ESSAY REQUIREMENTS AND RUBIC

Your submission must be your original work. No more than a combined total of 30% of the
submission and no more than a 10% match to any one individual source can be directly quoted
or closely paraphrased from sources, even if cited correctly. An originality report is provided
when you submit your task that can be used as a guide.
 
You must use the rubric to direct the creation of your submission because it provides detailed
criteria that will be used to evaluate your work. Each requirement below may be evaluated by
more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions
of the course.

A.  Demonstrate your knowledge of application of the law by doing the following:

1.  Explain how the Computer Fraud and Abuse Act and the Electronic Communications
Privacy Act each specifically relate to the criminal activity described in the case study.
2.  Explain how three laws, regulations, or legal cases apply in the justification of legal action
based upon negligence described in the case study.
3.  Discuss two instances in which duty of due care was lacking.
4.  Describe how the Sarbanes-Oxley Act (SOX) applies to the case study.
 
B.  Discuss legal theories by doing the following:
1.  Explain how evidence in the case study supports claims of alleged criminal activity in
TechFite.
a.  Identify who committed the alleged criminal acts and who were the victims.
b.  Explain how existing cybersecurity policies and procedures failed to prevent the alleged
criminal activity.
2.  Explain how evidence in the case study supports claims of alleged acts of negligence in
TechFite.
a.  Identify who was negligent and who were the victims.
b.  Explain how existing cybersecurity policies and procedures failed to prevent the
negligent practices.
 
C.  Prepare a multimedia presentation with notes (e.g., Microsoft PowerPoint, Apple Keynote)
(suggested length of 3–5 slides) to summarize the status of TechFite’s legal compliance for
its senior management.
 
Note: You do not have to orally present and deliver this material. The slides and notes are all
you are required to submit for this prompt.
 
D.  Acknowledge sources, using in-text citations and references, for content that is quoted,
paraphrased, or summarized.
 
E.  Demonstrate professional communication in the content and presentation of your submission.

Tasks 2
A.  Address ethical issues for cybersecurity by doing the following:
1.  Discuss the ethical guidelines or standards relating to information security that should
apply to the case study.
a.  Justify your reasoning and cite examples of relevant ethical guidelines used by other
organizations.
2.  Identify the behaviors, or omission of behaviors, of the people who fostered the unethical
practices. 
3.  Discuss what factors at TechFite led to lax ethical behavior.

B.  Describe ways to mitigate problems and build security awareness by doing the following:
 1.  Describe two information security policies that may have prevented or reduced the criminal
activity, deterred the negligent acts, and decreased the threats to intellectual property. 
2.  Describe the key components of a Security Awareness Training and Education (SATE)
program that could be implemented at TechFite.
a.  Explain how the SATE program will be communicated to TechFite employees.
b.  Justify the SATE program’s relevance to mitigating the undesirable behaviors at
TechFite.

C.  Prepare a multimedia presentation with notes (e.g., Microsoft PowerPoint, Apple Keynote)
(suggested length of 3–5 slides) to summarize TechFite’s ethical challenges and the related
mitigation strategies from part B for its senior management.

D.  Acknowledge sources, using in-text citations and references, for content that is quoted,
paraphrased, or summarized.

E.  Demonstrate professional communication in the content and presentation of your submission.

RUBIC

A1:COMPUTER FRAUD AND ABUSE ACT AND ELECTRONIC COMMUNICATIONS PRIVACY ACT

COMPETENT

The explanation of how the Computer Fraud and Abuse Act and the Electronic Communications
Privacy Act each specifically relate to the criminal activity in the case study is clear and complete.

A2:EXPLANATION OF LAWS, REGULATIONS, OR LEGAL CASES

COMPETENT

The explanation of how the 3 identified laws, regulations, or legal cases apply in the justification of
legal action based upon negligence described in the case study is logical, complete, and clear.

A3:DUTY OF DUE CARE

COMPETENT

The description clearly provides applicable evidence of how SOX applies to the case study.

