Major Threats in Cybersecurity - Coursework Example

According to Setton and Girod (2008), most organizations choose to handle their malicious insider attacks privately without seeking recourse in courts or public opinion courts. The editors give the example of the California Law of Data Breach Notification which requires that whenever someone’s personal information gets compromised, organizations have to notify individuals. Such laws limit the distinction between outsider attacks and insider threats. Therefore, organizations need to distinguish between private action employed when detecting an insider threat and public action which includes criminal prosecution. Publicizing such action creates awareness among the employees of the seriousness of these crimes. Training employees adequately on security and dividing critical functions among them limits fraud or sabotage committed solely (Cappelli, Moore, Shimeall, & Trzeciak, 2006). In this separation of duties, the principle of least privilege ensures that one would be authorized for resources needed only.

Modern organizations strive to retain the best performers to sustain their competitiveness. But even so, business administrators look at ways of motivating their workforce without necessarily using any additional money. Cohan (2012) estimates less than 2% of total payrolls, equivalent to $ 38 billion as employee incentives in the US. Companies give low-value but meaningful gifts to their employees like t-shirts and mugs. Social rewards where workers’ rewards come in terms of verbal recognition and non-monetary points have been successfully used in companies like Achievers. Fisher also cites the provision of better training as another appropriate incentive (2005).

The controversies regarding incentives make this issue complex for there to be a valid universal conclusion on what to use. Muller (2010) cites various researchers who propose money as a key incentive because it enables the satisfaction of employee needs. While this opinion could be popular, researchers concur that the resultant motivation would only be short-term (Cohan 2012). But from my experience, giving better training to top performers would be the most appropriate incentive. The findings of Fisher (2005) suggest that most staff value the acquisition of new skills and support a need that if met would boost staff motivation. In as much as all staff need new skills, top performers could be given more elaborate training which would impart greater capabilities that would enable them to take up greater responsibilities in an organization. Since responsibility comes with proportionate employee compensation, most of the other incentives fall in place simultaneously. This form of incentive propagates the sustainability of the other accompanying incentives which when solely given would not be sustainable in the long run.

Auditing entails a comparison of evidence gathered to criteria set out for conformity (Pinero, 2012). Syracuse University Audit and Management Advisory Services (2012) provides five common types of audits in organizations. The operational audit aims at understanding the businesses of the organization and then evaluating the effectiveness of its internal control environment. Organizations also undertake compliance as a type of auditing aimed at evaluating how effectively the governing rules and regulations have been followed. In case of misappropriation of assets, investigative auditing would be conducted to unearth any possible frauds. The fourth type of audit referred to as information technology audit aims at examining the availability, integrity, and confidentiality of information in the information technology infrastructure. Finally, financial audit stands out as the most common of all audit types which aims at finding an expression of opinion on the data published in the organization’s financial statements.

Of all these four types, information technology audits could be considered useful as all other audits are pegged on the accuracy and reliability of the information retrieved from the system. For example, with correct storage of information and appropriate formulae in the database, the computation of various financial statements would be accurate leading to a positive financial and investigative audit. Operational and compliance audits also largely depend on the reliability of information technology.

With modern business operations heavily relying on the availability, reliability, and integrity of information systems, integrating auditing with technology would be important in data mining and computation. Lehmann (2012) gives an example of the IDEA software that not only assists in data mining but also in detecting fraud. According to Pinero (2012), audit components could be defined commonly in all types of audits. The author gives an example of ISO 14010 which was defined for Environmental Management System audits but became generic and applicable to other audit variations. Hence, there could be audit standards, not specific to a particular industry but all-inclusive. Read More