Due Feb 01, 2017 at 3:00pm eastern time

Due WED February 1, 2017 3:00pm eastern time. Must be authentic.  At least 200 words for each question and two APA academy sources for each questions. Make sure you provide ideas are nearly always important and provide one or more major insights as well as providing a fruitful direction for the lesson. Arguments are well substantiated and persuasively presented. USE YOUR OWN WORDSNotes Question 1OERs (Required Readings)·         Hazard, Jr. J.C. (1995). Yale Law School.  Law, Morals, and Ethics. Retrieved from: http://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?article=3322&context=fss_papers. ·         Merriam-Webster.  (n.d.). Ethic.  Retrieved from:  http://www.merriam-webster.com/dictionary/ethic.·         Merriam-Webster. (n.d.). Moral.  Retrieved from:  http://www.merriam-webster.com/dictionary/moral.·         Merriam-Webster. (n.d.). Law. Retrieved from: http://www.merriam-webster.com/dictionary/law. ·         SAGE Knowledge. (n.d.).  Cyberlaw.  Retrieved from:  http://sk.sagepub.com.ezproxy.umuc.edu/reference/nationalsecurity/n147.xml·         Bureau of International Information Programs. United States Department of State. (2004).  Outline of the U.S. Legal System.  Retrieved from: http://www.law.washington.edu/asianlaw/uslegalsystem.pdf.·         American Bar Association (n.d.). Jurisdiction in Cyberspace. Retrieved from: http://corporate.findlaw.com/law-library/jurisdiction-in-cyberspace.html. ·         Wikipedia (n.d.).  Personal jurisdiction in Internet cases in the United States. Retrieved from: https://en.wikipedia.org/wiki/Personal_jurisdiction_in_Internet_cases_in_the_United_States.  OERs (Recommended Readings)·         Encyclopedia of Bioethics. 3rd Edition. Solomon. Normative Ethical Theories. https://learn.umuc.edu/content/enforced/190519-M_013959-01-2168/Session%201/Week1%20Solomon.pdf?_&d2lSessionVal=8kxXJAVlNpYCMxBRYPS8Sxgdo&ou=190519. ·         Encyclopedia of Bioethics. 3rd Edition. Slote. Ethics. Retrieved from: https://learn.umuc.edu/content/enforced/190519-M_013959-01-2168/Session%201/Week1%20Slote.pdf?_&d2lSessionVal=8kxXJAVlNpYCMxBRYPS8Sxgdo&ou=190519.  1.Based upon your own life experiences and the assigned readings for this week, do you think the views on ethics and morality are separate and independent of each other? Also, in your opinion, what is the relationship between ethics and the law?  Provide examples or cases in cyberspace that illustrates the relationship between laws, ethics, and morals.Notes for question 2Since this security governance was outlined as part of the NIST Security Handbook in 2006, NIST has been putting a lot of emphasis on risk management (risk analysis) as the driving force in the planning and implementing security controls. Risk analysis weighs the benefits of controls against their costs to justify the controls. Risk analysis precedes implementation of any security control.  Risk analysis is a top-down approach that is driven by business needs.Not surprisingly,  then, another key aspect of information security governance in the two latest security guidance document is risk management. See Internet 2 Information Security Governance; 2014 and IT Governance Institute; 2006. Many of you should be familiar with risk analysis. In INFA 610, we explored   NIST Risk Analysis methodology in great detail (NIST_RMF; 2014). Feel free to refresh your memory on the subject.We want to stress a key aspect of governance is compliance to all applicable laws and regulations. often, these laws and regulations are applicable to specific business sectors. These business sectors include healthcare, where HIPAA is the governing standard, financial institutions, where Gramm-Leach-Bliley Act is an important consumer privacy protection act, and providers of education, where FERPA  is the governing standard. This document from DHS provides a summary of privacy and security laws and regulations: Privacy & Security; 2010.   (Chief) Information Security Officer (ISO)All the three documents on Information Security Governance(Information Security Handbook; 2006,  IT Governance Institute & Internet 2; 2014) define various important roles including the role of (Chief) Information Security Officer who is day-to-day officer in  charge of security of an enterprise. A (C)ISO is a C-level officer of an enterprise and has a dotted or direct reporting relationship with the board.The (C)ISO performs information security duties as her primary duty.The (C)ISO’s responsibilities include:·         Development and enforcement of security policies and procedures·         Risk management·         Putting in place security awareness and training programs·         Incident management and forensics·         Business continuity·         Disaster recovery·         Assessing the effectiveness of the information security program, including progress of remedial actionsThe CERT division of CMU’s SEI has more formally described the office of the CISO in Allen; 2015. The figure below reproduced from this document nicely summarizes the key functions of the CISO’s organization:In addition to these functions specified, this document provides a structure of the CISO organization. Keep in mind the positions and the sub-organizations suggested can be virtual to fit your organization size and budget.PoliciesA key component of governance is policies.Policies are the primary instrument by management  to effect desired behavior with respect to information and information systems in an enterprise.   Security policies focus primarily on human behavior to create an environment to minimize the security risks associated with using information systems. Policy is the most important non-technology component of computer security providing the basis for all security. Policy defines the who, what, where, and when of security, including processes and procedures. Typically, policies are negotiated between the people knowledgeable in security and the business unit owners. Good policies build on specific business objectives; they support sound business practice and mitigate risk.NIST defines three types of security policies (NIST SP 800-14; 1996):·         Program: to set organizational strategic directions·         Issue-Specific: to address specific areas such as Bring Your Own Device to Work (BYOD)·         System SpecificThe first one, at the level of Program or Enterprise is more often known as “the Policy.” It is a high-level senior management statement of purpose and intent of the security posture of an enterprise. It establishes a framework to see that computer security needs of the enterprise are met and continue to be met. It is to inform all relevant parties of the organization security objectives and the overall process to achieve them.  It is a “What” document and not a “How” document. It should answer the basic question,: “Who should access what resources?” The policy should also address who is ultimately responsible for the security of the enterprise. The information security policy is the foundation upon which all protection (hardware, software, physical) efforts are built. Cisco has a similar taxonomy for Policy as that of NIST, but not the same (CISCO: Policy): ·         Governing or Comprehensive: It is a high-level what document. defines the who, what, where, and when of security, including processes and procedures. It is issued by senior management such as CISO.  ·         Technical: Technology-component (e.g., operating system, firewall) and issue-specific (BYOD); policies on password, risk assessment, external-facing web server, email, instance messaging are other examples here.·         End-User: everything an end-user should know about, what they had to comply with and implement, and what the results of noncompliance are.The best way to learn how to write a policy at different levels is to go through a few examples:·         Governing/Comprehensive Security Policy: High level Information System Security Policy; 2014·         Acceptable Use Policy: SANS AUP; 2006 & ePolicyAUP; 2005·         Technical: Secure communications policies, for example the use of email and instant messaging. ePolicyCommPolicy; 20052.What is the purpose of an AUP policy? What is the purpose of a comprehensive policy? What is the purpose of detailed policies on specific technologies and systems.  How are these types of policies different? Please explain your answer and support your position with examples and reliable sources.Notes for question 3·         Warren and Brandeis. (1890). The Right to Privacy.  Retrieved from:  https://learn.umuc.edu/content/enforced/190519-M_013959-01-2168/Session%203/Warren%20and%20Brandeis_The%20Right%20to%20Privacy.pdf?_&d2lSessionVal=LDP2imSs3UtKWHJtNkvxFusZ3&ou=190519·         U.S. Department of Health, Education & Welfare.  (1973).  Records, Computers and the Rights of Citizens.  Retrieved from:  https://www.justice.gov/opcl/docs/rec-com-rights.pdf.·         U.S. National Archives and Records Administration.  (n.d.).  The Privacy Act of 1974.  Retrieved from:  http://www.archives.gov/about/laws/privacy-act-1974.html.·         U.S. Government.  (2010).  National Strategy for Trusted Identities in Cyberspace.  Retrieved from: https://www.dhs.gov/xlibrary/assets/ns_tic.pdf.·         Solove, D.J.  (2006).  A Taxonomy of Privacy.  Retrieved from: https://www.law.upenn.edu/journals/lawreview/articles/volume154/issue3/Solove154U.Pa.L.Rev.477(2006).pdf.·         Federal Trade Commission.  (2014).  Data Brokers-A Call for Transparency and Accountability.  Retrieved from: https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf.·         Privacy Rights Clearinghouse.  (n.d.).  Fact Sheet 7:  Workplace Privacy and Employee Monitoring.  Retrieved from:  https://www.privacyrights.org/workplace-privacy-and-employee-monitoring.·         TRUSTe. (2004).  Your Online Privacy Policy.  Retrieved from: https://learn.umuc.edu/content/enforced/190519-M_013959-01-2168/Session%203/Truste_WriteAGreatPrivacyPolicy.pdf?_&d2lSessionVal=LDP2imSs3UtKWHJtNkvxFusZ3&ou=190519.·         The Federal Trade Commission (FTC). (n.d.).  How to Comply with the Children’s Online Privacy Protection Rule.  Retrieved from:https://learn.umuc.edu/content/enforced/190519-M_013959-01-2168/Session%203/FTC%20How%20to%20comply%20coppa.pdf?_&d2lSessionVal=LDP2imSs3UtKWHJtNkvxFusZ3&ou=190519.·         Federal Trade Commission (FTC). (n.d.).  Privacy and Security.  Retrieved from:  https://www.ftc.gov/tips-advice/business-center/privacy-and-security.·         Privacy Rights Clearing House.(Revised April 2016). Fact Sheet 7: Workplace Privacy and Employee Monitoring. Retrieved from: https://www.privacyrights.org/workplace-privacy-and-employee-monitoring.  OERs (Recommended Readings)·         MIT.  (2005). Personal Information on the Web.  Retrieved from:http://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-805-ethics-and-the-law-on-the-electronic-frontier-fall-2005/lecture-notes/6805_lec9.pdf·         Computer Weekly. (2015). DON’T WAIT FOR REGULATION TO PRACTISE DATA ETHICS.  Retrieved from:  http://eds.b.ebscohost.com.ezproxy.umuc.edu/eds/detail/detail?sid=e122f22f-45fb-44b3-9084-bdb4df0b9267%40sessionmgr103&vid=0&hid=112&bdata=JnNpdGU9ZWRzLWxpdmUmc2NvcGU9c2l0ZQ%3d%3d#AN=109512801&db=f5h·         Communications of the ACM. (2015). Respecting People and Respecting Privacy. Retrieved from:  http://eds.b.ebscohost.com.ezproxy.umuc.edu/eds/detail/detail?sid=3092d3ee-5bdd-4a32-a371-03b5cc8a2935%40sessionmgr105&vid=0&hid=112&bdata=JnNpdGU9ZWRzLWxpdmUmc2NvcGU9c2l0ZQ%3d%3d#AN=103432034&db=iih·         Online Searcher. (2015). BIG DATA AND ANALYTICS.  Retrieved from:  http://eds.b.ebscohost.com.ezproxy.umuc.edu/eds/detail/detail?sid=de14528a-efe8-4f1d-834a-f1eee72837a4%40sessionmgr104&vid=0&hid=112&bdata=JnNpdGU9ZWRzLWxpdmUmc2NvcGU9c2l0ZQ%3d%3d#AN=110916050&db=f5h·         Ghanavati, S. (n.d.).  A Requirements Management Framework for Privacy Compliance.  Retrieved from:  http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.218.5596&rep=rep1&type=pdf.Session NotesBefore we can truly explore the relationship between security and privacy, we need to define terms.  The CIA triad (confidentiality, integrity, availability) provides a foundation for understanding security.  But, what is the definition of privacy?  Does the U.S. Constitution offer some basics?   Privacy is not a right explicitly protected by or mentioned in the Constitution.  Perhaps history can offer some clues.In 1890, two lawyers wrote an article entitled, The Right to Privacy  (The Right to Privacy, 1890).   Louis Brandeis, one of the authors, later served as a Supreme Court Justice.  The article grew from the intrusion of new technology on the privacy of individuals.  In this instance, the new technology was the portable camera that made candid photographs possible.  Such cameras permitted photographers to intrude on capture “private” moments like a daughter’s wedding.Many years later, fear of another new technology led to key privacy milestone and improved insights.  In the early 1970s, the American public began to fear a future where digital data collection and processing in regional data centers could provide the government too much information about people.  This fear led to the production of the Records Computers and the Rights of Citizens Report; 1973 produced for the then Department of Health, Education and Welfare (HEW) in July 1973.  