See Attached.
CYB 260 Project One Milestone Guidelines and Rubric Analysis of Privacy Laws and Business Implications CYB 260 Project One Milestone Guidelines and Rubric Analysis of Privacy Laws and Business Implications Overview In Project One, you will take on the role of a stakeholder in a business on the forefront of a privacy issue. In that project, you will articulate a point of view that reflects your professional stance on privacy, the laws and regulations relevant to the issue, and the business implications of your recommendation. For this milestone, you will begin to investigate two of the key facets that will factor into your position: regulations and business implications. Scenario Your instructor will provide a scenario. This scenario will contain the following information: Background about an organization, including draft versions of the organization’s privacy statement General market analysis The specific proposal being addressed in the projects for this course Based on this information, you will contrast requirements driven by internal policy with those governed by external, legal regulations. Additionally, you will be assessing how ethics and business goals influence the approach to privacy. Prompt To complete this assignment, first download the Project One Milestone Template from the Project One Milestone assignment in Module Three of your course. In the template, complete the requirements table for Section I, and answer the short-response questions for Section II. Specifically, you must address the critical elements listed below. I. Analysis of Requirements The documentation included with the scenario contains a draft version of the organization’s privacy statement based on fair information practice principles. Complete the requirements table in the template by selecting three of the principles addressed in the privacy statement. (Note that in Project One, you may elect to discuss additional or alternative principles and privacy laws than those you select for this assignment.) For each selected principle, address the following: A. Explain how at least one privacy law is associated with the principle. B. Evaluate the level of compliance with the applicable privacy law or laws. Explain how the organization’s approach to the principle meets, exceeds, or does not meet the requirements set forth in the law or laws. 1 C. Describe at least one safeguard that should be in place to ensure compliance with the principle or law. II. Business Implications The scenario includes background information on the organization and general market analysis related to the proposal. As you are an executive-level employee, there is an expectation that your advice to leadership will be guided by the company’s mission statement and values, the profitability and market success of its products, and your expertise in your field. In Project One, your recommendation will need to balance all of these factors; however, for this assignment, you will focus only on the business aspects. A. Discuss the role of ethics as a business driver in this decision. How do the organizational values (as an ethical stance) align to the decision? What responsibility does the organization have pertaining to privacy? B. Discuss how your personal ethical stance aligns to the decision. How did you apply an ethical framework or decision strategy to inform your position? C. What would you recommend the company do? Describe how you came to this decision. How did you balance differences between the organizational ethics and your own personal ethics? Rubric Guidelines for Submission: Submit your completed Project One Milestone Template. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_100_Project_One_Neo_Anderson.docx. Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (65%) Not Evident (0%) Value Privacy Law Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Explains how at least one privacy law is associated with each of the three principles selected Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail, or does not address three selected principles Does not address critical element, or response is irrelevant 15 Level of Compliance Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Evaluates the level of compliance with the applicable law or laws for each of the three principles and explains how the organization’s approach meets, exceeds, or does not meet the requirements Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail, or does not address three selected principles Does not address critical element, or response is irrelevant 15 2 Critical Elements Exemplary (100%) Proficient (85%) Needs Improvement (65%) Not Evident (0%) Value Safeguards Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes at least one safeguard for each principle that should be in place to ensure compliance with each principle or law Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail, or does not address three selected principles Does not address critical element, or response is irrelevant 15 Ethics as a Business Driver Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Discusses the role of ethics as a business driver in the decision, including how the organizational values align to the decision and the responsibility of the organization pertaining to privacy Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15 Personal Ethical Stance Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Discusses how a personal ethical stance aligns to the decision and how an ethical framework or decision strategy informed the position Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15 Recommendations Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner Describes how the decision was reached for making recommendations and how differences between the organizational ethics and personal ethics were balanced Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail Does not address critical element, or response is irrelevant 15 Articulation of Response Submission is free of errors related to citations, grammar, spelling, and organization and is presented in a professional and easy-to-read format Submission has no major errors related to citations, grammar, spelling, or organization Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas 10 Total 100% 3 CYB 260 Project One Milestone Guidelines and Rubric Analysis of Privacy Laws and Business Implications Overview Scenario Prompt Rubric CYB 260 Project One Scenario One Fit-vantage Technologies is a quickly growing competitor in the personal fitness-tracking industry. As the company gets closer to launching its newest device, the Flame watch, the Fit-vantage executives have been approached by Helios Health Insurance Inc. to form a partnership. This partnership proposes a program allowing Helios subscribers to purchase a Fit-vantage Flame at a discount in exchange for access to the anonymous data collected from participating customers. An internal stakeholder board has been formed to determine whether the partnership is in the best interest of Fit-vantage. Discussions at the stakeholder meetings have raised the following questions for consideration: What are the concerns around the privacy of customer data, including the data of Helios subscribers and Flame owners who are not part of the Helios program? As health insurance companies are considered covered entities under HIPAA, what new legal compliance requirements does this partnership require? How profitable will this partnership be? What is the likely effect on the company’s value to stockholders? What effects will this partnership have on the current customer base? How would this partnership align with Fit-vantage’s mission and core values? In this scenario, you will assume the role of an executive-level security consultant with the primary responsibility of advising senior management in cybersecurity matters