CYB 260 Project Two Guidelines and Rubric Legal and Ethical Recommendations Brief

CYB 260 Project Two Guidelines and Rubric

Legal and Ethical Recommendations Brief

Overview

Protecting data security and data privacy are key aspects of the cybersecurity domain. Practitioners must account for several competing drivers to address the concerns of data security and

privacy, including:

Regulatory compliance

Operational impact

Cost

Customer and employee satisfaction.

As a practitioner, you must identify requirements and recommend approaches related to technology, policy, and workforce. Your recommendations should ensure that appropriate measures

are in place to adequately secure data and protect individual privacy in a constantly changing threat environment. In this project, you will recommend an approach to address the legal and

ethical aspects of a security-relevant business decision.

In this assignment, you will demonstrate your mastery of the following course competency:

Make recommendations regarding legal and ethical issues in cybersecurity appropriate for the organizational environment

Scenario

Use the Project Two Scenario to complete this assignment. This scenario places you back in the role of an executive-level security consultant for the organization. The scenario provides

additional details about the organization’s decisions on the proposal you addressed in Project One. In addition to the scenario, review the Fit-vantage Company Profile and the HIPAA rule

summaries provided in this module’s resources.

To complete this assignment, you will prepare a legal and ethical recommendation brief for the internal stakeholder board that identifies an approach to meeting the privacy protection, data

security, and ethical needs of the scenario.

Prompt

Write a brief memorandum to the internal leadership board outlining your recommendations for meeting the needs of the scenario. Specifically, you must address the following critical

elements:

I. Recommend an approach to protecting data privacy. Support your recommendation with evidence from applicable laws or the corporate mission and values.



2/10/25, 11:22 AM Assignment Information

https://learn.snhu.edu/d2l/le/content/1831858/viewContent/38649354/View 1/2

II. Recommend an approach to ensuring data security. Support your recommendation with evidence from applicable laws or the corporate mission and values.

III. Describe how ethical considerations about data use influenced your recommendations for security-enhancing safeguards.

What to Submit

Your submission should be 1 to 3 pages in length and use double spacing, 12-point Times New Roman font, and one-inch margins. Sources should be cited according to APA style. Use a file

name that includes the course code, the assignment title, and your name—for example, CYB_100_Project_One_Neo_Anderson.docx.

Project Two Rubric

Criteria Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value

Data Privacy Meets “Proficient” criteria and

addresses critical element in an

exceptionally clear, insightful,

sophisticated, or creative

manner

Recommends an approach to

protecting data privacy,

including support from

applicable laws or the

corporate mission and values

Addresses “Proficient” criteria,

but there are gaps in clarity,

logic, or detail

Does not address critical

element, or response is

irrelevant

30

Data Security Meets “Proficient” criteria and

addresses critical element in an

exceptionally clear, insightful,

sophisticated, or creative

manner

Recommends an approach to

ensuring data security,

including support from

applicable laws or the

corporate mission and values

Addresses “Proficient” criteria,

but there are gaps in clarity,

logic, or detail

Does not address critical

element, or response is

irrelevant

30

Ethical Considerations Meets “Proficient” criteria and

addresses critical element in an

exceptionally clear, insightful,

sophisticated, or creative

manner

Describes how ethical

considerations about data use

influenced the

recommendations for security-

enhancing safeguards

Addresses “Proficient” criteria,

but there are gaps in clarity,

logic, or detail

Does not address critical

element, or response is

irrelevant

30

Articulation of Response Submission is free of errors

related to grammar, spelling,

and organization and is

presented in a professional and

easy-to-read format

Submission has no major errors

related to grammar, spelling, or

organization

Submission has some errors

related to grammar, spelling, or

organization that negatively

impact readability and

articulation of main ideas

Submission has critical errors

related to grammar, spelling, or

organization that prevent

understanding of ideas

10

Total: 100%

2/10/25, 11:22 AM Assignment Information

https://learn.snhu.edu/d2l/le/content/1831858/viewContent/38649354/View 2/2

CYB 260 Project Two Scenario This scenario places you back in the role of an executive-level security consultant for Fit-vantage Technologies. After much debate, the internal stakeholder board has provisionally approved the partnership with Helios Health Insurance. Prior to formally approving the partnership, the board has requested that you prepare a legal and ethical recommendation brief to identify an approach to meet the privacy protection, data security, and ethical requirements that this partnership will generate. To complete this project, review the following documents:

