Conflict of interest-Case Study
The 6 step requirements for this assignment are detailed below, starting with this scenario:
Early one morning at work, CEO Alice Johnson asks if you have a moment to chat. I need your expertise and advice on a complicated situation for the company regarding an international hacking lawsuit. In her office, Alice explains that CyberTech is serving as the cyber forensics consultant for a law firm handling the suit from a 2015 hack of the Office of Personnel Management, OPM.
The OPM hack compromised background information on millions of workers. In a related case Anomalous, a non-US gray hat hacking group suspected in the OPM breach case, is claiming that US-based Equation Set attempted to hack its facilities. So we have a non-US and a US set of test hacker groups involved. With Anomalous, the non-US group, being a client defendant in one case against Equation Set, the US group, and as a suspect in the OPM breach. But Alice then outlines why the case is problematic. Along with the OPM victims, CyberTech represents clients from some of the OPM breach suspect companies in unrelated cases, which could appear to be a conflict of interest. This could affect the way our company is perceived by others.
We need to maintain our image as an unbiased cyber security consultant. Should CyberTech remain on both the OPM breach investigation and the overseas case at the same time? Or should we drop one of the cases? Apply your critical thinking and analytical skills to figure out what happened what we know and don’t know, and how the company might remedy this situation. I’d like a paper by the end of the week with your recommendations.
Step 1: Prepare to Think Critically
In this first step, you will prepare to respond to your boss’s request for an analysis of a problem in your organization. You realize that this will require careful thinking. So, you take some time to review the process and to engage in Critical Thinking and Analysis.
When you have completed the critical thinking exercises, you will move on to the next step: identifying the problem.
Step 2: Identify the Problem
Now that you’re prepared to think critically, it’s time to analyze the situation. Remember the direction from your CEO is to analyze the situation and advise on the two lawsuits.
Suggested area to focus on is to determine if a conflict of interest would exist in handling the two cases that might be related, and advise how to proceed.
Outline the points that you want to make in the first two sections of your paper (introduction, explanation) and draft those sections.
Next, it’s time to analyze the information.
Step 3: Analyze the Information
Now that you have some understanding of the nature of the breach and the parties involved, it’s time to gather and analyze information. The Problem Analysis resources will further aid your analysis and development of the third section of your paper.
Outline the points that you want to make in Section 3: Analysis of the Information of your paper, and draft that section.
In the following step, you will consider other viewpoints, conclusions, and solutions.
Step 4: Consider and Analyze Other Viewpoints, Conclusions, and Solutions
Once you have completed your analysis of the incident, the next step is to analyze alternative viewpoints, conclusions, and solutions. To do this you will need to apply Ethical Decision-Making and Reasoning. Also highly recommended, Randolph Pherson’s “The Five Habits of the Master Thinker,” a paper written for intelligence analysts, but applicable to all analytical thinking and reasoning.
Outline the points that you want to make in Section 4: Analysis of Alternative Viewpoints, Conclusions, or Solutions of your paper, and draft that section.
When you are finished, move to the next step, which involves developing conclusions.
Step 5: Develop Well-Reasoned Conclusions
You considered alternative viewpoints in the last step. Now you’re ready to develop your personal conclusions and suggest remedies so that your boss is well-equipped to brief her leadership about the situation.
Remember, you may need to consult outside references but this is not a research paper. It is more investigative in nature about the facts of the case. Please cite outside sources carefully.
Now, outline your argument and draft Section 5: Conclusions and Recommendations, the final sections. Your boss is expecting to receive a concise, focused paper to prepare her for further meetings. Stay to the main points, although you may have more facts to answer any questions. You will submit your paper in the final step.
Step 6: Submit Critical Thinking Paper
Your final paper should be no more than 5 double-spaced pages, excluding the cover page and References page(s). Please organize your paper in accordance with your preparatory steps, using these subheadings:
- Explanation of the Issue
- Analysis of the Information
- Consideration of alternative viewpoints and conclusions
- Conclusions and Recommendations
Here are some tips for success:
- Consider outside sources if they inform your case. However, stay on task.
- Use APA style for “in text” and reference citations. At this point, your citations should be error-free.
Consider these Best Practices for a paper:
- An effective introduction that grabs the reader’s attention and sets the tone and direction for the rest of the paper;
- Supporting paragraphs that move the reader from the general introduction to the more specific aspects of your analysis;
- Body paragraphs that provide support; and,
- A conclusion that leads to a natural close to what you have presented in your paper.
For the introduction, please build on the following idea:
I feel that there is a conflict of interest for CyberTech to represent a customer in one case and help build a case against that same customer is another case. I feel, to avoid a possible conflict of interest situation that CyberTech must make a choice and only take one of the cases for the customer in question.
For the Explanation of the Issue, please review the transcript that is posted above Step 1 and expand on the possible conflict of interest that will be included in the introduction.
Then proceed through each additional step which should be approximately one page per step.
Conflict of interest-Case Study
The last couple of years has witnessed increased levels of cyber security breaches in the US and other parts of the world, the most notable being the Clinton Email Scandal, the Office of Personnel Management data hacking and the National Democratic Convention data breach of the last United States elections. In this case study, we analyze the OPM case, where personnel data for millions of United States employees was compromised. My company, CyberTech has been contracted by a law firm that is handling the suit for the office of personnel management (OPM) to provide technical support to this case. One of the suspected hackers in this case, Anomalous Group, a non-US hacking group also claims that another US company, Equation Set has made attempts to hack its facilities and CyberTech is working with Anomalous on this suit. This means that Anomalous is both a client defendant in one case and also a suspect in the OPM breach. CyberTech is therefore left at crossroads on whether to work on the OPM case or to abandon it since it also works for some of the suspected hacking companies, including Anomalous. The OPM case is one that is of great public importance and CyberTech must ensure that its actions are not misconstrued to have a negative connotation to its standing as a security consultant.
