Organizational Information Security & Ethics: ISIT437/937 Report
VerifiedAdded on 2023/04/21
|11
|2686
|70
Report
AI Summary
This report provides an overview of organizational information security and ethics, focusing on due care, due diligence, and the role of policies and laws in preventing unethical and illegal behavior. It examines the differences between due care and due diligence, emphasizing their importance in maintaining organizational integrity. The report also discusses common unethical behaviors such as software license infringement, misuse of corporate resources, and illicit uses, along with methods for prevention, particularly deterrence through penalties. The research methodology involves a literature review, drawing from secondary data to analyze ethical considerations within the organizational context of IT security and risk management. This ISIT437/ISIT937 report is available on Desklib with other solved assignments.
Running head: INFORMATION TECHNOLOGY SECURITY AND RISK
MANAGEMENT
Information Technology Security and Risk Management
Name of the Student
Name of the University
Author Note
MANAGEMENT
Information Technology Security and Risk Management
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1INFORMATION TECHNOLOGY SECURITY AND RISK MANAGEMENT
Table of Contents
Introduction:...............................................................................................................................3
Research Method and Approach:...............................................................................................3
Methodology:.........................................................................................................................3
Approach:...............................................................................................................................4
Results:.......................................................................................................................................7
Discussion:.................................................................................................................................8
Conclusion:................................................................................................................................8
Reference:................................................................................................................................10
Table of Contents
Introduction:...............................................................................................................................3
Research Method and Approach:...............................................................................................3
Methodology:.........................................................................................................................3
Approach:...............................................................................................................................4
Results:.......................................................................................................................................7
Discussion:.................................................................................................................................8
Conclusion:................................................................................................................................8
Reference:................................................................................................................................10
2INFORMATION TECHNOLOGY SECURITY AND RISK MANAGEMENT
Abstract:
The main aim of this report is to conduct a research on organizational information
security and ethics. For conducting this research a vast literature review discussion has been
utilised in this case, thus all of secondary data has been used in this case form the previous
researches. For conducting this research some specific areas of organizational context has
been discussed in this case. First of all due care and the due diligence has been discussed
briefly and this discussion has provided the idea how much important the due diligence and
the due care is for the organizations. Policy and laws are discussed in this case and the best
methods for prevention of unethical and illegal activity is identified.
Abstract:
The main aim of this report is to conduct a research on organizational information
security and ethics. For conducting this research a vast literature review discussion has been
utilised in this case, thus all of secondary data has been used in this case form the previous
researches. For conducting this research some specific areas of organizational context has
been discussed in this case. First of all due care and the due diligence has been discussed
briefly and this discussion has provided the idea how much important the due diligence and
the due care is for the organizations. Policy and laws are discussed in this case and the best
methods for prevention of unethical and illegal activity is identified.
3INFORMATION TECHNOLOGY SECURITY AND RISK MANAGEMENT
Introduction:
The information security is considered as the practice of the unauthorised access
prevention to a particular computer system (Siponen, Mahmood and Pahnila 2014). The
source of this data can be various which can be physical and electronic. The main focus of the
information security is protecting integrity of data, confidentiality of data and availability of
data. The information security can be achieved by some multi step process of risk
management which identifies the vulnerabilities, sources of threat and the potential impact of
this risk and the efficiency of the risk management plan. In this information security ethical
concern are widely recognised. In the context of information there are several ethical
consideration of it. In the ethical consideration there are mainly some privacy concerns
regarding data collection in large scale. In some recent cases the information security is
discussed exclusively in the terms risk mitigation which is associated with technical and
organizational infrastructure.
In this essay a research will be done on ethics and the information security. In this
context due care will be analysed within the organizational context. Also, in this case
difference between doe due and due care will be analysed. Following that the role of policy in
the organizational context will be researched. Further, illegal and unethical behaviour will be
analysed and this activities can be prevented within the organization will be discussed.
Research Method and Approach:
Methodology:
In this context of ethics and information security for conducting a research the
selected method is the literature review. Thus by conducting the literature review this
research will be a secondary type of research. The main focus of this research is analysing the
important ethics regarding the information security.
Introduction:
The information security is considered as the practice of the unauthorised access
prevention to a particular computer system (Siponen, Mahmood and Pahnila 2014). The
source of this data can be various which can be physical and electronic. The main focus of the
information security is protecting integrity of data, confidentiality of data and availability of
data. The information security can be achieved by some multi step process of risk
management which identifies the vulnerabilities, sources of threat and the potential impact of
this risk and the efficiency of the risk management plan. In this information security ethical
concern are widely recognised. In the context of information there are several ethical
consideration of it. In the ethical consideration there are mainly some privacy concerns
regarding data collection in large scale. In some recent cases the information security is
discussed exclusively in the terms risk mitigation which is associated with technical and
organizational infrastructure.
