Question

In: Computer Science

How should the IS or Cybersecurity Policy align with the corporate culture and strategy?

How should the IS or Cybersecurity Policy align with the corporate culture and strategy?

Solutions

Expert Solution

Recognizing the power of corporate culture to shape employees’ attitudes and behaviors, many IT and cybersecurity leaders now want to instill a cybersecurity culture in their organizations. That means imbuing employees’ daily decisions and actions with a heightened awareness of cybersecurity. Doing so, they believe, could improve their companies’ ability to safeguard data, prevent cyberattacks, decrease risk, and protect shareholder value. But how do technology and cybersecurity professionals make this happen? How can they create a culture in their organizations that perceives cybersecurity as a top priority from the boardroom to the break room?

For ideas, let’s look to security’s cousin, safety.

Safety First

Although preventing accidents is a given in most workplaces today, safety hasn’t always been a priority. In fact, beliefs about workplace safety have undergone a number of transformations since the Industrial Revolution, with many injuries, deaths, and lessons along the way. Only in the last 50 years have accidents become the exception rather than the rule—a change catalyzed by several trends, including organizations seeking to limit their liability, HR leaders examining attitudes toward and perceptions of safety throughout workplaces, and broader regulatory efforts.

The Australian Radiation Protection and Nuclear Safety Agency traces the evolution of safety in several stages:

The age of technology. Since the dawn of the Industrial Revolution some 250 years ago, and until relatively recently, machinery failures and flaws bore most of the blame for workplace accidents. Engineers strove to improve worker and plant safety by designing safer technology.

The age of the human. After major incidents, such as the Three Mile Island nuclear meltdown in 1979, pointed to the role of human error in workplace accidents, engineers began factoring behavioral elements into their designs to anticipate, correct, and compensate for employee mistakes.

The age of the organization. Disasters, including airplane crashes and oil spills, have caused organizations to reconsider their assumptions about safety and to ask how and why these accidents occurred. Human and even technical failures are now seen as the tip of the iceberg, indicating a lack of leadership at the highest levels and prompting organizations to focus on improving their safety cultures.

Adding another perspective, researcher Philip Sutton lists four shifts in emphasis that characterize the evolution of workplace safety culture:

—From an employee responsibility to a management responsibility.

—From post-accident coping to prevention.

—From nonsystematic management to whole system management.

—From risk reduction to risk elimination.

When managers took up the safety mantle—establishing and enforcing safety protocols, providing worker training, and encouraging supervisors and employees to report hazards—accidents and injuries declined sharply. Eventually, most organizations established strong workplace safety programs aimed at eliminating risk altogether.

The impetus for these changes came from organized labor and laws, but they succeeded only when top-level executives encouraged and supported them. Studies have shown a direct correlation between management commitment and worker safety.

In other words, to instill a culture of safety in the workplace, the push must come from the highest levels and the message should be: “We are all in this together.” When all employees, from entry-level workers to executives, feel a vested interest in their own and their colleagues’ safety across the organization, then the goal of “zero risk” may at last become attainable.

Could the same be true for cybersecurity?

The Cybersecurity Shift

In today’s technological revolution, new technologies have exposed workplaces and employees to a host of threats, including identity and intellectual property theft, data destruction and manipulation, and breaches of various kinds of confidential information.

To reduce these risks, organizations initially focused on securing corporate technology assets using firewalls, antivirus software, malware scanners, and other tools. In response to these measures, hackers changed their tactics and began employing phishing and social engineering schemes that take advantage of employees’ ignorance or carelessness to gain unauthorized access to systems.

Now, as large-scale breaches continue, it may be time for organizations to embrace and inculcate a cybersecurity culture that, like an effective safety culture, seeks to:

—Embed cybersecurity throughout business processes rather than relegate it to a single function.

—Promote inclusivity and collaboration across departments, offices, and levels.

—Encourage and incentivize shared responsibility.

—Retain flexibility, allowing employees to learn, change, and grow.

Changing workplace culture can be daunting, especially across multiple businesses or locations. But as the history of workplace safety shows, it’s possible to achieve with commitment from the top. And the trickle-down effect, resulting in buy-in at every level, is likely to help organizations lower their risk considerably.

As cybersecurity professionals look toward the future—a continual mandate in the industry—they ought to consider the lessons of the past and the practices that have worked in other realms, such as workplace safety. They may then succeed in rallying workforces around cybersecurity in a way that goes to the very heart of organizations—to the culture that defines them.


Related Solutions

What are the standout features of Epic's corporate culture? ation Corporate Culture and Strategy Execution In...
What are the standout features of Epic's corporate culture? ation Corporate Culture and Strategy Execution In this exercise you will explore the corporate culture and values of Epic and the important role of corporate culture plays in strategy execution. Just as every human being has a unique personality, every company has its own unique corporate culture. These corporate cultures include shared values, ingrained attitudes, and company traditions that determine norms of behavior, accepted work practices, and styles of operating. The...
Define ‘Corporate Culture’. What influence does Corporate Culture have on strategy development and implementation providing examples...
Define ‘Corporate Culture’. What influence does Corporate Culture have on strategy development and implementation providing examples (real or made up) to illustrate? Why is an organization’s culture a key factor in strategic management?
How does a IS or cybersecurity policy differ from a traditional organizational policy?
How does a IS or cybersecurity policy differ from a traditional organizational policy?
research and write about one of the following leadership, corporate culture, corporate strategy in one of...
research and write about one of the following leadership, corporate culture, corporate strategy in one of the following companies: Apple, Google or Microsoft. Research the leadership, corporate culture or corporate strategy (one of these) of the company you chose. You can find information on these topics using an Internet search engine. Discuss the leadership, corporate culture or corporate strategy (one of these) of the company you chose. piece together information from different sources not just present what each source stated.
What are the characteristics of cybersecurity policy?
What are the characteristics of cybersecurity policy?
How can stakeholders and departments be involved during the cybersecurity policy life cycle?
How can stakeholders and departments be involved during the cybersecurity policy life cycle?
Evaluate the environmental factors that contribute to corporate management’s need to manage corporate earnings to align...
Evaluate the environmental factors that contribute to corporate management’s need to manage corporate earnings to align with market expectations, indicating the potential long- term risks to financial performance and sustainability.
Corporate strategy
Valerie is the CEO of an automaker and wants to ensure that her corporate strategy is leading to processes and behaviors that will foster a strong financial performance. Based on what you know about the flow of organizational culture, which of the following acts does NOT directly tie corporate strategy to performance?   a. changing the company’s organizational structure to more closely align with its structure b. developing a control system that provides feedback on whether the strategy is working...
How can risk management be integrated into corporate culture?
How can risk management be integrated into corporate culture?
How are corporate culture and national culture connected to the way Samsung has enjoyed success and...
How are corporate culture and national culture connected to the way Samsung has enjoyed success and developed as a global company? (Answer the question with a collective essay) Thanks for the help!
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT