ABC Healthcare is a startup company with 50 employees. The company’s computer network is shown in Figure 1 below. The healthcare data server contains the company's records, including copies of patient health records with personally identifiable data, patient billing, company financials, and forms.
You have been hired as the IT network security officer, reporting directly to the chief information officer (CIO). Currently, there is a network administrator who has very limited experience and worked as a desktop technician prior to joining ABC. This network administrator helped set up the existing network. In addition, ABC plans to hire a desktop technician and a website developer/programmer who will report directly to the CIO.
There are no policies or guidelines for employees’ usage of the computers and network. Network setup was done by various vendors, and all of the programs use default usernames and passwords. Wireless access has been set up for staff using wireless laptops. The same wireless access point also provides clients access to the internet. Some staff members bring in their own computers and connect them to the network. Employees use the work systems for personal web browsing and to check personal email accounts.
As part of network security, management set up a video monitoring system throughout the office. Employees are not notified of any monitoring.
There is a copier/printer in the front office that is used by employees. Currently, all unused copies are left next to the copier for recycling.
The administration office room uses an open cubicle structure for its staff. Figure 2 depicts the cubicles and seating of its staff. Staff members sometimes complain that they can hear each other during the work day.
Create a comprehensive risk analysis narrative in which you assess ABC Healthcare’s information systems for ethics violations and cyberlaw compliance, and research the framework for creating an acceptable use-of-technology policy and code of ethics.
Next, using PowerPoint, Google Presentation, or Prezi, create a presentation in which you recommend appropriate strategies for remediating the instances of ethics violations and cyberlaw noncompliance you identified in your risk analysis. Propose an organizational code of ethics related to information technology that prevents future violations and noncompliance, and propose an acceptable use-of-technology policy that addresses non-adherence.
Specifically, the following critical elements must be addressed:
Risk Analysis Paper
1. Describe the information technology structure of the organization in the given scenario.
2. Identify specific cyberlaws and ethics regulations that pertain to the organization and its computing operations in the scenario.
3. Organizational ethics violations
i. Classify unethical behaviors with respect to whether they are personal or professional in nature, being sure to support your position with specific examples.
ii. Assess the impact of the unethical behaviors on IT and computing within the organization.
4. Cyberlaw noncompliance
i. Identify instances of cyberlaw noncompliance, being sure to cite the specific regulation(s) being violated.
ii. Assess the impact of the noncompliance on IT and computing within the organization.
5. Acceptable use-of-technology policies research
i. Compare and contrast acceptable use-of-technology policies from various organizations. You can find suggested organizations below or use policies of your own choosing.
ii. Select aspects of the acceptable use-of-technology policies you have researched that you feel could be adapted to meet the needs of the organization, and explain how you would adapt them.
6. Codes of ethics research
i. Compare and contrast IT-specific codes of ethics from various organizations. You can find suggested organizations below or use codes of ethics of your own choosing.
ii. Select aspects of the codes of ethics you have researched that you feel could be adapted to meet the needs of the organization, and explain how you would adapt them.