In this essay a research will be done on ethics and the information security. In this
context due care will be analysed within the organizational context. Also, in this case
difference between doe due and due care will be analysed. Following that the role of policy in
the organizational context will be researched. Further, illegal and unethical behaviour will be
analysed and this activities can be prevented within the organization will be discussed.
Research Method and Approach:
Methodology:
In this context of ethics and information security for conducting a research the
selected method is the literature review. Thus by conducting the literature review this
research will be a secondary type of research. The main focus of this research is analysing the
important ethics regarding the information security.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4INFORMATION TECHNOLOGY SECURITY AND RISK MANAGEMENT
Approach:
The approach of the research is based on the secondary data analysis. In this type of
research approach no data is collected directly from a primary sources. Instead of it the data
is collected from the previous researches and from secondary type of data sources. For the
further research some research questions has been developed which will be addressed in this
research approach.
The main research regarding the ethics and information security will be done on the
basis of due care. Thus first in this case due care will be analysed in the organizational
context. According to the author Schwenkenbecher (2014), due care can be considered as
effort that is made by some reasonable party or some ordinarily prudent for avoid harming to
others and for taking circumstances in account. The due care is referred to the judgement
level, prudence, care, activity and determination that a normal person would be expecting
within some particular circumstances. The author also explained that it is some type of
features that informs the client about an insurance policy that mainly describes the risks
involved with the possible future purchases. In a broader explanation of the due care the
author explained it as the law for organizations while selling some policies. This law is
capable of disclosing the truths while an agent of the organization is busy with selling some
policy. This law describes that the seller must not represent something falsely about the
product. That means the seller must not claim some feature that is actually not delivered by
the product (Schwenkenbecher 2014). Also, the seller should not hide any downside
regarding the project which might can be a decisive factor for purchasing the product and this
is the main factor of due care. While an organization is failed to perform the due care the
client maybe unhappy with the organization and this can result in closure of the organization
and can create damage to the organization. This can also terminate the licence of the
Approach:
The approach of the research is based on the secondary data analysis. In this type of
research approach no data is collected directly from a primary sources. Instead of it the data
is collected from the previous researches and from secondary type of data sources. For the
further research some research questions has been developed which will be addressed in this
research approach.
The main research regarding the ethics and information security will be done on the
basis of due care. Thus first in this case due care will be analysed in the organizational
context. According to the author Schwenkenbecher (2014), due care can be considered as
effort that is made by some reasonable party or some ordinarily prudent for avoid harming to
others and for taking circumstances in account. The due care is referred to the judgement
level, prudence, care, activity and determination that a normal person would be expecting
within some particular circumstances. The author also explained that it is some type of
features that informs the client about an insurance policy that mainly describes the risks
involved with the possible future purchases. In a broader explanation of the due care the
author explained it as the law for organizations while selling some policies. This law is
capable of disclosing the truths while an agent of the organization is busy with selling some
policy. This law describes that the seller must not represent something falsely about the
product. That means the seller must not claim some feature that is actually not delivered by
the product (Schwenkenbecher 2014). Also, the seller should not hide any downside
regarding the project which might can be a decisive factor for purchasing the product and this
is the main factor of due care. While an organization is failed to perform the due care the
client maybe unhappy with the organization and this can result in closure of the organization
and can create damage to the organization. This can also terminate the licence of the
5INFORMATION TECHNOLOGY SECURITY AND RISK MANAGEMENT
organization due to the malpractice done by the organizational agent. These are the main
reasons that an organization should practice the due care in usual course of operations.
As per the authors Mullins, Thornton and Adams (2011), due diligence might be
considered as similar with the due care but actually those are different from each other. As
per the authors these two terms are actually not interchangeable. Rather than these two terms
are equally important for an organization. Comparing with the due diligence the author stated
the due care as reasonable care of protecting interest of the organization. The due diligence is
practicing or revision of that particular activities which maintains the effort regarding the due
care. As an example the author stated the due care as the development of formalised security
structure that contains some security policies and polices. Due diligence is the considered as
continuous application regarding security structure within the IT infrastructure of the
organization (Mullins, Thornton and Adams 2011). The due diligence performs some
important examination before starting an action. In short, due care is considered as
performing important actions from the due diligence while the other one is due diligence is
performing some necessary research. Thus as per the authors both due diligence and the due
care are important for the organization.
