The next level of security is the endpoint level, where antivirus software, endpoint detection and

response (EDR), and data loss prevention (DLP) systems are used to protect individual devices such as
computers, laptops and mobile devices from malware, data breaches and other security risks.

Question Two

At the organizational level, the security strategy in the CIA triad is to implement policies, procedures,
and technologies to secure the confidentiality, integrity, and availability of information. This is done
through the implementation of access controls, which will restrict access to sensitive information, data
encryption which will protect its confidentiality, and backup and recovery measures to ensure the
information availability in a case of disaster. Organizations regularly perform security audits to assess as
well as eliminate potential security risks.

Question Three

Privacy is significant because it guards individuals from unwanted access to their private data, which can
result in identity theft, financial loss, and other bad things. To deal with this issue governments have
applied a set of definite privacy-protecting procedures. A considerable example of the regulation is the
General Data Protection Regulation (GDPR), implemented by the European Union (EU). The GDPR is a
very strict regulation in terms of the way organizations deal with personal data, giving individuals more
power over their information. Furthermore, in the US, there is the Health Insurance Portability and
Accountability Act (HIPAA) which establishes norms for the protection of health information. The HIPAA
laws govern healthcare providers and organizations to enact a strong security framework to protect the
privacy of patients in healthcare sector. These regulatory frameworks are the key to safeguarding the
privacy of individuals and the promotion of responsible data handling by the organizations.