Samples For "CYB 260: Legal and Human Factors of Cybersecurity"

CYB 260: Legal and Human Factors of Cybersecurity

3-2 Worksheet Activity: Summation of Privacy Laws Part 2

Overview

This assignment is the second of three activities where you will explore privacy laws that govern personally identifiable information (PII). Your completed table will include the following requirements:

• A summary of the laws
• Information about who the laws apply to
• Who is responsible for ensuring compliance in an organization

It is important that you fill out this table using your own words because it will help you master the material. Since the descriptions will be in your own words, you are not required to cite the sources. This exercise introduces a small sample of laws. You will examine more laws in future course activities. By the end of Module Four, the completed table will be a great addition to your cyber playbook and provide a useful reference for Projects One and Two.

Prompt

Complete the Module Three Worksheet, linked in the What to Submit section, by filling in the three columns for each law provided in the table. The following information is required for your worksheet:

• Briefly describe the law in fewer than 50 words.
• Whose rights are covered by the law? Identify the main party covered under the law.
• Who in an organization is responsible for ensuring compliance with the law? Identify the entity in the organization who is responsible for ensuring compliance with the law.

What to Submit

Fill in the required information directly in the provided Module Three Worksheet and submit it as a Word document. Use a file name that includes the course code, the assignment number, and your name—for example, CYB_100_Project_One_Neo_Anderson.docx.

CYB 260: Legal and Human Factors of Cybersecurity

3-1 Discussion: Ethical Dilemmas in Cybersecurity

For your initial post, develop a scenario that presents an ethical dilemma in an information security setting. Take this opportunity to develop a scenario that will stimulate a discussion on different approaches to privacy and ethical problems. The scenario you create should be realistic but unique. It’s okay to think creatively!

Your scenario will be more engaging and meaningful if it is plausible. Focus on typical events rather than rare occurrences or unrealistic characters.

• Provide enough background for participants to see how the situation and policies could influence outcomes.
• Leave enough ambiguity for participants to interpret unknown factors that might influence their approach.
• Provide a clear question or decision for participants to address.

Review the following example of an ethical dilemma scenario, but don’t use it as your initial post.

Your IT administrator assigns the members of your department to perform the company’s yearly ethical hacking audit. During last year’s exercise, one of the IT engineers went outside the scope of the ethical hacking contract and accessed HR files. This was deemed a deliberate violation of the plan, and the employee was fired. However, the vulnerability to access the records was included in the ethical hacking audit report. Knowing that this vulnerability existed last year, how would you proceed in this year’s audit?

In your response posts, address the ethical dilemmas posed by your peers. Apply what you have learned from this module’s resources on ethical standards to justify your response.

SAMPLE SOLUTION

Hello class,

You are working as a security analyst at a local bank when one day you walk in and the whole office is silent and standing around a handful of computers. You walk over and see what everyone is looking at and notice that the homepage for the website and application have been change to a photo of a meme with giant red letters that say "LoLz HaCkEd". Everyone in the security team is called into a meeting and an audit is performed. It appears that a user was able to gain access to a developers backdoor and was able to change around the homepage. However, their does not appear to be a security breech, for now. Your team gets to work patching the holes in the network while working with the developers to close their doors in the code. Once your team is satisfied with the solution, someone finds a clue to who the perpetrator is. You see that they are local college student and have to decide if it is worth it to call the cops on this person, to handle it yourself and confront them or offer the young adult an internship to help you fix your security. 

Nicholas Allegra was once hired by apple after creating a jailbreaking app for the iPhone. He was also a young college student who created an application that could jailbreak iPhones to allow users to download apps for free or change their OS. Apple had a dilemma to either keep fighting the Nicholas, sue him or hire him and decide that hiring him was the correct choice. However, not everyone feels that way. Hackers like George Hotz who was sued for jailbreaking PlayStation 3's had his lawsuit dropped if he agreed to no longer bypass Sony's security and paid a fine. There are different ways to handle hacking scenarios and no one way is correct. 

References

https://www.smh.com.au/technology/iphone-hacker-golden-boy-hired-by-apple-20110830-1jj18.html

https://www.wired.com/2011/04/sony-settles-ps3-lawsuit/

SAMPLE REPLY

Hello ****,

Your scenario brings to light a fascinating ethical dilemma in cybersecurity. The situation you described, where a local college student hacked into the bank's website, presents several intriguing options. The examples of Nicholas Allegra and George Hotz illustrate the varying ways companies handle such incidents.

