Ethical and security issues of organization
CASE STUDY 3
The chief executive officers responsibility regarding the security and ethical issues should be no different from any other part of the business or executive , and also they should be involved not only because they continuously deal with financial, operational, and business risk decisions. They also need to know more information to make fact based decision that will expose the organization to regulatory compliance issues, risk to the business reputation, or decrease the efficiency and effectiveness of the organization’s capability to produce because when launching a new product or service, if there is not a clear understanding of the security risks the organization could end up closing its doors due to the lack of controls. Many chief executive officers today should be aware of the security risks of their organizations which create financial and public relations nightmares related to the loss of information. They should continue to take their time to understand the ethical and security issues of the organization, and ensure that appropriate responsibility is designated for reducing risk.
Organizational culture is defined as a system of knowledge, of standards for perceiving, believing, evaluating and acting that serves to relate human communities to their environmental settings. The reason why a chief executive officer’s action affects an organizational culture is because one of their primary responsibilities is being a strategic leader who creates and maintains the organizational characteristics that reward and encourage collective effort. In addition, for example the former chief executive officer of Microsoft Bill Gates had a lasting impact on organizational culture through the transformation of his initial beliefs and values into basic underlying assumptions. His initial beliefs and values where proven successful over a period of time which became embedded in the organizational culture, and will continuously be taught to current and new members as the correct way to think and believe in certain situations. What leaders pay attention to, measure and control. Something as simple as what is emphasized or measured, over time, can have an effect on an organization’s culture. One example of this is an emphasis on form over substance. If leaders pay more attention to form, an organizational culture can develop where people start to believe that the substance of a recommendation is less important than the way it is presented.
Non technical industries if at all they need to worry, they need to worry about not having the necessary technology for example, when you look back at other major business technologies, from rail transport to electricity, you see that when they switch from being potential sources of advantage to mere costs of doing business, the key for successful management shifts from aggressive innovation and investment to careful cost and risk management. And I think that’s true with technology as well. Even if you can’t gain an advantage from information technology, you can certainly put yourself at a disadvantage by spending too much on it or by otherwise mismanaging it. As I said, I think the essence of successful management is being able to draw distinctions, and if no one can distinguish technology from information from talent, then you’ve got a big managerial problem. I think that even some of the business uses of technology are becoming, in effect, commoditized. The nature of technology means that when you commoditize the technology, in most cases you’re also commoditizing the business process that runs on it, and even the information that runs through it.
Information technology decision-makers face daunting challenges to provide and maintain inter-networked systems that ensure organizational mission success despite sophisticated computer network attacks. Exacerbating this situation, the extremely dynamic threat environment for Internet-based systems requires regular re-evaluation of organizational operations and systems in light of changes in attacker activity or, simply, an improved understanding of threats. Unfortunately, current technology provides little help in determining how attacks affect the survival of what is important to an organization and maintaining a survivability strategy as the threat environment evolves. This project develops methods and tools that help model and analyze an organization’s threat dynamics and that improve the organization’s security, survivability, and resiliency in light of those dynamics. We define threat dynamics as the study of the impact of an organization’s threat environment on the ability of the organization to achieve its mission objectives. Evidence from a comprehensive study of insider threats indicates that executives, at times, make decisions that are intended to enhance organizational performance and productivity.
Lastly, The CTO, CPO, OR CSO all possess the ability to think effectively in abstract terms, the ability to deal with ambiguity, and strong leadership and team building skills since long term success requires accomplishing far more than one person can do alone.
- By measuring the effectiveness using the same metrics that are used to measure the business. The tools that are used to drive the business success must be technical ones. They should also include technical expertise, technology leadership, and use of information technology for strategic gain. For example, as failure cases come in just like the one a customer finds, requires that they have a unit test in place for that particular issue so that you can start building a field failure regression test suite.
- Rules should be set up for new enhancements that incorporate unit testing. Picking both the enhancement and the developer to do it in the same manner would produce a productive code review. This way everyone can learn. Once the pilot is done and the first code review complete with unit tests is complete, then everyone should be required to do it to make sure they are adopting some discipline and unit testing.
- They need to manage policies and procedures on how individual businesses handle and protect its client data which encompasses a wide variety of information, such as personal e-mail addresses, account balances, credit scores, purchasing history and Social Security numbers. Participate as a key team member in responding to and managing incidents resulting in the loss or potential compromise of personal data by the organization or its service providers.
- They should assist in assessing privacy-related risks throughout the organization and promotes strategies to mitigate these risks through the development and implementation of infrastructure, standards for the collection, use, and sharing of personal information, vendor requirements, training, and other appropriate mechanisms.
References
- http://managementhelp.org/org_thry/culture/culture.htm
- Title: Legal Issues, Ethical Issues, Privacy, and Security
URL: http://webliminal.com/Lrn-web09.html - Jeffrey Rothfeder. 1992. Privacy for Sale: How Computerization Has Made Everyone’s Private Life an Open Secret. New York: Simon and Schuster.
http://www.privacyrights.org/ar/ChronDataBreaches.htm.
Questions:
- Explain why understanding technology, especially in the areas of security and ethics, is important for CEO. How do a CEO’s actions affect the organizational culture?
- Identify why executives in non technological industries need to worry about the technology and its potential business ramifications.
- Describe why continuously learning about technology allows an executive to better analyze threats and opportunities.
- Identify 3 things that CTO,CPO, or CSO could do to prevent the above issues which stolen privacy proprietary information, sexual harassment, stolen trade secrets.