Due Feb 01, 2017 at 3:00pm eastern time

Due WED February 1, 2017 3:00pm eastern time. Must be authentic.  

At least 200 words for each question and two APA academy sources for each questions. Make sure you provide ideas are nearly always important and provide one or more major insights as well as providing a fruitful direction for the lesson. Arguments are well substantiated and persuasively presented. USE YOUR OWN WORDS

Haven’t Found The Relevant Content? Hire a Subject Expert to Help You With
Due Feb 01, 2017 at 3:00pm eastern time
Post Your Own Question And Get A Custom Answer
Hire Writer

Notes Question 1

OERs (Required Readings)

·         Hazard, Jr. J.C. (1995). Yale Law School.  Law, Morals, and Ethics. Retrieved from: http://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?article=3322&context=fss_papers. 

·         Merriam-Webster.  (n.d.). Ethic.  Retrieved from:  http://         Merriam-Webster. (n.d.). Moral.  Retrieved from:  http://         Merriam-Webster. (n.d.). Law. Retrieved from: http:// 

·         SAGE Knowledge. (n.d.).  Cyberlaw.  Retrieved from:  http://sk.sagepub.com.ezproxy.umuc.edu/reference/nationalsecurity/n147.xml

·         Bureau of International Information Programs. United States Department of State. (2004).  Outline of the U.S. Legal System.  Retrieved from: http://         American Bar Association (n.d.). Jurisdiction in Cyberspace. Retrieved from: http://corporate.findlaw.com/law-library/jurisdiction-in-cyberspace.html. 

·         Wikipedia (n.d.).  Personal jurisdiction in Internet cases in the United States. Retrieved from: https://en.wikipedia.org/wiki/Personal_jurisdiction_in_Internet_cases_in_the_United_States. 

 OERs (Recommended Readings)

·         Encyclopedia of Bioethics. 3rd Edition. Solomon. Normative Ethical Theories. https://learn.umuc.edu/content/enforced/190519-M_013959-01-2168/Session%201/Week1%20Solomon.pdf?_&d2lSessionVal=8kxXJAVlNpYCMxBRYPS8Sxgdo&ou=190519. 

·         Encyclopedia of Bioethics. 3rd Edition. Slote. Ethics. Retrieved from: https://learn.umuc.edu/content/enforced/190519-M_013959-01-2168/Session%201/Week1%20Slote.pdf?_&d2lSessionVal=8kxXJAVlNpYCMxBRYPS8Sxgdo&ou=190519.  

1.Based upon your own life experiences and the assigned readings for this week, do you think the views on ethics and morality are separate and independent of each other? Also, in your opinion, what is the relationship between ethics and the law?  Provide examples or cases in cyberspace that illustrates the relationship between laws, ethics, and morals.

Notes for question 2

Since this security governance was outlined as part of the NIST Security Handbook in 2006, NIST has been putting a lot of emphasis on risk management (risk analysis) as the driving force in the planning and implementing security controls. Risk analysis weighs the benefits of controls against their costs to justify the controls. Risk analysis precedes implementation of any security control.  Risk analysis is a top-down approach that is driven by business needs.

Not surprisingly,  then, another key aspect of information security governance in the two latest security guidance document is risk management. See Internet 2 Information Security Governance; 2014 and IT Governance Institute; 2006. 

Many of you should be familiar with risk analysis. In INFA 610, we explored   NIST Risk Analysis methodology in great detail (NIST_RMF; 2014). Feel free to refresh your memory on the subject.

We want to stress a key aspect of governance is compliance to all applicable laws and regulations. often, these laws and regulations are applicable to specific business sectors. These business sectors include healthcare, where HIPAA is the governing standard, financial institutions, where Gramm-Leach-Bliley Act is an important consumer privacy protection act, and providers of education, where FERPA  is the governing standard. This document from DHS provides a summary of privacy and security laws and regulations: Privacy & Security; 2010.   

(Chief) Information Security Officer (ISO)

All the three documents on Information Security Governance(Information Security Handbook; 2006,  IT Governance Institute & Internet 2; 2014) define various important roles including the role of (Chief) Information Security Officer who is day-to-day officer in  charge of security of an enterprise. A (C)ISO is a C-level officer of an enterprise and has a dotted or direct reporting relationship with the board.

The (C)ISO performs information security duties as her primary duty.

The (C)ISO’s responsibilities include:

·         Development and enforcement of security policies and procedures

·         Risk management

·         Putting in place security awareness and training programs

·         Incident management and forensics

·         Business continuity

·         Disaster recovery

·         Assessing the effectiveness of the information security program, including progress of remedial actions

The CERT division of CMU’s SEI has more formally described the office of the CISO in Allen; 2015. The figure below reproduced from this document nicely summarizes the key functions of the CISO’s organization:

In addition to these functions specified, this document provides a structure of the CISO organization. Keep in mind the positions and the sub-organizations suggested can be virtual to fit your organization size and budget.

Policies

A key component of governance is policies.Policies are the primary instrument by management  to effect desired behavior with respect to information and information systems in an enterprise.   Security policies focus primarily on human behavior to create an environment to minimize the security risks associated with using information systems. Policy is the most important non-technology component of computer security providing the basis for all security. Policy defines the who, what, where, and when of security, including processes and procedures. Typically, policies are negotiated between the people knowledgeable in security and the business unit owners. Good policies build on specific business objectives; they support sound business practice and mitigate risk.