Regarding the information security, the author Vedung (2017), has elaborated that it is
a deliberate system of some group of principles which guide to decision making process and
in achieving some rational outcomes. This is considered as intent statement and it is
considered as some structured protocol. The policies are very much important which is
generally used by the organizational governance body. Policies can be both objective and
subjective in the process of decision making. In the subjective decision making polices
usually assists the senior management of the organization while the objective decision
making policies are operational in nature. The author has also elaborated that the policies are
different from the laws and it is very much important to understand the difference in
organization due to the malpractice done by the organizational agent. These are the main
reasons that an organization should practice the due care in usual course of operations.
As per the authors Mullins, Thornton and Adams (2011), due diligence might be
considered as similar with the due care but actually those are different from each other. As
per the authors these two terms are actually not interchangeable. Rather than these two terms
are equally important for an organization. Comparing with the due diligence the author stated
the due care as reasonable care of protecting interest of the organization. The due diligence is
practicing or revision of that particular activities which maintains the effort regarding the due
care. As an example the author stated the due care as the development of formalised security
structure that contains some security policies and polices. Due diligence is the considered as
continuous application regarding security structure within the IT infrastructure of the
organization (Mullins, Thornton and Adams 2011). The due diligence performs some
important examination before starting an action. In short, due care is considered as
performing important actions from the due diligence while the other one is due diligence is
performing some necessary research. Thus as per the authors both due diligence and the due
care are important for the organization.
Regarding the information security, the author Vedung (2017), has elaborated that it is
a deliberate system of some group of principles which guide to decision making process and
in achieving some rational outcomes. This is considered as intent statement and it is
considered as some structured protocol. The policies are very much important which is
generally used by the organizational governance body. Policies can be both objective and
subjective in the process of decision making. In the subjective decision making polices
usually assists the senior management of the organization while the objective decision
making policies are operational in nature. The author has also elaborated that the policies are
different from the laws and it is very much important to understand the difference in
6INFORMATION TECHNOLOGY SECURITY AND RISK MANAGEMENT
organizational context (Vedung 2017). As per the author the policy is the outline of hopes of
the government. It actually elaborates the goals of government. Policy document is not set of
laws but the policies are very much important achieving new laws with the aim of achieving
organizational goals. Considering the laws, it is set of standards, principles and procedures
which need to be followed. If a law is not followed then it can be prosecuted in the court.
Thus the policy is used for setting the goals and planned activities of an organizational
department. The law is enabled by a government and it is necessary to pass the law for its
effectiveness. It is also considered as the legal framework of achieving the aims of
government. These laws must be guided by the present polices maintained by the
government.
The authors Chatterjee, Sarker and Valacich (2015), stated that the three general
categories of unethical and illegal behaviour is infringement of the software licencing, misuse
of the corporate resources and illicit use. The author stated the software license infringement
as unauthorised duplication, use or distribution of the computer software and this is a huge
concern in the software industry. This illegal copying of software is considered as the act of
copyright infringement and it can lead to penalties due to criminal activities. As per the
concern of information security using the illegal copy of software can be also dangerous for
the user itself. This type of copy of the software can create vulnerability within the system of
the user which can create financial loss to the user (Chatterjee, Sarker and Valacich 2015).
Misuse of the organizational assets is also a huge concern in the organization aspects. This
assets can include organizational computer systems, confidential documents and violation of
employee permissive use policy. As per the authors this can cause a real harm to the
organization and its assets. It has been found that many employees of different organizations
has used organizational assets for their personal uses which was completely unethical and
huge percentage of the employees has been fired due to this reason. Illicit uses in
organizational context (Vedung 2017). As per the author the policy is the outline of hopes of
the government. It actually elaborates the goals of government. Policy document is not set of
laws but the policies are very much important achieving new laws with the aim of achieving
organizational goals. Considering the laws, it is set of standards, principles and procedures
which need to be followed. If a law is not followed then it can be prosecuted in the court.
Thus the policy is used for setting the goals and planned activities of an organizational
department. The law is enabled by a government and it is necessary to pass the law for its
effectiveness. It is also considered as the legal framework of achieving the aims of
government. These laws must be guided by the present polices maintained by the
government.
