Risk Analysis Paper
Milestone1
Module3
1. Information Technology structure of the ABC Organization
ABC organization makes use of the wireless network for its networking functions or the tasks associated with the network or Internet of the organization. ABC organization has the fifty workers. The organization set up the unique passwords and username for the access to its network. Additionally, BYOD (Bring Your Own device) is authorized from the organization. Therefore, few workers of the organization take their gadgets inside the organization and make access to the network of the organization from their private gadget using the passwords and username of the network of the organization. The network of the organization is wireless, therefore workers of the organization can access the network of the organization at any place from using the password and username of the organization. Since the network of the organization is accessible to the entire workforce for the organization. Therefore, network of the organization is not secure. Any worker or person within organization can make access to the network of the system for her or his own personal sake and make wrong use of the network.
2. Specific Ethical Regulations and Cyber laws that will be appropriate to the organization and its computing functions
Professional ethics: Personal ethics will be appropriate to the ABC organization since they are relevant to the security experts and finest practices. Ethics signify the policies that are applicable when the law does not relevant to a specific circumstance or does not give the apparent guidance for a specific situation. Organizations should become member of the CISSP to set up ethical regulations in it. CISSP (Certified Security Professionals) obligates the organization to uphold and accept “Code of Professional Ethics (ISC) 2” that set up principals of behavior for the security officials.
Cyber law and crimes: These regulations signify thesorts of the computer crime and activities make effective the investigation of computer crime. It put forwards the court systems and law enforcement. Cyber law makes the distinction among the physical, intangible, and tangible crimes. Dissimilar states and nations have dissimilar laws for the cyber crimes. Moreover few organizations are accepted the universal laws for the ethical regulations and cyber crimes. CISSP (Certified Security Professionals) are anticipated to wholly knowledgeable for privacy policies and corporate security and comprehend what is measured as adequate behavior for the workers. CISSP makes aware for the relevant regulations and laws at the national and state scale, comprehending procedures of handling incidents, what thing cause violence in the fortification domain, and how to recognize, control, and gather proof.
Profiles and Motives of attackers: These regulations signify the profiles of attack, objectives and kinds.
Investigation techniques and Incident handling: These ...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Risk Analysis PaperMilestone1.docx
1. Risk Analysis Paper
Milestone1
Module3
1. Information Technology structure of the ABC Organization
ABC organization makes use of the wireless network for its
networking functions or the tasks associated with the network or
Internet of the organization. ABC organization has the fifty
workers. The organization set up the unique passwords and
username for the access to its network. Additionally, BYOD
(Bring Your Own device) is authorized from the organization.
Therefore, few workers of the organization take their gadgets
inside the organization and make access to the network of the
organization from their private gadget using the passwords and
username of the network of the organization. The network of the
organization is wireless, therefore workers of the organization
can access the network of the organization at any place from
using the password and username of the organization. Since the
network of the organization is accessible to the entire workforce
for the organization. Therefore, network of the organization is
not secure. Any worker or person within organization can make
access to the network of the system for her or his own personal
2. sake and make wrong use of the network.
2. Specific Ethical Regulations and Cyber laws that will be
appropriate to the organization and its computing functions
Professional ethics: Personal ethics will be appropriate to the
ABC organization since they are relevant to the security experts
and finest practices. Ethics signify the policies that are
applicable when the law does not relevant to a specific
circumstance or does not give the apparent guidance for a
specific situation. Organizations should become member of the
CISSP to set up ethical regulations in it. CISSP (Certified
Security Professionals) obligates the organization to uphold and
accept “Code of Professional Ethics (ISC) 2” that set up
principals of behavior for the security officials.
Cyber law and crimes: These regulations signify thesorts of the
computer crime and activities make effective the investigation
of computer crime. It put forwards the court systems and law
enforcement. Cyber law makes the distinction among the
physical, intangible, and tangible crimes. Dissimilar states and
nations have dissimilar laws for the cyber crimes. Moreover few
organizations are accepted the universal laws for the ethical
regulations and cyber crimes. CISSP (Certified Security
Professionals) are anticipated to wholly knowledgeable for
privacy policies and corporate security and comprehend what is
measured as adequate behavior for the workers. CISSP makes
aware for the relevant regulations and laws at the national and
state scale, comprehending procedures of handling incidents,
what thing cause violence in the fortification domain, and how
to recognize, control, and gather proof.
