Legal and Ethical Issues in Cybersecurity

Verified

Added on  2023/06/10

|18
|4538
|174
AI Summary
This article discusses the legal and ethical issues in cybersecurity, including business plans, market analysis, and target markets. It also provides tips for strong passwords and antivirus use. The target market includes government agencies, healthcare companies, educational institutions, tech companies, financial institutions, small businesses, political organizations, and military. The marketing and sales strategy is also discussed.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
Legal and Ethical Issues in Cybersecurity
[Name of the Student]
[Name of the University]
[Author note]

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
Table of Contents
Introduction: Company description:................................................................................................2
Business Plan:..................................................................................................................................2
Vision and Mission statement of the Organization:....................................................................3
Market analysis:...........................................................................................................................6
Use of Strong Passwords:........................................................................................................6
Use of Antivirus:......................................................................................................................7
Business Continuity and Recovery Plan for cyber-attacks:.....................................................8
Target market of the organization:..............................................................................................8
Pricing Strategy:........................................................................................................................10
Project Schedule:...........................................................................................................................12
Conclusion:....................................................................................................................................13
References:....................................................................................................................................15
Document Page
2LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
Introduction: Company description:
One of the Standard and leading cyber security firm Kaboosh Tech is situated in
Mountain View, California. They are having the business to design the cyber security solution
for different clients that includes domestic as well as corporate (Rabai et al. 2013). Along with
this they are also associated with providing of consultancy training as well as technical support
to various clients. Their main vision includes the ensuring of the fact that they remain in the top
five cyber security firm. Some of the major components of the cybersecurity include the
following: Application security, Network security, Information security, Operational security,
End-user education and lastly Disaster recovery or business continuity planning. The major
problematic element that is included in the cyber-security is the constant evaluation of the
various security risks (Orji et al. 2012). The traditional approach has been associated with
focusing upon the resources related to the system components which are crucial. This is also
associated with providing protection against the threats which are well known but this initially
leaves the components undefended in front of the less dangerous threats.
Business Plan:
Product and services provided:
They are associated with the providing the customers with a forward thinking that cyber security
features are associated with enabling of the customers to remain a step ahead in whatever
industry they belong to. Some of the major services provided by them includes the following:
Programming
Cryptography
Document Page
3LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
Training
Networking
System Hardening
Technical Support
Consultancy and Advisory Services
Functioning of the business is totally impossible without the usage of any kind of
technology. The internet is generally considered to add a great value to the business and is
associated with offering a lot of benefits (Newmeyer 2012). Despite the benefits there exists
several kinds of risks and dangers which are often seen to be very much difficult to understand
and manage the challenges. This business plan would be associated with providing an overview
of the best practices related to cyber-security which are to be adopted by the business (Singer and
Friedman 2014). Cyber-crime is increasing at a rapid rate and is very much realistic in nature.
Along with increasing cybercrime the number of victims is also increasing day by day.
Vision and Mission statement of the Organization:
Their main vision includes the providing of the cyber security services in order to remain
amongst the top five security firm and for the purpose of achieving their vision they are
associated with building of the best business structure. They are associated with putting of plans
and processes in place which would be helping in ensuring the fact that all the things are being
received at the right time from the beginning only. They are consisting of the best management
team who are not only having experience but have also been attuned according to the goals and
objectives of the organization.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
The new business problem can be divided into two sections. In the first stage, the
organization should be associated with discussing the inventory of the technology that is being
used by the business. Some of the key steps for the purpose of having a better security has been
discussed below (Mirkovic and Benzel 2012). In the second stage, a plan is to be made so as to
secure the business and to provide a quick recovery mechanism from any kind of cyber-attack or
data breach. Some of the steps which are to be followed in order to have a better-secured system
have been listed below:
1. Machines which are associated with containing and managing sensitive information like the
payroll and the point of sale should be kept separated from the other machines which are
associated with doing routine services.
2. The domain name of the networked devices which are being used should be set in a proper
way along with the business routers so as to avoid any kind of DNS attacks.
3. It is necessary to change the default username or passwords of the devices to something which
is better than the default one.
