The ethical challenges present in information security are directly tied to harmful actions, access rights, personal privacy, and trade secrets. Organizations always need help to maintain the integrity and confidentiality of their data (Atlam & Wills, 2020). The information is often at risk of being disclosed to inappropriate individuals. In the case at hand, TechFite employees in the application division are accessing strategic information of organizations such as Orange Leaf Software LLC and Union City Electric ventures and exposing the information to the competitors of the respective firms. Unfortunately, the employees of TechFite did not have any access rights at the time of their access to the information. Technology is continually making access suitable to a critical issue in cyberspace, hindering networks’ ability to be safe from unauthorized access. In the case of TechFite, the Metasploit tool is being exploited to penetrate the systems of other firms to access the desired content and information. The tool enables the personnel in the applications division to access trade secrets. Trade secrets are significant IP portfolio components that allow enterprises to safeguard their crucial information and know-how, providing them a competitive edge. Harmful actions often involve altering and destroying programs and files, leading to significant resource loss. It has always been necessary to make considerable efforts and time to make computers affected by harmful actions safe again (Serror et al., 2020). There is a need for TechFite enterprise to adhere to the already established regulations and standards to safeguard the computer networks from potential cyber threats.
The compliance requires the enterprises to implement occasional system updates, encryption and firewalls to maintain the availability, integrity, and confidentiality of the existing sensitive information. The firm should continually improve and evaluate the security posture to satisfy the compliance requirements. Utilizing an information security management system that adheres to regulatory needs can guide the enterprise on the precautionary measures that should be taken and accompanying protocols to identify pre-breach-based contexts within the firm’s internal processes (Alias, 2019). The system will track employees’ engagements, such as Sarah Miller, Jack Hudson, and Megan Rodgers, by scanning the networks of other enterprises. Thus, the enterprise must adhere to the ISO standards, CIS, and NIST controls. ISO regulations are vital in offering mechanisms for maintaining, implementing, and establishing enterprises’ security systems. Besides, it demonstrates the commitment of the enterprises to ensure cybersecurity. NIST and CIS frameworks, on the other hand, offer compressive mechanisms, with the NIST focusing on aligning cyber security efforts with commercial objectives and risk management. CIS provides particular guidelines that can be utilized in the implementation of critical measures of cybersecurity that will ensure there is a specification for creating user accounts to maintain authorized access to units and groups within the enterprise (Groš, 2021).
Development Of A Training Plan
The legal issues that must be taught to the organizational personnel within SATE are reputational damages, loss of customer trust, operational disruptions, direct financial penalties, recovery costs, and missed opportunities. The administrative personnel must be aware of how non-compliance will make them lose business opportunities and contracts, more so since the enterprise is maintaining cybersecurity-based standards (Sibanyoni, 2021). Unfortunately, TechFite’s Application division is losing business engagements with potential business partners such as Orange Leaf Software LLC and Union City Electronic Ventures, citing different reasons. They must know that offering a solution to the existing cyber incidents is costly due to the efforts that will be advanced public relations, and the potential of the affected parties filing a lawsuit may contribute to an increase in the financial burdens the organization is currently having.
The personnel should be informed about the potential risk of reputational damage. The tarnishing of reputation can lead to adverse states that involve a reduction in market share and price drops. Regulatory bodies will likely introduce significant fines to TechFite if found guilty of neglecting the already established cybersecurity-based standards. The direct line is anticipated to be about $40000 due to the breach in data. Besides, the firm will likely have disruptions in its ordinary processes, contributing to revenue loss by the enterprise and the others that TechFite could have violated their cybersecurity procedures.
Additionally, the SITE will ensure individuals have a better understanding and the capacity to follow particular practices that can contribute to security within the enterprise (Dash & Ansari, 2022). Empowering TechFite employees with security knowledge will decrease the risk of data breaches and will offer additional benefits. Similarly, there will be an assurance that the enterprise will stay compliant while enhancing customer confidence in TechFite.
Strategies to prevent unwanted developments
The unethical practices being demonstrated by TechFite have adverse consequences for both the firm and the individual perpetrators. The enterprise will likely lose its employees’ reputation, credibility, and productivity. Besides, the firm and the individuals can incur financial loss and fines. The economic and credibility losses will decrease sales, contributing to reduced profit and revenue. Thus, the strategies to prevent unwanted occurrences include creating a TechFite code of conduct, continuous code review, implementation monitoring systems, reinforcing the effects of unethical behavior, and ensuring the enterprise has the appropriate personnel to satisfy the organizational needs effectively. Some employees within the enterprise are supposed to be replaced with the right personnel to allow TechFite to realize its corporate objectives while adhering to ethical needs. Other employees who are supposed to be provided with warning letters are Jack Hudson and Megan Rodgers, who have been working under the directives of the senior analysts. A notable figure that should be replaced is Sarah Miller, who, despite being the senior analyst in the BI department, has the highest traffic in scanning the networks of other enterprises. The firm should recheck its interviewing process and incorporate ethical standards while interacting with and assessing prospective candidates (Trevino & Nelson, 2021). If some candidates have a history of unethical behavior, it could be a warning sign of hiring the particular candidate.
Developing and enforcing a code of conduct is crucial in allowing everyone within the enterprise to understand what is expected of them. The code of conduct should directly focus on the engagement of the enterprise’s applications division. It should now state the sanctions that have been put in place for committing unethical actions and acting contrary to the code. The code should specify the application and usability of user accounts and the utilization of any application other than the permitted ones in the typical engagements of the application division. Besides, the code should be organic-based to allow for its continuous review to align with the new unethical practices that develop over time. The review will also identify the areas currently working and those requiring immediate improvements. A critical area that the enterprise should concentrate on is enforcing the code of conduct to benefit from its utilization maximally—the reinforcement of consequences for unethical behavior allows effective and swift dealing with the practices. The consequences should involve termination of employment in adherence to the established ethical code. Implementing reporting and monitoring systems is essential for maintaining compliance (Kunduru & Kandepu, 2023). The tools used in reporting and monitoring include TradeLog, InsiderLog, and IntengrityLog. The IntegritLog will allow whistle-blowers to develop confidential reports linked to the unethical behavior they often witness in their work settings.
References
Alias, R. A. (2019). Information security policy compliance: Systematic literature review. Procedia Computer Science, 161, 1216-1224.
Atlam, H. F., & Wills, G. B. (2020). IoT security, privacy, safety and ethics. Digital twin technologies and smart cities, 123-149.
Dash, B., & Ansari, M. F. (2022). An Effective Cybersecurity Awareness Training Model: First Defense of an Organizational Security Strategy.
Groš, S. (2021, June). A critical view on CIS controls. In 2021 16th International Conference on Telecommunications (ConTEL) (pp. 122-128). IEEE.
Kunduru, A. R., & Kandepu, R. (2023). Data archival methodology in enterprise resource planning applications (Oracle ERP, Peoplesoft). Journal of Advances in Mathematics and Computer Science, 38(9), 115-127.
Serror, M., Hack, S., Henze, M., Schuba, M., & Wehrle, K. (2020). Challenges and opportunities in securing the industrial internet of things. IEEE Transactions on Industrial Informatics, 17(5), 2985-2996.
Sibanyoni, B. (2021). Investigating non-compliance with corporate governance principles on material losses in selected business organizations (Doctoral dissertation, North-West University (South Africa)).
Trevino, L. K., & Nelson, K. A. (2021). Managing business ethics: Straight talk about how to do it right. John Wiley & Sons.
write