Nursing

TechFite Case Study C841 Cybersecurity

TechFite Case Study C841: Review of Evidence

TechFite is a tech consultancy company whose client’s product information ended up in the hands of the company’s competitor. An investigation was launched to find out how this took place. It is suspected that TechFite facilitated the data breach. It was found that there were no specific details on the auditing of the user accounts. This is one of the vulnerabilities that would have facilitated the leaking of privileged information. This is evidence of the violation of the non-disclosure agreements (NDAs). Although the company employees may not have actively leaked the information, their negligence facilitated the loss.

Additionally, it was found that TechFite was receiving money by using off-the-books payment methods. It is also evident that two email accounts created with the request of Carl Jasper were used for intelligence gathering activities. This could be how the products’ information leaked to the competitors (Cristea, 2020).

It was also found that the TechFite computers were used to penetrate the computer systems of other internet companies. This may indicate the deliberate attempt to gather privileged information on the technology developed by various companies. Additionally, they engaged in intelligence gathering activities such as mining the digital trash from other companies in the pursuit of intelligence. This may indicate that Carl Jasper may not be acting alone.

Read Also: Most Legit Paper Writing Services

Strategic and Competitive Intelligence Professionals (SCIP)

This may also violate the Strategic and Competitive Intelligence Professionals (SCIP) ethics that prohibit the use of illegal and covert business intelligence activities. It is also evident that the business intelligence unit may have created dummy accounts without proper authorization. This account has access to critical information such as legal, finance, and human resource. This is a possible vulnerability used in the leaking of the data. However, it is not evidence of the exact means used to extract privileged information (Connor & Doan, 2021).

TechFite Ethics and Cybersecurity Powerpoint

Read Also: Cloud Computing Essay

Techfite Ethics and Cybersecurity Case Study

The first selected organisation is Women in cybersecurity, a non-profit organisation dedicated to recruiting, retaining, and advancing women working in the Cybersecurity field. This has been attained through the creation of a robust cybersecurity workforce. According to the organisation’s privacy policy, they use only four aspects of personal information, namely email address, telephone number, mailing address, and name.

It is noted that the organisation does not collect any other detail about the clients and visitors to their website. In addition to this, personal information is not disclosed to the third party, the sponsors. The client’s personal information can be shared with the vendors in cases where the product or service is concerned (Gregory, 2007). They may also leverage personal information while responding to the client’s inquiries.

Women in Cybersecurity

However, it is noted that Women in cybersecurity do not take responsibility for third-party organisations’ practices, information, and privacy. This is with the realisation that third parties would utilise cookies to leverage the customer’s personal information for advertisement purposes. Therefore, the organisation urges the visitors not to send sensitive information such as credit card numbers, driver’s licenses, and social security numbers.

TechFite ought to adopt such measures to facilitate the enhancement of privacy (Gregory, 2007). However, because the company deals with sensitive information in its core business, it ought to have better data security methods. Such methods include the escalation of privilege among the workers according to the security required in providing services.

SVCSI – Silicon Valley Cybersecurity Institute

The second company is SVCSI – Silicon Valley Cybersecurity Institute, a not-for-profit organisation that seeks to promote, investigate, and develop the best practices. The company’s cybersecurity section defines terms that include account, business, company, consumer, cookies, country, data controller, and personal data, do not track, usage data, and website. The personal information details include usage data, address, phone number, name, and email address.

The organisation informs the clients of the instances that would lead to the disclosure of personal data to third parties; they include business transactions such as a merger, law enforcement, and other legal requirements such as the lack of compliance to legal obligations (Gregory, 2007). TechFite failed to disclose the guidelines on dealing with the client’s data. There ought to have been a protocol for the management of data for the benefit of the clients.

Non-Disclosure Agreements

In general, there was bleach in the company’s non-disclosure agreements after their product found its way to the competitors. TechFite had guaranteed they would not breach confidentiality, but their infrastructure does not allow them to commit. This happened to two of the company’s clients, with TechFite being the common denominator. The actor, in this case, is the company’s management in ensuring the protection of clients.

The clients also ought to have clarified whether the infrastructure in TechFite would facilitate the It was found that there was a lack of escalation on privilege, surveilling internal network activity and traffic, and enforcing data loss prevention (Gregory, 2007). Therefore the protocol in TechFite does not allow data protection. Even though there were overt acts of bleaching the non-disclosure agreements, there was negligence, thus leading to illegality due to omission.

