USA: +1(669)289-8683 
Sign in
BUSS213 – Business Law and EthicsPortfolio Project Directions and Rubrics
This Portfolio Project is worth 20% of your grade
Completing this Assessment will help you to meet the following outcomes:
Course Outcomes
• Interpret the law to devise a valid and ethical solution to a problematic workplace scenario and then
present your case and the solution to the scenario using multimedia.
Program Outcomes
Business, AAS
• Demonstrate knowledge of numeric measurements within the business environment to make informed
decisions.
Human Resource Specialist, AAS
• Differentiate between ethical and unethical behavior of individuals, groups, and organizations within
today’s dynamic work environment.
Institutional Outcomes
• Information Literacy and Communication – Utilize current technology and resources to locate and
evaluate information needed to accomplish a goal, and then communicate findings in visual, written
and/or oral formats.
• Relational Learning – Transfer knowledge, skills and behaviors acquired through formal and informal
learning and life experiences to new situations.
• Thinking Abilities – Employ strategies for reflection on learning and practice in order to adjust learning
processes for continual improvement.
Scenario
Laguna Productions, Inc., is a multi-media entertainment corporation located in Los Angeles
that employs 200 people, and it is incorporated in the State of California. Laguna Productions
is publicly traded, and the majority shareholders are CEO Charles Encatre (40% shareholder)
and his four partners (each who each 5% shareholders), all of who comprise the Board of
Directors. After three years in existence, Laguna’s media products have been selling well and
the Board of Directors is interested in expanding operations to include a New York City office
location.
In its role as an employer, seller of media products, and selling of shares on the public stock
exchange, Laguna Productions holds Personal Identifying Information (PII) related to bank
accounts, credit cards, email addresses, social security numbers, and other personal
information on its employees, customers, and public shareholders. CEO Charles Encatre is
unsure of what are the company’s legal obligations to its’ employees, customers, and
shareholders if PII is stolen in a cyber-attack under federal law, California state law, and under
New York state law.
BUSS213 – Portfolio Project
2
In light of recent cyber-attacks and intrusions into publicly traded companies, Laguna
Productions consulted with a cyber security expert, who conducted an internal evaluation of
the company’s vulnerability to a cyber intrusion. After review, the cyber expert recommends
the expenditure of at least $1 million in security software programs to ward off a cyber-attack.
The CEO is willing to make this expense, but the other four board members are not willing to
invest a lot of money to defend Laguna Production’s computer system. As one opposing board
member put it, “It’s a valid business decision to accept the risk.”
You have been hired as a Security Consultant to provide recommendations to Laguna
Production on the laws and regulations on how to deter cyber breaches.
Deadline
Deliverable items for the Portfolio Project will be required at different points during the
course. Details for each submission are included below in the Deliverable Descriptions.
Deliverable Descriptions
Module 3: Memo
•
Due date – refer to the tracking calendar.
For this first section of the Portfolio Project, you are to write a 2-3-page Memorandum, to the
CEO Charles Encatre. Your memo should be in APA style format and have at least two
scholarly resources to support your rational. Your memo should include the following:
•
•
•
Identify any applicable federal, California, and New York state laws imposed on
businesses when PII is stolen
Determine whether the board members’ sentiment that not purchasing the $1 million in
software security is an acceptable risk?
Make a compelling argument as to whether or not a shareholder vote is needed to
implement a $1-million-dollar security software program. Make sure to justify your
reasoning.
Module 5: PowerPoint
• Due date – refer to the tracking calendar.
One year has gone by since you submitted your Memorandum to the Board of Directors, and
Laguna Production’s revenue streams are up. A New York office has been opened. Up to this
point, despite not having made the recommended $1-million-dollar expenditure to shore-up
its cyber security, Laguna Productions has not incurred any attempted cyber security
intrusions.
However, due to the publicized success of Laguna Productions, a hacking group, known as the
NY Rebels, took over the network system of Laguna Productions and the personal identifying
information (PII) of all the employees, customers, and financial investors has been stolen and
posted online. The number of impacted individuals is estimated to be near 10,000. PII stolen
has been transferred over one million times on the dark web within 24 hours since the attack.
The CEO and Board are in a panic as to what the company’s liability will be.
