C841
Legal Issues in Information Security
TASK 1
(Passed First Attempt)
Western Governors University
, A1: Computer Fraud and Abuse Act and Electronic Communications Privacy Act
(A1-1): The Computer Fraud and Abuse Act makes it a crime to obtain information from any protected
computer by intentionally accessing a computer without proper authorization or by exceeding
authorized access. (Cornell Law School, 2018)
At TechFite, an investigation revealed that Carl Jaspers, the head of the Application Division, specifically
requested the creation of two IT user accounts. At the time of the creation of the accounts, the two
employees assigned to the accounts had not been employed by TechFite in over a year. A further
investigation revealed that both accounts were in constant use and were linked to email addresses that
were not affiliated with TechFite or any of their clients. These two accounts were subsequently used to
access other groups and business units within the company without proper authorization. The accounts
accessed the legal department, finance department, and human resource department through
“escalation of privilege.” A search of the network monitoring logs revealed that these two accounts had
indeed accessed financial and executive documents without proper authorization. This is a clear violation
of the Computer Fraud and Abuse Act.
(A1-2): The Electronic Communications Privacy Act makes it a crime to intercept communications
between two parties without consent or legal authorization. This applies to communications in progress
as well as stored communications. (United States Department of Justice, 2018)
At TechFite, an investigation revealed that Sarah Miller, a senior analyst, had used an application called
Metasploit to scan the networks of other companies and intercept stored communications without
consent or legal authorization. Metasploit is a tool that is used to identify system vulnerabilities as well
as assist in the development of malicious code to exploit the identified vulnerabilities. Two additional
analysts who work directly under Sarah Miller, Megan Rogers and Jack Hudson, were also found to have
Legal Issues in Information Security
TASK 1
(Passed First Attempt)
Western Governors University
, A1: Computer Fraud and Abuse Act and Electronic Communications Privacy Act
(A1-1): The Computer Fraud and Abuse Act makes it a crime to obtain information from any protected
computer by intentionally accessing a computer without proper authorization or by exceeding
authorized access. (Cornell Law School, 2018)
At TechFite, an investigation revealed that Carl Jaspers, the head of the Application Division, specifically
requested the creation of two IT user accounts. At the time of the creation of the accounts, the two
employees assigned to the accounts had not been employed by TechFite in over a year. A further
investigation revealed that both accounts were in constant use and were linked to email addresses that
were not affiliated with TechFite or any of their clients. These two accounts were subsequently used to
access other groups and business units within the company without proper authorization. The accounts
accessed the legal department, finance department, and human resource department through
“escalation of privilege.” A search of the network monitoring logs revealed that these two accounts had
indeed accessed financial and executive documents without proper authorization. This is a clear violation
of the Computer Fraud and Abuse Act.
(A1-2): The Electronic Communications Privacy Act makes it a crime to intercept communications
between two parties without consent or legal authorization. This applies to communications in progress
as well as stored communications. (United States Department of Justice, 2018)
At TechFite, an investigation revealed that Sarah Miller, a senior analyst, had used an application called
Metasploit to scan the networks of other companies and intercept stored communications without
consent or legal authorization. Metasploit is a tool that is used to identify system vulnerabilities as well
as assist in the development of malicious code to exploit the identified vulnerabilities. Two additional
analysts who work directly under Sarah Miller, Megan Rogers and Jack Hudson, were also found to have
