In this memorandum, a proposition will be proposed to deliver strategies to be employed throughout the Information
Question:
In this memorandum, a proposition will be proposed to deliver strategies to be employed throughout the Information Technology Department to effectively manage cybersecurity threats and risks. Furthermore, a rationale will be provided to each of the strategies proposed.
The first strategy is to increase the funds within the Information Technology Department, specifically toward combatting cyber threats and risks. As it was noted by Lewis and Inagaki (2023), numerous Japanese organizations became easy targets for cyber-attacks due to the lack of funding towards cybersecurity and the paying of ransoms. This strategy would render it possible to erect specific positions responsible for identifying and combatting any cyber threats or risks within the Information Technology Department. This then poses a reasonable inquiry. What are the opportunity costs associated this strategy? Allocating funds to this strategy would mean having to cut back on other operational costs to fund it, which could impede the growth and development of the organization. Lipner and Lampson (n.d.) expounded that while setting preventative measures is a reasonable practice to protect the interests of the organization since it yields no assurance of profitability it would be more feasible to invest in another place where profit is more likely assured. The question then posed is, if a hypothetical cyber-breach did occur within the organization, can the prospective profitability manage to counterbalance the costs associated with the breach? It is stated, "The cyber security consultancy IBM Security said in its 2022 report on the cost of data breaches that ransomware attacks were sharply on the rise, with the global average cost of a data breach rising to $4.35mn in 2022 - its highest since the research began," (Lewis, Inagaki, 2023). If the costs associated with cyber breaches are rising at this rate in conjunction to cyber attacks, it is quite probable that our organization, which have invested into technological advances, will be at risk and vulnerable to cyberthreats. It would be irresponsible to underfund the preventative measures for profit, risking cyber-breaches not just against the organization but against our consumers and possibly every external stakeholders at that matter.
The second strategy is to ensemble a team directly responsible for identifying and managing vulnerabilities within the organization. It is paradoxical to attempt to combat cyberthreats when there are no counter measures taken to sufficiently address any vulnerabilities within the organization (Moschovitis, 2018). Think of an organization as though it were a castle with many point of entries, as well as outlets that may be unknown to many within. Erecting this team to manage organizational vulnerabilities is similar to setting guards at every point of entry, as well as patrolling throughout it to ensure that no unauthorized entry is permitted. By identifying vulnerabilities, it makes it absolutely possible to determine the proper countermeasures (Moschovitis, 2018). Assigning a team regularly to this will facilitate this process of devising proper countermeasures. According to Moschovitis (2018), when it comes to combatting cyber security regarding vulnerabilities organizations must exercise it as a continual process as much as found necessary. Without a team assigned to this consistently, it is very probable that once the organization offsets a vulnerability, they would move and become complacent with other potentially serious vulnerabilities unbeknownst to them.
The third strategy is developing organizational personnel training, specifically regarding cyber security. Moschovitis (2018) suggested that every member of an organization be required to go through a continual process of cyber-security related training sessions and assessed accordingly. Having an awareness regarding cyber security through these trainings will facilitate the process of combating cyber threats. The cyber security training session is to provide all personnel properly so they know the procedures associated with cyber securities (Moschovitis, 2018). For instance, lets say a staff member witnesses a suspicious link sent to her through the organizational email system, the personnel would know through the training not to click the link but to inform the proper authorities of the suspicion. Through personal experience, when someone sends an alert to the Information Technology Department about a suspicious activity regarding cyber-attacks, the department conducts a thorough investigation into it and then sends out an informative email to all personnel regarding the attack, procedures to take, and reminders about how to handle any potential cyber-attacks. For instance, it became a policy within the organization that all personnel were required to change their password every week. To facilitate this process, the Information Technology Department pragmatically employed a system where it prompted all personnel to change their password through every device assigned to them before gaining access facilitating the process of combatting cyber threats.
QUESTIONS:
- Offer your thoughts on where the example codes of conduct provided by your colleague either assisted or could have assisted in preventing negative consequences. Support your position by suggesting potential scenarios to which the code of conduct/ethics may apply.
- Offer specific examples from your experience or observations/research of situations in which such codes would have made decision making simpler or kept individuals from making bad choices in the use or management of information or information systems.
- Compare the findings of your colleague with your own. What insights did you gain or can you offer as a result of your comparison? Did your colleague take a stand regarding the value of establishing a code of conduct/ethics related to information and information systems that was different than yours? If so, was the argument made persuasively? Or do you think your stand is still more appropriate? Defend your position with evidence and specific examples.
- Offer your insights on how a code of conduct can assist businesses operating globally when there are potential compromises from different cultural norms, practices, expectations, or regulations depending on where the business is based. Provide examples of where global practices might differ and what managers may need to do to ensure their employees are not compromised in various situations that may occur. Provide specific examples from your experience or observations.