• Fit-vantage Company Profile, which contains the mission statement, core values, and a draft of the Fit-vantage privacy statement

• HIPAA Privacy Rule Summary • HIPAA Security Rule Summary

Note: The company profile and the HIPAA Privacy Rule summary are the same documents distributed for Project One. The HIPAA Security Rule summary is new. Links to these documents are on the Project Two Guidelines and Rubric page in the course's Assignment Information area.

CYB 260 Fit-vantage Company Profile Mission Statement To contribute to the health and well-being of every customer with technology that complements each individual’s lifestyle Core Values

 Good health is our foundation.

 We must be good citizens.

 We work as a team.

 Invest in every customer.

 No fine print. Draft of Privacy Statement

Introduction Many organizations provide information and services through the internet. Much of the information and many of the services do not include personal or confidential information and are available to anyone accessing the internet. When access to information or services is restricted to protect your privacy or the privacy of others, you may be asked to provide a logon username and password. Your logon username and password verify your identity so that we can provide you with access to your information and services while restricting access by unauthorized individuals. If you choose to accept the conditions of this user acceptance agreement, you will be prompted to provide the basic information that is required to issue a logon username and password. The information you provide will be stored in your user profile and will be managed according to our policy, as described below. To create your logon username, we will ask you for your name, address, email address, telephone number, and your desired password. If the necessary information is not already stored, you will be given the opportunity to add that information to your user profile. If you have provided the information previously, there will be no need to reenter it. You will always have the choice to opt out and not provide the requested information. However, if you do so, you may not be able to complete your transaction over the internet or use the app. You will also have the ability to review or update the information stored in your user profile. Once you have registered on the website, your identification information, your contact information, and the other data you choose to provide will be made available to the appropriate business departments. Because we store this information, you do not have to provide it each time you use a service that has privacy or confidentiality restrictions. Please note that only certain types of information will be stored in your user profile, as described in the “Information Collected and How It Is Used” section below. Your user profile will never contain records such as credit card information.

Protecting Your Account Your logon username and password are your keys to doing secure business over the internet. They should be considered as important as your signature. Do not share your logon username or password with anyone. Violators may be subject to prosecution, fines, or other sanctions. Information Collected and How It Is Used The information collected for user access to the internet account and health application is limited to what is required to provide secure delivery of those applications. Information about users of these applications may include the following:

 Identifying information, such as names and other identification numbers, that is used to verify an individual’s identity when they request a logon username to access applications.

 Contact information, such as telephone numbers, postal addresses, and email addresses, that is used to contact the individual regarding their account.

 Information, such as logon usernames, passwords, and related attributes, that is used to maintain security.

 Program area identification numbers that are used to link a user and a specific application. This information will not be collected or stored unless it is required for access to specific applications.

Personal Information and Choice Personal information is information about an individual that is readily identifiable to that specific individual. Personal information includes identifiers such as an individual’s name, address, and telephone number. A domain name or internet protocol (IP) address is not considered personal information. We do not collect any personal information about you unless you voluntarily participate in an activity that asks for the information. Access and Correction of Personal Information Individuals will be allowed to view personal information relating to their user profile and to update the contact information in their user profile (address, telephone, or email address). Passwords will be secured. Use of Cookies A cookie is a small amount of data, which may include an anonymous unique identifier that is sent to your browser from a website’s computers and may be used during your session (session cookie). Cookies may contain data about a user’s movements during their visit to the website. If your browser software is set to allow cookies, a website can send its own cookie to you. A website that has set a cookie can access only cookies it has sent to you; it cannot access cookies sent to you by other websites. When you request a logon username and password, a session cookie will be sent to your browser and stored in your computer’s memory. The cookie will be used to maintain session information unless you navigate to different services. Your privacy is best protected if you close your browser after you are done using applications that use session cookies.