4. Strong passwords should be used some of the necessary steps that are to be followed while
setting the passwords have been listed below:
4.1. Same passwords should not be used for the different sites or equipment besides this
passwords are to be used which are generally found in the dictionary.
4.2. The browser should be blocked from saving of the password.
4.3. Considerations should be made regarding the usage of the online password manager.
Document Page
5LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
5. Anti-virus software is to be used along with keeping of the operating system and the software
up to date.
6. The software is not to be installed which are not wanted and besides this, all the necessary
software are to be kept updated. The software is to be removed, which are not being used
anymore (McGettrick et al. 2014).
7. Selection of the proper web browser should be used.
8. Selection of proper email client should be done.
9. Before clicking on any of the link received through email it should be made sure that the user
is associated with checking the actual address.
10. while doing any kind of financial or secure transaction it should be made sure that the user is
associated with checking the “https:” which is present in the address bar and also the padlock.
11. In case when there is a need for remote access to the business network then there is a need of
installing a virtual private network on the machines and should be networked in such a way so as
to make them capable of using the HAMACHI VPN which is associated with providing a
encrypted connection to the network of the organization (McGettrick 2013).
12. The pop-up windows should be blocked which are associated with showing unnecessary
messages.
Putting into the use of this changes seems to be a challenging and difficult task but once
put into use can be acting a very useful way of eliminating the risks associated with cybercrimes.
Cyber-security generally acts as something which is much more than a checklist and this won’t
be associated with providing any kind of help whenever the systems are compromised. So it is
Document Page
6LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
very much important to create a plan which would be appropriate for the business. There is no
such need for making a complex security plan but it should be containing all the necessary
details to cover the current situation of the organization (Trautman 2015). Along with the steps
that are to be discussed above there also exists some of the fundamental steps which are to be
taken that would be acting as the best practice in order to secure the organization from any kind
of cyber-attacks.
Market analysis:
In the healthcare sector it was seen that it was not spared in the year of 2015 where it
was seen that many kind of breaches had occurred resulting in the compromise of more than 80
million record. All this things had started from the year of 2009, where close to one-third of
victims were Americans who suffered from this breaches in several healthcare companies. Due
to this reason many of the healthcare companies put their attention on investing upon cyber
security in order to protect their data from the breaches.
Threats are of two types which are faced by the organization and this mainly includes the inside
and outside threats. Inside threats are usually carried out by a company’s current or former
employee. As per the report by PricewaterhouseCoopers (PwC), states that more than 34% of the
cyber-attacks which had taken place in the year of 2015 were from current employees who were
still working with the firm whereas 28 percent were from former employees. Some of the
preventive measure suggested by the organization includes the following:
Use of Strong Passwords:
This acts as one of the important element which is needed while using the internet on a
daily basis. It is very much necessary to protect each and every account and computers by

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
making use of passwords. Some of the necessary steps which are to be followed while providing
passwords have been listed below:
Usage of different type of passwords for different accounts, computers and email
addresses which are generally used by the organization.
Passwords should be changed on a regular basis.
Remembering the passwords by the browser or by the computers should be stopped
manually.
Passwords are not to be stored in the computers.
Passwords should not be provided to anyone who is not authorized to use the systems.
Any kind of unauthorized access would lead to a lot of problems.
Various kind of techniques has been adopted in order to create the passwords. The bigger
the password the better is the password (Kelly 2012). Passwords are to be consisting of
uppercase, lowercase, numbers as well as special characters as well.
Use of Antivirus:
The usage of the antivirus would be very much helpful for the purpose of providing
protection against various kind of risks. There exists nothing which is 100% secure and for that
purpose, an antivirus is to be used. Along with this, the antivirus should be updated on a regular
basis. Besides this, there also exist certain vendors who are associated with charging a fee for the
update and in the case when the user is not capable of affording the update then also the usage of
the antivirus should be continued as this helps a lot in providing protection from the known
vulnerabilities (Kshetri and Murugesan 2013). The antivirus suites generally consists of various
kind of security features which includes the ability of scanning the USBs and CD/DVDs,
firewall, antivirus, antispam, ant phishing, antispyware, ant adware, keylogger detection, browser
Document Page
8LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
hijacker detection, rootkit protection, P2P file sharing protection, automatic updates, custom
scanning modes, and Trojan detection.
