Information Security Project

Essay Instructions:

For the purposes of this project, imagine you are an Information Security (InfoSec) Specialist, an employee of the Makestuff Company, assigned to the company’s Incident Response Team.

In this case, you have been notified by Mr. Hirum Andfirum, Human Resources Director for the Makestuff Company, that the company has just terminated Mr. Got Yourprop, a former engineer in the company’s New Products Division, for cause. Mr. Andfirum tells you that at Mr. Yourprop’s exit interview earlier that day, the terminated employee made several statements to the effect of “it is okay because I have a new job already and they were VERY happy to have me come from Makestuff, with ALL I have to offer.” Mr. Yourprop’s statements made Mr. Andfirum fear he might be taking Makestuff’s intellectual property with him to his new employer (undoubtedly a Makestuff competitor). In particular, Mr. Andfirum is worried about the loss of the source code for “Product X,” which the company is counting on to earn millions in revenue over the next three years. Mr. Andfirum provides you a copy of the source code to use in your investigation. Lastly, Mr. Andfirum tells you to remember that the Company wants to retain the option to refer the investigation to law enforcement in the future, so anything you do should be with thought about later potential admissibility in court.

The 4th Amendment to the U.S. Constitution reads, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” While the 4th Amendment is most commonly interpreted to only affect/restrict governmental power (e.g., law enforcement), the fact that a formal criminal investigation is a possibility (and the Company has no desire to be named in a civil lawsuit) means you must consider its effect your actions.

With the above scenario in mind, thoroughly answer the following questions (in paragraph format, properly citing outside research, where appropriate).

1. Can you (or Mr. Yourprop’s supervisor) search Yourprop’s personal vehicle currently parked in the Company parking lot for digital evidence? Support your answer.

2. If evidence of this theft of intellectual property can be found, Makestuff Company may seek to pursue criminal prosecution. Can Mr. Yourprop’s supervisor direct local police investigators to search his personal vehicle which is parked on the Company parking lot? Support your answer.

3. Can (or Mr. Yourprop’s supervisor) search Yourprop’s assigned locker in the Company’s on-site gym for digital evidence? Support your answer.

4. Can (or Mr. Yourprop’s supervisor) use a master key to search Yourprop’s locked desk after he has left the premises for digital evidence? Support your answer.

5. There is a page in the Company’s “Employee Handbook” that states that anything brought onto the Company’s property, including the employees themselves, is subject to random search for items belonging to the Company. There is a space for the employee to acknowledge receipt of this notice. Mr. Yourprop has a copy of the handbook but never signed the page. Does that matter? Explain.

6. Makestuff Company uses a security checkpoint at the entrance to the building. A sign adjacent to the checkpoint states that the purpose of the checkpoint is for security staff to check for weapons or other materials that may be detrimental to the working environment or employee safety. Screening is casual and usually consists of verification of an employee’s Company ID card. Can security staff at this checkpoint be directed to open Mr. Yourprop’s briefcase and seize any potential digital evidence? Support your answer.

Project Requirements:

Each questions should be answered with a minimum of 1-2 paragraphs, so do your research, be specific, be detailed, and demonstrate your knowledge;

Answers to the above questions should be submitted in a single document (.DOC/.DOCX, .RTF, or .PDF), with answers separated so as to make it clear which question is being answered;

The submission should have a cover page, including course number, course title, title of paper, student’s name, date of submission;

Essay Sample Content Preview:

Course Number
Course Title
Title of Paper
Student Name
Date of submission
Question 1
First, surveillance into person’s privacy is unethical. It is so since some personal information might not relate to the company in any way. Alternatively, working in a corporation does not transform anyone into either "marionette" for manipulation or a "servant" (Treviño & Nelson, 2004). However, this case is sensitive since the company may lose the anticipated profits from ignorance. As information security officer, you remain cautious on your duties to prevent the incidences of security incapacities to be associated with your department. The management counts on you in most security matters. Therefore, I would fill obliged to search Yourprop’s personal vehicle in the name of the line of duty.Question 2 Given that the company’s information security has inner understanding on legal matters, it would be prudent if Mr.Yourprop supervisor considers approaching local police investigators this means he would follow the right procedures and hence protect the company from unnecessary legal tussles. The security team and the local police investigators might find evidence of the actual elements to prosecute Mr. Yourprop; therefore it would be wise to direct local police investigators to search his personal vehicle.
Question 3 A security expert cannot let thing lying down. Meaning, if there were no evidence in his personal car, it could be found in h...