The fact that the infrastructure in TechFite did not facilitate the protection of customers’ information from third parties. The fact that there were non-disclosure agreements means that TechFite should ensure that they adhere to the non-disclosure agreements. Therefore the negligence in the company leads to the leaking of information on the client’s product getting to the hands of the competitors. This affected the future profitability of the client’s research process (Gregory, 2007). Therefore, TechFite was in direct contradiction with its responsibility as a consultant with sensitive information belonging to the clients.

Business Intelligence Unit

The Business Intelligence unit proved that there was negligence on the side of TechFite. The protocol used to ensure cybersecurity in TechFite contains a basic procedure that does not match the sensitivity of the client’s information (Gregory, 2007). This indicates gross negligence for a tech consultancy company. Additionally, a piece of misleading information on the company’s website indicated that they could provide information protection according to the non-disclosure agreements.

To prevent such a breach of privilege, but ended up auditing the company employees’ user accounts to ensure that there is cybersecurity for the client’s privilege. There also ought to be data loss prevention for sensitive documents. Additionally, there is a need to escalate privilege for the client’s sensitive documents (Caspian IT Group Code of Ethics., n.d.). There is also a need to prevent surveillance in the company’s network. The negligence would be ensured to ensure success with the project. Therefore the client’s intellectual property rights would be protected from competitors.

One of the deliberate measures that would be implemented in this pursuit includes incorporating security awareness training and education program. The TechFite worker ought to understand fraud prevention, whaling, phishing, malware, and spam (Caspian IT Group Code of Ethics., n.d.). Additionally, the tech support team should audit all the worker’s user accounts to prevent privileged information from finding its way to the client’s competitors.

Conclusion

In conclusion, there is negligence in TechFite while dealing with the client’s privileged information. It would be ethical for the company’s management to ensure that they must fulfil their promise to clients when they sign non-disclosure agreements. Therefore the infrastructure ought to work in the best interest of the client’s. Security awareness is very critical for the client, management workers at TechFite. They ought to have a department specialising in cybersecurity.

Read Also: Cloud Computing Security Threats

To improve cybersecurity at TechFite, the following steps can be taken:

  1. Implement regular user account audits: This would ensure that all user accounts are legitimate and that any suspicious activity is detected and addressed promptly.
  2. Implement proper financial tracking: This would prevent the use of off-the-books payment methods and ensure that all financial transactions are transparent and traceable.
  3. Limit access to sensitive information: By restricting access to sensitive information to only those employees who need it to perform their job, the risk of data breaches is reduced.
  4. Conduct regular security training: Employees should be trained on how to identify and prevent security threats, as well as on the company’s security policies and procedures.
  5. Implement strong passwords and multi-factor authentication: This would make it more difficult for unauthorized individuals to access sensitive information.
  6. Conduct regular security assessments: This would help identify vulnerabilities and weaknesses in the company’s systems and networks, and allow for appropriate measures to be taken to address them.
  7. Implement incident response plan: A well-defined incident response plan will help minimize the impact of security breaches and allow for a quick and efficient response.
  8. Compliance with Industry standards: Compliance with standards such as SOC2, PCI-DSS, HIPAA and ISO 27001 would ensure that the company is following best practices and industry standards for data security.
  9. Regularly monitor network activity: Regularly monitoring network activity would help detect suspicious activity and prevent data breaches before they occur.
  10. Adopting a culture of security: Creating a culture of security within the company would help ensure that all employees understand the importance of cybersecurity and take it seriously.


It is important to note that improving cybersecurity requires ongoing effort, and it is necessary to regularly review and update the security measures in place to keep up with the ever-changing cyber security landscape.

References

Read Also: Best Nursing Homework Writers USA 2023

Eston Eriq

Eston Eriq is a dedicated academic writer and a passionate graduate student specializing in economics. With a wealth of experience in academia, Eston brings a deep love for research and learning to his work.

Recent Posts

Cloud Computing Security Threats

Cloud computing has revolutionized the way businesses operate, offering unparalleled flexibility, scalability, and accessibility to…

10 months ago

Problem-Solution Essay on the Internet

In the digital age, the Internet serves as an indispensable force, fostering connectivity, disseminating information,…

10 months ago

Capitalism vs Communism Essay

The capitalism vs communism essay is an in-depth examination of two opposing economic ideologies that…

10 months ago

Safeguarding Children and Vulnerable Adults

Introduction Safeguarding children and vulnerable adults is a multifaceted responsibility governed by legal frameworks, ethical…

10 months ago

Counselling Attending Behavior Essay

In counseling, attending behavior stands as a cornerstone, shaping the dynamics of therapeutic interactions. This…

10 months ago

Persuasive Essay on GMOs Guide

The discourse surrounding genetically modified organisms (GMOs) has sparked widespread debates on their benefits and…

10 months ago