This HEW report identified the Fair Information Privacy Principles that have guided privacy law in the U.S. and many other nations.  Most recently, the Department of Homeland Security (DHS)  and the Federal Trade Commission (FTC) have endorsed the further developed Fair Information Privacy Practices, generally as follows:·         Transparency·         Individual Participation·         Purpose Specification·         Data Minimization·         Use Limitation·         Data Quality and Integrity·         Security·         Accountability and Auditing.From the Privacy Act of 1974 to the National Strategy for Trusted Identities in Cyberspace, these principles provide goals for both government and commercial entities processing personal information.But, it is not just the collection of personal information that creates problems.  Daniel Solove; 2006 has identified four types of activities that threaten privacy:·         Information Collection·         Information Processing·         Information Dissemination·         Invasion, including intrusion and decisional interference.Technology seems to highlight our imprecise understanding of privacy.  So how do we distinguish between privacy and security.  Some believe the terms are interchangeable.   Not so. Technologies and processes (e.g., encryption, check sum, authorization approval) to achieve confidentiality and integrity of the CIA triad can provide the basis for ensuring privacy.  However, what information is private is not the purview of security.It is important to start with the consumer’s privacy concerns.  Online consumers have many privacy concerns, including;·         What information is collected about the individual?·         How collected information is used and for what purpose.·         How collected information is secured, shared, rented, sold, or otherwise disseminated.Many privacy concerns stem from uncertainty over what’s going on behind the scenes and the lack of published information about data collection and sharing practices.  The FTC has been the government agent for protecting the privacy of individuals since the 1970s and the enactment of the Fair Credit Reporting Act (FCRA).  One of the key tools used by the FTC is the enforcement of company privacy policies.   Such published policies are agreements between the institution and its consumers. The United States does not have a comprehensive privacy approach like European and some other nations.  Instead Congress has addressed privacy needs in key functional areas.  In addition to the FCRA, two key laws are the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Gramm-Leach-Bliley Act (GLBA) that deal with health care and financial information, respectively. Congress also passed the Family Educational Rights and Privacy Act of 1974.   Another more recent, important law is the Children’s Online Privacy Protection Act (COPPA) of 1998. An industry that has thrived in the U.S. and has challenged privacy protections is the collection, merger and sharing/resale of consumer information. Data brokers have emerged to manage and exploit the availability of such information valuable to advertisers, recruiters, law enforcement  and a variety of entities.  Despite a number of critical studies and reports, Congress has not yet enacted legislation to restrict this growing industry and the threats it poses. The FTC has published guidelines for both eBusinesses and consumers. ( Privacy and Security; 2014 )  TRUST.e provides a good template and set of instructions for eBusinesses to follow in developing a privacy policy.  ( TRUSTe; 2004 )How about privacy rights as an employee? Whether you work in a commercial or government setting, a general rule applies within the workplace: employees should have no expectation of privacy with respect to their communications or activities while using employer resources. This often causes discomfort, because there is a culturally derived, almost instinctive perception (at least in the United States and other democratic societies) that all individuals have a right to privacy. But, it is important for security professionals to be aware that employers have the right (and in some cases the obligation) to protect any information stored, transmitted, or communicated within the employer’s environment. This is the basis for the increasingly common practice of monitoring (or at least explicitly stating the right to monitor) email, network traffic, voice, wireless, and other communications. See the OER entitled, “Fact Sheet 7: Workplace Privacy and Employee Monitoring” for more details. ( Fact Sheet 7; 2016 )Review Questions3. Identify and read the privacy policy/agreement of one company with which you deal.  