Profiles and Motives of attackers: These regulations signify the
profiles of attack, objectives and kinds.
Investigation techniques and Incident handling: These
regulations signify the investigation procedures of computer
crime, comprising handling processes and sorts of evidence and
handling procedures. (Spotlight article: Domain 8, Laws,
Investigations and Ethics)
3. Organizational Ethical Violations
3. I. Unethical Behaviors with Examples
The network of the organization is wireless, therefore workers
of the organization can access the network of the organization
at any place from using the password and username of the
organization. Since the network of the organization is accessible
to the entire workforce for the organization. Therefore, network
of the organization is not secure. Any worker or person within
organization can make access to the network of the system for
her or his own personal sake and make wrong use of the
network. The major difficulty or ethical violation with the open
access of the network to the entire team of the organization is
the security violations since if anyone has access to the
information of the organization then she or he may utilize it for
her or his private sake, if she or he is in necessity. For
illustration: Let us presume that any worker of the organization
is suffering from the monetary shortage or necessity for money.
She or he is having the access to the network of the
organization. If any opponent organization may offer that
worker money if she or he consent to give information of the
organization or password and username of the network of the
organization in which she or he work to the opponent of the
organization, then if worker accept the proposal from the
opponent organization for the desire to money, it signifies the
ethical violation.
II. Impact of the unethical behavior on IT (Information
Technology) and computing inside organization
The implications of the wireless network accessible to the
whole workers inside the organization, although from their own
equipments (laptops, mobile phones) are as:
Negative Implications:
· Since the workers can make use of theBYOD (Bring Your Own
Device) will authorize the work force and the members of the
organization to access and use prudent information as regards to
the data of the organization. Workers can make illicit use of the
information of the organization in opposition to the
4. organization for the desire to money. This wrong use of the
money may direct organization towards loss. The prudent
information of the organization is identical to the asset of the
organization. For this reason, information of the organization is
obligatory to be secure. Therefore, a modification to the
existing network is obligatory.
· Workers or the members of the organization may utilize the
BYOD or their own gadget such as tablet, laptop for their
private conversation such as email, use of the social media,
messaging, etc. with their private contact all through the time of
their work inside the organization. This will have impact on the
productivity and worth of the service of the organization as
workers may spend their work time in their private conversation
or for their private work. This will direct the organization
towards a reduction of productivity and incompetent work.
Additionally, worth of the service will be impacted.
· If workers of the organization hold access to the concealed
information of the organization, then they can make illicit use
of the concealed information of the organization for their
private sakes or benefits. They might put attempts to carry out
wrong or illicit work on behalf of or with the name of the
organization. From this thing, image or value of the
organization inside marketplace will be impacted and this may
possess loss or failure to the organization. In simple phrases,
goodwill of the organization may be impacted. (Nicky Jatana
and Marlo Johnson Roebuck, 2014)
Positive Implications:
Since the workers can make use of theBYOD (Bring Your Own
Device) will authorize the work force and the members of the
organization to access and use
· Since the workers can make use of theBYOD (Bring Your Own
Device) will authorize the work force and the members of the
organization to access and use prudent information as regards to
the data of the organization. Workers and members can make
use of this information to attain the targets of organization very
competently with complete devotion, since it may give
5. employees a realization that company has exposed significance
and faith in them. They should keep up this faith with hard work
and their skills.
· Utilization of the BYOD will make available flexible work
atmosphere to the workers. Flexible work atmosphere will
facilitate workers to build up novel and pioneering thoughts
utilizing accessible techniques. Therefore, this will facilitate
workers and members to do boost up productivity.