BUSS213 – Portfolio Project
3
For this second section of the Portfolio Project, you are to you to create a PowerPoint with
voiceover to the CEO and Board of Directors. For this week, you will ONLY be creating and
submitting your PowerPoint. The voiceover portion will be added in the following week’s
submission.
Your PowerPoint should be 10 to 12 slides, this does include your title and reference page, in
APA format, bullet points, graphics, and at least two scholarly resources to support your
rationale. Your PowerPoint should address the following points:
•
•
•
•
•
Describe the issue at hand
Identify what common law theories of liability might be brought by the victims of the
hack against Laguna Productions.
Describe what statutory liabilities might exist under California and New York state
laws.
Suggest ethical actions that Laguna Productions can take to mitigate any harm endured
by the victims of the hack.
Recommend how the company should address the problem and how it plans to rectify
the PII being stolen in the future.
Module 6: Draft and Voiceover
•
Due date – refer to the tracking calendar.
For the last part of your portfolio project, you will be taking the feedback provided from your
instructor and making the necessary changes. You will now include a voiceover of the
information provided in the PowerPoint. With the voiceover, a notes section is required as
well. Your voiceover portion will be graded on the following:
•
•
•
•
Voice should be clear and easy to understand
Vary your tone of voice and use pauses effectively to place emphasis on important
points
Do not read verbatim from the slides.
Avoid non-words (“Um,” “Uh,” “You Know”) and practice using professional language
Module 7: Final Submission to ePortfolio
•
Due date – refer to the tracking calendar.
This is the final submission of your Portfolio Project. Incorporate all feedback, make any
additional corrections and submit to your ePortfolio. Upload your Portfolio Project to the
Program Outcome in your ePortfolio listed below. Use the following naming convention:
BUSS213 – Portfolio Project:
Business, AAS
• Demonstrate knowledge of numeric measurements within the business environment to
make informed decisions.
Human Resource Specialist, AAS
BUSS213 – Portfolio Project
•
4
Differentiate between ethical and unethical behavior of individuals, groups, and
organizations within today’s dynamic work environment.
Module 8: Reflection
•
Due date – refer to the tracking calendar.
For the final piece of your Portfolio Project, you will reflect upon the course and how it directly
relates to your future workplace. This reflection will be delivered as a Word document 1-2
pages in length.
Requirements:
• Analyze the importance of this project to your future career.
• In your own words reflect on how this project meets the Program and Institutional
outcomes as stated on the first page.
• Word count should be at least 250 words
Upload and submit your final reflection.
For specific grading information, please refer to the Portfolio Project Grading Rubric
BUSS213 – Portfolio Project
5
BUSS213 Memo Grading Rubric
Criteria
Memorandum
70 points
Formatting
15 points
Mechanics
15 points
Instructor
Comments:
Excellent
Average
Needs Improvement
63-70 points
49-62 points
0-48 points
Memo is highly detailed in analyzing
federal laws protecting personal identifying
information in both California and New
York A compelling argument is detailed
with justification on which
recommendations the company should
take.
Memo does not fully explain the federal
laws protecting personal identifying
information in both California and New
York. A compelling argument is not fully
justified or explained on which
recommendations the company should take.
Memo does not address or is limited in
analyzing the federal laws protecting personal
identifying information in both California and
New York, or a compelling argument is not
made as to which recommendations the
company should implement and why.
13-15 points
9-12 points
0-8 points
Provides two or more resources that are
cited in APA format. Memo adheres to the
following format: 12-point Times New
Roman or Arial, doubled-spaced, with 1
inch margins. Submission contains a memo
and reference page. Memo is 3 or more
pages in length.
Provides 1-2 references. May contain few
errors in APA citation. Memo adheres to the
format, may contain 1 to 2 errors.
Submission contains a cover and reference
page. Memo is 2 or more pages in length.
Provides 0-1 references. There are several errors
in APA citation. Memo contains 3 or more
errors in formatting. Submission may or may
not contain a cover page or reference page.
Memo is 1 page or less.
13-15 points
9-12 points
1-2 minor grammar, punctuation or spelling
errors. Errors detract from, but do not take
away, the attention to the reader.
0-8 points
3 or more grammatical errors are present.
Errors detract from the meaning of the project
significantly. Unclear sentences that make it
hard to understand meaning.
No major grammar, punctuation, or spelling
errors.
