You are part of a team selected by the Chief Information Officer (CIO) to perform a security audit for Cruisin’ Fusion.
Create a 10- to 12-slide presentation (not including the title and reference slides) that shows the results of your security audit based on the following audit process:
Include a 1/2- to 1-page executive summary to support your presentation. Include appropriate references.
Shopping Cart Software for Cruising
Cruisin' Fusion Taco trucks are pleased to inform our customers that we have introduced a shopping cart feature on our website. Placing orders online is very secure, and we have put adequate security measures on the site to guarantee the safety of your data. Nothing feels better than this, and the ordering system is available on a 24/7 basis. The official launch is scheduled for 31st August 2021, and the first 100 customers to make advance orders will receive one free taco.
Differences between ethics, organization policies, and laws
Ethics refers to the professional code of conduct during collecting, analyzing, and publishing personal data regarding privacy, confidentiality, and how that information will be stored or shared. Informed consent has to be sought before data can be shared. On the other hand, organizational policies refer to the guidelines or general statements that define the organization's behavior (Rustad, 2019). Laws refer to the regulations within a particular organization that regulate the activities of its members.
How the shopping cart will uphold ethical trends in protecting consumer privacy
To access the Cruisin Fusion e-commerce site, customers will be required to sign in with their email (username) and strong password. Moreover, to protect customers' credit card numbers from being compromised by hackers, secure payment solutions such as PayPal have been integrated into the website to ensure transactions are secure. Cruisin Fusion IT personnel will be tasked with updating the shopping cart software on the webserver to fix any possible vulnerability (Sarathy, 2020).
Data security accountability policy will ensure that employees are aware of their responsibilities while they are handling customer data. To this end, data will be classified as confidential, general, and data meant for internal use and sent outside the company. Another policy will be about remote access management, which will define how network security will be monitored to prevent cyber-attacks (Rustad, 2019). Management of patches policy will ensure vulnerabilities are eliminated by fixing bugs in the shopping software.
Ethical considerations to maintain confidentiality to protect consumer data
Privacy laws and regulations upheld in shopping cart software
Sarathy, R., & Robertson, C. J. (2020). Strategic and ethical considerations in managing digital privacy. Journal of Business ethics, 46(2), 111-126.
Rustad, M. L., & Koenig, T. H. (2019). Towards a global data privacy standard. Fla. L. Rev., 71, 365.
CRUISIN FUSION WEBSITE: DATA PROTECTION
ETHICAL ISSUES ON DATA COLLECTION
Information collected on these contest include personal data such as phone numbers, email and their first name. If proper measures are not put in place the privacy and confidentiality of such data can be easily be compromised. Data collected can also be shared to other people without necessary getting consent from participants of the contests. With increasing cases of security breaches, if proper security controls are not provided , attacker might steal the information and sell the information to dark web for a profit. Moreover, data collected from participants might contain in accurate data and company employees might find it necessary to make corrections. Information collected can also be abused by employees of Cruisin Fusion by browsing customer data.
Privacy and confidentiality of personal data collected
Concerns on data sharing without consent from customers
Security of the data from cyber criminals
Making corrections on customer data
Ethical responsibility of employees browsing through customer data (McWay, 2020)
Ethical issues on information management
Security of the information stored
Ownership of the data and for how long the company can keep the data (data shelf l
Absence of nondisclosure agreements with employees
Absence of data governance policies could bring about ethical concerns
With current advancements in technology access rights could become an issue of concern
Loss of sensitive information due to alteration, file becoming corrupted or virus attack.
Security of data collected can be compromised when insiders leak crucial information to attackers. Security breaches can result in legal suits and reputational damage. Absence of clear policies on data management can lead to misuse of customer data if its kept longer than necessary. Additionally, absence of non disclosure agreements that binds employees and makes the accountable for their actions touching on sharing personal information to outsiders (Maher, 2019). Information systems cannot be 100 per cent be guaranteed to be secure from being accessed by unauthorized people and therefore, intrusion detection systems should be available to determine a legitimate user. Loss of file due to accidental erasure, alteration can be devastating to the company. Appropriate mechanisms such as data back up ought to be in place to prevent data loss.
PROTECTING CUSTOMER INFORMATION
All Customer data stored should be encrypted
Installing SSL certificate (Maher, 2019)
Using web application firewall
Keeping all plug-ins updated
Use automated antimalware
Backing up data on cloud storage
All stored customer data on servers should be encrypted. This will be helpful incase the information is accessed by unauthorized person who then wont be able to read the contents. Installing SSL certificates will help to encrypt data coming from customers to the server. Having a web application firewall will be useful in monitoring web traffic and stop any malicious attempt to exhaust server resources. Moreover, the firewall will configured to block traffic coming from countries where Tacos are not sold to secure customer data. To avoid being hacked , plugins should be regularly be updated to keep attackers at bay. To further enhance security automated antimalware programs will be used detect and remove malwares from the site on a 24/7 basis. Lastly, customer data and website files will backed up on cloud storage to avoid the cost of downtime when there is a security breach on the website files or the database.
