11 Feb CYB 260 Project Two Guidelines and Rubric Legal and Ethical Recommendations Brief
To complete this assignment, review the prompt and grading rubric in the Project Two Guidelines and Rubric. When you have finished your work, submit the assignment here for grading and instructor feedback.
CYB 260 Project Two Guidelines and Rubric
Legal and Ethical Recommendations Brief
Overview
Protecting data security and data privacy are key aspects of the cybersecurity domain. Practitioners must account for several competing drivers to address the concerns of data security and
privacy, including:
Regulatory compliance
Operational impact
Cost
Customer and employee satisfaction.
As a practitioner, you must identify requirements and recommend approaches related to technology, policy, and workforce. Your recommendations should ensure that appropriate measures
are in place to adequately secure data and protect individual privacy in a constantly changing threat environment. In this project, you will recommend an approach to address the legal and
ethical aspects of a security-relevant business decision.
In this assignment, you will demonstrate your mastery of the following course competency:
Make recommendations regarding legal and ethical issues in cybersecurity appropriate for the organizational environment
Scenario
Use the Project Two Scenario to complete this assignment. This scenario places you back in the role of an executive-level security consultant for the organization. The scenario provides
additional details about the organization’s decisions on the proposal you addressed in Project One. In addition to the scenario, review the Fit-vantage Company Profile and the HIPAA rule
summaries provided in this module’s resources.
To complete this assignment, you will prepare a legal and ethical recommendation brief for the internal stakeholder board that identifies an approach to meeting the privacy protection, data
security, and ethical needs of the scenario.
Prompt
Write a brief memorandum to the internal leadership board outlining your recommendations for meeting the needs of the scenario. Specifically, you must address the following critical
elements:
I. Recommend an approach to protecting data privacy. Support your recommendation with evidence from applicable laws or the corporate mission and values.
2/10/25, 11:22 AM Assignment Information
https://learn.snhu.edu/d2l/le/content/1831858/viewContent/38649354/View 1/2
II. Recommend an approach to ensuring data security. Support your recommendation with evidence from applicable laws or the corporate mission and values.
III. Describe how ethical considerations about data use influenced your recommendations for security-enhancing safeguards.
What to Submit
Your submission should be 1 to 3 pages in length and use double spacing, 12-point Times New Roman font, and one-inch margins. Sources should be cited according to APA style. Use a file
name that includes the course code, the assignment title, and your name—for example, CYB_100_Project_One_Neo_Anderson.docx.
Project Two Rubric
Criteria Exemplary (100%) Proficient (85%) Needs Improvement (55%) Not Evident (0%) Value
Data Privacy Meets “Proficient” criteria and
addresses critical element in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Recommends an approach to
protecting data privacy,
including support from
applicable laws or the
corporate mission and values
Addresses “Proficient” criteria,
but there are gaps in clarity,
logic, or detail
Does not address critical
element, or response is
irrelevant
30
Data Security Meets “Proficient” criteria and
addresses critical element in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Recommends an approach to
ensuring data security,
including support from
applicable laws or the
corporate mission and values
Addresses “Proficient” criteria,
but there are gaps in clarity,
logic, or detail
Does not address critical
element, or response is
irrelevant
30
Ethical Considerations Meets “Proficient” criteria and
addresses critical element in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Describes how ethical
considerations about data use
influenced the
recommendations for security-
enhancing safeguards
Addresses “Proficient” criteria,
but there are gaps in clarity,
logic, or detail
Does not address critical
element, or response is
irrelevant
30
Articulation of Response Submission is free of errors
related to grammar, spelling,
and organization and is
presented in a professional and
easy-to-read format
Submission has no major errors
related to grammar, spelling, or
organization
Submission has some errors
related to grammar, spelling, or
organization that negatively
impact readability and
articulation of main ideas
Submission has critical errors
related to grammar, spelling, or
organization that prevent
understanding of ideas
10
Total: 100%
2/10/25, 11:22 AM Assignment Information
https://learn.snhu.edu/d2l/le/content/1831858/viewContent/38649354/View 2/2
,
CYB 260 Project Two Scenario This scenario places you back in the role of an executive-level security consultant for Fit-vantage Technologies. After much debate, the internal stakeholder board has provisionally approved the partnership with Helios Health Insurance. Prior to formally approving the partnership, the board has requested that you prepare a legal and ethical recommendation brief to identify an approach to meet the privacy protection, data security, and ethical requirements that this partnership will generate. To complete this project, review the following documents:
• Fit-vantage Company Profile, which contains the mission statement, core values, and a draft of the Fit-vantage privacy statement
• HIPAA Privacy Rule Summary • HIPAA Security Rule Summary
Note: The company profile and the HIPAA Privacy Rule summary are the same documents distributed for Project One. The HIPAA Security Rule summary is new. Links to these documents are on the Project Two Guidelines and Rubric page in the course's Assignment Information area.