Total
Points:
Points
BUSS213 – Portfolio Project
6
BUSS213 PowerPoint Presentation Grading Rubric
Criteria
PowerPoint
Presentation
70 points
Formatting
15 points
Mechanics
15 points
Instructor
Comments:
Excellent
Average
Needs Improvement
63-70 points
49-62 points
0-48 points
Presentation is highly detailed in analyzing
the issue of statutory liability for cyber
intrusions in California and New York.
More than 2 ethical suggestions provided.
More than 2 mitigating strategies listed.
Recommendations on a course of action for
cyber security is also provided.
Presentation does not fully explain the
issue of statutory liability for cyber
intrusions in both California and New
York. 1-2 ethical suggestions provided.
1-2 mitigating strategies listed.
Recommendations on a course of action
for cyber security is not fully
developed.
Presentation does not address or is
limited analyzing the issue of
statutory liability for cyber intrusions
in both California and New York. 0-1
ethical suggestions provided. 0-1
mitigating strategies listed.
Recommendations on a course of
action for cyber security is not
provided.
13-15 points
9-12 points
0-8 points
PowerPoint consists of 12 slides, is
organized, font, color, size, and style are easy
to read. Slides are in bullet-point format.
Multiple graphics are used to enhance the
content presented. 2 or more sources support
the analysis. Contains 0-1 formatting errors.
13-15 points
PowerPoint consists of 10-12 slides in
bullet point format. Use of some
graphics related to content. Font, color,
size, and style are easy to read but
contain 1-2 formatting errors. A
minimum of 1-2 sources used.
9-12 points
PowerPoint consists of less than 10
slides in bullet point format. No
graphics used related to content. Font,
color, size, and style are not easy to
read and contain more than 3
formatting errors. 0-1 sources used.
0-8 points
No major grammar, punctuation, or spelling
errors.
1-2 minor grammar, punctuation or
spelling errors. Errors detract from,
but do not take away, the attention to
the reader.
3 or more grammatical errors are
present. Errors detract from the
meaning of the project significantly.
Unclear points make it hard to
understand meaning.
Total
Points:
Points
BUSS213 – Portfolio Project
7
BUSS213 Draft and Voiceover Grading Rubric
Criteria
Notes
70 points
Exceeds Expectations
Meets Expectations
Needs Improvement
63-70 points
49-62 points
0-48 points
Notes provide additional thoughts on
content within the bullet points. The issue
of statutory liability for cyber security is
deeply expanded on for both California
and New York. Both ethical suggestions
and mitigating strategies are identified and
fully evaluated. Recommendations on a
Notes are not fully developed and don’t
provide additional thoughts on content
within the bullet points. The issue of
statutory liability for cyber security is not
fully expanded on for both California and
New York. 1-2 ethical suggestions and 1-2
mitigating strategies are identified, but lack
development. Recommendations on a
Notes are non-existent or do not provide
additional thoughts on content within the
bullet points. The issue of statutory liability
for cyber security is not expanded on for
both California and New York. 0-1 ethical
suggestions and 0-1 mitigating strategies are
identified but lack development.
course of action for cyber security is
thoroughly examined.
Delivery
30 points
Instructor
Comments
course of action for cyber security is
partially examined
27-30 points
21-26 points
Easily understood, does not use words
like, “um,” is professional in appearance,
and engaging to watch. The presentation
flows and transitions naturally between
ideas. Excellent use of different inflections,
appears enthusiastic, speaks in different
tones, and appears comfortable
throughout the presentation.
Easily understood but may make use of
words like “um.” Attempts to use different
inflections, changes tone occasionally, varies
tone, and appears comfortable throughout
the presentation.
Recommendations on a course of action
for cyber security is not provided
0-20 points
Excessive use of words like, “um.” The
presentation may be stilted or jarring, and
the speaker is monotone throughout.
Appears uncomfortable throughout the
presentation.
Total
Points
Points
BUSS213 – Portfolio Project
Criteria
8
BUSS213 Final Submission Grading Rubric
Excellent
Average
Needs Improvement
63-70 points
49-62 points
0-48 points
Assessment
70 points
Provides a detailed assessment of laws
mandating business responsibility in
protecting personal identifying information
and explaining corporate responsibility and
organizational objectives to prevent a cyber
intrusion including identifying business values
and social change that can result in the
aftermath of a cyber intrusion. Exhibits a high
level of knowledge of legal and ethical
considerations for business operations.
