Application to Professional Practice
Identifying the best practices used by technology managers to minimize breach cases in data security is very important as it helps in addressing the goals that organizations have towards ensuring a secure technology and business environment (Barona & Anita, 2017). However, the findings obtained from this study are useful and can be used by organizations and companies in their practices to foster development (Forster, 2018). Based on the findings of the study, the most significant applicability may be to develop the best practices that are potential in assisting to minimize breaches in data security which in return, increases the performance of businesses (Abazari & Analoui 2019).
Moreover, the findings of this study can assist business managers in reducing the costs incurred in the efforts to respond to cases of breach of data security. Businesses in the United States have been incurring very high costs while responding to breaches to data security (Barona & Anita, 2017). In 2014, the average cost of data breaches was said to have risen by 11 per cent, which is equivalent to $6.5 million (Osei-Amanfi, 2018).
In the findings of my study, I introduced the applications that are potential to professional practice by determining the prevalent gap between the adoption of technology and the best practices of data security to address the effects of security data breaches on the performance of businesses (Li et al. 2019). Technology adoptions and security designs have impacts on the privacy of an organization’s awareness and best practice initiatives (Albadrany & Saif, 2018). Adoption of new innovations in technology has prompted conversations on security and privacy in organizations and business environments. Aligning the need for adoption of new technologies and perception of threats provides organizations with options to mitigate risks on security in an effective way (Sunyaev, 2020).
Out of the study sample, most of the respondents said that there is need for the development of common strategies that can be used in response to data security breaches that are in line with the objectives, technological adoptions, and information security details of the organization. Most of the respondents said that it would be necessary to ensure a balance between information security and the cultures of organizations. Initiatives of security awareness should be part of the culture of any organization (Cheng et al. 2017) because the consistency of any organization is a key factor of success in awareness on the security of organizational information (Ghambhir et al. 2018). Organizations that have high moral standards and self-control promote a deterrence security culture. An organizational culture that promotes effective policies on security, responsibilities, and procedures makes the security of information a natural aspect of the activities of employees (Vidal & Choo, 2017).
The findings of this study can be used to provide additional materials for information security managers to use in their efforts to champion for initiatives in protection of data in the organizational or business environment (Cheng et al. 2017). Corporations and governments all over the world face data security threats from external entities. However, implementing the best practices identified in the study findings can assist in the mitigation of the data security threats (Vidal & Choo, 2017). The study findings can also help technology leaders to reduce the protection cost incurred while protecting confidential data to promote the sustainability of the organization or the business (Manworren et al. 2016). Data breaches have many negative effects on stakeholders and stockholders in businesses. Therefore, it is a requirement for business managers to protect intellectual property, consumer data, and other types of information that are confidential (Sunyaev, 2020). The findings of this study can be used as a guideline by the business and organizational leaders to ensure the protection of such kinds of information.
Moreover, the study findings can contribute to educational research and the industry by reinforcing the employees’ roles in the protection of confidential information in the business or organizational environment (Vidal & Choo, 2017). The findings of this study are in line with the provisions of the systems theory in that all employees can play integral roles in the protection of confidential organizational data. Employees can play critical roles in the success of the initiatives of information security (Forster, 2018). The participants in my study recommended best practices that can be used in the promotion of effective communication of security procedures and policies, and increase the awareness of users on security through educating the employees continuously.
The findings of the study are relevant to improved business practice in the following ways:
- Businesses can use the findings to help them keep track of the state and federal laws and regulations that concern staff and customer information confidentiality and privacy.
- They can be used by organizations and businesses while conducting annual privacy and security risk assessment, quantify, and communicate the information breach risks from an overall organizational perspective and also in the implementation of staff awareness and training programs.
- To communicate with partners and third parties and to verify compliance to privacy policies;
- The findings can also be applied while developing incident response plans and designating a cross-functional response team.
- To implement a breach incident risk assessment process that is efficient, consistent, and provides sufficient guidance to meet regulatory requirements and approval from the council.
- The findings of the study can be used in measuring, tracking, and communicating the key security and privacy program performance risks and metrics.
Implications for Social Change
Majority of the breaches incorporate data lead to the theft of consumer data (Manworren et al. 2017). Because consumer data are a valuable asset to corporates, businesses have to implement best practices to minimize the rates at which data are exposed to threats. The findings of my study illustrate that when the best practices in data security awareness are implemented, employee awareness may be increased on the potential threats to data security, responsibilities, and vulnerabilities (Khan et al. 2019). The best practices could be implemented by business managers, to protect consumer data as well as corporate data against vulnerabilities and threats, and thereby decrease the financial burdens that befall consumers in their efforts to monitor information on finance and credit after a breach of security. About 5 per cent of the population of the United States in 2012 was a victim of theft of identity, which caused approximate damage of $12 billion (West & Zentner 2019).
