- Demonstrate your knowledge of the application of the law by doing the following:
- Explain how the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act each specifically relate to the criminal activity described in the case study.
The Computer Fraud and Abuse Act (CFAA) forbids deliberately accessing a computer without permission or in authorization excess. With strict punishment systems and flexible provisions, it has become an instrument ready for use and abuse against almost every aspect of computer action. The Act also amends the Federal criminal code to modify the scienter obligation from “knowledgeably” to “purposely” for certain crimes about accessing the computer records of another person or company. This regulation was fragmented by the BI entity when they formed the dummy accounts to reach other subdivisions within TechFite. The Electronics Communications Privacy Act forbids the intended actual or tried interception, revelation, use, or obtaining or attempt to interrupt electronic communication. The ECPA, as revised, defends wire, verbal, and electronic communications. Those communications made are in the transfer or kept on computers. The Act applies to telephone chats, emails, and facts kept electronically. This rule was shattered by the BI unit workers Megan Rogers, Sarah Miller, and Jack Hudson by perusing other companies’ nets.
- Explain how three laws, regulations, or legal cases apply to justify legal action based upon negligence described in the case study.
The three laws that justify legal action based on the negligence described are the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, and the Sarbanes Oxley Act. When they formed the fake accounts, the TechFite BI section smashed the CFAA for purposely gaining access to their permission excess. Indication for this would be delivered by Maria Harrison and John Jackson, who the board chairperson employed. TechFite would experience penalties, and the remorseful workers could face captivity. TechFite and the BI department workers Jack Hudson, Megan Rogers, and Sarah Miller broke the ECPA for intentionally interrupting electronic communications by perusing other corporations’ systems. Every worker can face up to 5 years in jail. TechFite as a corporation can be penalized up to $250,000 and more compensation for their fatalities Union City Electronic and Orange Leaf Ventures. TechFite broke the third law called the SOX Act, which needs controlling and inspectors to create interior controls. Although it doesn’t look like any of the chief officers recognized what was going on, they could remain on the peg for the behavior of their Director, Carl Jaspers. If TechFite had their inner guidelines being imposed, the fake accounts, management access on all CPUs, and the perusing of other corporations’ systems would have been trapped. Fines for SOX Act are penalties not exceeding $1,000,000 and captivity up to 20 years.
- Discuss two instances in which duty of due care was lacking. Duty of due care requires directors to live up to specific standards of care, both ethical and legal.
Carl Jaspers botched on both. The first example was with the three firms formed with his graduate school friend Yu Lee to transfer money and make expenditures away. The second was using the two fake accounts from prior workers to transfer emails used to collect unlawful intelligence. Without assessing, the email accounts were formed, and Carl Jaspers used them to hide what he was conducting. Since there was no division of roles, one individual was permitted to create the consumer accounts and post sales to the accounts, and no one to queries who these corporations were and where the money originated from.
- Describe how the Sarbanes-Oxiety Act (SOX) applies to the case study.
The Sarbanes-Oxley Act section 404 needs the administration and auditors to institute inside controls on reporting techniques. The absence of interior controls permitted the formation of dummy accounts that permitted access to other subdivisions that the BI should not have accessed. The formation of email accounts of workers that do not work for TechFite, claimed by Carl Jaspers, and Computers having management access that should have been trapped by the cyber security expert Nadia Johnson
B
Sarah Miller, Carl Jaspers, Jack Hudson, and Megan Rogers have done the suspected illegal actions. The fatalities of their suspected offenses are Orange Leaf, TechFite, and Union City. Carl Jaspers’s participation in the dummy groups, a bank account that seems to be used for transferring money, and the two accounts formed for workers that do not function for the corporation all propose he is involved in illegal conduct. The email accounts are used for unlawful intelligence collection from external sources. As for his BI unit workers, Sarah, Jack, and Megan are all committing prohibited scans of other corporations and probably accessing documents from HR, legal, and finance sections. Unsuccessful cyber security strategies comprise the need for inspecting user accounts, which causes the increase of privilege for the two fake accounts. With appropriate inspection of user accounts, the security expert would have detected that the two fake accounts belong to workers who don’t work for the firm and that those accounts should be disabled. Had there been a division of roles, the worker stationing to the three false organizations would have detected that TechFite does not have a bank account with Free workers’ Pennsylvania Bank and could have inspected more into these three establishments. The neglectful people are the IT Security Expert Nadia Johnson and her manager, the CISO; the fatalities of her neglect are Union City Electronic Ventures and Orange Leaf Software LLC. While the firm was protected against outside intimidations, the inside did not obtain similar care. Consumer-branded data should have been preserved on a distinct system with limited access to the application department. Orange Leaf and Union’s branded data should have been secured by a DLP strategy that would have been formed by the CISO and applied by him, too. Still, this strategy was not being applied, and thus, it was abused and accessed by unlicensed operators. DLP is assisted by values of least honor, which limits access to what is required to execute their work so that somebody from one section can’t access and create modifications to data they do not want. Had the strategy been applied, the only persons who should have been capable of outlook the branded data would have been Carl Jaspers and the application team. Even with this strategy being applied, each computer and workplace having management rights would have refuted the strategy.
C
To the board chairperson, upon the end of my study, I discovered numerous issues with the application separation and the BI section of TechFite. Specific issues ranging from negligence to illegal are evident. I have discovered that some Federal rules have been smashed. They include the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, and the Sarbanes-Oxley Act. I propose instant modifications to the Applications Division and the BI section. Therefore, TechFite should be ready to face penalties on every Act extending from $250,000 to $1,000,000 and potential captivity.