Ethical Practices for Cybersecurity Investments & Purchases
Moral and ethical requirements should serve as drivers which encourage a business to invest in or spend money on cybersecurity products, services, and programs.
You have been invited to participate in a round table discussion on the above topic at a conference on Best Practices for IT Security Management. For this activity you must prepare a 3 to 5 paragraph briefing statement which answers the following questions. You must use and cite information from the weekly readings.
- What is stakeholder theory? How does it drive requirements to spend money on cybersecurity products & services?
- How does social contract theory apply to purchasing requirements for cybersecurity products & services?
- Name and briefly describe 3 ethics issues that IT Security managers and staff may encounter when selecting and evaluating cybersecurity products & services. (Use examples to drive home your points.)
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
Sample Answer
Good morning/afternoon, esteemed colleagues. I believe moral and ethical requirements should absolutely serve as drivers for cybersecurity investments. Here’s why:
-
Stakeholder Theory: This framework posits that businesses have a responsibility to consider the interests of all stakeholders, not just shareholders (Freeman, 2019). In the context of cybersecurity, stakeholders include:
- Customers: Protecting customer data is paramount. Data breaches can severely damage customer trust, leading to financial losses, reputational damage, and legal liabilities.
- Employees: Cybersecurity breaches can impact employee privacy, disrupt work, and even lead to job losses.