According to my findings, limiting the adverse effects of data breaches on consumers which results from the theft of identity can affect the society as a whole (Elhai & Hall 2016). Additionally, since security breaches have a negative effect on stock prices, adoption of best practices can affect business market values, which can, in turn, affect employee retirement and pension plans, and also employee stock ownership and economic value. There can be implications in terms of tangible improvements to individuals, communities, organizations, institutions, cultures, or societies as the findings could beneficially affect social change and behaviours (Moffit & Steffen, 2017). The findings of this study can impact social and behaviour change in various institutions, organizations, businesses, as well as individuals. The internet cloud is changing our lives in many different ways. Although technology has been explained and commented on by many researchers, few studies have explained its implication on everyday social life (West & Zentner, 2019). The internet cloud, like never before, is seen impacting the world on many levels. The following are the areas in which the technology has a lot of implication and in which it has brought about systematic changes as per the findings of this study.
Social Impact: platforms such as Google and YouTube are a testimony to a shift in how individuals are interacting with each other. From the remoteness of the village to the global centre stage, an event can reach all parts of the planet by going viral (Khan et al. 2019). The findings of my study prove that “global” has reached its real significance and the emergence of the “citizen journalist” has been witnessed on the global stage. The internet cloud is beneficial to individuals as they can turn into an instant reporter. Live news feeds are constantly streaming the media. They, at times, spark social upheavals. It has been hard for individuals to look out for their long-forgotten friends and classmates from social websites and networks. However, data breaches are not only in corporate information but also in individual social platform accounts (Elhai & Hall, 2016). Cybersecurity has been an issue of concern on social platforms such as Facebook. People have been hacking others’ accounts and using them to commit a crime. The study findings can be used to assist in identifying measures to curb the cause and effect of personal account data hacking. Politicians and public figures are now turning to social engines like Twitter to get a feel of the community and convey their views while bearing the influence and pressure from the groups they are leading and looking at. Their twitter handles can also fall under unsafe hands or be hacked and be used to spread hate speech (Moffit & Steffen, 2017). Using the findings of my study can make social media users access sophisticated analytical abilities. Businesses are also using consumer data from the social media platforms as well as the cloud-based information to get better insights on potential services, innovations, and customer requirements.
Another social implication of the findings of this study is on educational institutions (Khan et al. 2019). These institutions have been quick to realize the benefits of the internet cloud and have adopted it for many reasons (Moffit & Steffen, 2017). Some of these reasons include the ability for students to access data anywhere anytime, to enrol in online classes and to participate in group activities, the value of combining business automation processes to streamline subscription, class enrollments and assignment tracking, thus reducing expenses significantly, and the benefit of billing of processes and charging for activities that are and those that are not related to education (West & Zentner, 2019). The study findings provide guidelines for institutional managers and leaders to take the right measures to manage their internet cloud and protection of the consumer, institutional, and student data from falling into unsafe hands (Khan et al. 2019).
The internet cloud has also been used in the healthcare industry. Some of the examples of the ways in which the internet cloud has been used in the healthcare industry include: managing patient data and sharing it among medical professionals and patients checking their own status and follow-ups; and implementing a quick solution in a secure environment that complies with the Health Insurance Portability and Accountability regulations (Moffit & Steffen, 2017). The findings of this study can be used by all parties in the healthcare industry that use the internet cloud to protect their data sources from security breaches.
Recommendations for Further Research
The limitations of the study included unknown factors where the participants work that could have biased their responses, limiting the study to seven companies in the defence contractor industry within the Washington D.C. area, participants not having the appropriate knowledge to make informed responses, and obtaining data from information security managers in a limited geographic area in a particular industry.
The major limitation of the study was that I focused on a small sample size within a small geographical area. I recommend that future researchers might consider a larger sample size on different industries from different geographical areas and regions in the United States. The other limitation is that the participants might not have had the appropriate knowledge to make informed responses. Further studies might involve participants with experience from diverse backgrounds to ensure reliability in the responses made.
Qualitative researchers might examine the nature and extent of the relationship between the styles of technology leadership and the adoption of initiatives of security of information (Cheng et al. 2017). The findings of my study showed that there is the need for leaders or managers in technology to be champions in the list of champions of the security of their organizational data and to promote a positive outlook on data and systems security. Also, future researchers might expand the findings of my study by examining the effect of the culture of organizations on the governance of information security (Khan et al. 2019). By developing policies that are in line with the culture of the organization, promoting security awareness, and adapting operations of the organizations based on technological innovations and trends, technology leaders can develop further strategies to minimize data security breaches to increase the performance of businesses and consumer data protection (Barona & Anita, 2017).