,
CYB 260 Fit-vantage Company Profile Mission Statement To contribute to the health and well-being of every customer with technology that complements each individual’s lifestyle Core Values
Good health is our foundation.
We must be good citizens.
We work as a team.
Invest in every customer.
No fine print. Draft of Privacy Statement
Introduction Many organizations provide information and services through the internet. Much of the information and many of the services do not include personal or confidential information and are available to anyone accessing the internet. When access to information or services is restricted to protect your privacy or the privacy of others, you may be asked to provide a logon username and password. Your logon username and password verify your identity so that we can provide you with access to your information and services while restricting access by unauthorized individuals. If you choose to accept the conditions of this user acceptance agreement, you will be prompted to provide the basic information that is required to issue a logon username and password. The information you provide will be stored in your user profile and will be managed according to our policy, as described below. To create your logon username, we will ask you for your name, address, email address, telephone number, and your desired password. If the necessary information is not already stored, you will be given the opportunity to add that information to your user profile. If you have provided the information previously, there will be no need to reenter it. You will always have the choice to opt out and not provide the requested information. However, if you do so, you may not be able to complete your transaction over the internet or use the app. You will also have the ability to review or update the information stored in your user profile. Once you have registered on the website, your identification information, your contact information, and the other data you choose to provide will be made available to the appropriate business departments. Because we store this information, you do not have to provide it each time you use a service that has privacy or confidentiality restrictions. Please note that only certain types of information will be stored in your user profile, as described in the “Information Collected and How It Is Used” section below. Your user profile will never contain records such as credit card information.
Protecting Your Account Your logon username and password are your keys to doing secure business over the internet. They should be considered as important as your signature. Do not share your logon username or password with anyone. Violators may be subject to prosecution, fines, or other sanctions. Information Collected and How It Is Used The information collected for user access to the internet account and health application is limited to what is required to provide secure delivery of those applications. Information about users of these applications may include the following:
Identifying information, such as names and other identification numbers, that is used to verify an individual’s identity when they request a logon username to access applications.
Contact information, such as telephone numbers, postal addresses, and email addresses, that is used to contact the individual regarding their account.
Information, such as logon usernames, passwords, and related attributes, that is used to maintain security.
Program area identification numbers that are used to link a user and a specific application. This information will not be collected or stored unless it is required for access to specific applications.
Personal Information and Choice Personal information is information about an individual that is readily identifiable to that specific individual. Personal information includes identifiers such as an individual’s name, address, and telephone number. A domain name or internet protocol (IP) address is not considered personal information. We do not collect any personal information about you unless you voluntarily participate in an activity that asks for the information. Access and Correction of Personal Information Individuals will be allowed to view personal information relating to their user profile and to update the contact information in their user profile (address, telephone, or email address). Passwords will be secured. Use of Cookies A cookie is a small amount of data, which may include an anonymous unique identifier that is sent to your browser from a website’s computers and may be used during your session (session cookie). Cookies may contain data about a user’s movements during their visit to the website. If your browser software is set to allow cookies, a website can send its own cookie to you. A website that has set a cookie can access only cookies it has sent to you; it cannot access cookies sent to you by other websites. When you request a logon username and password, a session cookie will be sent to your browser and stored in your computer’s memory. The cookie will be used to maintain session information unless you navigate to different services. Your privacy is best protected if you close your browser after you are done using applications that use session cookies.