NIST defines three types of security policies (NIST SP 800-14; 1996):

·         Program: to set organizational strategic directions

·         Issue-Specific: to address specific areas such as Bring Your Own Device to Work (BYOD)

·         System Specific

The first one, at the level of Program or Enterprise is more often known as “the Policy.” It is a high-level senior management statement of purpose and intent of the security posture of an enterprise. It establishes a framework to see that computer security needs of the enterprise are met and continue to be met. It is to inform all relevant parties of the organization security objectives and the overall process to achieve them.  It is a “What” document and not a “How” document. It should answer the basic question,: “Who should access what resources?” The policy should also address who is ultimately responsible for the security of the enterprise. The information security policy is the foundation upon which all protection (hardware, software, physical) efforts are built. 

Cisco has a similar taxonomy for Policy as that of NIST, but not the same (CISCO: Policy): 

·         Governing or Comprehensive: It is a high-level what document. defines the who, what, where, and when of security, including processes and procedures. It is issued by senior management such as CISO.  

·         Technical: Technology-component (e.g., operating system, firewall) and issue-specific (BYOD); policies on password, risk assessment, external-facing web server, email, instance messaging are other examples here.

·         End-User: everything an end-user should know about, what they had to comply with and implement, and what the results of noncompliance are.

The best way to learn how to write a policy at different levels is to go through a few examples:

·         Governing/Comprehensive Security Policy: High level Information System Security Policy; 2014

·         Acceptable Use Policy: SANS AUP; 2006 & ePolicyAUP; 2005

·         Technical: Secure communications policies, for example the use of email and instant messaging. ePolicyCommPolicy; 2005

2.What is the purpose of an AUP policy? What is the purpose of a comprehensive policy? What is the purpose of detailed policies on specific technologies and systems.  How are these types of policies different? Please explain your answer and support your position with examples and reliable sources.

Notes for question 3

·         Warren and Brandeis. (1890). The Right to Privacy.  Retrieved from:  https://learn.umuc.edu/content/enforced/190519-M_013959-01-2168/Session%203/Warren%20and%20Brandeis_The%20Right%20to%20Privacy.pdf?_&d2lSessionVal=LDP2imSs3UtKWHJtNkvxFusZ3&ou=190519

·         U.S. Department of Health, Education & Welfare.  (1973).  Records, Computers and the Rights of Citizens.  Retrieved from:  https://         U.S. National Archives and Records Administration.  (n.d.).  The Privacy Act of 1974.  Retrieved from:  http://         U.S. Government.  (2010).  National Strategy for Trusted Identities in Cyberspace.  Retrieved from: https://         Solove, D.J.  (2006).  A Taxonomy of Privacy.  Retrieved from: https://         Federal Trade Commission.  (2014).  Data Brokers-A Call for Transparency and Accountability.  Retrieved from: https://         Privacy Rights Clearinghouse.  (n.d.).  Fact Sheet 7:  Workplace Privacy and Employee Monitoring.  Retrieved from:  https://         TRUSTe. (2004).  Your Online Privacy Policy.  Retrieved from: https://learn.umuc.edu/content/enforced/190519-M_013959-01-2168/Session%203/Truste_WriteAGreatPrivacyPolicy.pdf?_&d2lSessionVal=LDP2imSs3UtKWHJtNkvxFusZ3&ou=190519.

·         The Federal Trade Commission (FTC). (n.d.).  How to Comply with the Children’s Online Privacy Protection Rule.  Retrieved from:https://learn.umuc.edu/content/enforced/190519-M_013959-01-2168/Session%203/FTC%20How%20to%20comply%20coppa.pdf?_&d2lSessionVal=LDP2imSs3UtKWHJtNkvxFusZ3&ou=190519.

·         Federal Trade Commission (FTC). (n.d.).  Privacy and Security.  Retrieved from:  https://         Privacy Rights Clearing House.(Revised April 2016). Fact Sheet 7: Workplace Privacy and Employee Monitoring. Retrieved from: https://  

OERs (Recommended Readings)

·         MIT.  (2005). Personal Information on the Web.  Retrieved from:http://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-805-ethics-and-the-law-on-the-electronic-frontier-fall-2005/lecture-notes/6805_lec9.pdf

·         Computer Weekly. (2015). DON’T WAIT FOR REGULATION TO PRACTISE DATA ETHICS.  Retrieved from:  http://eds.b.ebscohost.com.ezproxy.umuc.edu/eds/detail/detail?sid=e122f22f-45fb-44b3-9084-bdb4df0b9267%40sessionmgr103&vid=0&hid=112&bdata=JnNpdGU9ZWRzLWxpdmUmc2NvcGU9c2l0ZQ%3d%3d#AN=109512801&db=f5h

·         Communications of the ACM. (2015). Respecting People and Respecting Privacy. Retrieved from:  http://eds.b.ebscohost.com.ezproxy.umuc.edu/eds/detail/detail?sid=3092d3ee-5bdd-4a32-a371-03b5cc8a2935%40sessionmgr105&vid=0&hid=112&bdata=JnNpdGU9ZWRzLWxpdmUmc2NvcGU9c2l0ZQ%3d%3d#AN=103432034&db=iih

·         Online Searcher. (2015). BIG DATA AND ANALYTICS.  Retrieved from:  http://eds.b.ebscohost.com.ezproxy.umuc.edu/eds/detail/detail?sid=de14528a-efe8-4f1d-834a-f1eee72837a4%40sessionmgr104&vid=0&hid=112&bdata=JnNpdGU9ZWRzLWxpdmUmc2NvcGU9c2l0ZQ%3d%3d#AN=110916050&db=f5h

·         Ghanavati, S. (n.d.).  A Requirements Management Framework for Privacy Compliance.  Retrieved from:  http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.218.5596&rep=rep1&type=pdf.

