Compose an organizational security policy that protects the confidentiality, integrity, and availability of the organization’s data.

You will submit your creation of a cyber-security policy. The cyber-security policy will assess how the organization will interpret security issues that occur in the workplace. The cyber-security policy will also distinguish and examine ethical issues in the work place that pertain to social media, email, and privacy.

Specifically the following critical elements must be addressed:

Compose an organizational security policy that protects the confidentiality, integrity, and availability of the organization’s data.

Evaluate the current U.S. cyberlaws; state statutes; and criminal, civil, private, and public laws and compare them with the organizational security policy to ensure compliance.

Assess the network cyber-security policy to determine if the policy is able to minimize risks and vulnerabilities.

Develop security policy sections that identify acceptable use for users pertaining to privacy, social media, email usage, and internet usage in the workplace.

Requirements: 4-6 pages

Information Technology Risk Analysis and Cyber Security Policy

Jacob Brumit

Southern New Hampshire University

2023TW5

Information Technology Risk Analysis and Cyber Security Policy

1. Define and evaluate the information technology business model of the organization

Apple uses a vertically integrated business model. The model is built on getting the best experience for the customers. Apple works within the framework of ensuring that its products align with the set cyber security provisions. Apple ensures that it designs and manufactures its OS to ensure that it provides users with data security and privacy (Ahlam, 2020). To ensure this is providing Apple designs its Application software, hardware, and services. The idea is to avoid a situation where third parties might create loopholes that might expose users to hackers. Apple has, for a long time, file encryption methodology in all its devices to ensure that users’ security is guaranteed. When it comes to devices such as laptops, Mac computers are protected by a volume encryption technology called FileVault (Ahlam, 2020). The methodology ensures that users’ data is protected and the Company is not exposed to any unwanted data risk.

2. Cyber-security laws, private and public laws, state statutes, criminal and civil laws, and ethical guidelines that are pertinent to the organization

Apple’s work concerning the EU General Data Protection Regulation and California Consumer Privacy Act (Robinson et al., 2021). The Company has ensured that it follows the set guidelines by following the applicable laws and regulations. To ensure compliance Apple requires all its employees to undergo Business Conduct Training. All employees that handle customer data and personal information must undergo Privacy and security training. The training is bi-annual. Employees must also work concerning the Local law. They must work within Apple privacy and security standards, which guide them on how to handle customers’ data and information. The Company has Apple Privacy Compliance Audit & Verification team to ensure data protection (Robinson et al., 2021). The team is tasked with reviewing all the laws and ensuring that they are followed by employees. The company products have extra security layers to protect the users. To ensure data ethics, Apple undertakes the De-Identification of Personal Data. Apple has also ensured that it works in compliance with APEC Cross-Border Privacy Rules (CBPR) System and the Privacy Recognition for Processors (PRP) System (Robinson et al., 2021). Apple has also employed the value third-party dispute resolution provider to ensure any data breach is dealt with without its influence. This has made the Company work within the confines of the provided cyber laws. Ethics dictates that Apple must ensure its customer data is secure and safe. It calls for the Company to do everything in its capacity to comply with this policy. Ethics ensures that Apple protects the data it collects from the customers as they use the Company’s products and services.

3. Current cyber laws, regulations, and policies within the organization as they relate to the organization’s information systems

While Apple has tried to work within the provided cyber security laws, it has also ensured it meets the following demands. Consumer Privacy Protection Act 2017 protects the user’s data from exposure (Heinze et al., 2021). The Act was developed when many hacking cases started being reported in the United States. The idea of the Act is to make the Company liable for any hacking that happens to its products. When companies reach a point where they have to take the burden of hacking, they will act by providing better security systems for their devices. 

Apple, as a company, collects customer data, and this Act ensures that it protects the customer’s data. The Company must pay a $5 million fine in case of a breach. The Company must comply with the cyber security Information Sharing Act 2015 (Heinze et al., 2021). The Act protects how customer information and data are shared. The Act allows sharing of information between the United States government and technology companies such as Apple. Apple must always ensure that it works within the provisions of these cybersecurity policies. In recent years, hacking cases have increased, and these policies are driven to minimize these cases. Deterrence can be achieved by making companies carry the burden of the hackers. 

