answer these 2 questions

1. Identify and discuss three principles that you believe should be included in an ethical computer use policy. Such principles should pertain to both employees and external customers. Justify your selection.
2. Provide and describe an example organization (either from case study literature or your own professional work experience) that is known to embrace a corporate culture of information security. Why is this organization renowned for its cultural cybersecurity awareness?

also, provide a replay to these 2 discussions

1-

Defining and establishing a security policy is critical for any organization. It is even more important to establish certain ethical principles that should be followed and maintained while operating under the current policy. The three principles that I believe would be the most important to follow would be integrity, confidentiality, and availability. These three principles ensure the highest level of security and ensure every resource abides by these policies and procedures. Let’s first discuss confidentiality. Confidentiality can be defined as, “measures are designed to protect against unauthorized disclosure of information. The objective of the confidentiality principle is to ensure that private information remains private and that it can only be viewed or accessed by individuals who need that information in order to complete their job duties” (Burnette, 2022). Confidentiality is critical to implement within any organization to ensure all documents are securely protected and accessed by authorized personnel. The next policy that needs to be implemented in integrity. Integrity can be defined as, “the process that involves protection from unauthorized modifications of data” (Burnette, 2022). Integrity ensures that all data and documents can be trusted and will not be modified unless it has been authorized by the right personnel. Finally, organizations will need to ensure availability is defined within the security protocol. Availability will ensure all documents are protected and they are available to access when the time is appropriate. This is critical specifically for incident response teams. They need to be able to access documents and data after an attack.

I have been able to experience this within my company. My company primarily supports small to medium size organizations. We manage and protect the data that is stored on our platform. It is critical that my organization implements integrity, confidentiality, and availability within its processes. We need to keep our client’s data confidential and secure so that no unauthorized person gains access to their data. Then we promise our clients that integrity will be implemented in handling their data. Finally, we need to ensure that their data is available to access at any given moment. The availability of their data can only be accessed by authorized personnel and accessed when approval is granted from leadership or managers. These processes need to be followed to ensure our organization mitigates the risk of their data being compromised.

References:

Burnette, M. (2022). Three Tenets of Information Security. Retrieved 25 April 2022, from https://www.lbmc.com/blog/three-tenets-of-information-security/#:~:text=The%20fundamental%20principles%20(tenets)%20of,are%20called%20the%20CIA%20Triad.

2-

In the subject of cybersecurity, there is no escape from the topic of the three most important values of confidentiality, integrity, and availability. Confidentiality is an important topic in the protection of information mostly related to the core of the relationship between customers and businesses. The use of methods varies but never strays from its objective to protect customers’ personal/sensitive information. The application of confidentiality must be measured by the methods of data usage and the criteria of protection. For example, the use of HIPPA compliance laws can shape the entire form an organization conducts business by monitoring how information is used and stored to develop secure practices.

Government-generated institutions and PCI compliance laws have the most evident forms of embracing cybersecurity awareness. This is due to the fact that experience has the utmost use for building strong foundations for protecting companies and customers from real threats. PCI compliance laws and policies have a strong bond with awareness training to improve the flow of compliance. The reason for that is found in the knowledge acquired over the years in which malicious hackers have stolen information for financial gain. Furthermore, following these laws and policies, an independent organization can practice their businesses with a clear mind for customer protection as well as protection of their own from hefty financial punishments.

Saint Leo University, for example, is an educational institution that implements core values in its daily activities. Among the core values are respect and integrity. Both of which refer to the application of a community effort to bring a mutually respectful environment. Integrity for SLU has a strong connection with the idea that students must carry out the mission of living the honesty they desire from the institution. Respect is defined as the efforts and practices of carrying out an acceptance of differences throughout interactions within the grounds of the institution.

less