Running Head: The Brazilian Federal Data Processing Service

The Brazilian Federal Data Processing Service

Student Name:

Institutional Affiliation:

Course:

Date:
The Brazilian Federal Data Processing Service 2

Question 1

Business ethics is a fundamental concept to every business more so after PRISM of the

National Security agency was compromised. Ethics in business is defined as a set of acceptable

principle character that provide guidelines to what is right and wrong (David, 2016). Such

principle provide basis for the conduct of individuals as well as companies. From the case study,

it is evident that Brazils case was unethical based on the following accounts.

Data within the Brazilian Federal data processing service was illegally accessed. This

goes against the fundamentals of operational ethics. The fact that the foreign intelligence

agencies that carried out the cyber-attack, also suffered immense loses due to the Snowdens

disclosure does not preempt the unethical acts. Furthermore, countries are sovereign states and

stealing another nations information through cyber-crime can be considered as an act of

breaching a nations sovereignty. Despite the blurred boundaries brought about by the age of the

internet, information remains as an asset of an owner and in this case a sovereign state. The mere

act of illegal information access was unethical.

Question 2
According to the case study, foreign agencies had intercepted Brazils electronic

communications through snooping the Federal Data processing service email system. Electronic

mail virtually an essential service to all humanity, looking at its architecture, electronic mail

mimic mail transformation paper pattern, where an email author enters the recipients email

address, message subject, message content and submits it to the Mail server, the mail server then

transmits the message to an email storage and delivery agent from where it is then sent to the

recipients mailbox.
The Brazilian Federal Data Processing Service 3

Since electronic mail operates differently from common network traffic on the basis of

distinct real time connection components such as store and forwarding, electronic mails go

through various nodes and every transmission establishes a new connection. A security breach

could occur in any of the nodes or connections making it quite unsecure. From Brazils data

breach, it is evident that the inadequacies of the electronic mail system lead to user private

information being compromised. There was hardly enough security control measures that the

Brazilian government would have put in an original architecture had they considered the security

issues before to prevent what happened. However, the Brazilian government could have just

implemented measures to prevent intrusion as well as minimize the degree of impact in case of

such acts

Question 3
From the case study, Brazils Federal data processing service intends to create a secure

email system. Its government also has plans to put in place a new underwater high speed fiber

cable linking Brazil to Europe directly so as to avoid having to route through other countries

internet connections via the United States (Lucian, 2011). There are also considerations to put in

place laws that would force online service providers such as Google to host any information

relating to Brazilian citizens in Brazil. My additional suggestions to avert cyber-crime related

issues would be as follows;

1. Incorporate an end to end email technology security to guarantee that communication is

safe and free from compromise (Moore, 2005). Possible standard suggestions include

S/MIME and PGP. This could also include the establishment of security policies on every

node within the client server architecture. Options include using a firewall, intrusion

detection tools as well as using vulnerability scanning softwares.

The Brazilian Federal Data Processing Service 4

2. The Brazilian government should also establish email system security access policies,

enabling it to realize acceptable standards for client or device access. For instance,

Maryland Montgomery county government should set the security level of its email to

only allow full access by blackberry devices, it could then limit access for other devices.

Furthermore, Brazil should train its citizens on fundamentals of using electronic mail,

such as only using trusted devices, not clicking every given link that is sent to their

emails especially the SPAM folder and so on.

Question 4
I looked closely at the Australian Government agencies electronic mail security policies. I

had to be quite careful so as not to create an opening for security breaches similar to the one in

Brazil. Australia have what they term as Protective Marking Policy whereby its objective is to

provide a framework to control and monitor the flow of sensitive data via electronic mail. This

solution necessitates a framework for users to categorize the emails before sending and is

implemented with the aid of januSEAL, some open source email plug-in that prompts users to

classify their emails every time they want to send messages, this contributes to email security in

a huge way.

Additionally, the solution by Australia requires email gateways as well as secondary

parameter filtering services to be configured to enforce certain fundamental security rules. The

regulations provide filtering services, which adds to the content based regulations founded on the

email security level classification before sending. If the Brazilian Federal Data processing

service were to implement such policies in their electronic mail systems, the consequences of the

data breach would not have been that severe. Those messages that were not classified or marked
The Brazilian Federal Data Processing Service 5

would not be delivered thus contribute to reducing the chances of data leakages as well as

improve the overall system security level.

The Brazilian Federal Data Processing Service 6

References
David, G. (2016). Business Ethics and Social Responsibility. . Retrieved from Managementhelp:

http://managementhelp.org/businessethics/

Lucian, C. (2011). Brazil to fortify government email system following NSA snooping

revelations. Retrieved from hbr: https://hbr.org/2011/10/how-good-was-steve-jobs-really

Moore, K. (2005). http://www.cs.utk.edu/~moore/opinions/email-submission-

recommendations.html. Retrieved from Recommendations for Submission of Email and

Relaying of Email Between Mail Networks:

http://www.cs.utk.edu/~moore/opinions/email-submission-recommendations.html