WGU IT C299|IHP4 TASK 2 ETHICS AND CYBERSECURITY
ADDRESSING ETHICAL ISSUES FOR CYBERSECURITY: A CASE STUDY OF TECHFITE
Introduction
Any organization that works with information technology must prioritize cybersecurity. Businesses are
more likely to experience cybersecurity breaches as they use new technologies to enhance their
operations. These breaches can have disastrous repercussions, including data loss, monetary losses, and
reputational harm. Using the case study of TechFite, a made-up technology business that had a security
breach, we will discuss ethical concerns in cybersecurity in this essay. We'll also make suggestions for
how to solve these issues and raise security awareness throughout the company.
A. Ethical Guidelines and Standards for Information Security at TechFite
Ethical Guidelines and Standards
The concepts of discretion, honesty, and accessibility should serve as TechFite's ethical norms and
standards (CIA). Only authorized individuals will have access to sensitive information thanks to
confidentiality. Integrity guarantees the information is true and full, and availability guarantees that
authorized individuals can access the information when necessary (Fischer & McGraw, 2019). All
information systems, including hardware, software, and data, should follow these rules. Moreover,
TechFite must abide by pertinent regulatory requirements, such as the California Consumer Privacy Act
(CCPA) and the Global Data Protection Regulation (GDPR). Most businesses have moral standards that all
consumers must abide by.
All certified individuals must adhere to the methodology used by CompTIA. Without the customer's
express permission, a Certified Person may not reveal any confidential client information. (CompTIA,
unknown) If TechFite followed this policy, Carl Jaspers would be unable to access sensitive data from the
company's HR and financial departments without the necessary authorization. Due to their close
friendship, Nadia Johnson transgresses this rule by failing to properly disclose any criminal behavior
carried out by Carl Jaspers.
Unethical Practices at TechFite
The IT department, especially the Chief Information Officer, acted carelessly and resulted in the security
breach at TechFite (CIO). The CIO did not put in place the necessary security precautions, like routine
software updates and password changes. Also, the IT division neglected to encrypt private information,
opening it up to unwanted access. Data on TechFite's customers, including credit card information, was
compromised as a result of this negligence. The unethical behavior is shown by the social connection
between Carl Jaspers and Nadia Johnson. Nadia Johnson is under pressure from this relationship to
cover up all of Carl Jaspers' illicit acts. Giving Nadia Johnson a present and giving her supervisor a
positive assessment about her are unethical behaviors that prevent Nadia Johnson from writing her
regular report on internal activity at TechFite. Furthermore, it is unethical for Carl Jasper to have created
two fictitious user identities in order to get unauthorized access to the private data of the Finance and
HR departments.
, The behavior of Sara Miller and her coworkers Megan Rogers and Jack Hudson is another act that results
in unethical activity. In order to obtain information from these corporations without permission, they are
illegally scanning the networks of other businesses. Nonetheless, upholding the code of ethics typically
forces Sarah Miller to request the necessary authorization and consent before carrying out any network
scan activities.
Factors Leading to Lax Ethical Behavior
The lack of a clear security policy, a lack of understanding of cybersecurity dangers, and inadequate
training for IT workers are only a few causes of TechFite's unethical activity. Because cybersecurity was
not given priority by the organization, security was handled reactively rather than proactively. The CIO,
who oversaw cybersecurity, lacked the required technical know-how and didn't take it seriously. Because
TechFite lacks a policy governing employee interactions, Carl Jaspers was able to persuade Nadia
Johnson to cover up his illicit conduct by filing a false audit report. The team led by Sara Miller was able
to engage in illegal network scanning activity at TechFite due to a lack of effective implementation of the
vulnerabilities and threats management scanning policies and procedures. Any network scanning
activities carried out without the necessary authorization and agreements will generally be regulated
and punished with a good application of this policy. For instance, Sarah Miller, Megan Rogers, and Jack
Hudson were able to engage in unlawful and unethical network scanning activity on the networks of
other businesses without the required authorization and agreement thanks to TechFite's improper
application of this regulation. There are no suitable account and identity management policies or
procedures in place at TechFite that would restrict or forbid any workers from giving access to create two
fictitious user accounts. Because there were no policies in place, Carl Jasper was able to access the
private information of the TechFite HR and Finance Departments by setting up two fictitious user
identities.
B. Mitigating Problems and Building Security Awareness
Information Security Policies
Two information security policies can be implemented by TechFite to stop or lessen criminal activities.
First TechFite should enact a stringent password policy requiring staff members to update their
passwords frequently and refrain from using passwords that are simple to decipher. Third-party vendors
who have access to the company's systems should be covered by this policy as well.
A data encryption strategy that mandates that all sensitive data be encrypted in order to guard against
unauthorized access should be put into effect by the second TechFite. The user account administration
policy and process as well as the identity management policy should be TechFite's first policies to be
reinforced and made sure they are enforced. By putting these standards into place, it will be easier to
audit all user account activity and find the two false user accounts Carl Jaspers set up. The identity
management policy will also help in monitoring every user account activity, checking a list of users'
rights, and preventing unauthorized users from accessing confidential data belonging to TechFite and its
clients.