The authors Chatterjee, Sarker and Valacich (2015), stated that the three general
categories of unethical and illegal behaviour is infringement of the software licencing, misuse
of the corporate resources and illicit use. The author stated the software license infringement
as unauthorised duplication, use or distribution of the computer software and this is a huge
concern in the software industry. This illegal copying of software is considered as the act of
copyright infringement and it can lead to penalties due to criminal activities. As per the
concern of information security using the illegal copy of software can be also dangerous for
the user itself. This type of copy of the software can create vulnerability within the system of
the user which can create financial loss to the user (Chatterjee, Sarker and Valacich 2015).
Misuse of the organizational assets is also a huge concern in the organization aspects. This
assets can include organizational computer systems, confidential documents and violation of
employee permissive use policy. As per the authors this can cause a real harm to the
organization and its assets. It has been found that many employees of different organizations
has used organizational assets for their personal uses which was completely unethical and
huge percentage of the employees has been fired due to this reason. Illicit uses in
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INFORMATION TECHNOLOGY SECURITY AND RISK MANAGEMENT
organization is another unethical and illegal behaviour. The author has explained it as one of
the common problem that is faced by almost every organizations all over the world. The
common illicit activities include drug, smoking and alcohol usage in the workplace of the
organization. This not only disturbs the work environment of the organization but also it
creates health problem of the other employees within the organization. Thus it must be
handled by the organization in a proper way. For this reason organizations creates their own
policies but in many cases its got violated. Penalty or termination from the employment can
be done in this type of circumstances.
As per the authors Askew, Beisler and Keel (2015), the main methods for prevention
of illegal and unethical activity is deterrence. The author has identified that the deterrence can
be very much useful and effective when the affected parties is having fear of penalties. In
organizational scenario employees expect that they will be penalised in the case when they
will be apprehended. Thus there must be expectation of detection in this case. As per the
author this fear of penalization is the main aspect of deterrence. The author has elaborated
that the theory of deterrence is the idea which can considered as an inferior force. In virtually
it is destructive power of a force’s weapon. This is able to deter a stronger and more powerful
adversary (Askew, Beisler and Keel 2015). This is also known as the penology and uses
punishment as a fear that restricts the peoples from offending. As per the author this
deterrence has mainly two types of key assumptions. The first one is the imposing the penalty
after the offender has done something offensive and that will resist them on performing some
further offensive things. The second one is the fear of penalty that will prevent the peoples
from doing some offensive things. This deterrence is many times contrasted as the
retributivism.
organization is another unethical and illegal behaviour. The author has explained it as one of
the common problem that is faced by almost every organizations all over the world. The
common illicit activities include drug, smoking and alcohol usage in the workplace of the
organization. This not only disturbs the work environment of the organization but also it
creates health problem of the other employees within the organization. Thus it must be
handled by the organization in a proper way. For this reason organizations creates their own
policies but in many cases its got violated. Penalty or termination from the employment can
be done in this type of circumstances.
As per the authors Askew, Beisler and Keel (2015), the main methods for prevention
of illegal and unethical activity is deterrence. The author has identified that the deterrence can
be very much useful and effective when the affected parties is having fear of penalties. In
organizational scenario employees expect that they will be penalised in the case when they
will be apprehended. Thus there must be expectation of detection in this case. As per the
author this fear of penalization is the main aspect of deterrence. The author has elaborated
that the theory of deterrence is the idea which can considered as an inferior force. In virtually
it is destructive power of a force’s weapon. This is able to deter a stronger and more powerful
adversary (Askew, Beisler and Keel 2015). This is also known as the penology and uses
punishment as a fear that restricts the peoples from offending. As per the author this
deterrence has mainly two types of key assumptions. The first one is the imposing the penalty
after the offender has done something offensive and that will resist them on performing some
further offensive things. The second one is the fear of penalty that will prevent the peoples
from doing some offensive things. This deterrence is many times contrasted as the
retributivism.
8INFORMATION TECHNOLOGY SECURITY AND RISK MANAGEMENT
Results:
From the above research of the ethics and information security it has been assessed
that the due care and the due diligence can be considered as most important aspects of the
information security and the organizations should consider the due care within their daily
operational course. Form this research it is also founded that there are some similarity and
some difference between the due diligence and due care but both of them are equally
important for the organizations. Policies and laws are also very much important for the
organizations to ensure the proper ethics and information security within the organization.
Unethical and illegal behaviours is also a big concern which must be taken care off and with
that unethical and illegal must be prevented.
Discussion:
The main scope of this research is that it can help the organization on ensuring their
information security and can resist the unethical and illegal behaviours of the employees
within the organization. One and a big limitation of this research is that the data is based on
the secondary type of sources and no primary type of sources is not used for the research
purpose. This is currently based on the previous published research thus the used data is
relatively old and no present source of data has been used.
