“Navigating the Ethical Dilemmas of Big Data: A Critical Analysis of Automated Security Tools, Encryption, and Vulnerability Disclosure”

Need Help With your assignment? Get expert academic writing assistance! We can write any paper on any subject within the tightest time.

Hire A Writer


Select one of the 7 ethical dilemmas related to big data OR one of the 5 MIS governance frameworks (listed below) and using Microsoft Word, write a 1-page paper on the topic.
Your paper should be a minimum of 1 page in length,
Single-spaced using Calibri 12pt font,
Use a first-line indentation of .5″ with no blank lines between paragraphs,
Have a minimum of 2 peer-reviewed references (you may use your textbook as well, but you must have at least two other sources),
References may include Journals, magazines, newspapers, books, and credible Websites.
Do not use any information in your paper from the following:
Wikipedia, Webopedia, or any Website that includes “media” as part of the domain name.
Websites that present themselves as reference sites do not include an author for the materials given.
References must be dated 2020 or later and must include an author.
The reference list must use APA format. In the header area, include your name, the class title, the paper title, and the date.
7 Ethical Dilemmas:
Automated security tools: Is it ethical to release into the wild tools that can automate attacks on a broad array of systems?
Cybersecurity incident response: How much time and energy should be spent investigating a breach? What is an appropriate level of incident detail to share with customers and other stakeholders? How thick is the line between satisfying organizational obligations and finding the complete truth behind an incident?
Encryption: What should companies do in response to legal law enforcement requests for encrypted data? Should known vulnerabilities in systems be used to comply with requests that would otherwise be impossible? Should law enforcement agencies use such vulnerabilities themselves if they suspect a formal legal request will not bear fruit?
Research: How should researchers balance the use of potentially aggressive penetration testing techniques against the legal rights of the owners of the systems they are researching? Does that balance change in cases in which those system owners are not implementing reasonably strong security methods?
Sale restrictions: What (if any) is the responsibility of cybersecurity professionals to try to prevent the sale of products they have developed to autocratic governments that would use them to harm their citizens?
Role of the CSO: What kinds of personal risk should a chief security officer or manager-level security officer accept on behalf of an organization? It is not uncommon for CSOs to be fired or forced out when a cybersecurity breach occurs; should organizations offer CSOs employment agreements that include provisions for relief from personal legal liability or other protections? How should organizational deficiencies (underinvestment, bad practices, etc.) factor in this analysis?
Vulnerability disclosure: When and how should researchers inform the public about vulnerabilities in widely used products? What steps should be taken before any such notification?
MIS Governance Frameworks:
CMMI: Created by a group from government, industry, and Carnegie Mellon’s Software Engineering Institute, the Capability Maturity Model Integration (CMMI) method is a process improvement approach that contains 22 process areas. It is divided into appraisal, evaluation, and structure. CMMI is particularly well suited to organizations that need help with application development, life cycle issues, and improving the delivery of products throughout the life cycle.
CoBIT: Control objectives for information and related technologies (CoBIT) is a set of best practices that helps an organization maximize the benefits of an information system, while at the same time establishing appropriate controls to ensure minimum errors.
COSO: The framework developed by the Committee of Sponsoring Organizations (COSO) is key for evaluating internal controls such as human resources, logistics, information technology, risk, legal, marketing and sales, operations, financial functions, procurement, and reporting. This is a more business-general framework that is less technically specific.
ISACA: Information Systems Audit and Control Association (ISACA) is a set of guidelines and supporting tools for IT governance that is accepted worldwide and generally used by auditors and companies as a way to integrate technology to implement controls and meet specific business objectives.
ITIL: The Information Technology Infrastructure Library (ITIL) is a framework provided by the government of the United Kingdom and offers eight sets of management procedures: (1) service delivery, (2) service support, (3) service management, (4) information, and communication technology (ICT) infrastructure management, (5) software asset management, (6) business perspective, (7) security management, and (8) application management. ITIL is a good fit for organizations concerned about operations.
Baltzan, Paige. Business Driven Technology (pp. 254-255). McGraw-Hill Higher Education. Kindle Edition.


Title: Ethical Dilemma of Vulnerability Disclosure

As technology continues to advance, ethical dilemmas surrounding big data persist. One such dilemma involves vulnerability disclosure. Researchers must balance the need to alert the public to potential threats with the risk of cybercriminals exploiting this information. Therefore, the question arises: when and how should researchers inform the public about vulnerabilities in widely used products? What steps should be taken before any such notification?

In response, researchers should first follow established responsible disclosure guidelines. These guidelines usually require the researcher to notify the product vendor and allow them sufficient time to address the vulnerability before public disclosure. However, the decision to publicly disclose must be made carefully. Researchers must consider the potential impact of the disclosure on the security of the product, the vendor’s ability to address the vulnerability, and the potential for criminal exploitation.

According to a study published in the Journal of Cybersecurity, researchers should consider whether the vulnerability has already been discovered by criminals and whether the product vendor has a history of ignoring vulnerability reports before publicly disclosing a vulnerability (Yampolskiy, 2021). Additionally, researchers should consider the potential impact on the end-users and industry stakeholders. Public disclosure may lead to panic and expose more people to cyberattacks.

In conclusion, responsible vulnerability disclosure is essential to protecting consumers from cyberattacks. However, researchers must consider the potential risks associated with public disclosure and follow established guidelines. The decision to publicly disclose a vulnerability must be made with great care and consideration to ensure that the benefits of public disclosure outweigh the potential harm.


Yampolskiy, M. (2021). Responsible vulnerability disclosure in the age of ransomware. Journal of Cybersecurity, 7(1), 1-16. doi: 10.1093/cybersex/tyaa011.

Need Help With your assignment? Get expert academic writing assistance! We can write any paper on any subject within the tightest time.

Hire A Writer

Leave a comment