……CONTINUATION:PROTECTING CUSTOMER INFORMATION
Training employees on cyber security awareness
Through creating a cyber response security plan
Use of strong passwords for user accounts
Educating customers about collected data
Updating security patches (Maher, 2019)
Employees are regarded as the weakest link when it come to cyber security. Security training on cyber security will equip them with latest developments on tricks used by attackers thus reducing the risk of phishing attacks. Additionally, a cyber security plan will come in handy when an attacker breaks through defenses put in place. The plan should be updated regularly and tested with cyber security drills and address any weakness identified. Employees should adopt a cyber security culture like using strong passwords that do not reflect on their identifiable things like name, date of birth or pet names. Also, customers ought to be educated on how they can spot suspicious behaviour on the website and report on the same. Customers should encouraged to take an active role to safeguard their data. Software that are not updated are can be easily be exploited by hackers to their advantage. To avert such possible loss, security patches should be updated immediately they are released.
THE NEED TO PROTECT INTELECTUAL PROPERTY (IP)
Intellectual property protection fosters innovation
It deters violation of someone's else intellectual property
Intellectual property has commercial value attached to it
IP strengthens governance through innovative business practices (Fang, 2017)
IP can be used to solve IP disputes
Without intellectual property protection , customers at wont reap benefits of their creative inventions and they might not b e fully compensated for their ingenuity. With IP protection, it becomes easier to deter violations of someone’s else intellectual property . There is a commercial value attached to IP and thus the need to safeguard it from infringement. IP protection makes it easier to do business anywhere. Also, business disputes can be solved amicably when intellectual property is protected.
PROTECTION TO BE USED BY CRUISIN FUSION INORDER TO USE NAME SUGGESTED BY WINNER
Through application for patents , trademarks and copyrights (Fang, 2017)
Signing nondisclosure agreements with winners
Avoid joint ownership of the intellectual property
Implementing security measures such as VPN
To have exclusive rights to the name suggested by winner, there is need to apply for copyright to protect the creative work. The company can also sign non disclosure agreement with the winner as part of keeping a trade secret. Jointly owning an IP allows every party owning to recreate, distribute without consulting other parties. To avoid risk of being exploited joint ownership be strictly avoided. Because nowadays business are being conducted over the internet, IP might be vulnerable to hacking or file becoming corrupted thus the need to have a robust security mechanism like VPN , encrypting data and having password protection for computer networks.
McWay, D. C. (2020). Legal and ethical aspects of health information management. Cengage Learning.
Maher, N. A., Senders, J. T., Hulsbergen, A. F., Lamba, N., Parker, M., Onnela, J. P., … & Broekman, M. L. (2019). Passive data collection and use in healthcare: A systematic review of ethical issues. International journal of medical informatics, 129, 242-247.
Fang, L. H., Lerner, J., & Wu, C. (2017). Intellectual property rights protection, ownership, and innovation: Evidence from China. The Review of Financial Studies, 30(7), 2446-2477.
Cruisin Fusion has invited its customer for a competition to name the latest Fusion recipe. To participate, customers will be required to enter their first name, last name, email, phone number, and their suggested fusion Name. However, due to the nature of identifiable personal information the company wishes to state as follows:
· All submissions will be send via the link provided on our website
· The deadline for submissions will be on 24/08/2021 at 11.59 pm
· All submissions must be made in the English language
· The winner of the contest will be given a $20 gift
· Intellectual property laws will be applicable in the contest
Use of Personal Information
Personal information submitted will be stored in an encrypted format to prevent any security breach. In addition, the company will not be solely responsible for any loss of information that might result due to circumstances beyond our control.
We are a professional custom writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework.
Yes. We have posted over our previous orders to display our experience. Since we have done this question before, we can also do it for you. To make sure we do it perfectly, please fill our Order Form. Filling the order form correctly will assist our team in referencing, specifications and future communication.
2. Fill in your paper’s requirements in the "PAPER INFORMATION" section and click “PRICE CALCULATION” at the bottom to calculate your order price.
3. Fill in your paper’s academic level, deadline and the required number of pages from the drop-down menus.
4. Click “FINAL STEP” to enter your registration details and get an account with us for record keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
5. From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.