A best practice in this scenario would involve a thorough evaluation of the hacker's intentions and skills. If the student's actions were more mischievous than malicious, offering an internship could turn a potential threat into a valuable asset. However, this decision must be balanced with the need to uphold legal and ethical standards.

Your team's approach to patching the holes and collaborating with developers is commendable. Ensuring that such vulnerabilities are addressed promptly is crucial in maintaining the security and integrity of the bank's systems.

What factors would you consider in deciding between legal action and offering a constructive opportunity like an internship?

Thanks for sparking this important discussion!

CYB 260: Legal and Human Factors of Cybersecurity

2-2 Activity: Privacy Case Study

Privacy Case Study

Overview

As a cybersecurity analyst, you must be able to evaluate current scholarly articles because that skill will help you protect data. Evaluating privacy laws and regulations helps analysts form baselines for policies within organizations. Choose one of the case studies from this module’s resources to analyze for this assignment.

Prompt

After reading your selected article, address the following critical elements:

1. Analyze the privacy issues addressed in the article.
2. Describe the regulations or laws in the article that play a role in the protection of privacy.
3. Explain your opinions on the conclusion of the article. Consider these questions:
   1. Is the conclusion comprehensive?
   2. Do you agree with the conclusion?
   3. Are there areas that could be improved upon?

What to Submit

Your submission should be 1 to 2 pages in length and use double spacing, 12-point Times New Roman font, and one-inch margins. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_100_Project_One_Neo_Anderson.docx.

CYB 260: Legal and Human Factors of Cybersecurity

2-1 Discussion: Convenience vs. Privacy

Review the "Internet of Things: Convenience vs. Privacy and Secrecy" resource. Then create an initial post in which you consider the following questions:

• As internet of things (IoT) devices become more widely adopted, to what extent are you willing to sacrifice your privacy for convenience?
• Given your stance on privacy, what effect does the pervasiveness of IoT have on your choices as a consumer?

In your response posts, imagine that you are developing a new IoT device for a company. What aspects of privacy would influence your design based on the points your peers made in their initial posts?

Note: Privacy can be a highly personal topic. In your posts, remember to maintain professionalism. Focus on the topic and not on the person.

Sample Solution

Hello everyone,

Happy Monday! Internet connected devices are new and convenient. Since I have moved out of my parents house, there have been advancements in thermostats that I could not believe at first. When my husband and I moved into our house, the base thermostat was a Honeywell that had a few features but mostly just raised and lowered the temperature like our old apartment. When we invested in solar we were offered a google nest device which worried me. What if someone else gained access and controlled our temperature? What if the device lose connection and we cannot change the temperature? We live in Texas and that could be deadly for our dogs. My husband assured me that everything would be fine and we set it up. For the last 6 years it had run perfectly and we never had any issues. This summer has been different, the city has been changing our temperature on the thermostat and setting it to the upper 70's. We have a new baby and that will not work for us so we had to switch back to the Honeywell. We had to give up our convenience of changing the temp from our phone to having to change it manually so that we can use our thermostat as we need to. I think that the IoT can be incredibly useful and also scary to put your trust in a device to not fail.

The question of privacy vs convenience has also had me thinking. There are so many devices that make our lives easier like smart locks that allow you to come and go from your house or room without a key, you only need a passcode or fingerprint. Some locks even let you give one time codes to people like pet sitters so they can come in and walk your dog and then leave. However, the ease of these locks can also be their down fall. Before, we used to need keys to enter a house and these were not easily duplicated. The person trying to break in would either need to take your keys or make an impression of them to gain access. Now, a person only needs to watch you enter the code or know enough about you to guess what your passcode is. There is also the issue of having the lock die and you being locked out until you can get a battery to fix it. 

Finally, police body cams are important when they are used correctly. Body cams can show an unbiased video of what happened in a particular scenario. They are there for both the police officer and citizens safety. Just like if you get into an accident that is not your fault and you have a dash cam, the insurance can look at that footage and show/argue that it was not your fault and save yourself the struggle of determining fault. 

