Homeland Security Ethics

profileMichael_Holmes87
adolf2013.pdf

This article was downloaded by: [The Aga Khan University] On: 05 November 2014, At: 20:57 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK

Journal of Applied Security Research Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/wasr20

Ethics in Security Management: Development of a Theoretical Model Daniel Adolf a a Northeastern University , Boston , Massachusetts , USA Published online: 19 Dec 2012.

To cite this article: Daniel Adolf (2013) Ethics in Security Management: Development of a Theoretical Model, Journal of Applied Security Research, 8:1, 38-60, DOI: 10.1080/19361610.2013.738399

To link to this article: http://dx.doi.org/10.1080/19361610.2013.738399

PLEASE SCROLL DOWN FOR ARTICLE

Taylor & Francis makes every effort to ensure the accuracy of all the information (the “Content”) contained in the publications on our platform. However, Taylor & Francis, our agents, and our licensors make no representations or warranties whatsoever as to the accuracy, completeness, or suitability for any purpose of the Content. Any opinions and views expressed in this publication are the opinions and views of the authors, and are not the views of or endorsed by Taylor & Francis. The accuracy of the Content should not be relied upon and should be independently verified with primary sources of information. Taylor and Francis shall not be liable for any losses, actions, claims, proceedings, demands, costs, expenses, damages, and other liabilities whatsoever or howsoever caused arising directly or indirectly in connection with, in relation to or arising out of the use of the Content.

This article may be used for research, teaching, and private study purposes. Any substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form to anyone is expressly forbidden. Terms & Conditions of access and use can be found at http://www.tandfonline.com/page/terms- and-conditions

Journal of Applied Security Research, 8:38–60, 2013 Copyright © Taylor & Francis Group, LLC ISSN: 1936-1610 print / 1936-1629 online DOI: 10.1080/19361610.2013.738399

Ethics in Security Management: Development of a Theoretical Model

DANIEL ADOLF Northeastern University, Boston, Massachusetts, USA

This study used qualitative interviews (n = 15) to identify a grounded theory related to ethics in security management. The study explored how educators in graduate level organizational Se- curity Management programs in the United States describe their definitions of ethics in security management and the role that ethics play in security management as a practice and as a profession. The research findings resulted in the creation of a theoretical model for ethics in security management emphasizing a balance between various personal and professional factors. In addition, the find- ings resulted in a model for the role of ethics in organizational security, which is based on trust, and combines security’s height- ened authority and access to information with increased exposure to potential ethical decisions, which result in significant personal, organizational, and professional consequences for ethical failure.

KEYWORDS Ethics, security management, grounded theory, pro- fession, corporate social responsibility

INTRODUCTION

On any given day, organizational security managers must be prepared to guard against and respond to a myriad of unethical acts by organizational employees. Ethical issues such as employee theft, internal fraud, data access abuses, and bribes for insider information plague organizational security offi- cials, and tarnish company reputations. Security managers must make ethical management and security decisions during (a) the investigation of ethics vio- lations, (b) the protection of organizational personnel and assets, and (c) the planning and coordination of crisis responses (McCrie, 2001). Poor ethical

Address correspondence to Daniel Adolf. E-mail: [email protected]

38

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

Ethics in Security Management 39

decisions by security managers could result in security breaches, failed cri- sis responses, and other unethical behaviors, which threaten organizational stability, and increase an organization’s potential civil liability (Fay, 2006; McCrie, 2001).

Although ethical actions and ethical knowledge are of prime importance to the day-to-day practice of security managers, ethics and education pro- vide the foundation for security management’s progress toward acceptance as a profession. Security professional bodies such as the American Society for Industrial Security (ASIS International), the International Foundation of Protection Officers, and the Security Institute, are actively working toward enhancing the professional reputation of security management. However, few, if any studies have explored the role of ethics to security management as a practice and as a profession.

THEORETICAL BACKGROUND

Many research methods and their hypotheses are built off some understand- ing of the subject, which necessitates some level of past research and lit- erature review on that subject. Grounded theory differs from many other research methods in that grounded theory researchers do not start with a hypothesis to be tested, but they end with a theory. Indeed, some grounded theorists go so far as to recommend that researchers minimize literature re- view prior to the data collection phase in order to limit potential redirection of research focus prior to allowing the data and findings to guide the theory development (Charmaz, 2010). However, this article will incorporate a treat- ment of the literature by following the recommendations of Charmaz (2010), and incorporating salient literature after the grounded theory is presented. Although limited in scope, some of the relevant literature will be included in the discussion section in an effort to determine the new findings’ role in the current literature (Charmaz, 2010). However, in an effort to provide some level of backdrop, a minimal review of a theoretical foundation follows.