Session Notes

Before we can truly explore the relationship between security and privacy, we need to define terms.  The CIA triad (confidentiality, integrity, availability) provides a foundation for understanding security.  But, what is the definition of privacy?  Does the U.S. Constitution offer some basics?   Privacy is not a right explicitly protected by or mentioned in the Constitution.  Perhaps history can offer some clues.

In 1890, two lawyers wrote an article entitled, The Right to Privacy  (The Right to Privacy, 1890).   Louis Brandeis, one of the authors, later served as a Supreme Court Justice.  The article grew from the intrusion of new technology on the privacy of individuals.  In this instance, the new technology was the portable camera that made candid photographs possible.  Such cameras permitted photographers to intrude on capture “private” moments like a daughter’s wedding.

Many years later, fear of another new technology led to key privacy milestone and improved insights.  In the early 1970s, the American public began to fear a future where digital data collection and processing in regional data centers could provide the government too much information about people.  This fear led to the production of the Records Computers and the Rights of Citizens Report; 1973 produced for the then Department of Health, Education and Welfare (HEW) in July 1973.  This HEW report identified the Fair Information Privacy Principles that have guided privacy law in the U.S. and many other nations.  Most recently, the Department of Homeland Security (DHS)  and the Federal Trade Commission (FTC) have endorsed the further developed Fair Information Privacy Practices, generally as follows:

·         Transparency

·         Individual Participation

·         Purpose Specification

·         Data Minimization

·         Use Limitation

·         Data Quality and Integrity

·         Security

·         Accountability and Auditing.

From the Privacy Act of 1974 to the National Strategy for Trusted Identities in Cyberspace, these principles provide goals for both government and commercial entities processing personal information.

But, it is not just the collection of personal information that creates problems.  Daniel Solove; 2006 has identified four types of activities that threaten privacy:

·         Information Collection

·         Information Processing

·         Information Dissemination

·         Invasion, including intrusion and decisional interference.

Technology seems to highlight our imprecise understanding of privacy.  So how do we distinguish between privacy and security.  Some believe the terms are interchangeable.   Not so. Technologies and processes (e.g., encryption, check sum, authorization approval) to achieve confidentiality and integrity of the CIA triad can provide the basis for ensuring privacy.  However, what information is private is not the purview of security.

It is important to start with the consumer’s privacy concerns.  Online consumers have many privacy concerns, including;

·         What information is collected about the individual?

·         How collected information is used and for what purpose.

·         How collected information is secured, shared, rented, sold, or otherwise disseminated.

Many privacy concerns stem from uncertainty over what’s going on behind the scenes and the lack of published information about data collection and sharing practices.  The FTC has been the government agent for protecting the privacy of individuals since the 1970s and the enactment of the Fair Credit Reporting Act (FCRA).  One of the key tools used by the FTC is the enforcement of company privacy policies.   Such published policies are agreements between the institution and its consumers. The United States does not have a comprehensive privacy approach like European and some other nations.  Instead Congress has addressed privacy needs in key functional areas.  In addition to the FCRA, two key laws are the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Gramm-Leach-Bliley Act (GLBA) that deal with health care and financial information, respectively. Congress also passed the Family Educational Rights and Privacy Act of 1974.   Another more recent, important law is the Children’s Online Privacy Protection Act (COPPA) of 1998. 

An industry that has thrived in the U.S. and has challenged privacy protections is the collection, merger and sharing/resale of consumer information. Data brokers have emerged to manage and exploit the availability of such information valuable to advertisers, recruiters, law enforcement  and a variety of entities.  Despite a number of critical studies and reports, Congress has not yet enacted legislation to restrict this growing industry and the threats it poses. The FTC has published guidelines for both eBusinesses and consumers. ( Privacy and Security; 2014 )  TRUST.e provides a good template and set of instructions for eBusinesses to follow in developing a privacy policy.  ( TRUSTe; 2004 )

How about privacy rights as an employee? Whether you work in a commercial or government setting, a general rule applies within the workplace: employees should have no expectation of privacy with respect to their communications or activities while using employer resources. This often causes discomfort, because there is a culturally derived, almost instinctive perception (at least in the United States and other democratic societies) that all individuals have a right to privacy. But, it is important for security professionals to be aware that employers have the right (and in some cases the obligation) to protect any information stored, transmitted, or communicated within the employer’s environment. This is the basis for the increasingly common practice of monitoring (or at least explicitly stating the right to monitor) email, network traffic, voice, wireless, and other communications. See the OER entitled, “Fact Sheet 7: Workplace Privacy and Employee Monitoring” for more details. ( Fact Sheet 7; 2016 )

Review Questions

3. Identify and read the privacy policy/agreement of one company with which you deal.  Discuss items that surprised you and items that relate to the content of this lesson (specifically at Truste (link for the site).)  Also explore how this agreement impacts information security in the organization.

