Reference no: EM133106076
Part 1:
Legal and Ethical Foundations in Cyber Security
Learning Outcome 1: Compare UK and international law regarding cyber security and digital systems
Learning Outcome 2: Explain the considerations, both legal and ethical, that affect system development, product development and policy
Task Scenario:
Little Red Dog Ltd., an IT company based in the UK have decided to implement a piece of software to monitor its workers productivity when they are working remotely.
The proprietary BOSS-WARE (Business Orientated Snooping Software - With Automated Recording Engine) program would be installed on all devices connecting to any of the businesses systems such as email or servers and monitor the users activities on those devices. It will also scan incoming and outgoing messages and web browsing activity for things unrelated to work and record details on what the user is doing during these times and build up a profile of each workers habits to identify those that need more "training".
Before developing it, the board would like to know what kinds of legal, ethical, and any other liabilities the use of this software may open them up to.
The board is particularly interested in focusing on: -
The board is particularly interested in focusing on: -
• Privacy Concerns
• Handling of User Data
• Ethical considerations, such as the public's reaction to its use?
• The use of AI and Machine Learning and any possible liabilities extending from this
• Possible expansion into other parts of the world
Task
You are required to prepare a report to the board of directors outlining anything relevant to their concerns related to the usage, development and distribution of the software detailed in the scenario.
Your report should start with assumptions you wish to make that may support your argument or allow you to better demonstrate your knowledge by specifying the parameters of the problem. This part is not for the board it is for the marker and allows you to better define the problem you are writing a solution for.
For example, you could make assumptions like: -
• The company has fewer than 250 employees and as such fewer commitments under the GDPR.
• The company is thinking of expanding into Germany and such any relevant EU regulations that apply
The number of assumptions you make is up to you, but they should be relevant, accurate and realistic. You should not just use the ones I have provided.
The board is not particularly technical in nature and do not care about the code side of how the software might work. You should instead focus on detailing relevant legal and ethical frameworks along with mentioning relevant case studies that may support your argument.
Part 2:
Legal and Ethical Foundations
Learning Outcome 1: Evaluate methods and standards for ensuring or evaluating security of digital systems
Little Red Dog Ltd. (LRD), an IT company based in the UK have been impressed by your work so far and have asked for your professional opinions on another topic.
The board are aware you are an external contactor and as such lack any detail about the inner workings of LRD and are fine with general/generic advice being given for an IT company in the UK.
LRD have recently found out about Information Security Management Standards, Cyber Security Standards and Certifications; and would like to consider implementing some (here after referred to simply as "standard" or "standards"). As such they have asked you to advise on up to 3 such standards that you feel would relate in some way to their business.
The board is interested in anything you have to say about each standard but particularly for each standard: -
• What is the purpose?
• What are the benefits?
• What are the drawbacks?
• Examples of what LRD may have to do to be compliant with them.
Your advice should conclude by recommending which of the standards discussed would best fit LRD, and why.
Task
The board is bored of reading and would instead like the information presented in the form of a video. It should be no more than 5 minutes long and should cover no more than 3 standards or certifications. The video should conclude with you recommending one of the standards discussed, and reasoning as to why.
One of the standards must have been covered in a 4059CEM lecture video this year; and at least one should be a standard or certificate not covered in the lecture videos."
How you choose to present the information in the video is up to you, the board is not particularly bothered about production quality as long as the information is presented in a sensible and clear manner. Some examples of how to present the information could be: -
• You are talking directly into a camera or
• You are talking over some slides that appear on screen or
• You are reading a script while some information is displayed on screen
Please make sure any audio that is present is clear and can be easily discerned and where possible free from background noise and distraction.
Remember the vast majority of the marks come from the technical content in your video and not your video making skills.
Attachment:- Legal and ethical foundations.rar