After the findings of this study, a multiple case study might be designed explore a bigger sample area which will show a more accurate assessment of the proper protocols to protect cloud-based data from security breaches within a different geographic location. In addition, it will be of interest to future researchers to explore protocols and frameworks different Government agencies or private companies outside of the aerospace defence industry implement. By studying the outcomes of my research, leaders within the defence contractor organizations might develop proper protocols to protect cloud-based data from security breaches in order to improve organizational profitability.
Moreover, researchers in a similar future study might have to inform the participants days earlier before the actual research. This is called informed consent, and it is an ethical issue in research. It provides participants with sufficiently detailed information on the study so that they can prepare to make an informed response. To help the participants prepare, future researchers might have to inform the participants on the purpose of the study, the expected duration, the procedures of the study, information on their right to withdraw or decline, the foreseeable effects of withdrawal or declining, potential risk, discomfort, or adverse effects, the benefits of the research, and incentives such as rewards or payments. This will make the participants willing to participate actively and produce the best findings of the study.
Also, I would recommend it that future researchers in the study breach of data security in the internet cloud, to conduct preliminary research on the factors in the organizations where they will conduct the study. Although it may look like they will be researching on a topic they are sure of; it will help reduce the cases of biased responses and improve the accuracy of the study findings. Future researchers might also have to conduct the study across departments in organizations where they carry out the study. They might have to consider the composition of the study sample based on factors such as gender. A balanced study sample might be required. By “balanced” it means that both genders should be considered as well as people with disabilities. Overall, when choosing the participants in future research, researchers might have to consider all factors applicable.
Future researchers should not have to limit their study on only a few companies in a single industry. Diversity in terms of companies and industries when choosing the businesses to dwell on in the study. Although it might be a challenge in terms of the costs incurred while travelling from one geographic area to another to study on an industry or company, it is important to consider several industries as factors for, and issues of data security breaches differ from industry to industry. This will help in the attainment of reliable results. Once this is done, the findings of future research will represent the views and experiences of information security managers and research participants in different geographic areas.
References
Barona, R., & Anita, E. M. (2017, April). A survey on data breach challenges in cloud computing security: Issues and threats. In 2017 International Conference on Circuit, Power and Computing Technologies (ICCPCT) (pp. 1-8). IEEE.
Li, Q., Zhao, J., Gong, Y., & Zhang, Q. (2019). Energy-efficient computation offloading and resource allocation in fog computing for the Internet of Everything. China Communications, 16(3), 32-41.
Forster, J. E., & Forster, L. (2018). Securing Cloud Computing (No. SAND2018-4791C). Sandia National Lab. (SNL-NM), Albuquerque, NM (United States).
Osei-Amanfi, M. (2018). A Case Study Exploration of Strategies to Avoid Cloud Computing Data Breaches (Doctoral dissertation, Grand Canyon University).
Abazari, F., Takabi, H., & Analoui, M. (2019). Hacking and Countermeasures in the Cloud. Security, Privacy, and Digital Forensics in the Cloud, 129.
Albadrany, A. O., & Saif, M. Y. (2018). Review on security challenges faced organization based on cloud computing. International Journal, 7(6).
Sunyaev, A. (2020). Cloud Computing. In Internet Computing (pp. 195-236). Springer, Cham.
Cheng, L., Liu, F., & Yao, D. (2017). Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7(5), e1211.
Ghambhir, F. A., Kazmi, S., & Rehman, M. (2018). Security Issues in Cloud Computing. International Journal of Computer Science & Emerging Technologies, 2(1), 19-22.
Vidal, C., & Choo, K. K. R. (2017, October). Situational Crime Prevention and the Mitigation of Cloud Computing Threats. In International Conference on Security and Privacy in Communication Systems (pp. 218-233). Springer, Cham.
Manworren, N., Letwat, J., & Daily, O. (2016). Why you should care about the Target data breach. Business Horizons, 59(3), 257-266.
Khan, F. S., Kim, J. H., Moore, R. L., & Mathiassen, L. (2019). Data Breach Risks and Resolutions: A Literature Synthesis.
Elhai, J. D., & Hall, B. J. (2016). Anxiety about internet hacking: Results from a community sample. Computers in Human Behavior, 54, 180-185.
Moffit, R. E., & Steffen, B. (2017). Health Care Data Breaches: A Changing Landscape. Maryland Health Care Commission, 1-19.
West, T., & Zentner, A. (2019). Threats and Major Data Breaches: Securing Third-Party Vendors. Available at SSRN 3532024.