References

http://ezproxy.snhu.edu/login?url=https://heinonline.org/HOL/P?h=hein.journals/nclr96&i=1521

Sample Response 

Hello ****,

Your experiences with IoT devices like thermostats and smart locks highlight both the conveniences and concerns associated with their adoption. As a developer creating a new IoT device, I would prioritize user control and reliability. Your story with the Google Nest thermostat underscores the importance of ensuring robust security measures to prevent unauthorized access and maintain reliable connectivity, especially in critical situations like extreme weather conditions in Texas. Designing intuitive interfaces that allow easy manual override in case of connectivity issues, like your switch back to the Honeywell thermostat, would be crucial. Additionally, for devices like smart locks, emphasizing strong encryption and secure authentication methods would address the privacy and security concerns you raised about potential vulnerabilities and unauthorized access.

CYB 260: Legal and Human Factors of Cybersecurity

1-2 Worksheet Activity: Summation of Privacy Laws Part 1

Summation of Privacy Laws Part 1

Overview

This assignment is the first of three activities where you will explore privacy laws that govern personally identifiable information (PII). Your completed table will include the following requirements:

• A summary of the laws
• Information about who the laws apply to
• Who is responsible for ensuring compliance in an organization

It is important that you fill out this table using your own words because it will help you master the material. Since the descriptions will be in your own words, you are not required to cite the sources. This exercise introduces a small sample of laws. You will examine more laws in future course activities. By the end of Module Four, the completed table will be a great addition to your cyber playbook and provide a useful reference for Projects One and Two.

Prompt

Complete the Module One Worksheet, linked in the What to Submit section, by filling in the three columns for each law provided in the table. The following information is required to complete your worksheet:

• Briefly describe the law in fewer than 50 words.
• Whose rights are covered by the law? Identify the main party covered under the law.
• Who in an organization is responsible for ensuring compliance with the law? Identify the entity in the organization that is responsible for ensuring compliance with the law.

What to Submit

Fill in the required information directly in the provided Module One Worksheet and submit it as a Word document. Use a file name that includes the course code, the assignment number, and your name—for example, CYB_100_Project_One_Neo_Anderson.docx.

CYB 260: Legal and Human Factors of Cybersecurity

CYB 260: 1-1 Discussion: What Is Privacy?

Introduce yourself briefly. Based on your own personal ideas and viewpoint, provide a definition of privacy. This definition can be based on any aspect of privacy.

In your response posts, compare and contrast your thoughts with those of your peers. Did anything influence your perspective?

Note: Privacy can be a highly personal topic. In your posts, remember to maintain professionalism. Focus on the topic and not on the person.

SAMPLE SOLUTION

Hello Everyone,

My name is ***** and I am a stay at home mom to a 6 month old. Before my baby was born I was a lead programming instructor for a local non profit that teaches low income students. Most of my work experience is in early childhood education and I would like to take the information I have learned to create resources to teach children safe practices online. In my free time, I love to spend time with my family, crochet and listen to audiobooks/podcasts. I also like to use my free time to create cosplays for my local conventions. 

Privacy is a personal topic, everybody is going to have their own preferences. For example, in the paragraph above, I did not name the city I live in or company I used to work for. This is information that other people might be comfortable sharing but I am not. When I was younger and the internet was younger, I used to be very active on social media and post about every thought I had. Over time I grew up and saw the downsides to the internet as it grew. Now, I prefer to keep the information about me limited and try to keep what I can private but also understand that its inevitable. Like I might not post photos of my family online often but my in-laws love to share photos of their grandchildren and policing every photo they put online would ruin our relationship. So I try to do what I can to limit it while accepting that there are some things out of my control. I also do not judge others who choose to live their life online. Another aspect of privacy is the information we give to businesses. Information like social security numbers, credit card information, etc. can end up online due to data breaches. It is important that businesses offer ways to opt out of sharing personal information and make sure there is adequate encryption and security set up. Privacy is something we should all be allowed to choose for ourselves and when we work in the professional world, the businesses we work for will decide what information they want private.

References

https://iapp.org/about/what-is-privacy/ 

Sample response

Hello ****,

I agree that the use of social media and the Internet can create conflicts of privacy, both individually and between real world relationships. My mother and father up until recently did the same thing, to the point where I had to explain to them that their complaints about "Big Brother" and being watched was largely due to the choices they were making about what to post. For example, they would be posting about a vacation we were on with a geotag, and then say that the government was monitoring them because all their ads would be for tourist locations and events occurring around us. They couldn't really see that they were practically walking around with a huge sign saying to advertise here. Also, my mother would shop online a decent amount, and in her spirit of saving money would go to sites like Wish or Temu that are known for data harvesting. These are commonplace now, but the average consumer typically doesn't care until an issue arises, such as someone stealing their credit card information. Good luck in this course, and best wishes to you and your family.