Legal Issues in Information Security — C841 PRFA — IHP4
Task Overview Submissions Evaluation Report Competencies
Need answer to this question?
Order an original paper Now!
We’re giving you a 15% discount on your first Order.
Discount Code: SKILNEW15
Use the above discount code during checkout
4045.1.1 : Compliance Legal Requirements
The graduate describes the legal requirements to address compliance with cybersecurity policies and procedures with an organization.
4045.1.2 : Protection Against Security Incidents
The graduate analyzes applicable laws and policies to legally protect the organization against security incidents.
Introduction
This course addresses the laws, regulations, authorities, and directives that inform the development of operational policies, best practices, and training. These standards assure legal compliance and minimize internal and external threats.
In this task, you will analyze legal constraints and liability concerns that threaten information security within the given organization and develop disaster recovery plans to ensure business continuity.
Scenario
Review the attached “TechFite Case Study” for information on the company being investigated.
You should base your responses on this scenario.
Requirements
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. The similarity report that is provided when you submit your task can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments (e.g., .docx, .pdf, .ppt).
- Demonstrate your knowledge of application of the law by doing the following:
- Explain how the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act each specifically relate to the criminal activity described in the case study.
- Explain how three laws, regulations, or legal cases apply in the justification of legal action based upon negligence described in the case study.
- Discuss two instances in which duty of due care was lacking.
- Describe how the Sarbanes-Oxley Act (SOX) applies to the case study.
- Discuss legal theories by doing the following:
- Explain how evidence in the case study supports claims of alleged criminal activity in TechFite.
- Identify who committed the alleged criminal acts and who were the victims.
- Explain how existing cybersecurity policies and procedures failed to prevent the alleged criminal activity.
- Explain how evidence in the case study supports claims of alleged acts of negligence in TechFite.
- Identify who was negligent and who were the victims.
- Explain how existing cybersecurity policies and procedures failed to prevent the negligent practices.
- Explain how evidence in the case study supports claims of alleged criminal activity in TechFite.
- Prepare a summary (suggested length of 1–2 paragraphs) directed to senior management that
states the status of TechFite’s legal compliance.
- Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
- Demonstrate professional communication in the content and presentation of your submission.
File Restrictions
File name may contain only letters, numbers, spaces, and these symbols: ! – _ . * ‘ ( )
File size limit: 200 MB
File types allowed: doc, docx, rtf, xls, xlsx, ppt, pptx, odt, pdf, txt, qt, mov, mpg, avi, mp3, wav, mp4, wma, flv, asf, mpeg, wmv, m4v, svg, tif, tiff, jpeg, jpg, gif, png, zip, rar, tar, 7z
Rubric
A1:Computer Fraud and Abuse Act and Electronic Communications Privacy Act
| Not Evident An explanation of how the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act relate to the criminal activityin the case study is not provided. | Approaching Competence The explanation of how the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act each relate to the criminalactivity in the case study is unclear or incomplete. | Competent The explanation of how the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act each specifically relate to thecriminal activity in the case study is clear and complete. |
A2:Explanation of Laws, Regulations, or Legal Cases
| Not Evident An explanation of how the 3 identified laws, regulations, or legal cases apply in the justification of legal action based upon negligencedescribed in the case study is not provided. | Approaching Competence The explanation of how the 3 identified laws, regulations, or legal cases apply in the justification of legal action based upon negligence described in thecase study is illogical, incomplete, or unclear. | Competent The explanation of how the 3 identified laws, regulations, or legal cases apply in the justification of legal action based upon negligencedescribed in the case study is logical, complete, and clear. |
A3:Duty of Due Care
| Not Evident | Approaching Competence | Competent |
| A discussion of 2 instances inwhich duty of due care was lacking is not provided. | The discussion illogicallyaddresses 2 instances in which duty of due care was lacking. | The discussion logicallyaddresses 2 instances in which duty of due care was lacking. |
