Posted: November 16th, 2022

Write a 1- to 2-page memo to the Chief Executive Officer

Scenario: You recently joined an organization that depends on the use of the web to perform most of its major functions. You notice that the staff performing the work tasks that keep the business running mostly ignore information security and it seems like security is not a priority with management or executive leadership.

Write a 1- to 2-page memo to the Chief Executive Officer (CEO) of the organization designed to increase awareness and priority of information security. Include a convincing argument of why the survival of the organization may depend on information security. Analyze the current situation, and illustrate examples of how ethics play a role. Be sure to include the following topics:
Confidentiality, integrity, and availability
Threats from malicious software
Security challenges of cloud computing
Cyberterrorism and information warfare
—

To:
From:
Subject Matter: Increasing awareness and information security
Date:
The current situation at the organization is that most work done through the network system is not well protected, the information security system of the organization does not have enough encryptions, and the computers being used are not password protected or protected from viruses that might affect their functioning or corrupt the information. The organization should ensure that the information security issue is a priority in its operations. Lack of information security awareness regarding the internet among workers in the organization creates a large vulnerability gap that can be exploited by attackers for monitory gain or hackers taking control of the system through a Trojan horse (Cobb, 2019).
The CEO of the company should consider the role of ethics in information security in order to achieve better and robust information security. Some ethical concerns of information security that should be established and demonstrated to the employees in the organization include ethical measures that can be applied to ensure that computer assets are protected to avoid leaks and unauthorized access to organization information. The employees should be encouraged to encrypt their computers with passwords, two-factor authentication, and biometric verification. The other ethical issue concerning information security that should be applied by computer users in the organization is the protection of private information of clients. All employees should ensure their computers are protected against any kind of attack or information leak that could comprise critical information about a client or the organization operations (Aşuroğlu & Gemci, 2016).
In order for the information security system to be stable enough, the organization should engage three building blocks of information security that include confidentiality, integrity, and availability. Confidentiality is an important aspect of information security since it involves keeping certain information as a secret. Confidentiality in the organization will ensure sensitive information such as bank account statements and trade secrets is only accessed by authorized personnel (Ghahrai, 2019). The organization should be able to maintain the integrity of information. Integrity means that the information being sent is received in an exact form that it was sent without being compromised during the transit. The other aspect of information security that the organization should consider is the availability of information. Availability means that the data would be available for access by the authorized parties whenever required (Ghahrai, 2019).
Information security faces another of threats from malicious software. Some of the most common malicious software attacks include virus which has the ability to affect the computer system through programs on the host computer such as videos and songs, or they can be travel through the internet to the host computer (Garg, n.d). Worms are another threat to information security. Worms self-replicate themselves through the network and can easily move from one computer to another if the computers are connecting to the same network. They mainly affect the computer functioning by slowing down the performance speed of the computer. The last threat is the Trojan horse which conceals themselves in the computer software. They are capable of stealing information or providing a backdoor gate for other malicious programs without user knowledge (Garg, n.d).
Cloud computing faces serval security challenges such as loss of data through malicious attacks, accidental deletion of data results to data results to permanent loss of data, and through catastrophic incidences like fire; the other challenge of cloud computing is advanced persistent threats which take place over a longer period of time directed to a specific target such as user data. Cloud computing also poses a high risk since it keeps all the data at the same place. This can be disadvantages to an organization if the cloud account gets hijacked (Devi, 2018). Cyberterrorism can be defined as the use of computer systems, programs, and data to course violence against noncombatant targets. Cyberterrorism can course significant economic damage, disrupt communication and supply lines, and degrade the national infrastructure. MyDoom virus can be considered as an example of cyberterrorism. Information warfare can be described as an attempt to manipulate information in pursuit of a political or military goal (Alexander & Swetnam, 2000). The most common example of information warfare is propaganda which can be posted on the internet by a group who want people to believe in their belief.
In conclusion, the CEO of the organization should be able to look at the current situation of the organization and consider the possible risks that might be facing the organization that has been listed. It will be, therefore, important for the CEO to increase awareness and priority of information security across all levels of the organization.

References
Alexander, Y., & Swetnam, M. (2000). Cyber Terrorism and Information Warfare: Threats and Responses. Transnational. Retrieved from https://www.researchgate.net/publication/267637417_Cyber_Terrorism_and_Information_Warfare_Threats_and_Responses
Aşuroğlu, T., & Gemci, C. (2016). Role of Ethics in Information Security. International Conference on Advanced Technology & Science (ICAT). Retrieved form https://www.researchgate.net/publication/307863852_Role_of_Ethics_in_Information_Security
Cobb, M. (2019). Increasing information security awareness in the enterprise. ComputerWeekly.co. Retrieved from https://www.computerweekly.com/tip/Increasing-information-security-awareness-in-the-enterprise
Devi, A. (2018). 7 Top Cloud Security Challenges and its Solutions (Infographics). Mercury Solutions Limited. Retrieved from https://www.mercurysolutions.co/blog/7-top-cloud-security-challenges-and-solutions
Garg, R. (n.d). Threats to Information Security. GeeksforGeeks. Retrieved from https://www.geeksforgeeks.org/threats-to-information-security/
Ghahrai, A. (2019). Confidentiality, Integrity and Availability. Testing Excellence. Retrieved from https://www.testingexcellence.com/confidentiality-integrity-availability/

Order | Check Discount