Security and Risk Management
Write a 1,750- to 2,100-word paper in which you apply the concepts of organizational behavior and management in designing an organizational security plan. Your design should be consistent with organizational behavior and management theory and practices and include:
• A mission
• Code of ethics
• Staffing needs
• Roles and responsibilities of personnel
• Applicable discussion of leadership, processes, communication, and organizational behavior
Format your assignment consistent with APA guidelines.
Security and Risk Management
Table of Contents
Duty of Client Confidentiality. 5
Professional Competence and Exercising Due Care. 6
Roles and Responsibilities of Personnel 8
Information Security Analyst 8
Discussion of Leadership, Processes, Communication and Organizational Behavior 9
Denials of Service (DoS) attacks have become a present and prevalent threat to organizations in the banking sector. With banks such as Bank of America grappling with the potential threats of DoS attacks, it is imperative to adopt effective plans towards mitigating the threat. As such, DoS has a threat of shutting an organization off from the internet and disrupting the day-to-day operations, which means offsetting customers slowing down productivity. Therefore, the adoption of a comprehensive plan is a noteworthy approach that can safeguard the organization from the evident threat. Hence, this paper will examine the most effective security plan for Bank of America in handling the threat of DoS in relation to the concepts of organizational behavior and management.
The organizational mission is to ensure protection and sustenance of freedom for interaction and access to services offered. BOA believes that ensuring a secure system is critical towards delivering high standard services to the customers (Lam, 2014). Any disruption to the service access process is impactful on the organizational performance. Therefore, in the mission statement, there is the need to promote sustainable and effective security systems through the elimination of any form of DoS attacks (Whitman & Mattord, 2013).
For BOA to adopt and maintain a secure environment in promoting information security, it is imperative to encompass a vision statement that is appreciated and adopted holistically. Therefore, the main vision statement for the organization is to ensure a secure information system that is geared towards promoting and improving the social, economic welfare of the stakeholders. With a focus on the customers and employees, the vision aims at building an internal system in which security and stability in service delivery are heightened for mutually beneficial outcomes (Lam, 2014). With the employees hand in hand with the management, the organizational vision is to promote socio-economic vitality through dissuading any form of breach or DoS in the organizational information system.
DoS are accomplished technologically with a primary goal of denying customers and employees access to the various resources (Whitman & Mattord, 2013). As an explicit attempt by hackers to prevent legitimate users from accessing various services, BOA appreciates that there is need to develop a comprehensive philosophy towards handling the issue. In a business environment whereby the risks or implications of DoS are dire, it is important to develop an operational philosophy that serves as a guide to decision making (Peltier, 2016). Therefore, from the analysis of BOA, the operational process towards handling DoS is based on:
- Comprehensive designing of the organizational progress towards survivability through establishment of provisions towards mitigating DoS
- Emphasis on designs for DoS management that entails the setting up of the necessary steps that will ensure critical services can be provided despite the attacks or failures
- Empowering the employees on the need to be good netizen (Net Citizen) through focusing on training and development on the basis towards handling any case of DoS
- Promotion of information relay on the potential extent of implications of DoS and the need for the organizational human resource to adhere to industry set standards to management of the attacks
Handling DoS is reliant on establishing the most effective codes of conduct to adopt in the instance of attack. From the organizational perspective, the emphasis on the code of ethics establishes the way forward in tackling any legal redress that may emerge (Peltier, 2016). In regards to BOA, the code of ethics in handling any instance of DoS includes:
Duty of Client Confidentiality
The most fundamental code of ethics at BOA is the sustenance of client information protection. Accordingly, in the instance of DoS, the potential for access to privileged information about the customer is an issue of concern (Feng, Wang & Li, 2014). BOA makes an emphasis on ensuring that maintenance of confidentiality is paramount in the instance of an attack and any form of breach. In the code of ethics, the employees are required to ensure that the protection of the customer information is the priority.
The various personnel in the security management process have the duty to operate in accordance with the existing laws about information systems and security. Accordingly, upholding high standards of moral is fundamental towards the mitigation of DoS (Peltier, 2016). Therefore, employees at BOA have to refrain from any activities that result in conflict of interest. Hence, in the operational dynamics, there is the need to operating in a responsible, legal and just manner that is in line with the IT profession.
The organization values objectivity among the employees. In undertaking the various roles and responsibilities, objectivity denotes emphasis on holistic service delivery in handling complaints in the instance of DoS (Peltier, 2016). As such, fairness and exercising independence in the judgment process is critical for the employees in their delivery of services to the customers (Lam, 2014). Therefore, in the instance that DoS attack is successful, BOA believes in the ethical approach of objectivity that is reliant on service delivery without bias.