· Additionally, utilization of BYOD at location of work will
persuade workers to carry out elegant work to enhance
productivity of organization as well as to carry out well-
organized work and well-organized work will assist to advance
marketplace performance or marketplace worth of the
organization. (The Ten Commandments of Bring Your Own
Device (BYOD))
Milestone2
Module5:
4. Cyber law noncompliance
i. Instances of the Cyber Law non compliance and Violated
Regulations
All through the initial week of the January of year 2009,
copious mails were delivered to few organizations of the IT of
Bangalore, from one cyber café, intimidating attacks of the
terrorists. There are lots of instances from the preceding time,
where cyber cafes have been utilized as an approach, either for
fake or actual conversation. Cyber crimes like theft of the
passwords of online banking, consequential falsified extraction
of money have furthermore take place from Cyber Cafes.
Typically cyber cafes have been utilized for sending obscene
messages or mails to the bothered persons. In considering these
instances, cyber cafes are judged as one among the vital
mediators those necessitate to be synchronized. For this reason,
to control cyber cages, numerous states had approved copious
policies, few from the “Information Technology Act, 2000” and
few from the “State Police Act”. (CYBER LAW Liability Of
Cyber Cafe Operators)
6. Compliancy of Cyber Law has 3 foremost fragments as:
· Digital Agreements
· IPR violations
· Due Diligence (Naavi, 2003)
ii. Impact of noncompliance on IT and computing inside
organization
Cyber law non compliance results in danger to the continuity of
business as well as profits of the trade. This is the temperament
of the non compliance.
Cyber law negligence or non compliance direct the members of
the workforce picking up or utilizing any vital tool of the
software built up from the organization and give it to the
opponent of the organization. One solitary occurrence of this
kind could charge any organization adequate to fore it out of
trade. (Naavi, 2003)
5. Acceptable use-of-technologies policies research
i. Contrasting and comparing Acceptable use-of-technologies
policies from Numerous Organizations
SANS Institute
AUP of SANS institute authorize its policy of human resource
and information security that concentrates on and forbid the
succeeding pre-Internet breaches: Not permitted discharge of
perceptive data from radio, news paper, telephone, book, etc.,
spending time through the water cooler conversing on trade
subjects, telling sexist and racist jokes, talking from the
company side devoid of permission from the company.
(Lawrence, 2002)
ISAA
The ISAA (Information Systems Security Association) Inc. is
contented to give a spot to cultivate collaboration and
networking around professional and geographical boundaries.
ISAA concentrates on the activities those will preserve the
availability, integrity, and confidentiality to the sources of the
organizational information comprising:
· Carry out entire proficient activities in harmony with entire
pertinent laws and superior ethical standards.
7. · Uphold universally approved IT existing standards and
practices;
· Perform all professional activities and duties in harmony with
all applicable laws and the highest ethical principles;
· Promote generally accepted information security current best
practices and standards;
· Maintain appropriate discretion of proprietary or else
perceptive information come across in the path of specialized
activities;
· Set free professional accountabilities with honesty and
diligence;
· Abstain from the activities those might amount to any dispute
of interest or else harm the goodwill of or is unfavorable to the
employers, the stream of information security, or the alliance;
and
· Not deliberately impugn or injure the professional status or
workings of employers, clients, and colleague.(ISSA Acceptable
Use Policy)
Pennsylvania College of Technology IT Acceptable Use Policy
Information Technology Resources of Pennsylvania College of
Technology as regards to AUP (Acceptable Use Policy) upholds
the lawful, ethical, efficient utilization of information
technology sources of Penn College. If anyone makes use of
these resources, which judged as incoherent with the purpose
and mission of the Penn College will be measured as breach of
this rule. This rule is applicable to any person who makes use of
IT sources of Penn College. (IT Resources Acceptable Use
Policy: Pennsylvania College of Technology)
AT&T Acceptable Use Policy
AUP (Acceptable Use Policy) of AT & T is build up to assist
the company to attain the target as: AT & T Company is
committed to conforming with regulations and laws prevailing
the use of email transmissions, text messaging, and Internet,
and upholding for its entire consumers the capability to utilize
network and Internet of AT & T devoid of harassment or
intrusion from other consumers. AUP is pertains to the services
8. of AT & T that give or comprise access to Internet, together
with hosting services (hardware and software applications) or
are given from the wireless networks of data or Internet.
