1. Moral and ethical requirements should serve as drivers which encourage a business to invest in orspend money on cybersecurity products, services, and programs.
You have been invited to participate in a “lightening round” panel on the above topic at a conference on Best Practices for IT Security Management. For this activity you must prepare a 3 to 5 paragraph briefing statement which answers the following questions. Use information from the weekly readings and Case Study #1.
- What is stakeholder theory? How does it drive requirements to spend money on cybersecurity products & services?
- How does social contract theory apply to purchasing requirements for cybersecurity products & services?
- Name and briefly describe 3 ethics issues that IT Security managers and staff may encounter when selecting and evaluating cybersecurity products & services. (Use examples to drive home your points.)
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
2. Case Study #1: Why should businesses invest in cybersecurity?
A client company has asked your cybersecurity consulting firm to provide it with a 2 to 3 page white paper which discusses the business need for investments in cybersecurity. The purpose of this white paper is to â€œfill in the gapsâ€ in a business case that was already prepared by the companyâ€™s Chief Information Officer. The target audience for your paper is the companyâ€™s C-suite executives. These executives will be meeting later this month to discuss budget requests from department heads. The company has requested that your white paper use the same investment categories as are already in use for the CIOâ€™s business case: people, processes, and technologies.
1. Read / Review the Week 1 readings.
2. Find three or more additional sources which provide information about best practice recommendations for cybersecurity and other reasons why businesses should invest in people, processes, and technologies related to cybersecurity. These additional sources can include analyst reports (e.g. Gartner, Forrester, Price-Waterhouse, Booz-Allen) and/or news stories about recent attacks / threats, data breaches, cybercrime, cyber terrorism, etc.
Write a two to three page summary of your research. At a minimum, your summary must include the following:
1. An introduction or overview of cybersecurity which provides definitions and addresses the business need for cybersecurity. This introduction should be suitable for an executive audience.
2. A separate section which addresses ethical considerations which drive the business need for investments in cybersecurity.
3. A review of best practices and recommendations which can be added to the existing business case to provide justification for cybersecurity-focused investments in the three investment categories identified by the company: people, processes, and technologies.
Your white paper should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts Review for recommended resources.