing Criminal Activity Policy 1:
- Name of policy:
- Related procedure:
- Activity addressed:
Summary of Missing Criminal Activity Policy 1
<Write section summary here. Include ALL the details identified above for missing criminal activity policy 1.>
Missing Criminal Activity Policy 2:
- Name of policy:
- Related procedure:
- Activity addressed:
Summary of Missing Criminal Activity Policy 2
<Write section summary here. Include ALL the details identified above for missing criminal activity policy 2.>
B2a. (NEGLIGENCE)
List TWO specific individuals/groups that relate to NEGLIGENT activity and who the victims of those activity were.
Negligent Actor 1:
- Name of negligent actor:
- Negligent activity:
- Name of at least one victim 1
Summary of Negligent Act 1
<Write section summary here. Include ALL the details identified above for negligent act 1.>
Negligent Actor 2:
- Name of negligent actor:
- Negligent activity:
- Name of at least one victim 2
Summary of Negligent Act 2
<Write section summary here. Include ALL the details identified above for negligent act 2.>
B2b. (NEGLIGENCE)
List TWO specific cybersecurity policies and accompanying recommended procedures related to NEGLIGENCE and what activities they will address.
Missing Negligent Activity Policy 1:
- Name of policy:
- Related procedure:
- Activity addressed:
Summary of Missing Negligent Activity Policy 1
<Write section summary here. Include ALL the details identified above for missing negligent activity policy 1.>
Missing Negligent Activity Policy 2:
- Name of policy:
- Related procedure:
- Activity addressed:
Summary of Missing Negligent Activity Policy 2
<Write section summary here. Include ALL the details identified above for missing negligent activity policy 2.>
- Summary of the COMPLIANCE status of the laws discussed.
Law 1
Law discussed name:
Compliance status (Compliant or not compliant):
Contributing factors:
Summary of Law 1 Status
<Write section summary here. Include ALL the details identified above for law 1 status.>
Law 2
Law discussed name:
Compliance status (Compliant or not compliant):
Contributing factors:
Summary of law 2 status
<Write section summary here. Include ALL the details identified above for law 2 status.>
Law 3
Law discussed name:
Compliance status (Compliant or not compliant):
Contributing factors:
Summary of Law 3 Status
<Write section summary here. Include ALL the details identified above for law 3 status.>
Continue if any additional laws…
References
Leave a Reply
Want to join the discussion?Feel free to contribute!