AT & T Company forbids the succeeding activities:
· Illegitimate activities
· General forbids
· Threatening content or material
· Infringement of privileges of intellectual property
· Usenet abuse/email/spam
· Child pornography
· Unfortunate interaction with the minors (AT&T Acceptable
Use Policy, 2008)
ii. Aspects of Acceptable use-of-technologies policies that
could be used to meet the necessities of ABC organization
Commitment to conforming with regulations and laws
prevailing the use of email transmissions, text messaging, and
Internet, and upholding for its entire consumers the capability
to utilize network and Internet of company. Uphold universally
approved IT existing standards and practices; Promote generally
accepted information security current best practices and
standards; maintain appropriate discretion of proprietary or else
perceptive information come across in the path of specialized
activities; set free professional accountabilities with honesty
and diligence; abstain from the activities those might amount to
any dispute of interest or else harm the goodwill of or is
unfavorable to the employers, the stream of information
security, or the alliance; and not deliberately impugn or injure
the professional status or workings of employers, clients, and
colleague.
This code of ethics will be adapted from practicing these
standards inside the organization.
6. Code of Ethics Research
i. Contrasting and comparing IT-specific codes of ethics from
numerous organizations
SANS Institute: Code of Ethics
The IT “code of ethics” in the SANS institute concentrate for
9. the persons to know themselves and become honest with their
abilities, to conduct a trade into manner which promises that
profession of IT is judged one among professionalism and
integrity values, to respect confidentiality and privacy. (SANS:
IT Code of Ethics, 2004)
ISAA: Code of Ethics
The foremost aim of ISAA (Information Systems Security
Association) Inc. is to uphold the practices those will make
certain the availability, integrity, and confidentiality of
resources of the organizational information. To attain this aim,
contributors of ISAA are obligatory to reproduce the principals
for the ethical conduct. For this reason, ISAA has set up the
succeeding “Code of Ethics”:
· Carry out entire official tasks and activities in harmony with
entire appropriate laws and superior ethical standards;
· Uphold universally approved IT existing standards and
practices;
· Perform all professional activities and duties in harmony with
all applicable laws and the highest ethical principles;
· Promote generally accepted information security current best
practices and standards;
· Maintain appropriate discretion of proprietary or else
perceptive information come across in the path of specialized
activities;
· Set free professional accountabilities with honesty and
diligence;
· Abstain from the activities those might amount to any dispute
of interest or else harm the goodwill of or is unfavorable to the
employers, the stream of information security, or the alliance;
and
· Not deliberately impugn or injure the professional status or
workings of employers, clients, and colleague. (ISSA Code of
Ethics)
K-State Information Technology Employee Code of Ethics
“Code of Ethics” of K-State Information Technology implies the
succeeding implementation:
10. · Entire workers giving innermost support of IT are obligatory
to sign and read the “Employee Code of Ethics”.
· Entire supervisors will make certain that they have assessed
“Code of Ethics” from their workers and sustain a signed
replica into their private documents and give one replica to
workers.
· The IT “Employee Code of Ethics” should be assesses on
yearly basis with the workers. (K-State Information Technology
Employee Code of Ethics, 2013)
Business Code of Ethics
AT&T Code of Ethics
In harmony with the necessities of the New York Stock
Exchange and SEC (Securities and Exchange Commission), the
“Code of ethics” has been approved from the Board of Directors
of the AT & T Inc. to:
· Promote ethical and honest conduct, comprising ethical
handling and reasonable dealing of disputes as regards to
interest;
· Promote fair, full, adequate, comprehensible, and timely
exposé;
· Promote acquiescence with pertinent acts and governmental
regulations and rules;
· Make sure the fortification of justifiable trade interests of the
company, comprising corporate assets, concealed information,
and opportunities.