The primary theoretical lens by which this study is viewed, holds the idea of the common good, with its Aristotelian roots (Smith, 1999), as the foundation for Corporate Social Responsibility (CSR) or business ethics (Mahon & McGowan, 1991; Velasquez, 1992). Although easily confused, the common good approach to CSR is not synonymous with John Stuart Mill’s utilitarian ethical theory, which claims that the moral worth of an action is determined by the degree to which the action results in the greatest good for the greatest number of people. Although the common good approach takes into account individual good, it emphasizes the individual’s placement as a piece of an integrated network of social relationships as opposed to the individual constantly at odds and in competition with other members of society (O’Brien, 2008).

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

40 D. Adolf

Viewing this research through the lens of the common good approach to CSR creates an expectation that businesses and their security managers should indeed take steps to promote the common good and CSR as part of standard business practice. This research was conducted based off the assumption that businesses and individual security managers have a respon- sibility to contribute to the common good, whether it includes making an ethical management decision or funding additional costly security measures.

RESEARCH METHOD

This study used qualitative telephone interviews to develop a grounded theory related to ethics in security management. The findings presented herein are a portion of the findings of a larger study related to ethics studies in security management education. Thus, the level of detail included here is only what is necessary to depict the research steps, which are relevant to this aspect of the study, and associated results. Additional details regarding the research method and additional findings are expected to be presented within future articles.

When conducting qualitative research, one should consider asking cen- tral questions (Maxwell, 2005; Creswell, 2009). The central or overarching research questions follow:

1. How do instructors and administrators of graduate level organizational Se- curity Management programs in the United States describe their definitions of ethics in security management?

2. How do instructors and administrators of graduate level organizational Security Management programs in the United States describe the role that ethics play in security management as a practice and as a profession?

Grounded theory is often used when researchers want to fill a void in existing literature, examine issues within an understudied group, or establish a new way of addressing a topic (Creswell, 2007). Grounded theory is also used to uncover an explanation for an occurrence or process, for which re- search or current understanding is limited (Charmaz, 2010). Grounded theory is appropriate for ensuring that data collected are rich and useful, and that the methods used to collect and analyze data are systematic and structured (Charmaz, 2010). Use of a grounded theory methodology also provides the ability to move beyond description as discussed by Creswell (2007), and create a theoretical visual model of security practitioners and educators’ per- ceptions of the role of ethics in organizational security management.

After a review of the literature, it became evident that there is a dearth of research into ethics in security management. Thus, grounded theory ap- peared the most fitting research method for this study and its research

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

Ethics in Security Management 41

questions because of the apparently limited amount of previous literature establishing any understanding of the role of ethics in organizational secu- rity management.

Data Collection

American graduate programs concentrating in organizational Security Man- agement were located using various sources. First, the ASIS Guide to College Security Programs (ASIS, 2010a) was used as the foundation document to identify graduate security programs. Next, search engines including Google, Degree Finder, Education-Portal.com, and GradSchools.com were used to identify any additional graduate security programs. Exhaustive searches com- bined with the use of the ASIS Guide to College Security Programs likely resulted in the identification of the vast majority, if not all of the graduate Security Management programs in the United States.

However, a brief discussion is necessary on what is meant by a Security Management program. Security is an area of study with multiple definitions, which results in a society with no clear understanding of what security is (Brooks, 2010; Manunta, 1999). Brooks (2010) described one understanding of the definition of security as national security and the defense of a nation. Others might describe security as private services that protect people, assets, or information (Craighead, 2003). Still others would describe security as services that prevent undesirable loss to an organization’s assets (Post & Kingsbury, 1991). Thus, the title “Security” could not be relied upon as the final determinant of which programs were included in the study.

Security administration, asset protection, security science, protection management, business security, organizational security, and security studies are all titles of various security education programs, which may be referred to as organizational Security Management programs so long as the security programs are business or organizationally driven, and do not fall into the study areas described by ASIS International (2008; 2010b) as information security, homeland security, or international security.

Once security-related degrees were identified, programs were evaluated and grouped based on descriptions provided on school Web sites. The focus was on programs specific to organizational Security Management: business, corporate, or organizational security graduate programs. Several programs were eliminated from the study due to qualitative assessment revealing a programmatic focus on homeland, national, international, or regional security instead of organizational, corporate, or business security. The focus was general organizational Security Management or administration, so degrees in areas such as business continuity or information security were excluded because those areas focus on specific aspects of overall business, corporate, or organizational security. Any graduate Criminal Justice or MBA programs with formal concentrations in Security Management were included in the

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

42 D. Adolf

study as long as those concentrations were not focused on regional, national, or international security studies.

Instructors and administrators of the programs were identified using school faculty listings. Theoretical sampling was used to identify and in- terview educators with experience as both security educators and security practitioners. Interviews were then used to gain a deeper understanding of instructors’ and administrators’ lived experiences related to ethics in security management.