Identification of the problem
The challenge faced by CyberTech is to determine whether to continue in this engagement, faced with a potential conflict of interest or to drop one of the clients, seeing that it represents both albeit in unrelated cases. In identifying whether there is a conflict of interest or a potential conflict of interest, a number of checks need to be done. According to Suni, (2005, determination of a conflict of interest is anchored on a question of whether there is a substantial risk that their work would be materially and adversely affected by their own interests in their other client. The most important aspect in the establishment of the existence of a conflict of interest is a determination of whether the CyberTech’s exercise of objective and professional judgment is adversely affected or impaired by the fact that the company still represents the Anomalous group which is suspected in this case. Is CyberTech likely to do something that a completely independent security consultant, would do in those circumstances? It must be noted that conflict of interest not only affects how a company conducts its business but also how a company is perceived by the public, its peers or the industry.
Analysis of the Information
According to Suni (2005), establishing whether CyberTech has a conflict of interest in the above scenario is of critical importance. This is because, in some cases, the existence of a conflict of interest is never a direct phenomenon. It has to be determined whether external interests for the company or those of its clients affect the exercise of an independent, objective and professional judgment in the conduct of its work. In making this decision, information is a key ingredient. CyberTech must gather all the necessary information regarding this case, and that which relates to the case involving Anomalous and Equation Set in order to understand the nature and extent of real or potential conflict of interest in making the determination on whether to take or leave this new engagement.
The public interest generated by the OPM hacking case, by virtue of involvement of private information relating to millions of workers demands that all parties involved in the building up and execution of the legal process must uphold the highest levels of integrity and professionalism. It is reported that the hackers compromised data for at least 4 million workers, with later reports pegging the numbers in excess of 18 million. Failure of the CEO to resign, following the incident, explaining that no one was ‘responsible for the hacking’, puts a lot of pressure on the legal process which must bring the culprits to book. This means that such legal process must be characterized by objectivity and integrity, which calls on CyberTech, being one of the key information sources, to be beyond reproach.
Analysis of the case study points to a potential conflict of interest. On one side, CyberTech acts as the security consultant for the law firm handling the office of Personnel Management hacking case, while at the same time, it is working on another case with the Anomalous group, which has sued another US company, Equation Set for hacking its facilities. CyberTech, therefore, must make a decision on what options are available since continued work on both cases is an outright conflict of interest which is not good for the company’s image.
Consideration of alternative viewpoints and conclusions
In deciding the best course of action, given the prevailing circumstances, CyberTech is bound to examine a number of options that are available in relation to the identified conflict or potential of interest and choose the best option that passes the ‘test of options’. According to Sternberg (2012), conflict of interest itself is not bad at all; the assessment of the extent and impact of such conflict determines the actions that organizations should take. Basically, there are two main steps that institutions are expected to take when issues of conflict of interest arise; a) identification and disclosing the conflict of interest and b) deciding the necessary action that best avoids or mitigates the conflict of interest. Some of the options that are available to CyberTech on this conflict of interest case are a) continuing with the OPM case and ignoring the potential conflict of interest, communicating the conflict of interest to the relevant parties and seeking consent to continue with the work, or dropping one case to concentrate on the other one and completely avoiding the conflict of interest.
Whatever option that CyberTech decides to take, it must pass the test of options by scoring to the affirmative on the following questions. Whether the option presents less harm than the other alternatives; whether it’s the best in public interest; whether such an option is defensible before appointed committees; whether it is the best option, even if it hurts the company; Whether other security consulting companies faced with similar circumstances would arrive at the same option; whether the option meets the requirements of the professional governing bodies regarding ethics and finally; whether the option meets the criteria set by the organization’s legal and ethical counsel. The question that needs to be answered is, ‘which among the above options satisfies the requirements of the ‘test of options’?
Conclusions and Recommendations
The discussion above points to a potential conflict of interest CyberTech, therefore, must make a decision on what options are available since continued work on both cases is an outright conflict of interest which is not good for the company’s image. The only option that seems to pass the test of options is dropping one of the cases and concentrating on the other, so as to avoid the potential conflict of interest that may impair objective judgment and impede professionalism.
In making this decision, it’s important that CyberTech has the necessary information with regard to the conflict of interest analysis. It has to gather the necessary information regarding the nature and extent of its conflict of interest in both cases in order to come up with plausible conclusions. This is never an easy task, especially in organizations such as CyberTech that have many employees, associates and partners working on different cases.
The public interest generated by the OPM hacking case demands that pertinent issues such as conflict of interest must be carefully addressed. To this end, through information search, and not reliance on personal memory, must be employed in determining conflict of interest. This demands that CyberTech may consider investing in the use of a ‘conflict-checking’ system that can help in easily identifying and determining the extent of conflict of interests soon enough.
Development of a procedure for entering data into the conflict-checking system is an important aspect of developing the capacity for conflict checking since any system is as good as the data entered into it. Ensuring a comprehensive conflict checking system, clear and updated procedures regarding actions to be taken in the event of identification of conflict of interest and following the advice of the organizational legal and ethics team with regard to conflict of interest will go a long way in ensuring that the legacy of CyberTech as the preferred cyber security consultant is preserved.
Sternberg, R. J. (2012). A model for ethical reasoning. Review of General Psychology, 16, 319-326.
Suni, E, Y (2005) Conflicts of Interest, retrieved from http://www.americanbar.org/content/newsletter/publications/gp_solo_magazine_home/gp_solo_magazine_index/conflictsofinterest.html