Managing Risk Ethically, Research Paper Example

Technology is consistently growing and changing the way people do business, communicate, and share information. In business, managers and executives will face risks with maintaining privacy and confidentially in a society where information is shared freely on the internet.Ethics has always been a mainstay within the foundation of governments, institutions, and businesses. Ethics has always been viewed as a the right thing to do, something clean, something good, but something only a few people within the business world know how to operate. Ethics although easy to practice takes a genuine commitment outside of the public relations scope of businesses. Risks or activities that are costly or add value to the bottom line will always face threats that need to be managed such as, changes to the government legislation, technological collapses, or ethical collapses such as WorldCom and Enron. Within companies, information security is an essential part of business operations that protects the business information and data. Within this paper it will analyze the legal and ethical requirements of information security.

Risks come in all types. According to research, “Risk entails a threat posed by the failure of corporate decisions: the exposure to such issues as economic or financial loss or gain, physical injury, or delay as a consequence of pursuing or not pursuing a particular course of action.” (Francis, Armstrong, n.d) Risks can terminally or beneficially affect the business. Business ethics are essentially common sense ethical decision making, where people exercise moral choice or common sense. According to Young these involve, “what values are associated with each choice, what are the associated probabilities, whether the issue is properly specified, what are the consequences of each choice.” (Young, 2004) Clear examples of unethical behavior have been lambasted in the media such as, Enron, WorldCom, Tyco, and other major corporation scandals. These losses within the company have attributed to loss of reputation, legal penalties, drops in market value, credit rating, and loss of employment for millions of workers. Research has shown that consumers and stakeholders place ethics as a high priority within the company for valuation in brand and reputation. “Ethics concerns form formalized principles and codes of conduct as well as value systems that guide how we behave and apply to ethical situations that may arise in doing business.” (Francis, Armstrong, n.d) Ethics are invaluable in every aspect of a company when they operate within the best interests of the stakeholders.

Information security is a practice that is commonly founded in major corporations that protects information from unauthorized access, use, disruption, and destruction. The two major aspects of information security are information assurance, and IT security that particularly affects to computer security. Major corporations contained several sensitive data and information that might obtain sensitive files, social security of personnel, and other vital data. With information security, ethics plays a major role, as businesses walk a fine line between illegality and making the right decision. Laws created are mandates and rules that prohibit certain behaviors within society, and carry sanctions and penalties. Ethics help to define what behavior is socially acceptable, and although they carry moral implications they cannot penalize anyone. Information security professionals must stay on top of new regulations and laws from national and international levels.Laws created that cater to information security include, Computer Fraud and Abuse Act of 1986, National Information Infrastructure Protection Act of 1996, Telecommunications Deregulation and Competition Act of 1996, and recently the USA Patriot Act of 2001. Copyright laws have been passed in order to protect intellectual property in just about every format including electronic. Ethics are practiced by information security professionals’ through policies that are written, distributed, and agreed on by employees. These ethics that some IT professionals follow include; not use computer to harm other people, not interfere with other people’s computer work, use the computer to steal, use computer to lie on others, use stolen software, unauthorized access to other people’s computers, and other policies. (Whitman, Mattord, 2011)

Ethics operates as the greatest good for the greatest number, where in different or difficult situations, ethics may condone and condemn certain actions. “Risk management is based on respect for others rights: rights to be safe from preventable danger or harm, freedoms to act as they choose without undue restrictions.” (Head, 2005) Each concept is dependent on the other that good risk management requires good ethics.In order for information security professionals to follow legal and ethical guidelines for using digital information correctly, they must be trained properly in ethical and legal behavior. Legal guidelines are set where all software must be legally obtained, and IT professionals are not permitted to use pirated software or hardware. Ethical and legal guidelines go hand in hand, as abstaining from using the computer as a means to commit crimes, invade company and other people’s personal resources, and stealing information as a means to sell others. Many companies set up policies, standards, and practices that direct employees on how to address issues and use technologies. Professional associations such as, Association for Computing Machinery (ACM), International Information Systems Security Certification Consortium, Inc. (ISC), and Information Systems Security Association, that work to establish profession ethical codes of conducts. (Whitman, Mattord 2011) With the establishment of the ethical codes, and policies implemented to teach employees on the right way to use technology help to curb misuse, and unauthorized access of digital information.