Provides assessment of laws mandating
business responsibility in protecting personal
identifying information and explaining
corporate responsibility and organizational
objectives to prevent a cyber intrusion
including identifying business values and
social change that can result in the aftermath
of a cyber intrusion but does not include all
the required information or full details.
Project does not assess the laws mandating
business responsibility in protecting
personal identifying information and
explaining corporate responsibility and
organizational objectives to prevent a
cyber intrusion including identifying
business values and social change
Components are either missing or no
details are included for ones submitted.
There are several errors or inaccuracies
within the substantive content.
Formatting
20 points
18-20 points
Provides required number of resources that are
cited in APA format. The Project adheres to the
following format: 12-point Times New Roman
or Arial, doubled-spaced, and has 1-inch
margins. Submission contains a cover and
reference page.
14-17 points
Provides the minimum number of resources.
May contain few errors in APA citation.
Project adheres to the format, may contain 1 to
3 errors. Submission contains a cover and
reference page.
0-13 points
Provides no resources. There are several
errors in APA citation. Project contains 4 or
more errors in formatting. Submission may
or may not contain a cover page or
reference page.
9-10 points
There are no grammatical, spelling and/or
punctuation errors.
7-8 points
There are 3-5 grammatical, spelling and/or
punctuation errors.
0-6 points
There are 6 or more grammatical, spelling
and/or punctuation errors.
Mechanics
10 points
Instructor
Comments:
Total
Points:
Points
BUSS213 – Portfolio Project
9
BUSS213 – Reflection Grading Rubric
Criteria/Achievement
Level
Content
80 points
Writing Conventions
20 points
Instructor Feedback
Exceeds Expectations
Meets Expectations
Needs Improvement
72-80 points
Reflection addresses more than the
minimum number of required
elements. Provides a deep, thoughtful
reflection on the role the project will
play in your current or future career.
Provides a thorough and deep
examination of the strategies used to
complete the portfolio project by
addressing specific thinking strategies
used and evaluating their
effectiveness. Additionally, provides
insightful explanation related to the
achievement of Program and
Institutional Outcomes
56-71 points
Reflection addresses the minimum
number of required elements.
Reflects on the role the project will
play your current or future career.
Explains strategies used to complete
the portfolio project by addressing
specific thinking strategies used in
creating the portfolio project.
Addresses Program and Institutional
Outcomes.
0-55 points
Reflection does not address all the
required elements. No clear
connections between the project your
current or future workplace. The
explanation related to the importance
of reflection may be confused or
unclear. Does not address any or all
Program and Institutional Outcomes.
18-20 points
0-1 errors in grammar, spelling, and
punctuation. All writing is of a
professional level, with no “text” or
“chat” language. Word count exceeds
250 words.
14-17 points
2-3 errors in grammar, spelling, and
punctuation. Writing is clear with no
“text” or “chat” language. Errors do
not distract reader. Word count is at
250 words
0-13 points
4 or more errors in grammar, spelling,
and punctuation. Errors distract reader
and cloud meaning of the message.
Some “text” or “chat” language is
used. Word count is below 250 words
Final Grade
Points
Awarded
Click here to
enter text.
Click here to
enter text.
Click here to
enter text.
Strengthening Cybersecurity and Rebuilding
Trust at Laguna Productions
Alfonso Davis
Professor A. Richards
Business Law and Ethics
March 17
Background of Laguna Productions
▶
Laguna Productions is a company that grew fast, opening an office in New York.
▶
They make money by creating content that many people like to watch or listen to.
▶
Until now, they failed to spend extra money to protect their computer systems from
hackers.
▶
Due to their large following and success, they caught the attention of a hacking group
called NY Rebels.
Introduction to the Issue
▶
Laguna Productions was attacked by a group named NY Rebels. This caused a huge
problem for the company.
▶
Private info of around 10,000 people was stolen and shared online.
▶
This info has been seen more than a million times on the dark web.
▶
The company did not spend $1 million to protect against such attacks
▶
Now, everyone at Laguna Productions is very worried about the trouble this might
cause.
Common Law Theories of Liability
▶
People affected might use the negligence theory. This means they think Laguna did not
do enough to protect their info.
