How should ARD, corporate legal, and Bill be handling this situation?
Prepare one short scenario involving a cybersecurity management issue involving an ethical dilemma.
Short Scenario Assignment: Write a short Scenario similar to the Scenario below which deals with how to ethically manage a cybersecurity breach/issue.
Write the scenario with questions then describe how the situation should be/have been handled. If you know of a real life situation you may use it as long as you recreate it so that no one or no institution/agency can be identified.
(IF the instructor or anyone in the class can figure out the organization or people involved the grade will be an automatic zero for the assignment. This is not a threat just a very clear reminder to protect privacy. It is not hard to do.)
Be sure include your own questions AND answer your questions to create a template of the purpose of your scenario.
Please use the following textbooks and links as a reference
https://www.youtube.com/watch?v=CjZm4sZskxc (Short 1:09) A quick summary of the problem
https://www.youtube.com/watch?v=ZpngO664OFw (Short 2:09) Intro to the posted PDF Report.
Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier (New York: Norton, 2015). [ISBN: 978-0-393-35217-7 pbk.]
Fire Doesn’t Innovate: The Executive’s Practical Guide to Thriving in the Face of Evolving Cyber Risks by Kip Boyle (Austin, Texas: Lioncrest Publishing, 2018). [ISBN: 978-1-5445-1319-5 pbk.]
Bill’s Vacation (the issue is real but story is fiction…maybe): Bill, an IT supervisor for 5 years at Acme Roadrunner Data (ARD) (not a real company) is returning with his work laptop from a month long vacation with his wife in Asia. They couple visited Thailand, Vietnam, China, and South Korea. To stretch 15 days of accrued vacation into the month that he needed, Bill taking advantage of the time difference and ARD’s telecommuting policies, would log on and do his work remotely knowing that he could get a full day’s work done in 3-4 hours. He used local hotel and coffee shop Wi-Fi and ARD’s VPN. With work finished he would join his wife sightseeing. Upon his return to the USA Bill is stopped in customs. They ask to see his laptop which Bill hands over reluctantly. Customs and Border Patrol (CBP) turns it on and asks Bill for his password. Bill because of his supervisor role has a master password that gives him access to almost all the systems that ARD has. He uses this same password for the laptop which contains a master copy of the ARD’s proprietary software and user data which is encrypted with the same password.
Bill believes that he will be fired if he gives CBP access to such sensitive company information and refuses. Protesting his rights as an American citizen he asks why they want access to his laptop. CBP says that they are cracking down on the importation of child pornography and searching people coming
from SE Asia where the problem is rampant. They go on to say that unless they are given access Bill and his wife will be detained in a CBP holding facility. Complicating matters is that fact that Bill and his wife took some risqué photos together with their digital SLR. Having run out of room on their SD card and not trusting such photos to the cloud, Bill stored them temporarily on his laptop until he could get home. Bill uses his one phone call to call the ARD Legal Department. After several days in detention with an ARD corporate lawyer present Bill gives up his password to CBP. After thoroughly examining the laptop and its files, including the encrypted ones the laptop is returned by CBP to Bill and he and his wife are released.
Q1: BEFORE, What should have been the company policy/policies before this situation that would have prevented it? (Think creatively but also practically)
Q2: DURING, How should ARD, corporate legal, and Bill be handling this situation?
Q3: AFTER, Now that this has happened, how should ARD handle the situation with Bill? What new policies should be implemented (circle back to Q1)? What went right for Bill in this Scenario? How might Bill have better handled the situation? What were Bill’s mistakes?
Q4: SPIRITUALLY, Imagine that you are Bill’s boss, what would be an ethical and Biblical way for you to deal to deal with Bill’s situation?