Discuss items that surprised you and items that relate to the content of this lesson (specifically at Truste (link for the site).)  Also explore how this agreement impacts information security in the organization.Note for question 4Objectives·         Explain copyright law.·         Explain trademark law.·         Explain patent law.·         Explain trade secret law.·         Explain why these IP Rights Laws, especially Copyright Laws, are being revisited in view of the Internet and eCommerce.OERs (Required Readings)·         Electronic Frontier Foundation. (n.d.)Fair Use and Intellectual Property: Defending the Balance.  Retrieved from:  https://www.eff.org/issues/intellectual-property.·         Cohen, J. (2009). Encyclopedia of Management.  Intellectual Property Rights.  Retrieved from: http://go.galegroup.com.ezproxy.umuc.edu/ps/retrieve.do?sort=RELEVANCE&inPS=true&prodId=GVRL&userGroupName=umd_umuc&tabID=T003&searchId=R2&resultListType=RESULT_LIST&contentSegment=&searchType=BasicSearchForm&currentPosition=3&contentSet=GALE|CX3273100134&&docId=GALE|CX3273100134&docType=GALE.·         Baker, D.J. (2003).  Gale.  Intellectual Property Online.  Retrieved from:  http://go.galegroup.com.ezproxy.umuc.edu/ps/retrieve.do?sort=RELEVANCE&inPS=true&prodId=GVRL&userGroupName=umd_umuc&tabID=T003&searchId=R1&resultListType=RESULT_LIST&contentSegment=&searchType=BasicSearchForm&currentPosition=4&contentSet=GALE|CX3405000048&docId=GALE|CX3405000048&docType=GALE&authCount=1&u=umd_umuc.·         Ames, A.C. (2016). Salem Press Encyclopedia. Intellectual property rights overview.  Retrieved from:  http://eds.a.ebscohost.com.ezproxy.umuc.edu/eds/detail/detail?sid=a46d7535-4b4b-4e0c-80ac-2006637d76a8%40sessionmgr4008&vid=0&hid=4108&bdata=JnNpdGU9ZWRzLWxpdmUmc2NvcGU9c2l0ZQ%3d%3d#AN=89158226&db=ers.·         Mawdsley, R.D. (n.d.).  SAGE Knowledge. Plagiarism.  Retrieved from: http://sk.sagepub.com.ezproxy.umuc.edu/reference/educationlaw/n295.xml.·         Bollier, D. (2011). Intellectual property in the digital age.In Ben Walmsley (ed.), Key Issues in the Arts and Entertainment Industry. Oxford, England:  Goodfellows Publishers Ltd.  Retrieved from: http://bollier.org/sites/default/files/IP%20in%20Digital%20Age%20chapter-Bollier.pdf.OERs (Recommended Readings)·         Duke University. (2015). INTELLECTUAL PROPERTY: LAW & THE INFORMATION SOCIETY.  Retrieved from:  http://web.law.duke.edu/cspd/pdf/IPCasebook2015.pdfSession NotesIntellectual property (IP) refers to “Ideas, including words, images, performances, and sounds, that belong to their creator, or another to whom the rights were subsequently sold or given. Intellectual property has the same legal protections as physical property (a car, for example) and cannot be taken or used without permission (usually by paying the owner).” (See Ames; 2016.)  Digitization as complicated the protection of IP as theft can occur unapproved copying is both cheap and easy.   Likewise, the internet and the “sharing economy” have changed the landscape of the media industry.   The Bollier; 2011 article provides some historical background and highlights some of the challenges of managing digital rights.  Please note that his use of the term, “fair dealing” is equivalent to “fair use” in the United States.Intellectual Property rights include patents, trademarks, and copyrights.  Cohen (Cohen; 2009) states, “Patents protect an inventor’s right to exclude others from making, manufacturing, using, or selling an inventor’s invention. Trademarks protect words, phrases, symbols, and designs. Copyrights protect original artistic, musical, and literary works, including software. Intellectual property rights can also encompass state trade secrets laws, which protect a company’s proprietary and confidential information, such as methods of manufacturing, customer lists, supplier information, and the materials used during the manufacturing process.”  