issc680 discussion responses

I need responses for the below two students discussion. Responses should be at least 150 words, APA format.

Student one:

Why is an information security program important?

It’s important for both regulatory and ethical reasons. The government may require you as an employee to uphold certain security standards for private information under HIPPA laws. But a more foundation reason would be ethical or even constitutional. In the very constitution, the right of privacy is secured in the fourth amendment, and information security is a modern way of either safeguarding that right or exposing it.

Developing a detailed security policy may be required by a regulator if an organization is found to be non-compliant (Peltier, 2014, p. 9). This agreement is often a complex legal document that stipulates actions that both employees and management must take.

I’d like to discuss one other important factors that relates to a winning security strategy. Achieving the goal of information security requires a commitment from all levels of management. The reason that all levels of management are needed is because you are only as secure as the weakest link in your chain. A vulnerability in one location can be used to access an entire system. A comprehensive progam can insure that there is no single point of failure or weak link.

Peltier, T. R. (2014). Information security fundamentals. Boca Raton, FL: CRC Press.

Student two:

Why is an information security program important?

An information security program is a program designed to implement security practices that protect an organization’s business processes and assets. An information security program is ever evolving with time. As a result, you can see what security practices work and what can be improved. A good information security program assists with keeping company data secure, accessing risks, and having a disaster recovery plan. The consequences of not having an information security program are loss of business, loss of reputation, and even fines. For example if I know that I am doing business with an organization that has access to charging my card, I may stop doing business with them after a data breach. It is very important to keep consumer information safe as well. “The 2019 Deloitte Future of Cyber Survey, which counts among its respondents 500 C-level executives who oversee cybersecurity at companies with $500 million or more in annual revenue, finds three primary challenges that businesses face in implementing strong cybersecurity measures” (Sanders, 2019) The primary challenges in this survey were inability to prioritize risks among the organization, poor management and alignment on priorities, and lack of enough funding.


Sanders, J. (2019, March 4). 3 Reasons Businesses Are Still Failing at Strong Cybersecurity. TechRepublic.