C841 [IHP4] Task 1

QUACHELL PEELE
STUDENT ID
 CFAA

the computer fraud and abuse act disallows access to systems

without authorization and modification of destruction, disclosure of
computer or information

ECPA

Electronic Communications Privacy Act of 1986 (ECPA), this act

A1. CFAA prohibits any recording or disclosing any oral or electronic

communications without obtaining consent from both parties

AND 1. The investigation the case study revealed that the was an
unusual request for a dummy accounts not created through

ECPA
the proper channels. in addition to these accounts regularly
accessed data that would be deemed confidential in nature
from legal HR and the finance department.

2. Techfite also used company computers for penetration

rtesting and scanning on other companies . A tool called
Metasploit was used to perform this which is mostly used
to find and exploit weak systems and infect them with
malware. This practice defies ecpa
1. CFAA: Computer Fraud and Abuse Act (CFAA) 18 U.S.C.
§ 1030 section (a)(4) dictates Accessing a protected
computer with an intent to defraud as a criminal activity .
The Business units use of fictious credentials that were
used to access

2.
A2.
ECPA: it is an offense to intentionally access without
authorization a location that a electronic communication
are used. The BI unit, Sarah Miller and team in particular
violated this when they used the Metasploit tool to
illegally scan and penetrate electronic devices they THREE
LAWS
regularly could not access.

3. SOX: The e Sarbanes-Oxley Act of 2002 is intended to protect

investors from fraudulent reporting from corporations. In the case
study there was some decencies regarding three accounts that seem
to be a way to rearrange one and make it seem as If the sales are
higher than they are. The business have no internet Prescence and
are all registered in the same state and use the same bank. This
adds to the conclusion that they are padding their books
A3. DUTY OF DUE CARE

1. The first thing that I noticed Is that there is a lack of policies protecting internal
business information and that of potential clients from any kind of unauthorized
activity. This leads to data leaks and security breaches. In creating this policy
alone we can build a Chinese wall up that will keep information, this is evident
when two potential clients report that after sign-in NDA’s and answering
questionnaires their competitors seemed to obtain proprietary information
2. Another policy that should be implemented is that the principle of least
privilege. There is no checks and balances. There are dummy accounts
accessing legal, financial and hr accounts regularly. If this policy was in place
then maybe those accounts would be roaming freely. Also orange leaf and union
city may not have had their information in the arms of their competitors
 A4. SOX

 Under SOX section 704 Techvite is in violation for falsifying the sales.
The three false account all seem to point to the friend of Carl Jasper.
These business don’t appear to actually exist
D. REFERENCES/SOURCES

Sources
Computer Fraud and Abuse Act (CFAA) , Ucertify, 2018, wgu.ucertify.com/?
func=ebook&text=ecpa&chapter_no=13#03bDj .
Jarrett, H. Marshall. Prosecuting Computer Crimes, Office of Legal Education Executive Office for
United States Attorneys, 2008, www.justice.gov/sites/default/files/criminalccips/legacy/2015/01/14/
ccmanual.pdf.
United States Department of Justice. (2018, Mar 1). Unlawful Access to Stored Communications.
Retrieved from Offices of the United States Attorneys: https://www.justice.gov/usam/criminalresource-
manual-1061-unlawful-access-stored-communications-18-usc-2701 F
Federal Cybersecurity and Data Privacy Laws Directory. (n.d.). Retrieved April 20 2022, from
https://www.itgovernanceusa.com/federal-cybersecurity-and-privacy-laws Sarbanes-Oxley Act of 2002,
Pub. L. No. 107-204, § 101. (2002). Retrieved from