In today’s IT environment, technology is continuing to change. More information is being shared, and more avenues are created for thieves and hackers to steal sensitive data. With more attacks on major corporations such as New York Times, and other publications, and the leaking of personal data from some of United States leading figures. Information security is ever important in today’s changing environment. With the addition of cloud services, information is highly easy to obtain to the knowledge IT professional. Ethical and legal principles must be newly established and shared multiple times a year in order to promote an ethical work culture that follows guidelines and the law. The US Department of Justice has realized the importance of protecting individuals and corporations with the formation of the Cybercitizen Partnership, which was created to education and raise awareness of computer responsibility. (Philip, 2002) Information security is increasingly important in today’s IT environment. The challenges that many IT professionals face are challenges to cryptography, security within the small and medium enterprises, privacy sector, including cloud and the internet, and security metrics that align with security standards. However, the principles routed in the four characteristics of information security apply; authenticity, confidentiality, availability, and integrity, help to “establish security policies and their associated procedures and control elements over their information assets.” (Mellado, Rosado, 2012)

Risk management is an essential function in companies, the goals of risk management are that companies need to be aware of potential risks to the company, they need to prioritize the risks, eliminate or reduce the risk, and then put a plan into action if the risks developed into a real threat. Risks in I.T can adversely affect the business as a whole. Risk management strives to handle risks by decreasing the likelihood that an event or potential risk impacts the company. The two levels of risk management include risks management of the I.T business or resources, and management of the stakeholders. Risk management saves company time, money, and can benefit in other areas dependent on the positive or negative influence of the impact of I.T risks. The type of security precautions that risk assessment make to the I.T architecture are; the depth of the defense with the implementation of layers of security that requires the organization to establish sufficient security safeguards and controls that stop an intruder from continuing. The security perimeter is that point at which the business protection ends and when outside attacks could potentially happen. The establishment of an ISO/NIST Frameworks that involves risk analysis, risk identification, risk estimation, and risk evaluations. The components that security professionals take are firewalls that block attacks, and selectively discriminate against information that will flow in and out of the business. Intrusion Detection Systems are an effort that business use to detect unauthorized activity within the network, with machines, and devices. Businesses also use demilitarized zones (DMZ) that are essentially a no-man’s land where business place their web servers inside and outside of the networks.

Risks are very important for business, as more companies rely on technology for storage of important files, sensitive data, and vital information, information security is an essential function of organizations. Ethics plays a major role in the decision making process, and pertinent in information security. Ethics is a common sense practice to making the right moral decision. Ethical and legal principles are designed in order to keep business regulated and protect information. Ethics and risk management is relationship that is dependent on the other, in order to have good risk management the organization must practice good ethics. In a business environment, ethics must be seen as a high priority, and employees must follow policies and guidelines. In order for ethics to remain a priority top management and executives within businesses must create and promote an environment where legal and ethical objectives are continually met. Information security will remain a priority as technology creates new avenues to put more information through cyberspace.

References

Francis, Ronald, Armstrong, Anona. (n.d). “Ethics as a Risk Management Strategy: The Australian Experience. Centre for International Corporate Governance Research. Retrieved from http://vuir.vu.edu.au/777/1/JBEthicsRisk.pdf

Head, George. (2005).” Why Link Risk Management and Ethics?” IRMI. Retrieved from http://www.irmi.com/expert/articles/2005/head02.aspx

Mellado, Daniel, Rosado, David. (2012). “An Overview of Current Information Systems Security Challenges and Innovations.” J.UCS Special Issues. Retrieved from http://www.jucs.org/jucs_18_12/an_overview_of_current/abstract.html

Philips, Amit Raju. (2002). “The Legal System and Ethics in Information Security.” SANS Security Essentials. Retrieved from http://www.sans.org/reading-room/whitepapers/legal/legal-system-ethics-information-security-54

Whitman, Michael, Mattord, Herbert. (2011). Principles of Information Security. Second Edition. Cengage Learning. Book.

Young, Peter. (2004). “Ethics and Risk Management: Building a Framework.” Risk Management. Vol. 6, No.3. pp. 23-34. Retrievedfrom http://www.jstor.org/stable/3867776