B1:CRIMINAL EVIDENCE

COMPETENT

The explanation contains logical support from the case study to support claims of alleged criminal
activity in TechFite

B1A:CRIMINAL ACTS: ACTORS AND VICTIMS

COMPETENT

The individuals or groups who committed the alleged criminal acts and the victims of these acts each
are correctly identified.

B1B:CRIMINAL ACTS: CAUSES

COMPETENT
The explanation logically addresses how existing cybersecurity policies and procedures failed to
prevent the alleged criminal activity.

B2:NEGLIGENT ACTS

COMPETENT

The explanation contains logical support from the case study to support claims of alleged acts of
negligence in TechFite.

B2A:NEGLIGENCE: ACTORS AND VICTIMS

COMPETENT

The individuals or groups who were negligent and the victims of the acts of negligence each are
correctly identified.

B2B:NEGLIGENCE: FAILED PREVENTION

COMPETENT

The explanation logically addresses how existing cybersecurity policies and procedures failed to
prevent negligent practices.

C:LEGAL COMPLIANCE PRESENTATION

COMPETENT

The multimedia presentation, with notes, summarizing the status of TechFite’s legal compliance for
its senior management is clear and complete.

D:APA SOURCES

COMPETENT

The submission includes in-text citations for sources that are properly quoted, paraphrased, or
summarized and a reference list that accurately identifies the author, date, title, and source location
as available. Or the candidate does not use sources.

E:PROFESSIONAL COMMUNICATION

COMPETENT

Content reflects attention to detail, is organized, and focuses on the main ideas as prescribed in the
task or chosen by the candidate. Terminology is pertinent, is used correctly, and effectively conveys
the intended meaning. Mechanics, usage, and grammar promote accurate interpretation and
understanding.

RUBRIC

A1:DISCUSSION OF ETHICAL GUIDELINES OR STANDARDS

COMPETENT

The discussion logically addresses the ethical guidelines or standards relating to information security
that should apply to the case study.
A1A:JUSTIFICATION OF STANDARDS OR GUIDELINES

COMPETENT

The justification logically addresses the reasoning of the ethical considerations or guidelines, and the
examples of relevant ethical guidelines used by other organizations are logical and clear.

A2:DESCRIPTION OF UNETHICAL BEHAVIORS

COMPETENT

The identification of the unethical behavior of individuals or groups is accurate.

A3:FACTORS

COMPETENT

The discussion of the factors at TechFite that led to lax ethical behavior is clear and logical.

B1:INFORMATION SECURITY POLICIES

COMPETENT

The description contains 2 information security policies, specific to the case study that may have
minimized the criminal activity, negligent acts, and threats to intellectual property.

B2:SATE KEY COMPONENTS

COMPETENT

The description of key components of a SATE program that could be implemented at TechFite is
relevant and applicable to the case study.

B2A:SATE COMMUNICATION

COMPETENT

The explanation of how the SATE program will be communicated to TechFite employees is logical.

B2B:SATE RELEVANCE

COMPETENT

The justification of the SATE program’s relevance to mitigating the undesirable behaviors at TechFite
is logical.

C:CHALLENGES AND STRATEGIES PRESENTATION

COMPETENT

A multimedia presentation, with notes, summarizing the status of TechFite’s ethical challenges and
the related mitigation strategies for its senior management is clear and complete.

D:APA SOURCES

COMPETENT
The submission includes in-text citations for sources that are properly quoted, paraphrased, or
summarized and a reference list that accurately identifies the author, date, title, and source location
as available. Or the candidate does not use sources.

E:PROFESSIONAL COMMUNICATION

COMPETENT

Content reflects attention to detail, is organized, and focuses on the main ideas as prescribed in the
task or chosen by the candidate. Terminology is pertinent, is used correctly, and effectively conveys
the intended meaning. Mechanics, usage, and grammar promote accurate interpretation and
understanding.