Module Code & Module Title

CC5052NI Risk, Crisis & Security Management

Assessment Weightage & Type

50% Individual Coursework

Year and Semester

2021-22 Autumn

Student Name: Rojin Dumre

London Met ID: 20049213
College ID: NP01NT4S210029
Assignment Due Date: 3rd December, 2021
Assignment Submission Date: 3rd December, 2021
Word Count: 2180

I confirm that I understand my coursework needs to be submitted online via Google Classroom under the
relevant module page before the deadline in order for my assignment to be accepted and marked. I am
fully aware that late submissions will be treated as non-submission and a marks of zero will be awarded.
MARKING SCHEME
Items Marks Feedback
Awarded

1) Technical content [Maximum 85

Marks]:

Rationale and Objectives of the chosen

topic [Maximum 20 Marks]:

Abstract Content [Maximum 10 Marks]:

Literature Review [Maximum 25 Marks]:

● Relevance of the resources (i.e. in
terms of useful of the resources
referred to within the context of the
topic) (10)
● breadth and depth of the content
reviewed, In-depth analysis (15)

Identification of Issues ( use of examples /

case studies), Analysis and
Reflection: [Maximum 30 Marks]
● Identify issues relating to the
techniques being reviewed,
compare and analyse (15)

● Reflection on what you have learnt

about these techniques by
undertaking this task. (15)

2) Report Format [Maximum 15 Marks]:

● Overall structure – organization of
material; quality of documentation;
The report should have an abstract,
introduction, main body,
conclusions, references, face page,
 contents page and page number
etc. (8)

● citing the correct reference(s) in

appropriate sections of the report using
a chosen referencing style (7)
Acknowledgements

This report took a lot of time and work. Although I was familiar with the research
portion of this report, such as being able to locate and polish credible material before
included it in the report, I was unaware of the practical parts of security management that
were necessary for the report. Although law, ethics, and profession has long been a hot
issue in security management, it would be absurd to expect a student to be conversant
with real-world applications of the topic. As a result, this report took a lot of time and work
to complete. Despite the fact that I was entirely responsible for the report's production, it
goes without saying that the research was a team endeavor in the sense that I was
fortunate enough to have support from both student groups and the lecturer.

Mr. Lamichhane, our lecturer, was very expressive and clear in his teaching approaches,
and he never hesitated to answer my concerns and queries. In addressing my inane
questions, he has been kind and understanding, and he has sought to explain the issues
in the simplest and most straightforward manner imaginable. I owe a debt of gratitude to
Mr. Gurung, our tutor, who, together with our lecturer, has been instrumental in the
completion of this report. In presenting the module's tutorial and lab workshops, he has
been equally helpful to students. He has always been very quick to answer to my email
queries, saving me a lot of time that I might have spent doing more research. Mr. Gurung
has also helped me navigating through research papers and by pointing me in the right
direction when I needed it. I would not have been able to finish my work if he hadn't
presented me with a variety of research materials.

I'm also fortunate to have a group of friends that are equally curious and eager to help.
They've helped me with lectures, workshops, and assignments, among other things. It's
fascinating to have a group of close pals that are willing to assist me with my studies. My
family deserves credit for their constant support of my academic endeavors. I owe a debt
of gratitude to my sister, who has always provided me with sound guidance. This was
completed on the 29th day of the lunar calendar, I pay homage to the protector guru,
nakpo chenpo, the Vajra mahakaal.
Abstract

The study clearly exhibits far-reaching remedies in terms of legislation, ethics, and
professional norms by reviewing the events that led up to and after the patriot act. It aims
to identify the primary issues in those three categories and demonstrate that the
suggested solution is the best one that can be implemented via thorough analysis.
However, the research does not claim to be unique in terms of the best judgments that
may be taken. It is open to additional investigation in the future, which might help security
management experts throughout the world make more informed judgments.
Table of Contents

1. Introduction ............................................................................................................... 1
1.1. Aims and Objectives .......................................................................................... 2
1.1.1. Aims............................................................................................................. 2
1.1.2. Objectives ...................................................................................................... 2
2. Background ............................................................................................................... 3
2.1 Ethics ..................................................................................................................... 3
2.2 Law ........................................................................................................................ 4
2.3 Professional codes ................................................................................................ 4
3. Literature Review ...................................................................................................... 5
3.1 Case Study ............................................................................................................ 5
Legal Issue ............................................................................................................... 6
Ethical Issue ............................................................................................................. 6
Professional Issue .................................................................................................... 7
3.1.2 Analysis .............................................................................................................. 8
4. Conclusion ............................................................................................................... 10
5. References ............................................................................................................... 11
6. Bibliography ............................................................................................................ 12
 Risk Crisis and Security Management CC5052NI

1. Introduction

Ethics, legality, and professional norms in security management literature have

existed since the 1980s. Even while the notion of ethics and law has remained constant
over the previous few decades, the technology that control it have evolved dramatically.
Even yet, there is a basic structure upon which new rules may be carved to meet the
changing security environment. This paper's inspiration is to take ideas of law, ethics, and
professionalism that have previously been explored in the literature and see if they can
be implemented in a real-world context. The report at the end seeks to propose practical
solutions based on the assessments that take place in due course of the report.

