C841 Task 1 FINAL.docx C841 Legal Issues in Information Security €“ C841 Task 1 Wes

C841 Task 1 2

Relevancy of the Computer Fraud and Abuse Act (CFAA)

CFAA addresses the compromise of confidentiality against a protected computer, which

is any federal computer, financial computer, or any computer used in interstate or foreign

commerce. Within the case study, the Business Intelligence (BI) Unit of TechFite utilized fake

user accounts to gain unauthorized access to computers in TechFite’s financial department which

resulted in the loss of confidentiality of these systems. By compromising the confidentiality of

these finance computers, the Business Intelligence Unit violated the Computer Fraud and Abuse

Act because the TechFite finance computers are considered protected computers due to their role

in interstate.

Relevancy of the Electronic Communications Privacy Act (ECPA)

The ECPA addresses unauthorized access to electronic communications, whether stored

on a hard drive or in transit over the network. Within the case study, Sarah Miller from

TechFite’s BI unit conducted scanning activity into the private networks of several Internet-based

companies. Because these internal communications were within the private networks of outside

companies, Sarah Miller violated the Electronic Communications Privacy Act.

Three Laws that Justify Legal Action

Three laws that can be used in the justification of legal action against negligent activity

observed within the TechFite case study are the Computer Fraud and Abuse Act (CFAA), the

Sarbanes-Oxley Act of 2002 (SOX), and the Electronic Communications Privacy Act (ECPA).

Computer Fraud and Abuse Act

The CFAA addresses the unauthorized trafficking of computer access information that

allows people to access other computers without authorization and with the intent to defraud.

Within the case file, fake company accounts were created then given increased privileges which

were used to access computers from the legal, human resources, and finance departments without

authorization. The Chief Information Security Officer was negligent by not ensuring that all user

accounts are valid and have the appropriate permissions. The CFAA applies to this instance

because the fake user accounts gave unauthorized access to several departments' computer

systems which the criminals intended to use to defraud the company.

Sarbanes-Oxley Act of 2002

SOX addresses the retention and control that companies must maintain over internal

financial documents. SOX applies in the justification of legal action for this case because the

company was negligent in providing internal oversight within the company, which is required by

SOX to ensure the company is employing appropriate controls to protect the integrity and

confidentiality of its internal documentation.

Electronic Communications Privacy Act

The ECPA addresses the restriction of accessing stored electronic communications. These

electronic communications can be in transit over airways or across the wire. Within the case