C841 [IHP4] Task 2

A1/A1a. Relevant Ethical Guidelines Related to Information Security 1. Ethical Guideline #1: ▪ An ethical guideline related to information security used by EC-Council states: “Ensure all penetration testing activities are authorized and within legal limits.” ▪ Applicability: The BI Unit at TechFite used Metasploit software to secretly penetration test and scan several internet-based companies to gather info they even went as far as dumpster diving to gather whatever info they could. The average person wouldn’t be digging through trash if they had the permission to receive whatever info they were looking for. 2. Ethical Guideline #2: ▪ An ethical guideline related to information security used by GIAC Certifications states: “Protect confidential and proprietary information with which I come in contact.” ▪ Applicability: After meeting with Carl Jaspers and the Applications Division, both Ana Capperson, CTO for Union City Electronic Ventures and Noah Stevenson, CEO of Orange Leaf Software LLC completed a questionnaire about their respective companies that included proprietary information for TechFite. Both had that same proprietary information end up in the hands of their competitors after deciding not to use the Applications Division.A2. Unethical Practices 1. Unethical Practice #1: Carl Jaspers abused his power as the head of the Applications Division and had two dummy accounts created for past employees. This unethical practice allowed the BI Unit along with Jaspers to use the accounts to access other information across all departments of TechFite. 2. Unethical Practice #2: Carl Jasper and Nadia Johnson had a very public and in appropriate relations whether it was just friends or in an intimate relationship. Mr. Jaspers clearly showed favoritism toward Nadia amongst other employees by showering her with gifts, helping her get countless raises and recommendations at work. Their relationship led to Ms. Johnson not thoroughly auditing and ignoring the illegal actions of Jasper and his Unit.A3. Factors 1. Factor #1: There is no policy at TechFite that stops social relationships with the Upper Staff and the ones they oversee. This allowed Nadia Johnson and Carl Jaspers to develop a close social relationship outside of the office where personal gifts were given as well as work accommodations constantly with the recommendations of Mr. Jasper. 2. Factor #2: Nadia Johnson failed to accurately and ethically complete the job she was hired to do. She did not specifically audit user accounts, check user privileges, enforce DLP, or monitor network activity of the BI Unit accounts. Her failure to do her job led to everyone having full admin rights and being able to do whatever they want within the company as well as make fake accounts to obtain information illegally from other companies