MIS Assign 7

L4.pdf

Home >Computer Science homework help >MIS Assign 7

Introduction

This lesson will first focus on the Information Age and how it relates to society as a whole. Discussion will then move to the relevance of security in the Information Age and the distinctions between ethical and legal perspectives. This lesson will then offer some possible solutions to resolve ethical and legal dilemmas and address how the role of management has changed in order to accommodate eSecurity.

The Information Age

Construction of the first airplane and installation of the first telephone both required that accurate information be managed and stored. One can assume the same was true with the construction of the Egyptian pyramids and invention of the Model T. Thus, why is today referred to as the Information Age? What has changed? Why the most exotic telecommunications systems and need for increased speed in information transfer?

The main bridge that separates yesterday’s informational needs from today’s is competition. It is not that protection of information was not important in the early days of businesses; it just functioned as more of an informative tool rather than a competitive advantage. For example, in 1876, very few people, if anyone, were competing with Alexander Graham Bell to develop the phone system. No one was pushing him to get the product out early or manufacture 20,000 telephones a day. Rather, at this point in history, the market was filled

largely with single producers of specific products; each entrepreneur enjoyed his/her own highly specialized market. Such a system allowed producers the space and time necessary to work slowly but surely on a product, without pressure from a competitive market.

Today, competitors race to get products into the market as early as possible and to perfect their services as soon as possible. If they cannot do this successfully, then they will lose their place in the market for this product. As such, information has become the main tool for competitive advantage. Companies rely on information about their products, competitors’ products, the market, and the consumers interested in their products and services. Such reliance results in continued perfection of the information process, making it faster, more reliable, and increasingly cost effective.

The Information Age forces computer professionals to act creatively and deliver Management Information Systems that will facilitate the needs of today’s marketplace. Such systems must result in a high ROI (Return on Investment) for the organization, which means that design and security protection of the systems must yield outcomes beyond the systems costs and be profitable to use. Without security, MIS is of little use to an organization, hence, the focus on protection in the Information Age.

Security in the Information Age

Since the goal of pursuing quality information is that of competitive advantage, systems must be secure so that they are not vulnerable to competitors. The following are five (5) of the main reasons for strong security in the Information Age:

 Protects a company’s competitive edge o A company will invest in Management Information Systems if they can produce

the type of information it needs for competitive advantage. If such information becomes available to the company’s competitors, the entire purpose of the MIS is defeated. Without security, a company’s place in the market becomes jeopardized, because of the loss of valuable company and product information and the loss of the investment in the MIS they were using. These systems are very costly and, as such, they must yield a favorable ROI to the company.

 Protects employees o Employee information is almost sacred. A company’s

most important asset is its human capital. As such, it has the responsibility of ensuring the safety of employee information. Incidents have occurred where ex-spouses of employees were able to obtain personal employee information from the company and use it for destructive purposes. Whether it is an incident such as this, or an attack from an outside source, it can be devastating to the lives of the employees and to the company. Employees can enjoy trust and peace of mind when they are assured that their personal information is safe with their company.

 Protects customers o Customers are a company’s bloodline. Especially during the era of eCommerce,

customer’s information must be protected at all times. Without security of the MIS, customer information is vulnerable, as is the customer’s trust in the company and the company’s success. Unfortunately, one also hears of companies selling their customer information to other companies, such as marketing companies. Such actions will be addressed in the ethical and legal section of this lesson.

 Protects suppliers o Suppliers give consideration to certain customers based on a range of criteria.

This consideration helps the profit margin of companies. As a result, it is to the advantage of both company and supplier to protect relevant information. Breach of this security can cause poor business relationships that hurt everyone involved and decrease the profits of the company.

 Avoids lawsuits

o In all of the above examples, lawsuits are often filed for violation of privacy and the sharing of confidential information. These legal battles can be life threatening to a company, as legal costs can deplete a company’s resources and time, as well as affecting their business reputation. Companies can work to safeguard themselves against such threats by investing in information security that protects all of their constituents.

The Ethical and Legal Perspectives

How does one differentiate between ethical and legal perspectives? Ethics is a personal decision and desire to do what is right, whereas a legal decision is a mandatory order to do what is right. Both may carry weight in a particular society, although oftentimes the legal repercussions of laws make them more influential.

Ethical issues cost a company less, as they do not carry the fees involved in monitoring a process legally. As such, companies are finding it cost-effective on a long-term basis to educate their staff about ethics and/or to invest in improved hiring processes. Through better hiring strategies, companies can find employees who will contribute to the integrity of the company instead of lowering its ethical standards by unethical actions.

The dilemma today as companies go worldwide is deciding upon a global meaning of ethics and law. What may be ethical or legal in one country may be unacceptable in another country. As such, companies need to fully educate themselves on the cultures of the locations into which they are expanding. Such expansion also complicates security

issues in relation to Management Information Systems, as the level of security demanded in one place may not apply to another.