Business Continuity and Recovery Plan for cyber-attacks:
There exist several requirements which are necessary in order to run a business. So it is
very much necessary to develop the COOP or the Continuity of Operations and for doing so
Business Impact Analysis is to be done or the BIA. This BIA is associated with reducing the
business to the core functions along with helping the users in identifying the basic structure that
is needed in order to continue the various operations of the business. Checking of the various
functions of the business is checked in order to determine the most critical functions which need
to be continued in order to survive any kind of disaster (Dua and Du 2016). Besides this, the
financial, along with the operational impacts, are also to be considered which includes the order
and the distribution process and many more. Besides this, the identification of the personnel,
resources, equipment, and the systems is needed in order to survive with the essential resources
and also for the purpose of determining the effects in case of any kind of absence of a service.
The potential risks are to be identified as well for the purpose of determining the contingency
plan which is the best for the assets that are affected.
Target market of the organization:
The main reason lying behind the market research was that it would helping the organization in
identifying the things that are expected from the organization by the target market and what are
things that are expect from them. For all this reason the organization is associated with offering
cyber security services to some of the groups of people and businesses which mainly includes the
following:
Government agencies
Document Page
9LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
Celebrities
Healthcare companies
Educational institutions
Tech Companies
Financial institutions
Small businesses
Political organizations
Military
Marketing and Sales Strategy
Marketing is generally considered to be a critical angle for any business either if it is a new one
or an old one. This is mainly due to the reason that this place is associated with bringing income
for the business along with managing and developing the business. This is also associated with
the creation of awareness amongst both existing as well as new clients for the business. The
significance of promoting has seen organizations keeping a different spending plan and
marketing plans, along with approaches and methodologies that will enable the business to
emerge in the commercial center. Due to this reason the business is conducting a thorough
marketing strategy which would help them to know who their target market is, what it is they
want from the company, and what are the things that the company should expect from them. The
marketing research is also essential because it the organization to know what are strategies that
would be effective in the short and long run and how much the organization would need to set
aside as a marketing budget that will allow them in compete favorably against their competitors.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
We also intend to empower our marketing and sales team to ensure that marketing strategies
created for the firm are in line with our core values, goals and philosophies and will seek to
promote our brands at all times. Our marketing team has the right therefore to modify or remove
ineffective strategies that might harm the firm in the long run.
For all this reason the following are the marketing strategies that are to be adopted by Kaboosh
Tech mainly includes:
Providing a formal introduction about the cyber security firm by providing of
introductory letter to healthcare companies, financial institutions, government agencies,
tech companies and other stakeholders in the cyber security market
Putting advertisements in local as well in national newspapers and tech magazines. Along
with all this advertisements are also to be given in the radio and television stations
Engage by negotiating with clients should be done in direct marketing as well in sales
Installing of billboards in strategic locations all around the organization
Using the social media platforms as well as other tech platforms for marketing the
organization vigorously.
Pricing Strategy:
One of the very essential factor for success is the Determination of the right price for the
products and services that are being provided and for this organization it is dependent on lot of
factors that includes the way “how strong the products are, what category of products and
services the customers will be demanding, how unique are the products, what the competitors are
offering and what are the overhead and running expenses should be”.
Document Page
11LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
Depending on the competitive market, the organization should intend to offer discounted price
on few of the products along with providing discounts on few other incentives for the first three
months of operation. This would be done in order increase the awareness about the product and
also to attract more customers.
