Litigation
An information security breach that compromises data can expose a non-profit to litigation from donors, employees, vendors, and suppliers. Just like any other organization, records stored by a non-profit organization may contain confidential donor data, medical information, organizational data, and credit card information (Hrywna, 2007; Donohue, 2008). As a result of a data breach, donors of a non-profit may file a lawsuit to recover damages from exposure of their sensitive data (Brenner, 2007; Parry, 2005). Non-profit organizations do not comprehend the risk of losses due to an information security failure until they face a lawsuit (Nobles, 2008).
Implementing a Security Awareness Program
Based on the contents of the NIST Special
…show more content…
Carefully positioning the program sponsorship sends a clear message to the entire organization emphasizing the importance of the information security program. Additionally, approval from the senior management will ensure adequate resources for developing and implementing the awareness plan. (Wilson, M. & Hash, J,2003) Assemble a Team
Create a team with the following areas of expertise: Human Resources (HR), Legal, Technology, and other key business lines. The HR, Legal, and Technology team members will have a good understanding of the current policies related to information security. Moreover, such a team will be a fair representation of each area of the organization. Information Security Awareness needs to be an organizational-wide effort and must be presented in the same manner. (Wilson, M. & Hash, J,2003)
Assess the Environment
The security awareness team should review current policies and procedures to ensure that they are satisfactory and current. Strengths and weaknesses of each existing policy should be assessed. If there is an absence of sufficient policies, new policies should be developed. Policies must have a scope, intended audience, a clear instruction, and reasonable disciplinary action for violation of policy. (Wilson, M. & Hash,
Mr. Rapfogel was charged with conspiring to inflate insurance payments and keeping one million dollars for himself, most of which was stashed in his Manhattan apartment that he shared with his wife. Some of the money was funneled to politician’s campaigns, who then kept his nonprofit flush with government funding. The twenty year scheme is alleged to have skimmed five million dollars from the venerable charity. (Hawkins, 2013). The case was brought to light by someone known as a whistle-blower. A whistle-blower is a person who reports illegal activity of their employers or of their organization to authorities (Colorado State University-Global Campus, 2014). Cases such as this raise questions about nonprofit organizations and their ability manage finances and the oversight that may or may not be present.
For example, since they are not organized to pursue profits, nonprofits are more worthy of trust and therefore more reliable. Moreover, nonprofit comprise vast and growing sector of the national economy, and they are a vital partner with government to provide a wide range of social and human services. The American public will continue to value and support the nonprofit sector as long as it satisfies recognized needs not addressed by government or the for-profit sector. During the years, nonprofits sector provided historically valued services that public and private sectors failed to provide, and promoted new ideas, theories and policies to society. And finally, effective and appropriate use of technology is critical to maintaining a nonprofit organization 's accountability and relevance. A nonprofit should manage information with regard for confidentiality, safety, accuracy, integrity, reliability, cost-effectiveness, and legal compliance. A nonprofit should take the opportunity in incorporating the appropriate technology into its work to improve its efficiency, efficacy, and accuracy in the achievement of its
Over the last 20 years, there has been a significant increase in nonprofit and nongovernment organizations (NGOs) in the United States. With the increase in organizations, also came an increase in scandals and in the 1990’s multiple nonprofit and nongovernment organizations lost the public’s trust due to misuse of funds, lavish spending, and improper advances to protected populations. These charity scandals not only hurt direct organization’s reputation, but also led to the mistrust of nonprofit and nongovernmental organizations as a whole (Sidel, 2005). To combat these reputations, NGOs and nonprofit organizations began to self-regulate through employing morally obligated and altruistic employees, accountability practices, and lastly through
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
On September 11, 2001, the terrorist attacks on the World Trade Center in New York and the United State’s Pentagon led to a chain of events that made Americans question their safety and security. Soon after, as an attempt to prevent future terrorist attacks Congress passed the U.S.A. Patriot Act, which stands for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism, the act was signed off by President George W. Bush. According to the Congressional Research Service, the act grants federal agents and law enforcement “greater powers to trace and intercept terrorists’ communications both for law enforcement and foreign
Since the attack on 9/11, it has been the Department of Justice's priority to prevent terrorist attacks and protect the lives of Americans. The USA Patriot Act was proposed in response to 9/11. It was signed into law by President George W. Bush on October 26, 2001, nearly one month after the attack. Under this Act, Congress took existing principles and added to them. The Act was passed almost completely unanimously by the Senate 98-1 and in the House of Representatives, 357-66. The Patriot Act enhances law enforcement and improves our counter-terrorism efforts in many ways- It allows investigators to use tools already available to investigate organized crimes, makes information sharing easier, uses new technology for modern threats, and it increases the penalty
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
Security is the state of being free from danger or threat. The increase of terrorism in America had aroused a legislative request for heightened security. Strengthening security would also lead to invading Americans' privacy. Privacy is the state of being free from being observed or disturbed by other people. While numerous people feel that security for the whole nation dominates over the privacy of an individual, many others think that heightened security measures will invade their personal privacy and will allow the government to exceed moral limits. Regardless to the political circumstances or the climate, protecting individual rights is predominant to strengthening security in several ways. Americans constitutional rights would be taken away and people would no longer feel safe anywhere if they believed that someone was always watching them. Also, protecting individual rights is paramount to allowing the government to overstep their boundaries and abuse their power. Documents A, B,
In the aftermath of terrorist attacks on the United States on September 11, 2001, citizens became increasingly concerned with their safety and the protection of their civil liberties leading to an increase in security, measures both nationally and internationally. Civil liberties are defined as “the right of people to do or say things that are not illegal without being stopped or interrupted by the government” (Merriam-Webster). The issue arises when the government invades these liberties, specifically privacy, to protect citizens from terrorist attacks and other preventable incidents. There is a very fine line between too much interference and not enough; everyone wants to be safe without compromising their privacy.
Some of the largest brand names on the Internet have fallen victim to cyber attacks, which led to the personal information of millions of users being exposed. There are thousands of companies all over the world making online transactions every day. This means that the number of potential risks is steadily on the rise. You cannot rely on your company’s general liability insurance policy to be adequate to cover the damages if a data breach ever occurs within your system.
Increasingly, not-for-profit organisations have taken to emulating the moneymaking practices of corporations. This trend has three primary causes: the decrease in funding from the public sector, the increase in competition for funds among an expanding number of not-for-profit organisations and the rise in funder pressure for not-for-profit organisati...
Management buy-in, establishing policies and updating them regularly, identifying and communicating the security awareness goals and message clearly and often are some of the ways which organizations can achieve higher levels of security awareness a stronger security
Fraud in charitable organizations occurs when legitimate organizations or the individuals working for the organization misuse donations, or when illegitimate organizations or individuals collect donations on behalf of a sham organization. Perpetrators of charity fraud prey on the generosity of their donors through a variety of means. Some individuals may try to get the attention of a passerby on the street requesting cash for the hungry or disabled while others may use telemarketing scams in which the perpetrator tries to convince the potential donor of their legitimacy and the immediacy of financial need for a worthy cause. Yet, the most u...
The Policy problem I want to focus on is Computer Security specifically data breaches. For the last 15 years, cybercrime has grown dramatically with the continued advancements in technology and the digital age and is now a major issue for everyone. Since I am a Computer Information Systems major, this topic is of great interest to me and one which I will be following closely throughout my career.
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.