The three concerns that control this report can be found in any sequence of security
occurrences. Even if it is just in written form, law exists practically everywhere in the globe.
Ethics is what distinguishes us as human beings. It is the governing principle of our laws
and the premise by which we choose to live. In any case, any of the mistakes, accidents,
or minor infractions that we encounter when managing the security of any institution may
be stated in terms of law, ethics, and professional rules. As a result, in terms of these
items, appropriate answers to such situations exist. That is exactly what happened in the
aftermath of the September 11 attacks in the United States, and even after the
controversial Patriot Act was implemented.

Rojin Dumre 20049213

1
 Risk Crisis and Security Management CC5052NI

1.1. Aims and Objectives

1.1.1. Aim

The primary aim of this research is to examine legal, ethical, and professional
challenges in security management and present a complete analysis of each of these
issues in the context of a real-world situation.

1.1.2. Objectives

To ensure that this long-term goal is achieved, following detailed objectives have been
devised, which this report tries to achieve:

 To determine the ethical, legal, and professional concepts that exist in the
computer and security management literature.

 To uncover a real-life situation with complicated legal, ethical, and professional

considerations.

 To assess the case's consequences within the framework of 'law, ethics, and
profession' that has already been established in the literature.

 To comprehend the flaws and neglect that resulted in the aforementioned

difficulties.

 To propose feasible answers to the aforementioned difficulties through rigorous

investigation and analysis in order to provide guidance for any future incidence.

Rojin Dumre 20049213

2
 Risk Crisis and Security Management CC5052NI

2. Background

Johnson and Powers once prophesied that computers will one day evolve to the
point where they may be considered moral agents, accountable for both good and bad
activities, and that people would have moral concerns about deactivating them. Because
computers lack characteristics equivalent to human reasoning, the only way to
comprehend a computer's moral agency is through a 'surrogate' agency that acts on
behalf of computers, namely humans (Johnson & Powers, 2008).

2.1 Ethics

Human agency operates inside a society framework of law, ethics, and profession
on which to make decisions. In 1985, James Moor released a paper titled "What is
Computer Ethics?" which was the first time ethics was mentioned in computer literature.
According to Moor, new computer capabilities give us with new options for action.
Forming a policy to regulate such acts is a common security management activity. Then
there's the big question: what kinds of actions need to be governed? Those with 'social
effect,' Moor recommends as an answer (Moor, 1985).

The question of ethics in security management is either governed by Kantianism, which

holds that a natural action should only be carried out if it fits the role of being universalized,
or utilitarianism, which holds that a course of action should be judged solely on the basis
of its consequences rather than the nature of the action itself (Eggleston & Miller, 2014).

Rojin Dumre 20049213

3
 Risk Crisis and Security Management CC5052NI

2.2 Law

A system of rigorous regulations that regulates a certain region is known as law.

The law can help us make judgments in a variety of ways, but it is rarely enough. Although
law, in theory, tells us whether something is unlawful or right, this is not always the case
in practice. That is why morality is required. The law is complicated because humans
make decisions based on a complex collection of factors, such as common sense,
instinct, and wisdom. A guy taking food to feed his hungry family, for example, may appear
to be breaking the law, yet the act is acceptable since there is no other means to feed his
family at the moment (Duquenoy, Jones, & Blundell, 2008).

2.3 Professional codes

All professional organizations have behavioral standards that adhere to their value
or belief system. Although law and ethics are clearly stated in these professional domains,
employees may be given some advice suggestions to help them adapt into their
professional settings without running into any problems. The British Computer Society
(BCS), for example, states that when doing professional computer obligations, it is
necessary to guarantee that "public health, privacy, security, and well-being of others, as
well as the environment, are not jeopardized" (Duquenoy, Jones, & Blundell, 2008).

Following the terrible September 11 attacks, pressure was rising on Bush's government
to act quickly. Various efforts were taken, such as the formation of departments, to
prevent future incidents. There was an immediate need to strengthen surveillance
regulations in order to prevent future terrorist communications. As a result, the US Patriot
Act was created to aid in the early detection of terrorism and other crimes, which has
resulted in a number of concerns and critiques.