So the major areas where the start-up capital should be spent includes the following:
Total fee in order to get Kaboosh Tech registered in the United States of America – $750
Obtaining of the necessary licenses, permits, accounting and customer software as well as
other legal expenses – $2,250
Insurance policy – $2,000
Leasing of a facility for use for at least five years and carrying out renovations
$100,000
Cost required for hiring a business consultant – $2,000
first 3 months Operational cost– $150,000
Other start-up expenses – $15,000
expenses for Marketing promotion– $5,000
expenses related to Administration– $30,000
Cost of purchasing an official fairly used van – $20,000
Cost of launching a website – $1,000
Cost of throwing a grand opening party – $5,000
Document Page
12LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
Miscellaneous – $8,000
The proposal aims at ensuring the organizational security which also helps in the
protection of the personal data as well as the privacy of the organization's employees. This is
associated with facilitating the greater amount of voluntary sharing of the various cyber threats
information between the government and the private sector (Wolter, D., 2013). Besides this the
incentivizing of the further development of the sharing of the information along with the analysis
of the organization would be helping a lot in improving the voluntary sharing of the various kind
of cyber threats information present within the private sector and the also between the private
sector and the government (Flowers and Zeadally 2014). This is associated with protecting the
privacy of each and every user by having a requirement of private entities which are associated
with the sharing the voluntarily under the proposal so as to comply with the various privacy
restrictions which includes the removal of the personal information which are unnecessary for
the purpose of qualifying the various liability protection which establishes the various breach
standards (Bronk 2014). After the establishment of the single federal standard, the providing
notification to the individuals in a timely and consistent way whenever there is an occurrence of
any kind of breach becomes very easy. Besides this, it also helps the business as well as the
consumer by simplification and standardization of the patchworks which are existing right now
in the law which mainly contains the requirements of any kind of data breach report (Walters, R.,
2014).
Project Schedule:
WBS Task Name Duration Start Finish
0 Implementation of Cyber Security 31 days Fri 7/13/18 Fri 8/24/18

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
13LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
1 Initial Activities 6 days Fri 7/13/18 Fri 7/20/18
1.1 Initiation document would be made 2 days Fri 7/13/18 Mon 7/16/18
1.2 Resources would be accumulated 2 days Tue 7/17/18 Wed 7/18/18
1.3 Laboratory Setup Requirement Analysis 2 days Thu 7/19/18 Fri 7/20/18
2 Making of business plan 8 days Mon 7/23/18 Wed 8/1/18
2.1 Gathering of the technology needed 3 days Mon 7/23/18 Wed 7/25/18
2.2 Buying Equipment’s and Tools 2 days Thu 7/26/18 Fri 7/27/18
2.3 Safety Arrangements 3 days Mon 7/30/18 Wed 8/1/18
3 Experimental Set up 8 days Thu 8/2/18 Mon 8/13/18
3.1 Preparation of security processes 2 days Thu 8/2/18 Fri 8/3/18
3.2 Use of strong passwords 1 day Mon 8/6/18 Mon 8/6/18
3.3 Use of antivirus 2 days Tue 8/7/18 Wed 8/8/18
3.4 Avoidance of any kind of frauds 1 day Thu 8/9/18 Thu 8/9/18
3.5 Usage of the basic security fundamentals 2 days Fri 8/10/18 Mon 8/13/18
4 Post Processing 9 days Tue 8/14/18 Fri 8/24/18
4.1 Making of recovery plan 3 days Tue 8/14/18 Thu 8/16/18
4.2 Analyzing the impact of the proposal 3 days Fri 8/17/18 Tue 8/21/18
4.3 Analysis of the final system 3 days Wed 8/22/18 Fri 8/24/18
4.4 Project Closure 0 days Fri 8/24/18 Fri 8/24/18
Fig 1: Gantt chart
(Source: Created by Author)
Document Page
14LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
Conclusion:
Technology can be very destructive if fallen into the wrong hands of people. Providing
more attention is needed to the capacity as well as the capability of the cybersecurity workforce.
It has been seen that even the large organizations having top talents as well as significant
resources have been suffering from various major cybersecurity compromises. So there is a need
for more highly skilled workers in cybersecurity roles who would be helping a lot in the process
of robust response to the various kind of cybersecurity-related problems. It is necessary for the
organization to understand the nature of the threat along with the process of understanding the
risks. Besides the threats are also to be addressed by the process of hiring peoples who are
appropriate for tackling and eliminating the problems. Cybersecurity is generally considered to
be a field which is associated with encompassing one or more than one kind of work along with
encompassing more than one occupation or profession. There also some other kind of workers
who are generally considered to be professionals, but the committee has also been associated
with believing the fact that the field might also be including a range of personnel and functions
that are best not considered as professionals.
Document Page
15LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
References:
Bronk, C., 2014. Hacks on gas: Energy, cybersecurity, and US defense.
