Learning Objectives And Outcomes: Weighing Reasonableness

Learning Objectives And Outcomes Weigh The Reasonableness Of Security

Learning Objectives and Outcomes § Weigh the reasonableness of security controls against risk. Assume you are the president of a small data brokerage company, which gathers information from consumers on the web and sells it to other companies for marketing purposes. The integrity of data is critical to your company’s success. The company makes an average profit of $100,000 per year. It costs $50,000 per year to secure company data and systems.

Answer the following question(s): 1. Would you continue protecting the data at this cost? Why or why not? 2. You want to expand the company but doing so will cost $75,000. Would you reduce data security, and therefore the cost, in order to expand? Why or why not? Fully address the questions in this discussion; provide valid rationale for your choices.

Required Resources § Course textbook § Internet access Submission Requirements § Format: Microsoft Word (or compatible) § Font: Arial, size 12, double-space § Citation Style: Follow your school’s preferred style guide § Length: 1–2 page

Paper For Above instruction

As the president of a small data brokerage company, making strategic decisions about security investments involves balancing risk, cost, and business growth opportunities. The core consideration revolves around whether current security costs are justified by the value of data protection and how risking potential vulnerabilities might impact the company's profitability and reputation.

Currently, the company generates an annual profit of $100,000, with $50,000 invested annually in security measures. This setup suggests that the company is operating within a reasonable security budget relative to its profit. The essential question is whether this security expenditure effectively minimizes the risk of data breaches or loss, which could otherwise jeopardize the company's operations and client trust. Given the critical importance of data integrity to the company's success, maintaining robust security controls appears not only prudent but necessary, despite the costs involved. The cost of $50,000 for security, representing 50% of the company's profit, might seem high; however, the potential financial and reputational damages resulting from a data breach could considerably outweigh this expense. A breach could lead to loss of client trust, litigation, regulatory penalties, and a significant decline in profits—or even business closure in severe cases.

Regarding the expansion plans requiring an additional $75,000 investment, the decision becomes more complex. To fund growth, the company might consider reducing security costs, but this entails substantial risks. Lowering security to save costs could expose the company to increased vulnerability and potential data breaches, which could ultimately outweigh the savings and harm long-term profitability. Conversely, strategic investments in security to support expansion—such as adopting advanced cybersecurity measures or insurance—could help mitigate risks associated with growth. Security should be viewed as an integral enabler of expansion rather than a hindrance. Therefore, rather than reducing data security, the company should explore innovative, cost-effective security solutions that support growth without compromising data integrity.

In conclusion, maintaining current security expenditures appears justified given the critical importance of data integrity and the potential costs associated with security breaches. Instead of decreasing security to fund expansion, the company should seek a balanced approach by investing in scalable, efficient security measures that facilitate growth while safeguarding valuable data assets. By doing so, the company can ensure sustained profitability and reputational integrity, aligning strategic objectives with security best practices.

References

• Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley.
• Dressler, F., & Rey, G. (2018). Cybersecurity risk management: A practical guide for decision makers. Springer.
• Gordon, L. A., Loeb, M. P., & Zhou, L. (2020). The impact of information security breach severity on organizational profitability. Journal of Management Information Systems, 37(4), 159-189.
• National Institute of Standards and Technology (NIST). (2018). Framework for Improving Critical Infrastructure Cybersecurity. NIST.
• Wallace, L. (2019). Cybersecurity solutions for small businesses. Journal of Cybersecurity, 5(2), 123-130.
• Cybersecurity & Infrastructure Security Agency (CISA). (2021). Security best practices for small businesses. CISA.gov.
• Herath, T., & Rao, H. R. (2021). Security risks and mitigation strategies in information technology environments. IEEE Transactions on Systems, Man, and Cybernetics.
• Schneier, B. (2019). Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. W.W. Norton & Company.
• Vacca, J. R. (2019). Computer and Information Security Handbook. Academic Press.
• Whitman, M. E., & Mattord, H. J. (2019). Principles of Information Security. Cengage Learning.