Note for question 4

Objectives

·         Explain copyright law.

·         Explain trademark law.

·         Explain patent law.

·         Explain trade secret law.

·         Explain why these IP Rights Laws, especially Copyright Laws, are being revisited in view of the Internet and eCommerce.

OERs (Required Readings)

·         Electronic Frontier Foundation. (n.d.)Fair Use and Intellectual Property: Defending the Balance.  Retrieved from:  https://         Cohen, J. (2009). Encyclopedia of Management.  Intellectual Property Rights.  Retrieved from: http://go.galegroup.com.ezproxy.umuc.edu/ps/retrieve.do?sort=RELEVANCE&inPS=true&prodId=GVRL&userGroupName=umd_umuc&tabID=T003&searchId=R2&resultListType=RESULT_LIST&contentSegment=&searchType=BasicSearchForm&currentPosition=3&contentSet=GALE|CX3273100134&&docId=GALE|CX3273100134&docType=GALE.

·         Baker, D.J. (2003).  Gale.  Intellectual Property Online.  Retrieved from:  http://go.galegroup.com.ezproxy.umuc.edu/ps/retrieve.do?sort=RELEVANCE&inPS=true&prodId=GVRL&userGroupName=umd_umuc&tabID=T003&searchId=R1&resultListType=RESULT_LIST&contentSegment=&searchType=BasicSearchForm&currentPosition=4&contentSet=GALE|CX3405000048&docId=GALE|CX3405000048&docType=GALE&authCount=1&u=umd_umuc.

·         Ames, A.C. (2016). Salem Press Encyclopedia. Intellectual property rights overview.  Retrieved from:  http://eds.a.ebscohost.com.ezproxy.umuc.edu/eds/detail/detail?sid=a46d7535-4b4b-4e0c-80ac-2006637d76a8%40sessionmgr4008&vid=0&hid=4108&bdata=JnNpdGU9ZWRzLWxpdmUmc2NvcGU9c2l0ZQ%3d%3d#AN=89158226&db=ers.

·         Mawdsley, R.D. (n.d.).  SAGE Knowledge. Plagiarism.  Retrieved from: http://sk.sagepub.com.ezproxy.umuc.edu/reference/educationlaw/n295.xml.

·         Bollier, D. (2011). Intellectual property in the digital age.In Ben Walmsley (ed.), Key Issues in the Arts and Entertainment Industry. Oxford, England:  Goodfellows Publishers Ltd.  Retrieved from: http://bollier.org/sites/default/files/IP%20in%20Digital%20Age%20chapter-Bollier.pdf.

OERs (Recommended Readings)

·         Duke University. (2015). INTELLECTUAL PROPERTY: LAW & THE INFORMATION SOCIETY.  Retrieved from:  http://web.law.duke.edu/cspd/pdf/IPCasebook2015.pdf

Session Notes

Intellectual property (IP) refers to “Ideas, including words, images, performances, and sounds, that belong to their creator, or another to whom the rights were subsequently sold or given. Intellectual property has the same legal protections as physical property (a car, for example) and cannot be taken or used without permission (usually by paying the owner).” (See Ames; 2016.)  Digitization as complicated the protection of IP as theft can occur unapproved copying is both cheap and easy.   Likewise, the internet and the “sharing economy” have changed the landscape of the media industry.   The Bollier; 2011 article provides some historical background and highlights some of the challenges of managing digital rights.  Please note that his use of the term, “fair dealing” is equivalent to “fair use” in the United States.

Intellectual Property rights include patents, trademarks, and copyrights.  Cohen (Cohen; 2009) states, “Patents protect an inventor’s right to exclude others from making, manufacturing, using, or selling an inventor’s invention. Trademarks protect words, phrases, symbols, and designs. Copyrights protect original artistic, musical, and literary works, including software. Intellectual property rights can also encompass state trade secrets laws, which protect a company’s proprietary and confidential information, such as methods of manufacturing, customer lists, supplier information, and the materials used during the manufacturing process.”  

The challenge of IP law is to balance the creator/owner’s right to compensation against the public’s need to benefit from a creation. The Electronic Frontier Foundation states, “Copyrights and patents, for example, are supposed to encourage authors and inventors to create new things by helping them receive some compensation for that investment. At the same time, copyright and patent law put limits on authors’ and inventors’ rights, such as fair use (for copyright) and limited terms of protection (for patents), to help make sure that IP rights don’t unfairly inhibit new creativity and Trademarks work a little differently—they are supposed to protect consumers by encouraging sellers of goods and services to stand by their brand, so consumers will know what they are buying. But these rights, too, are balanced by fair use and other limits.”  ( IP rights)  The Recommended Readings provide definitions of each of the IP protections. 

The Internet facilitates sharing knowledge, information, art, and communication.  The legal system applies many restrictions on the use, and misuse, of content from the Internet.  But no single entity governs the Internet.  Financial incentives threaten the protection of IP. There are myriad examples of how misuse of Intellectual Property has caused harm to businesses and individuals, with an emphasis on the use of the Internet.  Similar is the issue of plagiarism, where the greatest impact is in education at all levels.  Students of all ages are opting to copy the works of others without citation, without developing the critical thinking and problem solving skills needed for  real success (Mawdsley).

