What should employees do if they discover unethical or illegal behavior? Should they raise concerns without fears of retaliation?
Employees are doing a favor for the company and its stakeholder by raising concerns about unethical or illegal behaviors. One day or the other, the act will come to light, and it will cost the company its reputation on top of legal suits, regulatory penalties, settlement costs and loss of market share.
The latest on Volkswagen (VW) diesel emissions scandal is that “Volkswagen has agreed to pay almost $15 billion to settle claims in the United States, and it must buy back or fix affected vehicles by December 2018. As part of the settlement, more than $10 billion has been set aside to buy back the roughly 475,000 Volkswagens and Audi A3 models that have 2-liter engines.” (Gates, Ewing, Russell, & Watkins, 2016) Continue reading “Reporting Illegal or Unethical Behavior”
Information security is both a management issue and a technology issue.
The management of an institution could be the owner or custodian of the data that their information security program is trying to protect. They need to ensure that the systems they employ execute all the functions on the data as they are supposed to while ensuring the data is not leaked to unauthorized personnel. “Primary mission of an information security program is to ensure information assets-information and the systems that house them-remain safe and useful” (Whitman & Mattord, 2014)
Management is responsible for the reputation of the business, it’s proper functioning, the data it holds, and safeguarding the technology it uses. However, all these could be impacted if the technology that they deploy do not meet the requirements – functional as well as non-functional. Technology is only a tool that facilitates proper function of the business providing value to its customer and keeping track of all its transaction. Technology must be configured in such a way that the data that the business holds is protected while in transit, at rest and in process. Continue reading “Roles of Management and Technology in InfoSec”
Would there be any person or group within an organization that does not need to be concerned with information security?
The only person who need not worry about information security is the one who has no value bearing data. Unfortunately, in this day and age, every single person who is connected to modern world has some data that is valuable either to the individual or someone else. Protecting that valuable informational data from a compromise is paramount depending on its value.
According to Verizon, “No locale, industry or organization is bulletproof when it comes to the compromise of data.” (Verizon, 2016) I would add “no connected person” to that list. Continue reading “Who doesn’t need to be concerned about InfoSec?”