· Put off wrongdoing.(AT&T Inc. Code Of Ethics)Microsoft
Standards of Business Conduct
Workers of the Microsoft are chasing the succeeding values:
· Honesty and integrity
· Passion for the technology, partners, and consumers
· Considerate and open with other persons and devoted to
building them superior
· Keen to accept the vast difficulties and look them through
· Answerable for outcomes, commitments, and worth to
shareholders, consumers, workers, and partners.
The entire workers of the Microsoft are accountable for
11. complying and comprehending with these standards,
regulations, laws, and policies of Microsoft. (Microsoft
Standards of Business Conduct)
ii. Aspects of Code of ethics that could be used to fulfill the
necessities of ABC organization
Promote generally accepted information security current best
practices and standards; maintain appropriate discretion of
proprietary or else perceptive information come across in the
path of specialized activities; Set free professional
accountabilities with honesty and diligence; are the aspects that
could be used to fulfill the necessities of ABC organization.
This code of ethics will be adapted from practicing these
standards inside the organization.
Works Cited
AT&T Acceptable Use Policy. (2008, October 15). Retrieved
from www.corp.att.com: http://www.corp.att.com/aup/
AT&T Inc. Code Of Ethics. (n.d.). Retrieved from
www.att.com: http://www.att.com/gen/investor-
relations?pid=5595
CYBER LAW Liability Of Cyber Cafe Operators. (n.d.).
Retrieved from www.lawteacher.net:
http://www.lawteacher.net/free-law-essays/technology-
law/seminar-paper-cyber-law-liability-law-essays.php
ISSA Acceptable Use Policy. (n.d.). Retrieved from
www.issa.org: http://www.issa.org/?page=AcceptableUse
ISSA Code of Ethics. (n.d.). Retrieved from www.issa.org:
http://www.issa.org/?page=codeofethics
12. IT Resources Acceptable Use Policy: Pennsylvania College of
Technology. (n.d.). Retrieved from www.pct.edu:
https://www.pct.edu/campuslife/studentpolicy/acceptableUse.ht
m
K-State Information Technology Employee Code of Ethics.
(2013, October 29). Retrieved from www.k-state.edu:
http://www.k-state.edu/its/ethics/
Lawrence, P. (2002, March). SANS Institute InfoSec Reading
Room. Retrieved from www.sans.org:
https://www.sans.org/reading-
room/whitepapers/acceptable/acceptable-use-responsibility-it-3
Microsoft Standards of Business Conduct. (n.d.). Retrieved
from sites.google.com:
https://sites.google.com/a/email.vccs.edu/bus100mvargas/home/
microsoft-code-of-ethics
Naavi. (2003, January 15). Six Sigma, ROI and Cyber Law
Compliancy. Retrieved from www.naavi.org:
http://www.naavi.org/cylawcom/six_sigma.htm
Nadella, S. (n.d.). Legal Resources. Retrieved from
www.microsoft.com: http://www.microsoft.com/en-
us/legal/compliance/buscond/default.aspx
Nicky Jatana and Marlo Johnson Roebuck, J. L. (2014, july 14).
The Impact of Employees Left to Their Own Devices: Top Ten
BYOD Considerations. Retrieved from www.acc.com:
http://www.acc.com/legalresources/publications/topten/tioelttod
.cfm
SANS: IT Code of Ethics. (2004, April 24). Retrieved from
www.sans.org: https://www.sans.org/security-
resources/ethics.php?ref=3781
Spotlight article: Domain 8, Laws, Investigations and Ethics.
(n.d.). Retrieved from searchsecurity.techtarget.com:
http://searchsecurity.techtarget.com/feature/Spotlight-article-
Domain-8-Laws-Investigations-and-Ethics
The Ten Commandments of Bring Your Own Device (BYOD).
(n.d.). Retrieved from www.maas360.com:
http://www.maas360.com/zf/?id=703&K=byod&A=gsearch&s=
13. HS&ch=PPC&C=GS_India_NonBrand&gclid=CjwKEAjw25SoB
RCMn7Gc97Knj0ISJAC7vaMryVnD4uoC18RbtlOqcmjMafYMt
XlxwRvCHMcGyEfmzBoCG7rw_wcB
Milestone 2/IT 412 Milestone Two Rubric.pdf
IT 412 Milestone Two Guidelines and Rubric
Submit a draft of sections 4–5 of the risk analysis paper.
