2

part a:  Malicious Insiders:  Prior to beginning work on this discussion read Chapter 3 from the course text and the Governing Information Technology Risk (Links to an external site.) article. As a CIO, you will be responsible for protecting proprietary and valuable data in your company’s possession. Some employees (aka “Malicious Insiders”) may be tempted to steal or share the valuable information held by your company. There are several specific protocols and methods (e.g., key logging and monitoring emails) that a CIO can employ to find malicious insiders and/or detect their activities. For your initial post you will take on the role of the CIO of a company with 10,000 employees that has various types of proprietary and valuable data. The company is interested in taking precautionary measures to ensure that this data is protected. Address the following in your initial post: Taking into consideration the broad legal issues related to data protection, construct at least two specific, reasonable protocols you could use to detect malicious insiders and/or their activity within your company. Provide a rationale for your statements based on your source(s). Taking into consideration the ethical issues related to employee monitoring, construct at least two specific, reasonable protocols you could use to prevent the activities of malicious insiders, so that they are not able to gain access to proprietary and valuable data. Provide a rationale for your statements based on your source(s).  minimum 250 words. Part B:  Software Liability Boilerplate:  Prior to beginning work on this interactive assignment, read Chapter 3 from the course text. Review the instructions below and research at least one additional scholarly and/or credible professional source to support your statements. (Access the MISM Credible Resource Guide (Links to an external site.) for assistance with finding appropriate credible professional resources.) For this interactive assignment, you will take on the role of the CIO of a company that has many customers on its network. The business model that your company created includes customers on your network who use specific third party software at no extra cost. You are in the process of negotiating the purchase of a license of this third party software, but you have concerns about your company’s liability exposure should the software fail. For example, you are concerned that your customers will use the third party software, input personal or other sensitive data, and then have that software crash or fail on its own, through no fault of your company. This could lead to your customer suffering real or perceived personal harm. As a result, the customer might sue your company for this harm. In anticipation of purchasing the software license, you seek to include language in the software licensing agreement that would protect your company from harm suffered by your customers should the third party software crash or fail on its own. Include the following in your initial post: Create boilerplate language for the software license agreement necessary to protect your company from this liability risk. Provide an example of other language, either from an existing company case study or a fictitious example that would not sufficiently protect your company from this liability exposure. Explain why this language does not sufficiently protect your company, supporting your statements with evidence from your sources. minimum of 300 words. Part C   Questions of Liability: Critique of the Target® Hack: Prior to beginning work on this assignment, read Chapter 3 of the course text, the Inside Target Corp., Days After 2013 Breach (Links to an external site.) article, and review any relevant information from this week’s lecture. Review the instructions below and research at least one additional scholarly source and a minimum of three credible professional sources to support your statements. (Access the MISM Credible Resource Guide (Links to an external site.) for assistance with finding appropriate credible professional resources.) In 2013, Target Corporation was hacked. Credit and debit card data of 40 million of Target’s customers were exposed. Hackers reportedly infiltrated Target via access from an outside vendor, Fazio Mechanical. Often, CIOs will deal with outside vendors who ask for access or need to access some of their company’s data. Shortly after Target was hacked, the organization has hired you, a risk management expert, to address their handling of Fazio Mechanical’s access to Target’s network and data. Based on this scenario, address the following in a five page paper: Analyze current company protocol(s) and draft new protocols you would use to reduce Target’s liability from non-permitted access to their network and data via outside vendors. Explain how the protocol(s) would reduce the risk of liability to Target. Explain whether or not Target can ethically impose a protocol(s) on the internal operations of an outside vendor so that their internal operations more easily conform to Target’s security protocols and internal operations, with the overall intention of reducing Target’s liability. Explain whether Target or Fazio Mechanical is more at fault for exposing Target’s customers’ data, providing rationale(s) for your decision. The Questions of Liability: Critique of the Target® Hack paper Must be five double-spaced pages (1500 to 1600 words) in length (not including title and references pages) and formatted according to APA style as outlined in the  Writing Center (Links to an external site.). Must include a separate title page with the following: Title of paper Student’s name Course name and number Instructor’s name Date submitted Must use at least one scholarly source and three credible professional sources in addition to the course text. The Scholarly, Peer Reviewed, and Other Credible Sources (Links to an external site.) table offers additional guidance on appropriate source types. If you have questions about whether a specific source is appropriate for this assignment, please contact your instructor. Your instructor has the final say about the appropriateness of a specific source for a particular assignment. Must document all sources in APA style as outlined in the  Writing Center. Must include a separate references page that is formatted according to APA style as outlined in the Writing Center.