Professional Competence and Exercising Due Care
In the instance of DoS, the organization makes an emphasis on the need for employees in the IT and customer service desk perform at optimum professional standards. Accordingly, in the instance that there are existing constraints, it is fundamental to ensure work is an accurate and complete manner. DoS significantly infringes on the day to day operations. Therefore, BOA believes on exercising due care through support and collaboration in the delivery of services.
Present day organizations are grappling with a tremendous change in the manner of operation. Accordingly, the progress made in the technological environment has led to an environment whereby the IT department of any organization has to adapt effectively to any threat. Apart from the significant impact on the IT department, the holistic organizational structure has to grapple with the evident challenges. From the analysis of BOA, the emergence of DoS has led to the prospect that organizational boundaries have faded and security challenges heightened significantly. Accordingly, the organizational departments cannot operate in isolation in the instance of DoS. With the increasing need to handle DoS, it is imperative that the organizational leaders adopt and implement stringent approaches towards management of the threat. As a business problem, the focus on a comprehensive and effective structure to mitigate DoS is fundamental for successful outcomes.
The manner in which an organization structures its operational process is important to ensure successful management of security related issues. Accordingly, through the organizational structure, there is clarity in the definition and shaping of the security posture. BOA believes in the adoption of a well-defined security and compliance chain of management (Whitman & Mattord, 2013). In the organizational structure, there is the focus on both hierarchical and vertical approach to communication. However, of utmost importance, the decision-making process is based on the hierarchy set forth. Through the hierarchy approach, the involved leaders or managers have the decision role. Setting the decision-making process in a hierarchical manner ensures that a centralized process in decision-making prevails to avoid any prospect of a conflict of interest.
BOA acknowledges that staffing is imperative in handling DoS. As such, the focus on strategic staffing is through focusing on placement of professionals by contract, contract to hire or adopting a full employment option. In the IT department, it is important for the management to hire the right personnel to ensure that success in managing DoS prevails. Most importantly, the IT division plays a direct and important role in ensuring heightened security prevails. From the managerial perspective, the IT security group undertakes the role of defining, communicating and enforcing the right approach standard or procedure in handling security threat. As the fundamental staff to handling DoS, the management should incorporate a robust system of staff who can handle the threat effectively. Hence, the focus on managing personnel is through extensive research to comprehend and adopt the staff who can handle the attack. From the analysis of BOA, the staffing needs comprise of:
- Information security analyst
- Information security engineer
- Network Administrator
- Communication manager
Roles and Responsibilities of Personnel
The network administrator will be charged with routing protocols, management of network configurations and facilitating the need for an organization in the instance of DoS. Whether it is successful or not, the network administrator will work with the IT security personnel to ensure that the servers are operational and meet the standards of security set.
The communication manager ensures that the personnel is aware of the protocols to undertake in the instance that an attack is evident. Through the communication manager, there is the relay of the most important actions to undertake without further compromise on the organizational information.
Development of incident management plans is the main responsibility of the analyst. Through focusing on the technology related attacks, the security analyst will develop effective ways to ensure a robust system is evident to keep out any hackers
Information security engineer: develop the most effective ways to mitigate risk emanating from both the internal and external breaches because of the DoS.
Discussion of Leadership, Processes, Communication and Organizational Behavior
Leadership at BOA is imperative towards ensuring effectiveness in handling any threat. Through the leadership, there will be the establishment of clear-cut initiatives towards mitigating the DoS threat. From the managerial perspective, the leadership structure should emphasize on an open approach to communication with the IT department. The open communication process should set forth an avenue for a successful and sustainable management of any challenges emergent.
In regards to organizational behavior, it will be critical to evaluate how the employees will respond to the security threat. Admittedly, the focus on organizational behavior will entail the management undertaking a direct approach to the evaluation of the employee conformity to the plan set. Therefore, in the analysis of organizational behavior, the most important aspects of evaluating at BOA will be:
- Determination of whether or not the employees can adapt to the operational dynamics of the response process
- Examination of the degree at which employee engagement will prevail
Security management is important to any organization. As such, the adoption of an effective security plan ensures that the response process is in a successful manner. From the above analysis, it is evident that the security plan at BOA should adopt both technical and human resource in handling DoS threat. The harmonization of the resources should sustain a successful security management process.
Feng, N., Wang, H. J., & Li, M. (2014). A Security Risk Analysis Model for Information Systems: Causal Relationships of Risk Factors and Vulnerability Propagation Analysis. Information Sciences, 256, 57-73.
Lam, J. (2014). Enterprise Risk Management: From Incentives to Controls. John Wiley & Sons.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. CRC Press.
Whitman, M., & Mattord, H. (2013). Management of Information Security. Nelson Education.