 In today’s global competitiveness and crime environment, organized gangs from ‘non-friendly’ countries are known to target three specific types of crimes via the Internet; identity theft, extortion, and stolen intellectual property.  Due to the broad scope of intellectual property, the main targets are pirated software, video and music.  Unfortunately, the pirated copies are relatively easy to find for sale on the Internet, with the traffickers setting up the websites offshore in a country where eCommerce and financial transactions fall under the radar of law enforcement.

The best defenses to protect IP accessible via the Internet include technical tools that will “time out” downloading, so that a song or video cannot completely be copied, or to encrypt data, making it worthless and/or useless.  There have been cases in recent years, including the shutdown of the Napster peer-to-peer music sharing site in 2001, and the monetary penalty against the New York Times, when it was proven that they had used the Lexis-Nexis database without paying for access.  Baker (Baker; 2003) notes that, in addition to protecting IP, the Digital Millennium Copyright Act, passed in 1998, made it a crime to develop, share or sell technology that circumvents copy-protection technology. As a result, one academic was threatened with prosecution if he even published research about music protection software. 

4. Read the following document on Cybersquatting and answer the questions that follow:

“Cybersquatting.” Gale Encyclopedia of E-Commerce. Ed. Jane A. Malonis. Vol. 1. Detroit: Gale, 2002. 173-174. Gale Virtual Reference Library. Web. 7 Sept. 2016.

URL

http://ezproxy.umuc.edu/login?url=http://go.galegroup.com.ezproxy.umuc.edu/ps/i.do?p=GVRL&sw=w&u=umd_umuc&v=2.1&it=r&id=GALE%7CCX3405300116&asid=b07fd1f5d8595e67e64dd96e17e7a6b2

Using ethical and legal frameworks discussed in this course so far, analyze cybersquatting from an ethical and legal perspective.  Should businesses protect their domain names or brands via computer code? Should law protect businesses that are exploited by cybersquatting?  Use examples to support your positions.

Notes for question 5

OERs (Required Readings)

·         Gehring, R. (2008). Indicare.Trusted computing for digital rights management.  Retrieved from:  http://         Bantin, P.C. (1998).  University of Wisconsin.  Strategies for Managing Electronic Records: a New Archival Paradigm?  An Affirmation of our Archival Traditions?Retrieved from: https://minds.wisconsin.edu/bitstream/handle/1793/45860/MA23_1_3.pdf?sequence=3.

·         Rosch, J.T. (2007). Federal Trade Commission (FTC).   A Different Perspective on DRM.  Retrieved from: https://         Scarfone, K. (2007). National Institute of Standards and Technology (NIST).  Guide to Storage Encryption Technologies for End User Devices. Retrieved from:  http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf. 

·         NIST (2011). Jansen, W. & Grance, T. Guidelines on Security and Privacy in Public Cloud Computing. NIST SP 800-14. Retrieved from: http://docs.ismgcorp.com/files/external/Draft-SP-800-144_cloud-computing.pdf.

·         Lyon, G.E. (2002). National Institute of Standards and Technology (NIST).  A Quick-Reference List of Organizations and Standards for Digital Rights Management.  Retrieved from: http://xml.coverpages.org/Lyon-NIST241assmOct9.pdf.

·         Coyle, K. (2003). The Technology of Rights:  Digital Rights Management.  Retrieved from:  http:// , http:// , & http:// (Recommended Readings)

·         Helberger, N. (2004).  Digital Rights Management and Consumer Acceptability.  Retrieved from:  http://         Sage Reference. (2009). Electronic Clinical Records. Retrieved from: http://sk.sagepub.com.ezproxy.umuc.edu/reference/download/healthservices/n123.pdf

Session Notes

The worldwide expansion of the Internet and the emergence of mobile devices (e.g., smart phones, tablets) have considerably expanded online commerce.  E-commerce, or electronic commerce, is defined as online buying and/or selling of products or services via desktop, cell phone, tablet or other online devices. Currently, there are more than 1 billion online buyers and this number is projected to continuously grow (Statista).   In 2016, the revenue from digital media content (ebooks, digital videos, and digital documents) in the USA amounted to over $33 billion and the market’s largest segment consists of “video games” with a market volume of over $11 billion in 2016 (Statista_2).

Online retailers of digital content have a vested interest to protect their digital content from unauthorized downloads, copying, forwarding, distribution, and usage beyond the authorized number of reads or time limits. To stay in business, their content should be available for download, browsing, etc. to authorized users almost 24×7.  In order to meet such a challenge, online enterprises can leverage the traditional confidentiality, integrity, and availability (CIA) triad solutions, Digital Rights Management (DRM) software, as well as an existing legal framework, which consists of the Digital Millennia Copyright Act (DMCA) and other Intellectual Property (IP) laws and treaties.  The DMCA and IP rights were discussed in the previous session, Session 4.

We have examined in detail in earlier INFA courses for various controls to achieve desired CIA goals.  Cryptography solutions, the main technical solutions for confidentiality and integrity (and authentication), were examined in INFA 640. Access control (who can access what resources in what way) was examined in detail in INFA 610.  Availability is normally achieved through a combination of IT technologies, specifically replicated databases and servers and fast recovery and business continuity techniques, in case there is a major outage, and security controls to minimize denial of service attacks.  