TechFite should support the interpersonal interactions at work with this policy, which goes beyond
information security. With the aid of this policy, TechFite will support the development of a positive, safe,
ADDRESSING ETHICAL ISSUES FOR CYBERSECURITY: A CASE STUDY OF TECHFITE
Introduction
Any organization that works with information technology must prioritize cybersecurity. Businesses are
more likely to experience cybersecurity breaches as they use new technologies to enhance their
operations. These breaches can have disastrous repercussions, including data loss, monetary losses, and
reputational harm. Using the case study of TechFite, a made-up technology business that had a security
breach, we will discuss ethical concerns in cybersecurity in this essay. We'll also make suggestions for
how to solve these issues and raise security awareness throughout the company.
A. Ethical Guidelines and Standards for Information Security at TechFite
Ethical Guidelines and Standards
The concepts of discretion, honesty, and accessibility should serve as TechFite's ethical norms and
standards (CIA). Only authorized individuals will have access to sensitive information thanks to
confidentiality. Integrity guarantees the information is true and full, and availability guarantees that
authorized individuals can access the information when necessary (Fischer & McGraw, 2019). All
information systems, including hardware, software, and data, should follow these rules. Moreover,
TechFite must abide by pertinent regulatory requirements, such as the California Consumer Privacy Act
(CCPA) and the Global Data Protection Regulation (GDPR). Most businesses have moral standards that all
consumers must abide by.
All certified individuals must adhere to the methodology used by CompTIA. Without the customer's
express permission, a Certified Person may not reveal any confidential client information. (CompTIA,
unknown) If TechFite followed this policy, Carl Jaspers would be unable to access sensitive data from the
company's HR and financial departments without the necessary authorization. Due to their close
friendship, Nadia Johnson transgresses this rule by failing to properly disclose any criminal behavior
carried out by Carl Jaspers.
Unethical Practices at TechFite
The IT department, especially the Chief Information Officer, acted carelessly and resulted in the security
breach at TechFite (CIO). The CIO did not put in place the necessary security precautions, like routine
software updates and password changes. Also, the IT division neglected to encrypt private information,
opening it up to unwanted access. Data on TechFite's customers, including credit card information, was
compromised as a result of this negligence. The unethical behavior is shown by the social connection
between Carl Jaspers and Nadia Johnson. Nadia Johnson is under pressure from this relationship to
cover up all of Carl Jaspers' illicit acts. Giving Nadia Johnson a present and giving her supervisor a
positive assessment about her are unethical behaviors that prevent Nadia Johnson from writing her
regular report on internal activity at TechFite. Furthermore, it is unethical for Carl Jasper to have created
two fictitious user identities in order to get unauthorized access to the private data of the Finance and
HR departments.
, The behavior of Sara Miller and her coworkers Megan Rogers and Jack Hudson is another act that results
in unethical activity. In order to obtain information from these corporations without permission, they are
illegally scanning the networks of other businesses. Nonetheless, upholding the code of ethics typically
forces Sarah Miller to request the necessary authorization and consent before carrying out any network
scan activities.
Factors Leading to Lax Ethical Behavior
The lack of a clear security policy, a lack of understanding of cybersecurity dangers, and inadequate
training for IT workers are only a few causes of TechFite's unethical activity. Because cybersecurity was
not given priority by the organization, security was handled reactively rather than proactively. The CIO,
who oversaw cybersecurity, lacked the required technical know-how and didn't take it seriously. Because
TechFite lacks a policy governing employee interactions, Carl Jaspers was able to persuade Nadia
Johnson to cover up his illicit conduct by filing a false audit report. The team led by Sara Miller was able
to engage in illegal network scanning activity at TechFite due to a lack of effective implementation of the
vulnerabilities and threats management scanning policies and procedures. Any network scanning
activities carried out without the necessary authorization and agreements will generally be regulated
and punished with a good application of this policy. For instance, Sarah Miller, Megan Rogers, and Jack
Hudson were able to engage in unlawful and unethical network scanning activity on the networks of
other businesses without the required authorization and agreement thanks to TechFite's improper
application of this regulation. There are no suitable account and identity management policies or
procedures in place at TechFite that would restrict or forbid any workers from giving access to create two
fictitious user accounts. Because there were no policies in place, Carl Jasper was able to access the
private information of the TechFite HR and Finance Departments by setting up two fictitious user
identities.
B. Mitigating Problems and Building Security Awareness
Information Security Policies
Two information security policies can be implemented by TechFite to stop or lessen criminal activities.
First TechFite should enact a stringent password policy requiring staff members to update their
passwords frequently and refrain from using passwords that are simple to decipher. Third-party vendors
who have access to the company's systems should be covered by this policy as well.
A data encryption strategy that mandates that all sensitive data be encrypted in order to guard against
unauthorized access should be put into effect by the second TechFite. The user account administration
policy and process as well as the identity management policy should be TechFite's first policies to be
reinforced and made sure they are enforced. By putting these standards into place, it will be easier to
audit all user account activity and find the two false user accounts Carl Jaspers set up. The identity
management policy will also help in monitoring every user account activity, checking a list of users'
rights, and preventing unauthorized users from accessing confidential data belonging to TechFite and its
clients.
TechFite should support the interpersonal interactions at work with this policy, which goes beyond
information security. With the aid of this policy, TechFite will support the development of a positive, safe,