Conclusion:
From the above discussion it can be concluded that information security and ethics is
very much important for the organization and it must be managed within the organization on
highest priority. Thus in this report a brief research has been done on ethics and information
security. In this context of the ethics and information security first the due care has been
analysed and the role of due care has been also analysed in this case. The main reasons for
which the organizations must exercise the due care in its daily operations has been analysed.
Results:
From the above research of the ethics and information security it has been assessed
that the due care and the due diligence can be considered as most important aspects of the
information security and the organizations should consider the due care within their daily
operational course. Form this research it is also founded that there are some similarity and
some difference between the due diligence and due care but both of them are equally
important for the organizations. Policies and laws are also very much important for the
organizations to ensure the proper ethics and information security within the organization.
Unethical and illegal behaviours is also a big concern which must be taken care off and with
that unethical and illegal must be prevented.
Discussion:
The main scope of this research is that it can help the organization on ensuring their
information security and can resist the unethical and illegal behaviours of the employees
within the organization. One and a big limitation of this research is that the data is based on
the secondary type of sources and no primary type of sources is not used for the research
purpose. This is currently based on the previous published research thus the used data is
relatively old and no present source of data has been used.
Conclusion:
From the above discussion it can be concluded that information security and ethics is
very much important for the organization and it must be managed within the organization on
highest priority. Thus in this report a brief research has been done on ethics and information
security. In this context of the ethics and information security first the due care has been
analysed and the role of due care has been also analysed in this case. The main reasons for
which the organizations must exercise the due care in its daily operations has been analysed.
9INFORMATION TECHNOLOGY SECURITY AND RISK MANAGEMENT
This research has also discussed how the due diligence and the due care is different from each
other and how both are different from each other has been analysed. The policy for the
organizations has been also analysed in this case and what a policy actually is has been
analysed. Following that how the policy is different from the laws has been discussed within
this research. In the following evaluation of the research general categories of illegal
behaviour and unethical behaviour has been identified and described briefly. Also, the best
methods for preventing unethical and illegal behaviour within the organization has been
identified. In this case the identified method is the deterrence.
This research has also discussed how the due diligence and the due care is different from each
other and how both are different from each other has been analysed. The policy for the
organizations has been also analysed in this case and what a policy actually is has been
analysed. Following that how the policy is different from the laws has been discussed within
this research. In the following evaluation of the research general categories of illegal
behaviour and unethical behaviour has been identified and described briefly. Also, the best
methods for preventing unethical and illegal behaviour within the organization has been
identified. In this case the identified method is the deterrence.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10INFORMATION TECHNOLOGY SECURITY AND RISK MANAGEMENT
Reference:
Askew, O.A., Beisler, J.M. and Keel, J., 2015. Current trends of unethical behavior within
organizations. International Journal of Management & Information Systems (Online), 19(3),
p.107.
Chatterjee, S., Sarker, S. and Valacich, J.S., 2015. The behavioral roots of information
systems security: Exploring key factors related to unethical IT use. Journal of Management
Information Systems, 31(4), pp.49-87.
Mullins, T., Thornton, B. and Adams, M., 2011. The Role Of Due Diligence In The Business
Valuation Process. Journal of Business & Economics Research (JBER), 5(5).
Schwenkenbecher, A., 2014. Collateral damage and the principle of due care. Journal of
Military Ethics, 13(1), pp.94-105.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Vedung, E., 2017. Public policy and program evaluation. Routledge.
Reference:
Askew, O.A., Beisler, J.M. and Keel, J., 2015. Current trends of unethical behavior within
organizations. International Journal of Management & Information Systems (Online), 19(3),
p.107.
Chatterjee, S., Sarker, S. and Valacich, J.S., 2015. The behavioral roots of information
systems security: Exploring key factors related to unethical IT use. Journal of Management
Information Systems, 31(4), pp.49-87.
Mullins, T., Thornton, B. and Adams, M., 2011. The Role Of Due Diligence In The Business
Valuation Process. Journal of Business & Economics Research (JBER), 5(5).
Schwenkenbecher, A., 2014. Collateral damage and the principle of due care. Journal of
Military Ethics, 13(1), pp.94-105.
Siponen, M., Mahmood, M.A. and Pahnila, S., 2014. Employees’ adherence to information
security policies: An exploratory field study. Information & management, 51(2), pp.217-224.
Vedung, E., 2017. Public policy and program evaluation. Routledge.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.