As stated by Gehring; 2008, “Digital Rights Management (DRM) is about the usage rights in digital content. Digital content can be text, graphics, images, audio, video or software in digital format. Mainly, DRM systems are applied to media products.”  DRM is particularly important when dealing with copyrighted material or any information publicly available.  For instance, piracy of music and movies has been an issue for many years, where individuals ‘steal’ intellectual property and circumvent rights of ownership.  See ( Coyle; 2003 ) for more on DRM, i.e, why we need DRM and what is DRM.

Due to the magnitude of digital media infringement, numerous standards continue to evolve i for protecting digital media.  Among them, although a bit outdated, one should mention the guide that addresses the storage encryption published by the National Institute for Standards and Technology (NIST SP800-111; Scarfone; 2007) and DRM (NIST SP 500-241, Lyon; 2002).  In addition to NIST, the Federal Trade Commission published a synopsis from a conference they help on copyrights and DRM technologies (Rosch; 2007). 

Cloud Computing and Storage presents another challenge for online retailers in protecting customer information and privacy.  Where data is processed and stored influences its protections and the laws involved.  There are economic and management arguments for the use of the Cloud and off-site repositories.  Efficiency is a primary argument for utilizing the Cloud for processing and operational system storage.  The advantages of using an off-site provider for infrequently accessed or archived records are:

·         Mission and Competency: If data storage is not a core competency of an organization, it is better to store them with a provider where authenticity is maintained.

·         Ability to Monitor Compliance: very few organizations have on staff personnel trained in the auditing procedures associated with archived records.

·         Cost to Monitor Compliance: it is more cost effective to store archived records with providers who have the resources to manage these records and meet compliancy regulations.

·         Changes in the Work Environment: staffing changes within an organization put data and records at risk.

·         Vested Interests: it is prudent of any organization to remove inactive records from those who may have a vested interest in corrupting or damaging them (i.e., disgruntled employees). (Helberger; 2004)

See Cloud Security & Privacy.

Protecting and archiving digital media, and those who argue for newer technologies is addressed in the Bantin; 1998 article. 

There are considerable challenges in the protection of digital information and digital media.  The use of the Internet to access data and material is not slowing down, and the methodologies for using the Web to access and use property without the owner’s permission continue to get more creative, as with any other form of technology.  Just as with any threat, solutions need to constantly evolve in an effort to stop illegal/unethical activity.  The inclusion of a statement that illegal copies are punishable by law, or the encryption of data rendering a copy inaccurate or inaccurate are simply not strong enough tools to address stopping the behaviors.   A key responsibility of the owner of digital information and copyrighted material is the protection of such data using appropriate, available technology tools, policy and processes.

5. DRM or Else?

After reading the articles as stated in Session 5, answer the following questions:

Which of the methods discussed in this session is the most efficient approach to protect online retailers from the unauthorized use of digital data?  Discuss advantages and disadvantages of each approach (CIA Triad, DRM, Law) from the retailer’s perspective.  Offer examples or recent cases from the news to support your position.

Notes for question 6

OERs (Required Readings)

·         Duhaime.org. (n.d.).  Contract definition.  Retrieved from:  http://         Legal Information Institute (LII). (n.d.).  Contract.  Cornell University Law School.  Retrieved from  https://         Association of Corporate Council.(2012). Contracts 2.0: Making and Enforcing Contracts Online. Retrieved from: https://         Gisler, M. et al. (2000). Legal Aspects of Electronic Contracts.  Retrieved from:  http://ftp.informatik.rwth-aachen.de/Publications/CEUR-WS/Vol-30/paper7.pdf

·         N.Y. Courts.gov. (2013). Alternative Dispute Resolution.  Retrieved from: https://         Betancourt, J.C. (2013). Online Dispute Resolution (ODR):  What is it and is it the way forward?  Retrieved from: https://learn.umuc.edu/content/enforced/190519-M_013959-01-2168/Session%206/2013%20ODR%20SSRN-id2325422.pdf?_&d2lSessionVal=DmWHcaylATdb0Omv0kTiHTNDZ&ou=190519.

·         Ahalt, A.M.M. (2009). What You should Know About Online Dispute Resolution. Retrieved from:  https://learn.umuc.edu/content/enforced/190519-M_013959-01-2168/Session%206/PLIT0903_Ahalt_thumb.pdf?_&d2lSessionVal=DmWHcaylATdb0Omv0kTiHTNDZ&ou=190519.

·         Christensen, S. (2005).    Electronic Contract Administration-Legal and Security Issues.  Retrieved from:  http://eprints.qut.edu.au/13264/1/13264.pdf.

OERs (Recommended Readings)

·         Gale: Encyclopedia of Business and Finance. (2007). Contracts. Retrieved from:http://go.galegroup.com.ezproxy.umuc.edu/ps/retrieve.do?sort=RELEVANCE&inPS=true&prodId=GVRL&userGroupName=umd_umuc&tabID=T003&searchId=R1&resultListType=RESULT_LIST&contentSegment=&searchType=BasicSearchForm&currentPosition=5&contentSet=GALE|CX1552100071&docId=GALE|CX1552100071&docType=GALE&authCount=1&u=umd_umuc.

