Cyber Law-Case Studies

Project Overview

The objective of this assessment is to study and critically analyze case studies (attached in this coversheet) based on the various issues that you have learned during this course: Ethical, Cyber Law, Intellectual Property and Organizational Code of Conduct. For this assessment, you must work in groups (2 – 3).

• You are required to read and analyze each case study and answer the questions in detail.
• Please answer the questions in the same document and submit the same document along with the cover sheet and rubric.
• There are some blank pages for you to answer the questions. If the blank pages are not enough, feel free to add more blank pages but leave the document structure as is.
• You may include any other information that you think is relevant and adds value to your case analysis. Therefore, in developing your analysis and arguments, you can also use supporting evidence other than the information contained in the case studies.

Report Format

• Information that you have taken from organization websites or other relevant information should be referenced accurately using the APA referencing system.
• Marks are awarded for the literary style, logical structure and the accuracy of your grammar and spelling. Also please be clear and to the point.
• For each case study the minimum word limit is 150 – 200 words that you will need to adhere to. The word limit excludes references or citations. You must include your word count at the end of the main text. Marks will also be deducted if you don’t follow the page limit.
• When submitting the file rename the file using the following convention: StuNames_CSF3003_CaseStudy.docx For Example: AbullahMohammadObaid_CSF3003_CaseStudy.docx

Case 1 (LO1, 24 Marks):

A large multinational corporation wants to establish a telephone and email hotline for employees to report wrongdoing within the company. The company has offices in the UAE and wants to ensure that it avoids violations of UAE data protection laws. Discuss what steps can the company take to increase the likelihood that its hotline reporting system remains in compliance?

• Explain a minimum of 3 (any) appropriate use of telephone & email system?
• Explain a minimum of 3 illegal use of the system. Answers should be associated with UAE Cyber Law.

Answer:

Often the firms are targeted in cyber-crimes and this ruins the reputation of the company in a very bad way. Following are the three appropriate uses of the telephone and email system in the company:

• Telephones and emails can be utilized for urgent conveying for the information related to their projects. Often the company faces a situation where information about the projects needs to be passed on urgently otherwise the company might suffer from loses. In this case, telephones and emails are the best possible way for informing the people in the other branches.
• Emails are best to use when the marketing plans, strategic policies and the new addition to the policies is to be informed to all the members of the organization or even to a limited number of people.
• There are a situation when the policies need to be discussed in person but since the people from different branches cannot be available 24/7 in person, in this telephonic conversations are made (Neil, 2011).

The three illegal used by the company are as follows:

• In certain cases, the employees use telephones and emails of their company for getting indulged in any crime. In this crime, the law holds countable for the situation.
• Use of telephones for fake calls is condemned by the UAE cyber-law. Some company employees have repeatedly used this technique.
• Employees having low performance and on the verge of being terminated from the company use telephones for defaming company, his is strictly prohibited by law.

Case Study 1 (24 Marks)

Criteria	Points
Explain a minimum of 3 (any) appropriate use of telephone & email system?
Explain a minimum of 3 illegal use of the system. Answers should associate with UAE Cyber Law.
Total

Case 2 (LO2, 24 Marks)

You are about to launch your online website that sells all kinds of antiques. Since the information privacy is one the prominent issues concerning the online world today, you believe the presence of privacy policy on your website is essential to protect customer information. You need to have a privacy policy if you are collecting some information about your visitors to protect yourself and to also let your visitors know about its potential use.

Based on the above scenario, write a privacy policy for your website, explains the site’s use of information and informs site visitors what they can expect when they give personal information to the site.

Hint: Your privacy policy is for your visitors, so it’s valuable to write it in a language that your average visitor can understand. Significantly, a policy document’s- main purpose is to decrease your own liability.

You should address at least 6 different items, such as:

• Describe what personal information is collected.
• Describe how the company will use this information.
• Describe how this information will be transferred to third party companies.
• Provide instructions on how users can modify or delete their personal information.
• Provide instructions on how users can opt-out of future communications.
• Finally, websites that collect sensitive personal information, such as bank details and credit card

Answer:

To manage the online orders made by the customers for antiques, personal information of the customer’s needs to collect. The personal information includes phones numbers, alternative telephone numbers, address for the delivery of the antiques, emails so that the customers can be informed about the upcoming and new arrivals in the collection, the choices of the customers can also be asked so that email updates are in accordance with them, the credentials of the accounts, tracking of the IP from which the queries are being entertained. All the personal information gathered from the customers will be used in future for updating the clients to make other shopping experiences. As far as IP’s are concerned they will be helpful for keeping a track of the order (Bilstad, Esq., 2018).

