Professional Documents
Culture Documents
SCMT 553 D001 SUMMER 2021 Short Essay
SCMT 553 D001 SUMMER 2021 Short Essay
money saved by preventing serious or critical incidents, retail shrinkage, and training that
prevents lawsuits will more than justify its existence. Security isn’t a one-size-fits-all
solution, and it must be customized to suit the industry, assets, or personnel it protects.
Even though corporate security can have a myriad of functions within any organization, it
should have several primary functions that are crucial to maintaining a business’
continuity and safety. Today, one of the biggest issues that businesses face is finding
ways to secure their technology, prevent data breaches/leakage, and prevention of ransom
“CSO” for short. The first and probably not as obvious to the position as people would
think is that a CSO provides a liaison between different departments or sections and will
ensure that they work together to maintain proper security posture within the
organization. Having the ability to get people to work together is a rare skill that
security functions is paramount for the position, Zorz (2018) writes how “people skills,”
or the ability to justify security positions to those who often times would rather just pay a
fine and be done with it when faced with the two decisions; is something that can provide
long-term dividends because those fines can add up or turn into something more serious
if the issue makes it to court. A good CSO keeps the organization out of the courtroom
Never has there been such a demand to secure non-physical assets as there is
today. Many businesses in the modern world now possess just as many digital assets as
they do physical ones, or they rely heavily on digital transactions for their profitability.
This shift from physical assets to digital and non-physical assets has caused corporate
security to shift towards the use of technology to bring the cost of personnel down, to
increase efficiency, and to increase their skillset in the realm of information security.
enterprises/businesses (SMEs/SMBs) because they usually have far more limited assets
than that of a larger organization or their business model relies more on digital assets that,
finances. Weak corporate security, as Bada & Nurse (2019) point out; is often due to the
Another thing to consider is the human aspect of how cybersecurity plays a large
Phishing, spear phishing and whaling attacks are all “white-collar” crimes that can
are trained to realize they have a direct role in maintaining and protecting an
2016) While many of the laws have evolved to address the prosecution of these issues, it
SECURITY FUNCTION 4
their assets.
but typically, as either a counterpart or subordinate; an expert in the field is sought out
and hired for the job of Chief Information Security Officer (CISO) or Chief Information
Officer (CIO). This is especially typical for larger businesses because of the many roles
that a CSO already has, a CISO can place their primary focus on maintaining the digital
(SME) explain and justify the reasons why it is important and how it plays a part in
maintaining profitability in the overall scheme of things. (OAS, 2015) (Zorz, 2018) Last
year, the FBI noted (2020) that the number of cybercrime complaints rose by 69%
totaling 791,790 and resulting in over $4.2 billion dollars in losses. For comparison, a
large business such as Wal-Mart has a market cap of $382 billion dollars so that would
only be about 1% of their total worth, however; a smaller business such as Petco has a
market cap of $6.5 billion dollars making that kind of loss almost two-thirds or 67% of
Gelbstein (2015) when he notes $5 billion dollars in cybersecurity was spent by the
Department of Defense, however; when breaking it down “year per employee” it rounds
out to be a daily cost of around $2.50 dollars per employee. This cost is miniscule in
SECURITY FUNCTION 5
comparison to what it could cost in legal fees, ransoms, or the cost of having to go back
and “do things the right way” if proper security protocols are not followed or
Conclusion
There is no easy way to justify the cost of corporate security, especially when
security isn’t directly associated with generating revenue or profits. Gelbstein (2015)
argues that a CSO may end up having to identify the difference between an investment
and an operational expenditure so those making the financial decisions can better
understand where to pull money from and why it is necessary in the first place. Zorz
(2018) outlined how companies that choose to adopt new technology and upgrade their IT
Failing to do so can have massive fallout such as data loss, intellectual theft, digital
finance theft, or denial of access that lead to ransoms. In the end, this leads to higher
costs of having to react and deal with these issues as well as paying for the upgrades in
technology that should have been implemented in the first place. (Gelbstein, 2015)
SECURITY FUNCTION 6
References:
Bada, M., & Nurse, J. R. (2019). Developing cybersecurity education and awareness
programmes for small- and medium-sized enterprises (SMEs). Information & Computer
Security, 27(3), 393-410. doi:10.1108/ics-07-2018-0080
Bada, M., Sasse, A.M. and Nurse, J.R.C. (2015), “Cyber security awareness campaigns: why do
they fail to change behaviour?”, The International Conference on Cyber Security for
Sustainable Society, SSN+, pp. 118-131.
Federal Buerau of Invesitgation. (2020). Internet Crime Report 2020 (Rep.). Retrieved October
3, 2021, from Federal Buerau of Invesitgation website:
https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf
Gelbstein, E., Ph.D. (2015). Return on Security Investment— 15 Things to Consider. ISACA
Journal, 1, 1-5. Retrieved October 3, 2021, from https://www.isaca.org/resources/isaca-
journal/issues/2015/volume-1/return-on-security-investment15-things-to-consider
Webull.com. (n.d.). Investing in Stocks, Trading, Online Broker and Research the Market.
Retrieved from http://www.webull.com/
Zorz, Z. (2018, July 02). The modern CSO: Future-proofing your organization in a disruptive
world. Retrieved October 3, 2021, from
https://www.helpnetsecurity.com/2018/07/02/modern-cso-george-gerchow/
SECURITY FUNCTION 7