▶
Breach of confidentiality is another theory. This is about breaking the promise to keep
info safe (Kruikemeier et al., 2019).
▶
Victims could also claim invasion of privacy, meaning their personal information was
wrongly Used
▶
Laguna may be liable for claims of emotional distress, meaning the hack caused a lot
of stress and upset of People effected.
▶
Lastly, victims might say Laguna did not tell them soon enough about the hack.
Statutory Liabilities in California and New York
▶
In California, companies must protect personal info. If they don’t, they can be in big
trouble.
▶
California’s law also says people must be told quickly if their info is stolen.
▶
In New York, similar rules exist.
▶
Companies must have good security to protect personal information (Tawalbeh et al.,
2020).
▶
New York also has strict rules about telling victims of a data breach quickly.
▶
Both states allow people to sue companies if they do not follow these rules.
Ethical Actions to Mitigate Harm
▶
Laguna Productions should say sorry to everyone affected.
▶
This shows they care.
▶
They could offer free services to help protect the victims’ info in the future.
▶
Laguna should also give clear, simple instructions on what victims can do next.
▶
It’s important for Laguna to keep talking to the victims.
▶
They should update them on what’s being done.
▶
Lastly, Laguna could support laws or efforts to protect people’s info better in the
future.
How to Address the Current Problem
▶
Laguna should work with experts to close the hole the hackers used. This means fixing
the weaknesses in their system.
▶
They need to find out exactly what info was stolen and tell the affected people what
happened.
▶
▶
▶
Laguna should talk to the police and cyber security experts to try to catch the hackers.
Offering help like credit monitoring to those affected can make things a bit better for
them.
It’s also smart for Laguna to learn from this mistake and train their employees on how
to keep information safe.
Plans to Prevent Future Data Breaches
▶
Investing in stronger security systems is a must. This means spending the money they
didn’t spend before.
▶
Regular checks of their security to find and fix problems before hackers can use them.
▶
Teaching everyone at Laguna, from top to bottom, how to spot and stop security risks.
▶
Creating a quick response plan for any future hacks so they can act fast to protect info.
▶
Working with other companies and security experts to stay ahead of new hacking
methods (Alhayani et al., 2021).
▶
Laguna should make a promise to always put protecting personal info at the top of
their list.
Rebuilding Trust with Customers and Investors
▶
Be open and honest about what happened and what Laguna is doing to fix it.
▶
Show clear changes and improvements in security to prove things will be different.
▶
Regular updates on security improvements can help keep everyone informed.
▶
Engage with customers and investors through meetings or online sessions to answer
their questions.
▶
Create a better customer service team dedicated to dealing with concerns about privacy
and security.
The Role of Leadership in Crisis Management
▶
The CEO and Board must lead by example, showing they are serious about fixing the
problem.
▶
They should be involved in developing the new security plan and make sure it’s carried
out.
▶
The leaders should also talk to employees, boosting morale and emphasizing the
importance of security.
▶
It’s key for leaders to communicate openly with the public, showing they are taking
responsibility.
▶
Lastly, they should ensure Laguna learns from this crisis to improve its resilience
against future threats.
Conclusion and Recommendation
▶
This hack was a wake-up call for Laguna Productions. It showed the need for better
security.
▶
By taking strong, ethical steps, Laguna can help fix the harm done and protect against
future attacks.
▶
It’s important for everyone at Laguna, especially the leaders, to work together on
making these changes.
▶
Improving security and being open with those affected will help rebuild trust.
▶
Let’s all commit to making Laguna Productions a safer, more secure place for
everyone’s information
References
▶
Alhayani, B., Abbas, S. T., Khutar, D. Z., & Mohammed, H. J. (2021). Best ways
computation intelligent of face cyber attacks. Materials Today: Proceedings, 26-31.
▶
Kruikemeier, S., Boerman, S. C., & Bol, N. (2020). Breaching the contract? Using
social contract theory to explain individuals’online behavior to safeguard
privacy. Media Psychology, 23(2), 269-292.
▶
Tawalbeh, L. A., Muheidat, F., Tawalbeh, M., & Quwaider, M. (2020). IoT Privacy and
security: Challenges and solutions. Applied Sciences, 10(12), 4102.
