Question

Identify any applicable federal, California, and New York state laws imposed on businesses when PII is stolen

2. Determine whether the board members’ sentiment that not purchasing the $1 million in software security is an acceptable risk?

3. Make a compelling argument as to whether or not a shareholder vote is needed to implement a $1-million-dollar security software program. Make sure to justify your reasoning.

Answer 1

The impression of not putting one million dollars in cyber security is a reasonable risk:

Accomplishing an acceptable standard of security requires more than adopting the rules or enforcing prescribed procedures. Company wants to define its own concept of "adequate." The number of steps that an entity has to take to limit security risk to a reasonable degree depends on the interest at risk and the implicat if the risk is significant.
Through determining how much and in what respects their company relies on internet access, IT systems, and digital content (including mobile applications) for business success and longevity, safety-conscious leaders will help decide the degree to which policy and management decisions can take into account the protection of those properties.
The definition of appropriate protection is essentially synonymous with risk tolerance and risk control. An company can enforce controls that meet the security needs of its essential business processes and equipment, where possible. Where that is not feasible, security threats to these systems and facilities should be established, minimised, and handled at an organizationally appropriate degree of residual risk.
The risk tolerance of an entity can be described as the amount of risk a body is willing to tolerate at a specific level in search of profit (and its mission). Risk management impacts the company community, working style, policies, distribution of capital, and facilities. Risk perception is not a constant; it is affected by changes in the environment, and must be modified.

Based on the severity of data security, it is believed that its not a good decision to not purchase the costly security software as this would significantly put the organization behind in terms of data security and privacy.

In light of the above remarks, I believe it is important to have a shareholder vote is for executing a $1-million-dollar security software program. The board members decision to not implement the costly security can be a high risk that the organization is taking.