Critical analysis needed 1

profileJohn_matt
example_of_critical_analysis.docx

Class,

I'm providing a recently example of a critical analysis written by Dr. Valorie King.  This example is based on the 1st case study for this class, CSIA 350.

I think most of you have a good idea of what's required for the case studies, but use the information as you need.  I will continue to grade appropriate.

A Critical Analysis (CA) is a discussion response that has an introductory paragraph, an analysis section (around 3 paragraphs or so), and a brief summary. For Case Study #1, a really good CA would have looked something like this:

There are many reasons why a business should invest in cybersecurity products and services. In [her / his] essay, [student name] addressed ethical principles which drive such investments. While ethics are important, the business needs and requirements for IT security must also be considered. In this critical analysis response, I would like to take a deeper look at three important points which drive businesses to invest in IT security.

First, consider the question of the Business Benefits of IT Security products and services. Businesses exist to make a profit (Vitez, 2016). Making a profit requires that losses and unnecessary costs be avoided. This is where the business benefit of IT security products comes into play. An anti-virus product can prevent a malware infection (Drew, 2011). Spending some money to buy an anti-virus product to prevent malware will save money in the long run since the business will not have to pay to cleanup malware infections on laptops, workstations, and servers.

Second, consider the question of Why an organization should invest in IT security technologies. This is very similar to the first question. But, in addition to the financial benefits (cost avoidance) there are also legal and regulatory reasons why an organization should invest in IT security technologies (Smedinghoff, 2005). Many laws require that companies use encryption to protect private information (HIPAA, FERPA, etc.). This is an IT security technology that a company may be legally required to purchase (invest in).

Third, consider Where an organization should focus its attention & why. Technology is only one type of investment that a company should make when it comes to IT security. Investing in people by hiring well qualified security professionals and then providing ongoing training is another area where a company needs to spend money to protect information, information systems, and information infrastructures (ISACA, 2009). Even the best IT security products need people who understand how to configure, test, and operate those products. For this reason, an organization should also focus its attention on hiring the best security professionals that it can afford. Then, the company should keep these people the best by investing in training.

In summary, there are many reasons why a business should invest in IT security and why those investments should include both people and products (technologies). But, the bottom line is that a business needs to make a profit to stay in business. Investing in IT security products is an important part of protecting profits and avoiding unnecessary costs.

References

Drew, J. (2011, August 30). The benefits of having anti-virus protection. TopTenReviews. Retrieved from http://anti-virus-software-review.toptenreviews.com/learning-center/the-benefits-of-having-anti-virus-protection.html

ISACA. (2009). An introduction to the business model for IT security. Retrieved from http://www.isaca.org/knowledge-center/research/documents/introduction-to-the-business-model-for-information-security_res_eng_0109.pdf

Smedinghoff, T. (2005, November). The new law of information security: What companies need to do now. The Computer and Internet Lawyer Journal, 9-25.

Vitez, O. (2016). What are the effects of profit or loss in a business organization? Houston Chronicle. Retrieved from http://smallbusiness.chron.com/effects-profit-loss-business-organization-824.html