1
Memorandum and Powerpoint
Name
Instructor
Course Details
Date
2
Memorandum and Powerpoint
Introduction
The business law and ethics domain has gone through a myriad of changes by virtue
of SOX law’s implementation in 2002 and the emergence of data analytics. Consequently, the
debates revolving around the role of the regulators and core ethical principles of employee
privacy have been aroused. For example, the Sarbanes-Oxley law is something affecting
financial reporting standards and internal controls, as well as Big Data advancement in
monitoring employee performance, which provides a wide range of both legal and ethical
obstacles.
Background Information
The Sarbanes-Oxley Act was the legislation that brought about the needed changes to
ensure that stricter compliance with financial reporting and internal controls brought back
confidence in the markets. SOX Sections 302 and 404 pinpoint the essence of financial
disclosures and robust internal controls as the reasons for this legislation, thus rendering it
important for the structuring of corporate governance. On the other hand, the boom of big
data also transformed the work side, with new levels of monitoring and performance analysis
being uncovered for employers. Investigation of SOX influence on Financial Reports Quality.
Based on the insights of Bajra and Asllanaj (2021), there is a critical interpretation of
SOX compliance in the area of financial reporting quality of EU firms registered in the US.
This study finds that SOX as a whole, and in particular Section 302, is associated with higher
disclosure quality, providing evidence of the Act’s efficiency in producing more transparent
and reliable financial reports. The resultant finding shows the centrality of prudent
regulations in the proper functioning of financial reporting systems needed to keep investors
and market stability intact.
3
For employers who monitor their workforce using Big Data, the question of how
employees are assessed has come up because of the amazing changes that have hit the
monitoring sector. Ebert, Wildhaber, and Adams-Prassl (2021) discuss the matter from two
different perspectives, stating that Big Data helps in decision-making and provides efficiency
but also raises the issue of privacy. The progression of data analytics makes it possible for
employers to monitor worker behaviour by collecting, processing, and utilizing the data,
which possibly violates the privacy and independence of the workers.
Ethics of Decision-Making and Business Culture
Corporate mood is indeed a manner in which employees from organizations make
ethical choices. An ethical culture is a culture which not only believes in honesty but also in
transparency. Such an atmosphere is a kind of culture where ethical principles are rooted
deeply in the course of business. These consistent values and corporate goals are important
success features for representatives of the complicated fabric of legal compliance,
technological innovation, and ethical responsibility. Leaders and managers are the ones who
have to demonstrate ethical values by being role models and implementing ethical standards
within the whole organization.
The role of corporate culture in the implementation of ethical decisions reaches
deeper than individual behaviours and influences many other areas, from the interpretation of
legal requirements to the advancement of technology. Ethical organizations where the
practice of ethics is preached and honoured would deploy Sox and ethical implementation of
Big Data analytics, consequentially becoming part of their organizations’ strategic
framework, thus bringing about both social and structural change with an ultimate increase in
the value of the business.
Legal and Moral Frameworks to the Scenario at a Workplace
4
Today’s business environment is complicated and consists of many legal and ethical
factors that need to be seen from different angles. Enacting SOX and other laws or
regulations that govern workplace issues becomes the basis for dealing with misconduct by
promoting rules and professional standards. The problem with this can only be solved both
legally and ethically by a person who is knowledgeable in the law and has a sense of morals.
For example, while planning approaches for strategic financial reporting quality or the
protection of employees’ privacy in the face of Big Data, businesses should take account of
both the legal consequences that could arise in connection with and the ethical aspects that
are tied to such decisions. In this dual mindset, companies are able to arrive at solutions not
only from the legal point of view but also those that meet the higher moral principles of
fairness, transparency, and respect for individual rights. Subsequently, legal infrastructure, as
in the Sarbanes-Oxley Act of 1906 and Big Data in the work environment now, are so
complex that you can say that they form a canvas that sketches the businesses of today.
5
References
Bajra, U., & Asllanaj, R. (2021). Influence of the Sarbanes-Oxley Act on Financial Reporting
Quality: An Overview of EU Firms Cross-Listed in the USA.
Ebert, I., Wildhaber, I., & Adams-Prassl, J. (2021). Big Data in the workplace: Privacy Due
Diligence as a human rights-based approach to employee privacy protection. Big Data
& Society, 8(1), 20539517211013051.