·         Hale II, R. V. (2015). Recent Developments in Online Consumer Contracts. Business Lawyer, 71(1), 353-359. Retrieved from: http://eds.b.ebscohost.com.ezproxy.umuc.edu/eds/detail/detail?vid=4&sid=cab10afa-f7a8-4427-93f5-abab432a2a07%40sessionmgr101&hid=111&bdata=JnNpdGU9ZWRzLWxpdmUmc2NvcGU9c2l0ZQ%3d%3d#db=bth&AN=112460160&anchor=AN0112460160-3.

·         Tasneem, F. (2014). Electronic Contracts and Cloud Computing. Journal of International Commercial Law & Technology, 9(2), 105-116. Downloaded from: http://eds.b.ebscohost.com.ezproxy.umuc.edu/eds/pdfviewer.

Session Notes

By definition, “The essence of contract is agreement. A contract is a legally recognized agreement between two or more persons giving rise to obligations that may be enforced in the Courts.” (Duhaime.org)   Basically, to be enforceable, an agreement includes mutual assent, payment or consideration, capacity of the parties (sanity, age, etc.) and legality of the substance (LII).  See also under Recommended Readings on  Contracts from the Encyclopedia of Business and Finance.

The enforcement of a contract focuses on whether the product or service conforms to expectations, as in delivery date, condition of product, quality of service, etc.  

An electronic contract (econtract) is any contract that meets one or more of the following criteria (Christensen, 2005):

1.     The parties to a contract negotiate and form their contract through the use of an electronic communication method,

2.     Once the contract has been formed, the parties administer and manage the contract electronically, and

3.     Upon completion of the contract, relevant records and communications are archived using an electronic storage medium. 

As Gisler (Gisler, 2000) correctly points out, the basis of a modern competitive economy is the fulfillment of needs of the members of the digital economic community.”

As Gisler (Gisler, section 4.1, 2000) also states, in order for an electronic contract to meet the legal standards for all contracts, there are five requirements that must be met:

1.     Clear identification of the contracting parties

2.     Clear indication of the subject of the contract

3.     Clear indication of the time period of validity

4.     The contract has to have valid signatures of the involved parties certifying their acceptance of the liabilities laid down in the contract. The signature should be accompanied by a date indicating the start of the contract validity.

5.     Nobody should be able to change the content of the contract after the contract is signed. 

An econtract has the potential to be hacked, so it is necessary for the platform to implement proper security controls (e.g., authentication, message integrity, message confidentiality, and non-repudiation.).  Technology continues to evolve, providing solutions to problems associated with econtracts.  The technologies, as you have learned in INFA 640, that are essential in the development of an econtract include:

·         Encryption (symmetric and/or asymmetric)

·         Digital Signatures

·         Digital certificates

The InfoPakSM from the Association of the Corporate Council (InfoPak, 2012) is a good overview of laws on econtracts. It lists common contract validity problems and statues of frauds. It also provides a good introduction to various U.S. Laws applicable to electronic signatures and contracts, specifically the Uniform Electronic Transactions Act and  the Uniform Computer Information Transactions Act and its variations by various states. The InfoPak aso provides a good overview of European Union and Canada’s laws on  econtracts. 

As you can see from (Christensen, 2006)  and (Ahalt, 2009), many things can go wrong with an econtract. 

Adjudication of disagreements is often handled via the court system; however the courts are bogged down with workload, so people often look for other routes to settle disputes.  These alternatives include:

Alternative Dispute Resolution (ADR) As defined in N.Y. Courts.gov.(New York Courts), “Alternative dispute resolution (ADR) refers to a variety of processes that help parties resolve disputes without a trial. …These processes are generally confidential, less formal, and less stressful than traditional court proceedings.”    Some of the most common techniques for ADR include:

·         Mediation

·         Arbitration

·         Minitrials

·         Neutral evaluation

·         Summary jury trial 

Online Dispute Resolution 

Online Dispute Resolution (ODR) mirrors ADR by allowing options for resolution, but differs in that the options can be conducted via the Internet.  The article by Ahalt describes econtract conflict and history, and describes the VirtualCourthouse as a court via the Internet, whereby the following procedures apply:

·         A case is initiated and a list of neutrals is selected and the neutrals are ranked;

·         A system-generated email is sent to the other party, inviting it to join the case;

·         The other party joins the case and a neutral is agreed upon;

·         The neutral reviews the case initiation, and sends an email to both parties, confirming the type of proceeding and the fees;

·         The claimant prepares a case presentation and uploads the scanned documents into the online case;

·         Once complete, a system-generated email is sent to the respondent, advising it that the claimant has completed its presentation, and now it is time for the respondent to submit its case presentation;

·         Once the case presentations are complete, a system-generated email is sent to the neutral advising him or her to review the evidence and render a decision;

·         Once reviewed, a verdict is submitted online, and a system-generated email is sent to both parties notifying them that a verdict has been rendered. (Ahalt)

The Betancourt article provides descriptions of the many other ways contracts can be resolved via the Internet, including; E-Negotiation, E-Mediation, and E-Arbitration.   (Betancourt, 2013) 

Contracts, both traditional and electronic agreements, are intended to reflect the terms and conditions of a transaction.  Ecommerce, globalization, digitization and other technologies have added to the complexity of contracting.  The already busy judicial system is challenged to meet the needs of dissatisfied contracting parties to resolve disputes and provide some compensation to the aggrieved part. The success of ecommerce requires the development of legal and legally binding processes for econtracts.  The very rapid growth of business-to-business (B2B), business-to-consumer (B2C) and consumer-to-consumer (C2C) commerce relies on technologies that are still evolving.  The limitations of the court system and the increased volume of transactions have catapulted the development and implementation of ODR and ADR approaches. 