Because the legal systems in countries vastly differ, having international attorneys on board in multinational companies is a wise move. However, investing in high security measures may not be necessary in certain countries where protection of employees’ personal information is not an issue. Either way, this is an issue to be taken very seriously by a company before expanding and doing business in an area that may not follow the same standards as the company’s original operation.

Consider the following scenarios:

 As mentioned, especially during the era of eCommerce, the customer’s information must be protected at all times. Unfortunately, one hears of companies selling their customer information. Is this legally and or ethically wrong? The answer depends on the country in question. Consider the following.

 John is Mary’s supervisor. It is obvious that he has been sharing her information with others by revealing her systems passwords.

o Is this legally and or ethically wrong? Though such actions are clearly ethically wrong, unfortunately, if John and Mary were living in a highly patriarchal society that did not consider women equal to men, this situation may not have legal ramifications and may simply be dismissed.

 Anna really hurts her fellow employee, Bill, by constantly telling him how insignificant he is.

o Is this legally and or ethically wrong? Such actions are ethically wrong, and could be considered a legal matter if they qualify as harassment under the company’s policy.

These scenarios illustrate that ethical and legal issues are contextually and geographically based. Security, then, also becomes an issue whose parameters are determined by the meaning of confidentiality and of violation in given locations and contexts.

Richards and Solove (2007) offer a definition of confidentiality in their article, “Privacy’s Other Path: Recovering the Law of Confidentiality”:

Confidentiality focuses on relationships; it involves trusting others to refrain from revealing personal information to unauthorized individuals. Rather than protecting the information we hide away in secrecy, confidentiality protects the information we share with others based upon our expectations of trust and reliance in relationships (Richards & Solove, 2007).

The underlined words do not appeal to legal adherence but to personal ethics, and as a result, confidentiality’s parameters similarly depend upon geography and context.

Possible Solutions to Resolve Ethical and Legal Dilemmas

How can one resolve ethical and legal dilemmas? The following are a few solutions:

 Maximize information security o Companies need to invest in security. It is the responsibility of the

company to protect its constituents from possible breaches of security. While security increases costs, these short-term costs can result in many long-term benefits, such as loyalty from employees, customers, suppliers, and so forth.

 Educate employees on the benefits of ethics. o Design internal training that will

address ethics in a manner that is

culturally sensitive. Employees need to understand that adopting strong ethics is not a choice; rather, doing so is one’s responsibility to another human. This also includes emphasizing the values and integrity of the company.

 Educate employees on the costs of legal actions. o Employees innocently do not realize the many hidden costs associated

with legal actions. Make clear the effects of these costs. If managers understand that their bottom-line dollar will be affected by legal fees, they will care. If employees clearly understand their annual pay increases will not occur if the legal fees continue to increase, they may think differently about illegal actions. Effectively and unfortunately, unless people are personally affected by certain actions, they are not always motivated enough to do what is right. Therefore emphasize how these issues directly impact the employee.

 Increase the workplace penalty associated with unethical and illegal actions. o At a time when companies are experiencing a level of competitiveness

that they have not experienced before, they cannot afford to allow unethical and illegal actions to just slip by. Employees must be held responsible for their actions at all levels of the organization. The key here is for a company to consistently deal with these violations and have a system in place for doing so.

 Walk the talk. o Finally, yet importantly, leaders and managers must walk the talk. The

best way to lead is still by example. The leaders are the ones who create and maintain the culture of an organization; thus, they must set the example and uphold to it accordingly. If the leaders are people of strong integrity who uphold the values of the organization, the employees will be more likely to follow.

The Role of Management and eSecurity

Top leadership cannot implement all these strategies and monitor them in relation to security, ethical, and legal issues alone. As a result, leaders often hire competent managers who can oversee the security processes in efficient and effective manners.

It is not unusual to find the following being included in the role of today’s manager:

 Trainers of ethics and legal seminars  Acting policemen and policewomen  Systems testers to ensure that the system is secured  Technology competence – able to at least detect when a system is incompetent  Protectors of information – decide who will have access to certain levels of

information

Companies must seek to develop a certain level of ownership in each manager so that he/she will be willing to safeguard his/her department. One way this can be done is to get managers to understand that secured information means more money to their teams’ bottom-lines. Again, the key is to personalize the benefits.

This management of information has certainly changed business during the past twenty years. It is not that protection of information was not important in the early days of businesses; it was just not as needed. Information was more informative than competitive.

In summary, the age of information and management systems are still somewhat cutting-edge to some small- and medium-sized companies. However, it is true that for these companies to grow and become giants in their industry, they must inevitably accept that to safeguard themselves against poor eSecurity, they will need to clearly understand ethics and legal perspectives of information and find a way of communicating this to their entire organization.