Conklin, W.A., Cline, R.E. and Roosa, T., 2014, January. Re-engineering cybersecurity
education in the US: an analysis of the critical factors. In System Sciences (HICSS), 2014 47th
Hawaii International Conference on (pp. 2006-2014). IEEE.
Dua, S. and Du, X., 2016. Data mining and machine learning in cybersecurity. Auerbach
Publications.
Fairley, P., 2016. Cybersecurity at US utilities due for an upgrade: Tech to detect intrusions into
industrial control systems will be mandatory [news]. IEEE Spectrum, 53(5), pp.11-13.
Flowers, A. and Zeadally, S., 2014. US policy on active cyber defense. Journal of Homeland
Security and Emergency Management, 11(2), pp.289-308.
Flowers, A., Zeadally, S. and Murray, A., 2013. Cybersecurity and US legislative efforts to
address cybercrime. Journal of Homeland Security and Emergency Management, 10(1), pp.29-
55.
Fu, K. and Blum, J., 2013. Controlling for cybersecurity risks of medical device
software. Communications of the ACM, 56(10), pp.35-37.
Jang-Jaccard, J. and Nepal, S., 2014. A survey of emerging threats in cybersecurity. Journal of
Computer and System Sciences, 80(5), pp.973-993.
Johnson, C.W., 2012. CyberSafety: on the interactions between cybersecurity and the software
engineering of safety-critical systems. Achieving System Safety, pp.85-96.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
16LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
Kelly, B.B., 2012. Investing in a centralized cybersecurity infrastructure: Why hacktivism can
and should influence cybersecurity reform. BUL Rev., 92, p.1663.
Kshetri, N. and Murugesan, S., 2013. EU and US Cybersecurity strategies and their impact on
businesses and consumers. Computer, 46(10), pp.84-88.
Kuehn, A., 2014. Extending cybersecurity, securing private internet infrastructure: The US
Einstein Program and its Implications for Internet Governance. In The evolution of global
internet governance (pp. 157-167). Springer, Berlin, Heidelberg.
Macaulay, T. and Singer, B.L., 2016. Cybersecurity for industrial control systems: SCADA,
DCS, PLC, HMI, and SIS. Auerbach Publications.
McGettrick, A., 2013. Toward effective cybersecurity education. IEEE Security &
Privacy, 11(6), pp.66-68.
McGettrick, A., Cassel, L.N., Dark, M., Hawthorne, E.K. and Impagliazzo, J., 2014, March.
Toward curricular guidelines for cybersecurity. In Proceedings of the 45th ACM technical
symposium on Computer science education (pp. 81-82). ACM.
Mirkovic, J. and Benzel, T., 2012. Teaching cybersecurity with DeterLab. IEEE Security &
Privacy, 10(1), pp.73-76.
Newmeyer, K.P., 2012. Who Should Lead US Cybersecurity Efforts?. NATIONAL DEFENSE
UNIV FORT MCNAIR DC.
Orji, U.J., 2012. Cybersecurity Law and Regulation (pp. 398-400). Wolf Legal Publishers.
Document Page
17LEGAL AND ETHICAL ISSUES IN CYBERSECURITY
Peng, Y., Jiang, C., Xie, F., Dai, Z., Xiong, Q. and Gao, Y., 2012. Industrial control system
cybersecurity research. Journal of Tsinghua University Science and Technology, 52(10),
pp.1396-1408.
Rabai, L.B.A., Jouini, M., Aissa, A.B. and Mili, A., 2013. A cybersecurity model in cloud
computing environments. Journal of King Saud University-Computer and Information
Sciences, 25(1), pp.63-75.
Singer, P.W. and Friedman, A., 2014. Cybersecurity: What everyone needs to know. Oxford
University Press.
Trautman, L.J., 2015. Cybersecurity: What about US policy. U. Ill. JL Tech. & Pol'y, p.341.
Walters, R., 2014. Cyber attacks on US companies in 2014. The Heritage Foundation, 4289,
pp.1-5.
Wolter, D., 2013. The UN Takes a Big Step Forward on Cybersecurity. Arms Control
Today, 43(7), p.25.
1 out of 18
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]