Policies and Standards of Information Security Programs CMGT/400

Policies and Standards of Information Security Programs Cost avoidance is the primary driver for a lack of design and implementation of security policies. An inherent problem, systemic amongst institutions both large and small ignores associated costs less evident than countering exploits. Notification laws require that companies inform consumers whose data potentially risked exposure. The average cost for reporting exceeds per person when considering data breach incurred fees as well. If the firm maintains 100 customers, each of which risked compromise, the costs to the enterprise for notification will exceed 130,000 per incident (Kissel, 2009). The costs do not account for more intangible detriments,...