Rojin Dumre 20049213

4
 Risk Crisis and Security Management CC5052NI

3. Literature Review
3.1 Case Study

3.1.1 Finding

Following the September 11 terrorist attacks in New York and Washington, the
United States Congress moved fast to adopt the US Patriot Act (McCarthy & T., 2002).
Although the patriot act appears to be some new legislation that appeared out of nowhere
as soon as the awful events occurred, it actually only made minor adjustments to the
underlying legislative framework of the 1986 Electronic Surveillance Law of Privacy Act
(100 Stat.1848, 1986).

Al Qaeda may have been using the internet to communicate with one another about the
intricacies of movements and assaults (Maney, 2001). So there was a need to update
existing electronic surveillance regulations that just covered telephones to a larger act
that encompassed the internet and other technologies. Thankfully, the US Department of
Justice had begun working on it before to the attack, and the USA Patriot Act was
approved on October 26 (Kerr, 2002).

Many groups have criticized the law for raising numerous legal, ethical, and professional
difficulties, with major media outlets such as the New York Times calling it an overreaction
to the September 11th attacks and the Washington Post calling it "panicky legislation"
(Toner, 2001). The reasons for calling it so are several and can be grouped into legal,
ethical and professional issues as below:

Rojin Dumre 20049213

5
 Risk Crisis and Security Management CC5052NI

Legal Issue

The Patriot Act was passed in order to extend earlier wiretapping regulations to
include the internet. Email and other services surveillance would be completely unfettered
by federal privacy laws if the pen register statute did not apply to the Internet. In other
words, without a court warrant or even previous executive branch authorisation, the
government would be able to undertake surveillance of the whole country's Internet
communications (Kerr, 2002).

While requiring a court order is typically a good start and does good in the long term, it
does not go far enough to preserve the privacy of an envelope's contents. As Calvin
Galvin points out, the necessity of a court order, as well as judicial scrutiny of the law
enforcement officer's application, must have a higher bar (Galvin, 2001).

Ethical Issue

Despite the fact that the law passed both the Senate and the House of
Representatives and is therefore legitimate on paper, there is an ethical concern that
cannot be overlooked in the sake of security. One thing to consider is that an online
communication might contain far more information than a simple phone call. According to
the ACLU, proof of online conversations is significantly more revealing than phone
numbers phoned (American Civi Liberties Union, 2001).

Professor Daniel Solove points out that emails expose more information about a person
than phone numbers, and that private activities such as web surfing require greater
protection since they might include secrets (Kaplan, 2001). The Patriot Act, according to
Jane Black, provides the government a lot of authority since it allows the government to
gather internet search keywords and names of websites visited (Black, 2001). A burning
question develops as a result of this. Is it ethical for law enforcement to get so much
personal information about people, the disclosure of which may have a significant
influence on their lives?

Rojin Dumre 20049213

6
 Risk Crisis and Security Management CC5052NI

Professional Issue

In a packet-mode communications environment, the FBI surveillance tool,

carnivore. Unlike traditional surveillance measures, which need rigorous specified
prerequisites, the Patriot Act's introduction of an internet monitoring statute provides
carnivores, and eventually law enforcement officials, access to all of a service provider's
users' private communications. This raises the question of whether the FBI's professional
ethics authorizes them to get more information than is legally permitted and needed
(Sobel, 2001).

The second problem is that of Internet Service Providers (ISPs). The FBI likewise works
in this manner, simply handing over the court order to the ISP, who is in charge of carrying
it out (Kerr D. M., 2000). This highlights the question of ISP trust. It is impossible to know
if the ISP specialists have the "willingness and skill" to carry out those commands, or,
even worse, whether they are participating in the real crime (Kerr O. S., 2002).

Rojin Dumre 20049213

7
 Risk Crisis and Security Management CC5052NI

3.1.2 Analysis

To comprehend how these difficulties may be handled, one must first comprehend
how the conduct came to be. The Patriot Act specifies a set of criteria for the federal
government to use in enforcing surveillance laws, however the criteria are insufficient.
Legislation should be implemented to raise the minimum conditions for such surveillance.
Furthermore, a review procedure should be in place so that the planned application of
law enforcement authorities may be considered again after it has been approved by the
court. This would not add to the agencies' workload, nor would it postpone any urgent
action. Collecting more precise justifications for enforcing internet monitoring rules is
insufficient. There must be clearly stated criteria that all law enforcement officers must
adhere to. Furthermore, the legislation must have incorporated proposals from all
branches of the judicial branch, as well as major judicial companies with attorneys who
specialize in those fields. Suggestions from diverse fields assist with thinking and seeing
things from different views.

Only regular conversations on diverse ethical factors may resolve ethical concerns
relating to security management. It must be known that, regardless of who the
surveillance victim is, personal privacy must always be maintained, and no more
information should be acquired than the legal limit. In other words, justifications such as
unintentional disclosure are not acceptable. Trade secrets, which are intellectual and
corporate property and whose revelation might result in significant losses, should be
treated with care. Medical records, sexual interactions, and other personal information
that might be used against a victim must be kept private at all times. In a word, there has
to be a system in place where law enforcement must always use their judgment to
determine what information is ethical to use against the victim and what information is
not.