4. Cyber law Crimes

Cybercrimes that Apple Investigates

As a company, Apple must investigate the following types of cybercrime: Malware, hackers have become sophisticated, and they are developing plug-ins that operate above the OS layer. This calls for the Company to be a step ahead of the hackers. Some of the common malware include ElectroRAT and SilverSparrow. The second type is Internet of Things (IoT) Security Threats, which most Apple device users have been worried about (Peng, 2022). The third type is Air Tags which have been used to track individuals. Criminals use this system to track their victims. Apple must spend time looking at issues with Apple Watch. It must be noted that in 2021 it was reported that the watch had over 300 vulnerabilities (Peng, 2022). The watch is a loophole that hackers are using to attack users. Lastly, Apple must investigate browser Security Flaws. It must be noted that issues have been identified with Safari 15 and Chrome which runs on Apple OS. These risks must be instigated, and a solution be developed to ensure users are protected. Apple must make sure that all its devices are protecting users from any form of attack.

Cybercrimes 

Cyberattacks have the potential to cause Apple a lot of harm. The starting point is a drop in revenue. When customers can no longer trust a brand, they will withdraw their association with the Company’s products. The second issue is that customers will look to other companies that offer similar products. Customers will look for devices that will protect them against cybercrime. Apple must know that companies like Samsung are working to improve data security and privacy.it is imperative to note that Apple can lose money to hackers when the hackers try to extort victims (Peng, 2022). Victims will seek legal redress when they are extorted by hackers. Apple will end up carrying the burden when the situation gets to the courts. Lastly is the issue of ever-increasing lawsuits. No company is ready to be at the courts always. When cases increase, the customer’s trust decreases. Apple must ensure that it works to protect users’ data and make privacy one of the critical areas of investment.

Information security measures that safeguard Apple’s information.

Apple utilizes its iCloud data and encryption services to protect its users from cybercrime. All new products that the Company sells have two-factor authentication. The idea is to protect users from fraudulent individuals accessing one account (Peng, 2022). The Company has employed the services of end-to-end encryption within its iCloud. They are the standard data protection, which is used in the default setting of individual accounts. This enables the users to recover their data easily without risking their data. The second is advanced data protection for iCloud (Peng, 2022). This is given to users as optional offers which offer the highest level of cloud data security. The Company has also employed other security measures, such as iCloud Backup. All the systems are developed in such a way that they ensure user data does not get into the hand of hackers. Apple has been improving its data security over time. It has taken every challenge as an option to improve its security systems. The Company has been rolling out new systems to help its clientele protect their data.

5. Cyber-crime and e-commerce

 Information systems security measures that allow users to access Apple’s data.

Apple allows its customers to access its data through the principle of privacy by default. It means that the customer can access all the information that guides the Company’s operation. The Company has provided software to users that enable them to access the information they require. Customers may access the Company’s data, but they cannot change anything (Leith, 2021). They must access the data under a secure system that will protect them and the Company from any harm. It is imperative to note that the only data that customers can access relates to the device they use. They cannot access other customers’ data. Every device that Apple has developed has user data that guide its use. This information can be accessed. All Apple data are classified under the IP portfolio. It is the trademark that protects the Company’s services and data from other third parties. The Company has copyright protection for its OS and application programs. All these components are developed with the idea of making sure that those who access the data cannot use it against the Company.

Cyber laws ensure that Apple is protected against outside intrusion.

The federal Computer Fraud and Abuse Act protect Apple from outside intrusion. The Act provides criminal and civil penalties which might be applied to hackers or intruders. Unauthorized access to other companies’ data is prohibited under this Act. The Act has come over time to help companies like Apple protect their data (Leith, 2021). Copyright infringement calls for class actions against those who are found to contravene the provision of this Act. The Act also prevents other companies from utilizing other competing company information. It aims at ensuring that intruders are brought to the books when they are arrested. It also prevents competing companies from employing hackers to access the device design information. In most cases, when this information is accessed, it can be the downfall of a giant. This ensures that companies are competitive within the set parameters. 

References

Ahlam, R. (2020). Apple, The Government, and You: Security and Privacy Implications of the Global Encryption Debate. Fordham Int’l LJ, pp. 44, 771.

Heinze, D., Classen, J., & Hollick, M. (2020). {ToothPicker}: Apple Picking in the {iOS} Bluetooth Stack. In 14th USENIX Workshop on Offensive Technologies (WOOT 20).

