SCIT IT Security and Risk Management Report: Autumn 2020

This report, prepared for a course on Information Technology Security and Risk Management, explores the critical intersection of information security and ethics within business contexts. It begins by defining and highlighting the importance of due care and due diligence in establishing effective security strategies, emphasizing their roles in mitigating ethical and legal concerns. The report then delves into the differences between due care and due diligence, as well as policies and laws, providing a comprehensive overview of unethical and illegal behaviors, including ignorance, accident, and intent. It also discusses various methods for preventing illegal activities, such as deterrence, and outlines research methodologies used, including qualitative design, inductive approach, and descriptive content analysis. The findings underscore the significance of deterrence and the implementation of effective security policies to safeguard data. The report concludes by acknowledging limitations and suggesting avenues for future research, such as conducting surveys to gather fresh insights into ethical issues linked to information security. The report provides valuable insights into practical strategies for enhancing information security and addressing ethical challenges in business environments.