The challenge of IP law is to balance the creator/owner’s right to compensation against the public’s need to benefit from a creation. The Electronic Frontier Foundation states, “Copyrights and patents, for example, are supposed to encourage authors and inventors to create new things by helping them receive some compensation for that investment. At the same time, copyright and patent law put limits on authors’ and inventors’ rights, such as fair use (for copyright) and limited terms of protection (for patents), to help make sure that IP rights don’t unfairly inhibit new creativity and Trademarks work a little differently—they are supposed to protect consumers by encouraging sellers of goods and services to stand by their brand, so consumers will know what they are buying. But these rights, too, are balanced by fair use and other limits.”  ( IP rights)  The Recommended Readings provide definitions of each of the IP protections. The Internet facilitates sharing knowledge, information, art, and communication.  The legal system applies many restrictions on the use, and misuse, of content from the Internet.  But no single entity governs the Internet.  Financial incentives threaten the protection of IP. There are myriad examples of how misuse of Intellectual Property has caused harm to businesses and individuals, with an emphasis on the use of the Internet.  Similar is the issue of plagiarism, where the greatest impact is in education at all levels.  Students of all ages are opting to copy the works of others without citation, without developing the critical thinking and problem solving skills needed for  real success (Mawdsley). In today’s global competitiveness and crime environment, organized gangs from ‘non-friendly’ countries are known to target three specific types of crimes via the Internet; identity theft, extortion, and stolen intellectual property.  Due to the broad scope of intellectual property, the main targets are pirated software, video and music.  Unfortunately, the pirated copies are relatively easy to find for sale on the Internet, with the traffickers setting up the websites offshore in a country where eCommerce and financial transactions fall under the radar of law enforcement.The best defenses to protect IP accessible via the Internet include technical tools that will “time out” downloading, so that a song or video cannot completely be copied, or to encrypt data, making it worthless and/or useless.  There have been cases in recent years, including the shutdown of the Napster peer-to-peer music sharing site in 2001, and the monetary penalty against the New York Times, when it was proven that they had used the Lexis-Nexis database without paying for access.  Baker (Baker; 2003) notes that, in addition to protecting IP, the Digital Millennium Copyright Act, passed in 1998, made it a crime to develop, share or sell technology that circumvents copy-protection technology. As a result, one academic was threatened with prosecution if he even published research about music protection software. 4. Read the following document on Cybersquatting and answer the questions that follow:”Cybersquatting.” Gale Encyclopedia of E-Commerce. Ed. Jane A. Malonis. Vol. 1. Detroit: Gale, 2002. 173-174. Gale Virtual Reference Library. Web. 7 Sept. 2016.URLhttp://ezproxy.umuc.edu/login?url=http://go.galegroup.com.ezproxy.umuc.edu/ps/i.do?p=GVRL&sw=w&u=umd_umuc&v=2.1&it=r&id=GALE%7CCX3405300116&asid=b07fd1f5d8595e67e64dd96e17e7a6b2Using ethical and legal frameworks discussed in this course so far, analyze cybersquatting from an ethical and legal perspective.  Should businesses protect their domain names or brands via computer code? Should law protect businesses that are exploited by cybersquatting?  Use examples to support your positions.Notes for question 5OERs (Required Readings)·         Gehring, R. (2008). Indicare.Trusted computing for digital rights management.  Retrieved from:  http://www.indicare.org/tiki-read_article.php?articleId=179.·         Bantin, P.C. (1998).  University of Wisconsin.  Strategies for Managing Electronic Records: a New Archival Paradigm?  An Affirmation of our Archival Traditions?Retrieved from: https://minds.wisconsin.edu/bitstream/handle/1793/45860/MA23_1_3.pdf?sequence=3.·         Rosch, J.T. (2007). Federal Trade Commission (FTC).   A Different Perspective on DRM.  Retrieved from: https://www.ftc.gov/sites/default/files/documents/public_statements/different-perspective-drm/rosch-berkeley-drm20speech-mar9-2007.pdf.·         Scarfone, K. (2007). National Institute of Standards and Technology (NIST).  Guide to Storage Encryption Technologies for End User Devices. Retrieved from:  http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf. ·         NIST (2011). Jansen, W. & Grance, T. Guidelines on Security and Privacy in Public Cloud Computing. NIST SP 800-14. Retrieved from: http://docs.ismgcorp.com/files/external/Draft-SP-800-144_cloud-computing.pdf.