Peng, S. Y. (2022). Public–Private Interactions in Privacy Governance. Laws, 11(6), 80.

Robinson, L., Kizawa, K., & Ronchi, E. (2021). Interoperability of privacy and data protection frameworks.

Leith, D. J. (2021). Mobile handset privacy: Measuring the data iOS and Android send to Apple and Google. In Security and Privacy in Communication Networks: 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6–9, 2021, Proceedings, Part II 17 (pp. 231–251). Springer International Publishing.

IT 659 Information Technology Risk Analysis and Cyber Security Policy Part 2 Guidelines and RubricIn the second portion of this assessment, you create an organizational cyber-security policy using the information that was identied in the risk analysis paper.PromptYou will submit your creation of a cyber-security policy. The cyber-security policy will assess how the organization will interpret security issues that occur in the workplace. The cyber-security policywill also distinguish and examine ethical issues in the work place that pertain to social media, email, and privacy.Specically the following critical elements must be addressed:1. Compose an organizational security policy that protects the condentiality, integrity, and availability of the organization’s data.2. Evaluate the current U.S. cyberlaws; state statutes; and criminal, civil, private, and public laws and compare them with the organizational security policy to ensure compliance.3. Assess the network cyber-security policy to determine if the policy is able to minimize risks and vulnerabilities.4. Develop security policy sections that identify acceptable use for users pertaining to privacy, social media, email usage, and internet usage in the workplace.What to SubmitYour paper must be submitted as a three- to ve-page Word document with double spacing, 12-point Times New Roman font, one-inch margins, and at least three sources cited in APA format.Information Technology Risk Analysis and Cyber Security Policy Part 2 RubricCriteriaExemplary (100%)Procient (90%)Needs Improvement (70%)Not Evident (0%)ValueOrganizational Security PolicyMeets “Procient” criteriasupplemented with examples tosupport thinkingCompose an organizationalsecurity policy that protects thecondentiality, integrity, andavailability of the organization’sdataOrganizational security policythat protects the condentiality,integrity, and availability of theorganization’s data is minimallycomposedAn organizational security policythat protects the condentiality,integrity, and availability of theorganization’s data is not evident20ComplianceMeets “Procient” criteriasubstantiated with research-based evidence to supportndingsEvaluate the current U.S.cyberlaws; state statutes; andcriminal, civil, private, and publiclaws and compare them with theorganizational security policy toensure complianceEvaluation of the current U.S.cyber laws; state statutes;criminal, civil, private, and publiclaws and comparison with theorganizational security policy toensure compliance is lacking indetail and/ or accuracyDoes not evaluate the currentU.S. cyber laws; state statutes;and criminal, civil, private, andpublic laws and compare themwith the organizational securitypolicy to ensure compliance20Risks and VulnerabilitiesMeets “Procient” criteriasupported with examples tosupport the risks andvulnerabilities that wereAssess the network cyber-security policy to determine ifthe policy is able to minimizerisks and vulnerabilitiesAssessment of the networkcyber-security policy todetermine if the policy is able tominimize risks and vulnerabilitiesAssessment of the networkcyber-security policy todetermine if the policy is able tominimize risks and vulnerabilities20

assessedis minimalis not evidentSecurity Policy SectionsMeets “Procient” criteriasubstantiated with explicitdetails in each security policysectionDevelop security policy sectionsthat identify acceptable use forusers pertaining to privacy, socialmedia, email usage, and internetusage in the workplaceDevelopment of security policysections that identify acceptableuse for users pertaining toprivacy, social media, emailusage, and internet usage in theworkplace is lacking in detailDevelopment of security policysections that identify acceptableuse for users pertaining toprivacy, social media, emailusage, and internet usage in theworkplace is not evident20Articulation of ResponseSubmission is free of errorsrelated to citations, grammar,spelling, syntax, and organizationand is presented in a professionaland easy-to-read formatSubmission has no major errorsrelated to citations, grammar,spelling, syntax, or organizationSubmission has major errorsrelated to citations, grammar,spelling, syntax, or organizationthat negatively impactreadability and articulation ofmain ideasSubmission has critical errorsrelated to citations, grammar,spelling, syntax, or organizationthat prevent understanding ofideas20Total:100%

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.