6. Read the two documents that chronicle the Dietz v. Perez dispute.

How would you establish, in advance, and alternative dispute resolution mechanism to avoid this litigation?

What could have been done to improve this contract?

Calculate the price of your order

Select your paper details and see how much our professional writing services will cost.

We`ll send you the first draft for approval by at
Price: $36
  • Freebies
  • Format
  • Formatting (MLA, APA, Chicago, custom, etc.)
  • Title page & bibliography
  • 24/7 customer support
  • Amendments to your paper when they are needed
  • Chat with your writer
  • 275 word/double-spaced page
  • 12 point Arial/Times New Roman
  • Double, single, and custom spacing
  • We care about originality

    Our custom human-written papers from top essay writers are always free from plagiarism.

  • We protect your privacy

    Your data and payment info stay secured every time you get our help from an essay writer.

  • You control your money

    Your money is safe with us. If your plans change, you can get it sent back to your card.

How it works

  1. 1
    You give us the details
    Complete a brief order form to tell us what kind of paper you need.
  2. 2
    We find you a top writer
    One of the best experts in your discipline starts working on your essay.
  3. 3
    You get the paper done
    Enjoy writing that meets your demands and high academic standards!

Samples from our advanced writers

Check out some essay pieces from our best essay writers before your place an order. They will help you better understand what our service can do for you.

Get your own paper from top experts

Order now

Perks of our essay writing service

We offer more than just hand-crafted papers customized for you. Here are more of our greatest perks.

  • Swift delivery
    Our writing service can deliver your short and urgent papers in just 4 hours!
  • Professional touch
    We find you a pro writer who knows all the ins and outs of your subject.
  • Easy order placing/tracking
    Create a new order and check on its progress at any time in your dashboard.
  • Help with any kind of paper
    Need a PhD thesis, research project, or a two-page essay? For you, we can do it all.
  • Experts in 80+ subjects
    Our pro writers can help you with anything, from nursing to business studies.
  • Calculations and code
    We also do math, write code, and solve problems in 30+ STEM disciplines.

Frequently asked questions

Get instant answers to the questions that students ask most often.

See full FAQ
  • What if I’m dissatisfied with the paper I get?

    The average quality score at our professional custom essay writing service is 8.5 out of 10. The high satisfaction rate is set by our Quality Control Department, which checks all papers before submission. The final check includes:
    • Compliance with initial order details.
    • Plagiarism.
    • Proper referencing.
    If for some reason we happen to leave a mistake unnoticed, you are invited to request unlimited revisions of your custom-written paper. For more information, check our Revision Policy. We will do our best to make your experience with Familiar Essays enjoyable.
  • I need an essay on the same day. Is it something you can do?

    Sure. Our writing company offers a fast service with an 8-hour deadline for orders up to master’s level. Make sure to specify the deadline in the order form and our writers will write a paper within the indicated timeslot. Just proceed to submit your requirements here Once you order a custom-written essay, our managers will assign your order to the well-suited writer, who has the best skills and experience for preparing your specific assignment. You can also request one of these extra features:
    • Choose the Writer’s Samples option – study 3 randomly-provided pages from orders that have been written by the assigned writer.
    • Request a specific writer – choose an academic writer from the dropdown list in the order’s form (optional for returning customers).
    You can be sure that your custom writing order will be accomplished by one of our 400+ professional academic writers. They all pass a series of tests to prove their writing prowess and hold the reputation of being the most professional in the industry. Want to make sure writer’s skills match your needs? Get more details on how to choose the appropriate author.
  • How can I be sure your writing service is not a scam?

    We understand that a shade of mistrust has covered the paper writing industry, and we want to convince you of our loyalty. Apart from high-quality writing services, we offer:
    • The chances of students to boost writing skills in a quick and effective way.
    • The opportunity to manage studies and free time in an enjoyable manner.
    • The possibilities to improve overall academic performance.
    Our custom writing company has been working for more than 12 years and always puts quality and clients’ needs first. Our operations are legally documented, we are easily accessible online and offline,
  • Is it legal to use your professional writing service?

    Yes. Custom writing help is not prohibited by any university or college. It’s a 100% legal way of getting professional assistance with paper writing. Hiring writers from an essay writing company is in many ways similar to consulting a tutor – we help you solve the writing issues at hand.
  • How does your service work?

    Our custom writing service is a reliable solution on your academic journey that will always help you if your deadline is too tight. You fill in the order form with your basic requirements for a paper: your academic level, paper type and format, the number of pages and sources, discipline, and deadline. Then, you describe the specific details of the paper you need: add the topic, write or paste the instructions, and attach files to be used, if you have them. After that, an online customer support representative chooses the best writer that specializes in your discipline and assigns him or her to complete the paper according to your requirements. When the paper is ready, we check it for plagiarism and send it to you. If you want to change something, you can request a free revision.
See full FAQ

Take your studies to the next level with our experienced specialists

Live ChatWhatsApp