Question

Each business sustains a culture that determines its risk tolerance, how it implements security policies, what measures it will take to manage incidents, and the various roles among the departments in responding to threat activities. Provide an example and explain how an organization's culture determines the sensitivity level on various risks.

Answer 1

One example that we can take for this particular question is Apple Inc.

Apple is a company that has adapted to a culture of secrecy. They have thousands of employees worldwide however little was known about their work culture until recently. In the few revelations about their ex-employees it was found that Apple values privacy and secrecy of their business above anything. With such culture, their products too are a living testament of their mindset.

One thing that Apple is known for is high quality products and their seamless integration between each other. This means an iPhone can easily connect and communicate with a MacOS computer. However the same does not hold true when an iPhone tries to connect with Windows or an Android device attempts connection with MacOS. This kind of features and interconnectivity within the ecosystem shows the value of secrecy and privacy in Apple. These kind of ecosystem is a testament to the risk aversion approach of the company.

The company was also recently in news about a terrorist attack when the terrorist’s phone needed to be decrypted by the US Government. However, Apple declined to do that as it was against their value system. This was a major risk for the company as they could face backlash from the community and the government. However, the company resisted and forced US Government to deal with the decryption by themselves. This again shows that the company is extremely sensitive against taking any risk when it comes to user data, their technology or their intellectual property.