Specifically, the following critical elements must be addressed:
I. Risk Analysis Paper
4) Cyberlaw noncompliance
i. Identify instances of cyberlaw noncompliance, being sure to
cite the specific regulation(s) being violated.
ii. Assess the impact of the noncompliance on IT and computing
within the organization.
5) Acceptable use-of-technology policies research
i. Compare and contrast acceptable use-of-technology policies
14. from various organizations. You can find suggested
organizations below or
use policies of your own choosing.
ii. Select aspects of the acceptable use-of-technology policies
you have researched that you feel could be adapted to meet the
needs of the
organization, and explain how you would adapt them.
IT Acceptable Use Policies
There are many areas within the field of IT, and each area’s
policies may vary based on specialization. IT does not have one
rule-making body as other professions
do. IT does, however, have many professional organizations that
represent different specializations, such as security, operations
management, and computing
technology.
Policy
http://www.sans.org/security-
resources/policies/general/pdf/acceptable-use-policy
http://www.issa.org/?page=AcceptableUse
https://www.pct.edu/campuslife/studentpolicy/acceptableUse.ht
15. m
https://web.archive.org/web/20160617030541/https:/www.att.co
m/legal/terms.aup.html
Guidelines for Submission: Draft of Sections 4–5 must follow
these formatting guidelines: use of 2–3 sources, 3–5 pages in
length with double spacing, 12-point
Times New Roman font, one-inch margins, and discipline-
appropriate citations.
Instructor Feedback: This activity uses an integrated rubric in
Blackboard. Students can view instructor feedback in the Grade
Center. For more information,
review these instructions.
Critical Elements Proficient (100%) Needs Improvement (75%)
Not Evident (0%) Value
Cyberlaw Noncompliance:
Regulation(s)
Accurately identifies instances of
cyberlaw noncompliance and cites
specific regulation(s) being
violated
Identifies instances of cyberlaw
noncompliance inaccurately, or
does not cite specific regulation(s)
being violated
16. Does not identify instances of
cyberlaw noncompliance
20
Cyberlaw Noncompliance:
Impact
Assesses the impact of cyberlaw
noncompliance on IT and
computing within the organization
Assesses the impact of cyberlaw
noncompliance but does not
connect it to the organization, or
discussion lacks detail
Does not assess the impact of
cyberlaw noncompliance on IT
and computing within the
organization
20
Acceptable Use of Policies:
Comparing and Contrasting
Comprehensively compares and
contrasts acceptable use-of-
technology policies
Compares and contrasts
acceptable use-of-technology
policies, but discussion lacks detail
or is inaccurate
17. Does not compare and contrast
acceptable use-of-technology
policies
20
Acceptable Use of Policies:
Adaptation
Selects aspects of the policies that
could be adapted to meet the
needs of the organization and
explains how they would be
adapted
Selects aspects of the policies that
could be adapted to meet the
needs of the organization, but
does not explain how they would
be adapted
Does not select aspects of the
policies that could be adapted to
meet the needs of the
organization
20
Articulation of Response Submission has no major errors
related to citations, grammar,
spelling, syntax, or organization
Submission has major errors
related to citations, grammar,
18. spelling, syntax, or organization
that negatively impact readability
and articulation of main ideas
Submission has critical errors
related to citations, grammar,
spelling, syntax, or organization
that prevent understanding of
ideas
20
Earned Total 100%
http://snhu-
media.snhu.edu/files/production_documentation/formatting/rubr
ic_feedback_instructions_student.pdf
Milestone 2/Milestone Two.docx
Risk Analysis
Dylan Dull
April 16, 2017
Risk Analysis
References
Grama, J. L., & Spinello, R. (n.d.). Southern New Hampshire
University IT412 (2nd ed.). Jones & Bartlett Learning.