As far as the transfer of information to their parties is concerned, there is a specific part of the information which will be transferred. However, in case any additional information is to be transferred the consent from the user will be taken. For the users to modify or delete their information there will always be an option for the users to edit their accounts. They can simply go to the edit tab of the website after signing in into their account and change the information. Every change will be notified so that the information remains safe with the company. Deletion of the accounts from the settings will make the users opt-out from future communications. Information that is private is always secure with the company. For this higher security at the backend working for the website has been used.

Case Study 2 (24 Marks)

Criteria	Points
Describe what personal information is collected.
Describe how the company will use this information.
Describe how this information will be transferred to third party companies.
Provide instructions on how users can modify or delete their personal information.
Provide instructions on how users can opt-out of future communications.
Finally, websites that collect sensitive personal information, such as bank details and credit card
Total

Case 3 (LO3, 18 Marks):

A senior broker (Salem) had left a brokerage firm (Arabtic) and was hired by a competing brokerage firm (Wasata). Shortly after that, Arabtic lost two clients who said they were moving to (Wasata); their personal data files disappeared mysteriously from the company’s database. Also, the yearly financial report that the senior broker (Salem) had been preparing for (Arabtic), was released two weeks early by the third competing brokerage firm.

• As an information security consultant, what changes would you make to the (Arabtic) existing security policy so that security is improved after employees are terminated? Explain (not list) at least (any) 6 actions. Answer should be associated to UAE cyber Law (3 marks each)

Answer:

Strict laws are applied are on the employees that violate the privacy policy of the company. The company, according to the UAE cyber laws, holds the authority to terminate the employee in the working hours in case he is found to be stealing company’s information or any other private information (Kenald, 2018). Similar kind of rules applies when the employees are found defaming their company’s n which they have previously worked or in the period of their current working as well. Following will be the six actions that will be taken for making the security policy of the firm to work well:

• In this case, the company needs to have a higher level of encryption within the department of private information. Repeated check and balance should be done in the department.
• Restricting the number of people in the place where the private information of the company lies
• Supervising the restricted people by a person who is unknown by the entire company except the higher executive (Kenald, 2018)
• A clause should be added related to the termination due to defaming which should mention that what kind of loss will be the employee will be going through. The termination of the employee should lead to his banning from all other companies for a limited period of time.
• The signing of an agreement by the employee related to all the clauses of the UAE Cyber-law should be done at the start before offering the job.
• Adding higher security check in the database of the company.

Case Study 3 (18 Marks)

Criteria	Points
Change 1
Change 2
Change 3
Change 4
Change 5
Change 6
Total

Case 4 (LO4, 10 Points)

Online social networks have grown rapidly in recent years. Such sites are a common breeding ground for viruses and phishing attempts, where fraudsters attempt to obtain sensitive information by posing as legitimate sources.

• Based on this scenario list, what cyber threats to intellectual property that social network sites can pose? Give at least 5 examples (5 Points)
• How does computer technology threaten the privacy of the data to social network users? (2.5 points)
• Discuss other unauthorized use of intellectual property that may lead to legal liability? (2.5 points)

Answer:

Following are some of the cyber threats that can be posed by the social network to the intellectual property:

• The threat of spams that is there are many people who utilize the information of common public in return for an attractive offer
• Creation of fake accounts
• The openness of getting attacked by social media hackers by sharing excessive personal information related to any person or yourself
• Running the application on social media without checking the credibility
• Putting vulnerable information on social media websites

Computer technology is the biggest threat to the privacy of the date lying on social media these days. The biggest threat is the art of hacking learned by many people. People in the name of ethical hacking are invading the privacy of so many people on the social media accounts. No matter how much privacy is applied there is still some loophole left by the social media platform developers which makes the common public to suffer. Other than hacking people the blunt statements and signing in into unauthorized application are some other computer technology treats.

Other unauthorized use of intellectual property may include the excessive of torrent applications. Torrent application these days are getting in common which has made the violators to use this for their purpose. Besides this, another term hyperlinking is not hidden from the people. Social media networking worms and the usage of cookies on certain websites for downloading the content is the biggest threat underlying to the people.

Case Study 4 (10 Marks)

Criteria	Points
Based on this scenario list what cyber threats to intellectual property that social network sites can pose? Give at least 5 examples (5 Points)
How does computer technology threaten the privacy of the data to social network users? (2.5 points)
Discuss other unauthorized use of intellectual property that may lead to legal liability? (2.5 points)
Total

Case 5 (LO5, 24 Points)

You work for the Scientific Research University (SRU). SRU offers programs ranging from Bachelors to PhD programs. In this University, many professors are involved in the various research project; almost all of them would also associate with Intellectual Property (IP). You should also understand that many PhD Students work closely with their professors on various research projects; so they may also have access to various types of data. You are required to develop an IT Organizational Code of Conduct for a University. See PPT LO5 for IT workers and Users, Slide 25 and Slide 26 for various criteria.