·         Lyon, G.E. (2002). National Institute of Standards and Technology (NIST).  A Quick-Reference List of Organizations and Standards for Digital Rights Management.  Retrieved from: http://xml.coverpages.org/Lyon-NIST241assmOct9.pdf.·         Coyle, K. (2003). The Technology of Rights:  Digital Rights Management.  Retrieved from:  http://www.kcoyle.net/drm_basics1.htmlhttp://www.kcoyle.net/drm_basics2.html , http://www.kcoyle.net/drm_basics3.html , & http://www.kcoyle.net/drm_basics4.html.OERs (Recommended Readings)·         Helberger, N. (2004).  Digital Rights Management and Consumer Acceptability.  Retrieved from:  http://www.ivir.nl/publicaties/download/1093.·         Sage Reference. (2009). Electronic Clinical Records. Retrieved from: http://sk.sagepub.com.ezproxy.umuc.edu/reference/download/healthservices/n123.pdfSession NotesThe worldwide expansion of the Internet and the emergence of mobile devices (e.g., smart phones, tablets) have considerably expanded online commerce.  E-commerce, or electronic commerce, is defined as online buying and/or selling of products or services via desktop, cell phone, tablet or other online devices. Currently, there are more than 1 billion online buyers and this number is projected to continuously grow (Statista).   In 2016, the revenue from digital media content (ebooks, digital videos, and digital documents) in the USA amounted to over $33 billion and the market’s largest segment consists of “video games” with a market volume of over $11 billion in 2016 (Statista_2).Online retailers of digital content have a vested interest to protect their digital content from unauthorized downloads, copying, forwarding, distribution, and usage beyond the authorized number of reads or time limits. To stay in business, their content should be available for download, browsing, etc. to authorized users almost 24×7.  In order to meet such a challenge, online enterprises can leverage the traditional confidentiality, integrity, and availability (CIA) triad solutions, Digital Rights Management (DRM) software, as well as an existing legal framework, which consists of the Digital Millennia Copyright Act (DMCA) and other Intellectual Property (IP) laws and treaties.  The DMCA and IP rights were discussed in the previous session, Session 4.We have examined in detail in earlier INFA courses for various controls to achieve desired CIA goals.  Cryptography solutions, the main technical solutions for confidentiality and integrity (and authentication), were examined in INFA 640. Access control (who can access what resources in what way) was examined in detail in INFA 610.  Availability is normally achieved through a combination of IT technologies, specifically replicated databases and servers and fast recovery and business continuity techniques, in case there is a major outage, and security controls to minimize denial of service attacks.  As stated by Gehring; 2008, “Digital Rights Management (DRM) is about the usage rights in digital content. Digital content can be text, graphics, images, audio, video or software in digital format. Mainly, DRM systems are applied to media products.”  DRM is particularly important when dealing with copyrighted material or any information publicly available.  For instance, piracy of music and movies has been an issue for many years, where individuals ‘steal’ intellectual property and circumvent rights of ownership.  See ( Coyle; 2003 ) for more on DRM, i.e, why we need DRM and what is DRM.Due to the magnitude of digital media infringement, numerous standards continue to evolve i for protecting digital media.  Among them, although a bit outdated, one should mention the guide that addresses the storage encryption published by the National Institute for Standards and Technology (NIST SP800-111; Scarfone; 2007) and DRM (NIST SP 500-241, Lyon; 2002).  In addition to NIST, the Federal Trade Commission published a synopsis from a conference they help on copyrights and DRM technologies (Rosch; 2007). Cloud Computing and Storage presents another challenge for online retailers in protecting customer information and privacy.  Where data is processed and stored influences its protections and the laws involved.  There are economic and management arguments for the use of the Cloud and off-site repositories.  Efficiency is a primary argument for utilizing the Cloud for processing and operational system storage.  The advantages of u