Information Technology for Managers

Student’s Name
Institutional Affiliation
Professor’s Name
Course Name
Date
 Information Technology for Managers
Question One

In the domain of information security, CIA defines confidentiality, integrity, and

availability. These three concepts underlie good information security measures. Confidentiality is

the key to the fact that information is only available to those who are authorized to access it

(Schwalbe, 2019). Integrity keeps data authentic and without alteration by unauthorized people.

Availability implies that information is available for all those who are authorized to use it when

required.

Bellow the organizational level, in a multi-layer security solution, there are several

security levels. Another such level is the network level where security measures such as firewall,

intrusion detection systems, and virtual private networks are being utilized to prevent network

penetration and data breach (Stair, R., & Reynolds, 2021). The next level of security is the

endpoint level, where antivirus software, endpoint detection and response (EDR), and data loss

prevention (DLP) systems are used to protect individual devices such as computers, laptops and

mobile devices from malware, data breaches and other security risks.

Question Two

At the organizational level, the security strategy in the CIA triad is based on the

implementation of policies, procedures, and technologies that guarantee the confidentiality,

integrity, and availability of information (Schwalbe, 2019). This involves the use of access

control to restrict access to sensitive data, data encryption for protecting the confidentiality of

information, as well as backup and disaster recovery solutions to enable availability of

information in the event of any disaster (Stair, R., & Reynolds, 2021). Organizations also carry

out recurring security audits and evaluations, to expose security risks and avert them. They may
also put in place security awareness training programs to make the employees understand the

security best practices and the significance of the protection of the sensitive information.

Question Three

Privacy is valuable because it safeguards personal details against unwanted access that

might cause identity theft, financial loss and other kinds of harm. Governments put in place

measures that are specifically for protecting privacy to solve this problem. A considerable

example of the regulation is the General Data Protection Regulation, implemented by the

European Union (EU) (Stair, R., & Reynolds, 2021). The GDPR is a very strict regulation in

terms of the way organizations deal with personal data, giving individuals more power over their

information. Furthermore, in the US, there is the Health Insurance Portability and Accountability

Act which establishes norms for the protection of health information. The HIPAA laws govern

healthcare providers and organizations to enact a strong security framework to protect the

privacy of patients in healthcare sector. These regulatory frameworks are the key to safeguarding

the privacy of individuals and the promotion of responsible data handling by the organizations.
 References
Stair, R., & Reynolds, G. (2021). Principles of Information Systems | 14th Edition. Cengage

Learning.

Schwalbe, K. (2019). Information Technology Project Management 9th Edition. Cengage

Learning.