Answer:

SRU needs to have some code of conduct in within the premises of the university. It is generally observed that when the students learn different techniques in the field of IT they get indulged in illegal activities (GORDON, 2011). In this case the genius ones are the first one to be in the list. So there lies a threat to the intellectual property of the university as well as of that of the professors. This intellectual property can be worth of dollar in the actual market. So this implies that the university follows a code of conduct that is implied on all the students. Following are the steps that need to be included in the code of conduct:

• If any of the students is found to be responsible for the missing data of the professor or any other management body of the university, he/ she should be given sever punishment along with the termination from SRU and all other universities for certain period of time.
• The access to the internet connection of the university should be given to the students by defining a criterion such as their roll numbers should be entered. The Wi-Fi for teachers and students should be kept different.
• Any student found guilty for breaking the rules of the code of conduct should be exposed to punishment and high penalty as well.
• Sharing of the research projects other than the professors who are concerned with the project should be strictly violated.
• Entering the room of the professor should not be allowed in absence.

Case Study 5 (24 Marks)

Criteria	Does not meet requirements (F) 0-5	Minimally meets requirements (D) 6	Satisfactorily meets requirements (C) 7	Significantly above requirements (B) 8	Outstanding compared to requirements (A) 9-10	Weight	Points
See PPT (LO5 for IT workers and Users, Slide 25 and Slide 26) 1- Need for IT Usage Policy 2- Guide Lines for Ethical Decision Making 3- Policy application for Different type of workers 4- Policy covering various issues as pointed on slide 26 5- Disciplinary Actions 6- Communication Plan 7- Training Policy 8- Firewall	Did not provide good details on any of the criteria. At least three of the criteria are missing.	Provided a poor overview on the different criteria. There is a lack of consistency and cohesiveness in the report. There is also a possibility that some criteria may be missing.	Covered most of the criteria. Provided a descent overview of the case. However, it appears that the writers may not have a good grasp of the concepts. Covered most of the criteria.	Covered all the criteria. Also provided a good overview of the different sections. Covered all the criteria, but lacked proper justification.	A well-articulated and concise polilcy. Covered all the criteria and provided rationale to support their policy.	X2
Writing/Structure Proper HCT Structure, APA Format, APA Referencing, Academic Writing Skills, Conceptual Clarity, Articulation	The work extremely poor. The work contains numerous grammatical / spelling errors; and there is a lack of citations.	The work is not presented adequately, and some problems with structure and organization. Citations and references may be missing or not in APA format. Work contains numerous grammatical/spelling errors.	The structure and presentation of the work is organized at a satisfactory level. References are provided but may not be in APA. Missing in-text citations. Contains some grammatical/spelling errors.	The structure and presentation of the work is organized well with some minor issues. Most times the correct citation format is used (APA). Supporting evidence is regularly used and are current and from good sources, and most of the key arguments are supported with reliable sources. Most of the references are presented in the correct format (APA). Contains only minor grammatical / spelling errors.	The structure and presentation of the work is organized and written in a professional and good academic level. Some creativity and originality is evident. The correct citation format is used (APA). Various reliable supporting evidence are used and are all current. The references are presented and structured in the correct format (APA).	X0.04

References:

 O'Neil, M. (2011). Cybercrime Dilemma: Is it Possible to Guarantee Both Security and Privacy?. Brookings. Retrieved 18 March 2018, from https://www.brookings.edu/articles/cybercrime-dilemma-is-it-possible-to-guarantee-both-security-and-privacy/

Bilstad, Esq., B. (2018). E-Commerce: An Introduction, Consumer Privacy. Cyber.harvard.edu. Retrieved 18 March 2018, from https://cyber.harvard.edu/olds/ecommerce/privacytext.html

GORDON, P. (2011). Ten Steps For U.S. Multinational Employers Towards Compliance With Europe’s New Data Protection Framework – The General Data Protection Regulation | Littler Mendelson P.C.. Littler.com. Retrieved 18 March 2018, from https://www.littler.com/publication-press/publication/ten-steps-us-multinational-employers-towards-compliance-europe%E2%80%99s-new

 Networks, P. (2018). Top 10 social networking threats. Network World. Retrieved 18 March 2018, from https://www.networkworld.com/article/2213704/collaboration-social/top-10-social-networking-threats.html

 Kenald, E. (2018). Cyber Law: Everything You Need to Know. UpCounsel. Retrieved 18 March 2018, from https://www.upcounsel.com/cyber-law