Provide (2) 150 words response with a minimum of 1 APA references for RESPONSES 1 AND 2  below. Response provided should further discuss the subject or provide more insight. To further understand the

Provide (2) 150 words response with a minimum of 1 APA references for RESPONSES 1 AND 2  below. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that's discusses the responses.

DISCUSSION POST:

1. The security needs of small businesses are both similar and different at the same time to those of larger corporations. Regardless of the size of an organization, every organization requires to protect its information systems from the same type of vulnerabilities. For example, hacking, data breaches, infection of computer worms, or any other kind of cyber-attacks can be targeted at any organization despite its size. Therefore, when it comes to security, small firms need to invest in ensuring protection of their information as much as large corporations do (Aguilar, 2015). However, the size of the organization also determines how much is at risk for a specific organization as well as how much needs to be done to ensure security. Therefore, while a small firm with data belonging to a million consumers may need to take the same security measures as any big firm with billions of consumers, the big firm invests more to meet their security needs as compared to the smaller firm. Also, the bigger firm is likely to have a more complex system of managing information security while the process at a smaller firm may be more straight forward and streamlined than a smaller firm.

2. In the digital era, information security is a national goal. The Congressional Budget Office (n.d) explained that for national goals, the federal, state and local governments are authorized to make requirements of organizations including those in the private sector to meet specific security standards. The Unfunded Mandates Reforms Act works as a regulatory system to ensure that the unfunded mandates are realistic and reasonable. Therefore, I think that it is fair for the government for the government to require private organizations to comply with regulations that cost money. If an organization is not willing to invest in standard information security measures, it should not ask customers to invest private and confidential information either.

References

Aguilar, L. A. (2015). The Need for Greater Focus on the Cyber security Challenges Facing Small and Midsize Businesses.  Retrieved from https://www.sec.gov/news/statement/cybersecurity-challenges-for-small-midsize-businesses.html

Congressional Budget Office. (n.d). CBO’s Activities under the Unfunded Mandates Reform Act. Retrieved from https://www.cbo.gov/publication/51335

RESPONSE 1:

Great job on your insightful post this week. I read it and I totally enjoyed reading it. I like the way you have made it simple to understand and relate to. I could not agree with you more on the fact that the security needs of small businesses are both similar and different at the same time to those of larger corporations. Just as you have said, regardless of the size of an organization, every organization requires to protect its information systems from the same type of vulnerabilities (your post). I believe that the complexity of security systems is what differs and not the reason for installing such security systems in the first place. This is part of the reason why big firms will have complex security systems as opposed to smaller firms. According to you, however, do you think there is need for smaller firms to invest a lot in security needs like the big firms considering the fact that they both protect their systems against the same forms of attacks and vulnerabilities? Why or why not? Pertaining to your second question, in as much as I agree with your point that what the government is doing is right, I also do not agree with you on the fact that the level of investment in security determines the number of users or consumers. You have mentioned that if an organization is not willing to invest in standard information security measures, it should not ask customers to invest private and confidential information either. I agree with you here, but don’t you think that forcing businesses to invest in expensive security regulations is unfair? Why or why not? Again, great job on your post and looking forward to hearing from you.

RESPONSE 2:

Great post and information this week. This is the last week of class, Yay! I echo your thoughts that the security needs of small businesses versus larger corporations are similar, why wouldn't they be? You are right that the size of the organization does not matter, security is security, period! I think about my job as far as security and we have some of the same concerns that larger schools have although we are smaller in size, it doesn't matter, we are all at risk for some of the same issues like breaches, loss of data, data theft, and hacking.

Information security is a national goal and concern. I am getting my degree in Cyber Security and through the courses, I have taken already, I understand why information security should be a concern on the national level. I have reviewed the North Carolina state standards for information security and compliance in regards to my current job and I can say we are somewhat compliant. We have just put into place our disaster recovery plan and business continuity plan so we are ahead of the curve as far as plans go. 

Are you part of your organization's DR or BCP plan? Are you aware of your organization's security goals?