A4:Sarbanes-Oxley Act (SOX)
| Not Evident A description of how SOX applies to the case study is not provided. | Approaching Competence The description provides inapplicable evidence of how SOX applies to the case study, or the description is unclear. | Competent The description clearly provides applicable evidence of how SOX applies to the case study. |
B1:Criminal Evidence
| Not Evident An explanation that contains logical support from the case study to support claims of alleged criminal activity in TechFite is not provided. | Approaching Competence The explanation contains illogical support from the case study to support claims of alleged criminal activity in TechFite. | Competent The explanation contains logical support from the case study to support claims of alleged criminal activity in TechFite |
B1A:Criminal Acts: Actors and Victims
| Not Evident Neither the individuals or groups who committed the alleged criminal acts nor thevictims of these acts are identified. | Approaching Competence 1 or more of the individuals or groups who committed the alleged criminal acts or the victims ofthese acts are incorrectly identified. | Competent Both the individuals or groups who committed the alleged criminal acts and the victims ofthese acts are correctly identified. |
B1B:Criminal Acts: Causes
| Not Evident An explanation of how existing cybersecurity policies and procedures failed to prevent the alleged criminal activity is not provided. | Approaching Competence The explanation illogically addresses how existing cybersecurity policies and procedures failed to prevent the alleged criminal activity. | Competent The explanation logically addresses how existing cybersecurity policies and procedures failed to prevent the alleged criminal activity. |
B2:Negligent Acts
| Not Evident | Approaching Competence | Competent |
| An explanation that contains logical support from the case study to support claims ofalleged acts of negligence in TechFite is not provided. | The explanation contains illogical support from the case study to support claims ofalleged acts of negligence in TechFite. | The explanation contains logical support from the case study to support claims ofalleged acts of negligence in TechFite. |
B2A:Negligence: Actors and Victims
| Not Evident Individuals or groups who were negligent or the victims of the acts of negligence are notidentified. | Approaching Competence The individuals or groups who were negligent and the victims of the acts of negligence each are incorrectly identified. | Competent The individuals or groups who were negligent and the victims of the acts of negligence each are correctly identified. |
B2B:Negligence: Failed Prevention
| Not Evident An explanation of how existing cybersecurity policies and procedures failed to prevent the negligent practices is notprovided. | Approaching Competence The explanation illogically addresses how existing cybersecurity policies and procedures failed to preventnegligent practices. | Competent The explanation logically addresses how existing cybersecurity policies and procedures failed to preventnegligent practices. |
C:Legal Compliance Summary
| Not Evident A summary directed to senior management that states the status of TechFite’s legal compliance is not provided. | Approaching Competence The summary directed to senior management that states the status of TechFite’s legal compliance is unclear or incomplete. | Competent The summary directed to senior management that states the status of TechFite’s legalcompliance is clear and complete. |
D:Sources
| Not Evident The submission does not include both in-text citations and a reference list for sources that are quoted, paraphrased, or summarized. | Approaching Competence The submission includes in-text citations for sources that are quoted, paraphrased, or summarized and a reference list; however, the citations or | Competent The submission includes in-text citations for sources that are properly quoted, paraphrased, or summarized and a reference list that accurately identifies the author, date, title, and |
| reference list is incomplete orinaccurate. | source location as available. Or thecandidate does not use sources. |
Not Evident Content is unstructured, is disjointed, or contains pervasive errors in mechanics, usage, or grammar. Vocabulary or tone is unprofessional or distracts from the topic. | Approaching Competence Content is poorly organized, is difficult to follow, or contains errors in mechanics, usage, or grammar that cause confusion. Terminology is misused or ineffective. | Competent Content reflects attention to detail, is organized, and focuses on the main ideas as prescribed in the task or chosen by the candidate. Terminology is pertinent, is used correctly, and effectively conveys the intended meaning. Mechanics, usage, andgrammar promote accurate interpretation and understanding. |