1
TechFite Computer Fraud and Abuse
Student Name
Course
Professor
Institution
Date
2
A.
1. Explain how the computer fraud and abuse act and the electronic communications
privacy act each specifically relate to the criminal activity described in the case
study.
a) a) CFAA criminalizes access to a computer without proper authorization from any
person or an entity that provides the computer service. These unauthorized user
account creation and usage by the Applications Division at TechFite to gain access to
sensitive information appear to clearly violate provisions of CFAA.
b) ECPA: This legislates against unauthorized access to electronic communications.
The very fact that the BI Unit could intercept or get into unauthorized access to
communications, such as emails
2. Explain how 3 laws and regulations or legal cases apply in justification of legal
action based upon negligence in the case study.
a) SOX (Sarbanes-Oxley Act) demands books and records be accurate, along with
adequate internal controls. Manipulation by TechFite through dummy clients may
indicate poor financial governance.
b) GLBA (Gramm-Leach Bliley Act): non-segregation of customer data can be
considered negligence regarding client proprietary information;
c) FTC Act: There is a possibility of misrepresentation of services, and improper
handling of client data definitely will be a cause that can be taken under the
statute of the FTC Act.
3. Discuss 2 instances in which duty of due care was lacking.
3
a) Segregation of client information: lack of good mechanisms to protect and
separate client data leads to an increase in risk of data misuse, and that reflects a
clear failure of due care.
b) Internal oversight: TechFite failed to audit accounts of users and put data
protection measures to safeguard the information, that shows lack of due care in
information safeguarding.
4. Describe how the Sarbanes-Oxley Act applies to the case study.
SOX requires an organization to set tight internal controls against fraud and
also give assurance of validity on financial reporting. Lack of proper controls, including
adding fictitious clients, implies non-compliance with SOX and can pose legal
consequences to TechFite. (SOX,2002)
B.
1. Explain how evidence in the case study supports claims of alleged criminal
activity in TechFite.
a) Identify who committed the alleged criminal acts and who were the victims.
Defendant: Carl Jaspers, Application Division head; BI Unit employees.
Victims: Among the victims are Orange Leaf Software LLC and Union City Electronic
Ventures, whose proprietary information was stolen and misused.
b) Explain how existing cyber security policies and procedures failed to prevent the
alleged criminal activity.
4
Lack of controls on user account auditing and DLP existed in the policies. The
fact that specific discussions were lacking on privilege escalation and monitoring of the
internal network led to undetected unauthorized access and data breaches (CFAA and
ECPA violations).
2. Explain how evidence in the case study supports claims of alleged acts of
negligence in techfite.
a) Identify who was negligent and who were the victims.
Negligent Parties: The senior management of TechFite is negligent and the IT Security
team. Jaspers allowed improper access, while the IT security team, was unable to audit
accounts or monitor internal activities effectively.
Victims: Victims would be the impacted organizations like Orange Leaf Software LLC
and TechFite, themselves facing risks of reputation and legal risks.
b) Explain how existing cybersecurity policies and procedures failed to prevent the
negligent practices.
Internal controls were not established as required, including auditing and
segregation of duties. The negligence in the enforcement of the principle of least
privilege added to the negligent practices. This has led to unauthorized access and misuse
of sensitive information, which would not have occurred had appropriate cybersecurity
been practiced according to the SOX and GLBA principles.
5
C. Prepare a summary directed to senior management that states the status of
TechFite’s legal compliance.
There are serious legal compliance issues going on presently within TechFite,
particularly in the Applications Division. Since the unauthorized access, misuse of
proprietary client information, and probable manipulation of financial records depict
serious violations of federal laws like CFAA and SOX, this involvement of the division
becomes an issue. This calls for immediate attention to bridge the existing gaps in
compliance with a greater grip on internal controls and legal and ethical practice in all the
divisions.
6
References
Electronic Communications Privacy Act, p 2510-2523
Sarbanes-Oxley Act, 2002 Pub. 107-204
Computer Fraud and Abuse Act, p 1030
Gramm-Leach Bliley Act, Pub 102-106
0