Making it a mandate for all companies to have a professional code of conduct is the
greatest way to handle the professional issue of ISPs. The British Computer Society
(BCS), for example, makes it plain in its code of conduct that no action taken by its
personnel can harm the environment. The professional rules that ISPs must follow should

Rojin Dumre 20049213

8
 Risk Crisis and Security Management CC5052NI

be laid forth in full. It is their job to cooperate with law enforcement and supply them with
the information they seek; however, they must ensure that they are only giving information
that is required by law. In addition, instead of outsourcing the monitoring mission to
another agency that cannot be entirely trusted, the FBI should create its own branch. It
goes without saying that FBI agents should have their own code of conduct in order to
protect victims' privacy from unprofessional behavior such as power fanaticism, hatred,
racism, and so on.

Rojin Dumre 20049213

9
 Risk Crisis and Security Management CC5052NI

4. Conclusion

The paper began by overtly generalizing and quantifying a real-world event, the
Patriot Act, into three areas that are engaged in security management, namely law, ethics,
and professional rules. As stated in the goals, the study performed extensive investigation
into the events surrounding the Patriot Act. Several concerns developed during the period
when the Patriot Act was passed, according to the assessment's conclusions.

The report was able to recommend some solutions to the challenges that security officials
experienced in the case study or may face in the near future based on an examination of
numerous concepts described in the literature and the writer's degree of discernment.
The report may be deemed a success in the sense that it was able to accomplish all of
its analysis goals. It was able to perform research using existing literature, conduct a case
study using news stories, and then recommend a suitable remedy. Overall, this project is
a respectable academic accomplishment.

Rojin Dumre 20049213

10
 Risk Crisis and Security Management CC5052NI

5. References

100 Stat.1848. (1986). Electronic Communications Privacy Act of 1986.

18 US code . (1978). 18 United States Code section: 3121.
American Civi Liberties Union. (2001, September 20). Congress Should Treat
Administration Proposal Carefully; Says Many Prov isions Go Far Beyond Anti-
Terrorism Needs.
Black, J. (2001, November 29). Uncle Sam Needs Watching, Too . Week Online.
Duquenoy, P., Jones, S., & Blundell, B. G. (2008). Ethical, Legal and Professional
Issues in Computing. Boston: Cengage Learning.
Galvin, C. (2001, December 6). Rights and Wrongs: Why New Law-Enforcement
Powers Worry Civil Libertarians. A3. Seattle Times.
Johnson, D., & Powers, T. M. (2008). Computers as surrogate agents. Cambridge:
Cambridge University Press.
Kaplan, C. S. (2001, September 21). Concern over Proposed Changes in Internet
Surveillance. E1. New York Times.
Kerr, D. M. (2000). Carnivore Diagnostic Tool: Hearings Before the Senate Judiciary
Comm. 106th Congress.
Kerr, O. S. (2002). Internet surveillance law after the USA Patriot Act: The big brother
that isn't. Northwestern University Law Review, 97, 607.
Maney, K. (2001, December 19). Osama’s Messages Could Be Hiding in Plain Sight.
B6. USA Today.
McCarthy, & T., M. (2002). USA patriot act.
Moor, J. H. (1985). What is computer ethics? Metaphilosophy, 16(4), 266-275.
Sobel, D. L. (2001, May 34). Will Carnivore devour online privacy? Computer, 34(5), pp.
87-88.
Toner, R. (2001, October 13). House Passes Terrorism Bill Much Like Senate’s, But
with 5-Year. B6. New York Times.

Rojin Dumre 20049213

11
 Risk Crisis and Security Management CC5052NI

6. Bibliography
Borodzicz, E., 2005. Risk, crisis and security management. Wiley.

Parker, D.B., 1981. Computer security management (p. 308). Reston, VA: Reston
Publishing Company.

Baer, W.S. and Parkinson, A., 2007. Cyberinsurance in it security management. IEEE
Security & Privacy, 5(3), pp.50-56.

Ashenden, D., 2008. Information Security management: A human challenge?.

Information security technical report, 13(4), pp.195-201.

Siponen, M. and Willison, R., 2009. Information security management standards:

Problems and solutions. Information & management, 46(5), pp.267-270.

Hong, K.S., Chi, Y.P., Chao, L.R. and Tang, J.H., 2003. An integrated system theory of
information security management. Information Management & Computer Security.

Von Solms, R., 1999. Information security management: why standards are important.
Information Management & Computer Security.

Rojin Dumre 20049213

12