Of the 19 American Security Management graduate programs identified, 14 (73.6%) were represented in by participants in this study. Overall, 15 ed- ucators were interviewed, including eight program administrators and seven instructors. All but two of the administrators interviewed also teach courses within their programs, and 14 (93.3%) interviewees had recent security ex- perience.

Charmaz (2010) described initial sampling, within grounded theory re- search, as a starting point, and theoretical sampling as a tool to direct re- searchers’ continued interviews. Coding was conducted as the interviews progressed, and responses from participants often prompted alteration of questions, and removal of other questions from future interviews.

Theoretical sampling then began by using snowball sampling in which information gleaned from current interviews helped determine who would be used for subsequent interviews. Theoretical sampling was also used to explicate categories from the data until those categories fully reflected the qualities of respondents’ experiences (Charmaz, 2010). Often, administra- tors provided contact information of instructors within their program, which began or continued the interview and coding cycle for instructors.

Adjusted conversational interviews were used to collect data from ad- ministrators and instructors. This type of interview allowed for the nec- essary flexibility to identify concepts embedded in the interviews (Glaser, 2001). Interviews were recorded, transcribed, and edited to ensure partic- ipant anonymity. The transcripts were then sent to each interviewee for review and correction. Interviewees were given the opportunity to not only edit the transcript for accuracy, but to also add any information they thought relevant to the study. Additionally, field notes were taken by the interviewer during each interview, which were also later evaluated. Field notes contained notes on conceptualized ideas, which were used for conceptualized codes, and assisted in linking themes that were identified.

For the purposes of this article, interview questions focused on (a) inter- viewee’s definitions of ethics in security management, (b) the role of ethics to the development of security management as a profession, (c) the role of ethics to the practicing security manager. Additional, information was gath- ered regarding the presence of ethics studies in the interviewee’s curriculum, and interviewees’ views on ethics education in security. However, findings related to ethics education are not included in this article.

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

Ethics in Security Management 43

Data Analysis

Unlike other research methods, grounded theory requires constant compari- son and conceptualization through transcription of interviews, evaluation of text, and generation of coding categories (Glaser, 1998). Thus, the discus- sions within this study on data collection and data analysis necessarily comin- gle to some degree because there is no clear line of delineation between data analysis and data collection within grounded theory research. Data analysis was conducted using NVivo 9 Qualitative Data Analysis Software following each interview. As interviews were conducted, constant comparisons of new and existing data were used to identify small streams of data called codes. This research involved identification and categorization of themes occurring through specific types of coding within two coding cycles: first cycle coding and second cycle coding.

The coding process began with open coding, which involves coding of all information found within the interview text, and conceptualization into numerous categories (Glaser, 2001).

Codes were organized and grouped into larger categories which were made up of numerous codes that are similar to one another. Additionally, if further grouping was necessary within a category, codes were grouped into subcategories based on similarities, and the subcategories were aligned un- der categories. Saturation occurs when continued data gathering reveals no additional properties of a category (Glaser & Strauss, 1967). Upon saturation within a category, data on other categories were gathered and compared in an attempt to saturate these categories as well (Glaser & Strauss, 1967). Upon saturation of all categories, interviews were discontinued. Next, second cycle coding began (Saldana, 2009).

Second cycle coding included continued refinement and reorganization of emergent categories and subcategories (Glaser & Strauss, 1967; Strauss & Corbin, 1998). Thus, after gaining a larger view of the codes, subcategories, and categories, they were reorganized and refined for later development of themes and finally a theory. Second cycle coding began with comparison of categories and associated subcategories through axial coding. Categories were merged into new concepts, which yielded new categories.

Eventually, core variables were identified: security management, ethics in security management, professionalism. These variables were believed to explain the thoughts and behaviors of the interviewees related to ethics in security management. Having identified core variables, theoretical coding began. Previously collected data was selectively sampled for its perceived relevance to the core variables. This theoretical coding included a review of previous field notes, transcriptions, and memos, which had already been coded. However, the selective coding phase focused solely on data that relate to the core variables.

Specifically, theoretical coding occurred by fracturing data into seg- ments, which were determined by the field note and transcription analysis.

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

44 D. Adolf

The data was then compared by sorting and memoing. Memos were used to help conceptualize data, operationalize categories, and as evidence of con- nections between two or more coded categories of data. The final sorting of memos was intended to connect the identified categories, and was the final stage in creating the themes that provide the framework for the grounded theory. The final grounded theory was then drafted, and visual models were created.

Finally, a focus group was gathered using a wiki on Wikispaces Web site, which allowed users to provide anonymous online feedback in an asyn- chronous manner. Research participants were invited to take part in a focus group discussion, during which the final visual models were presented and discussed online. The focus group provided a forum to allow for feedback re- garding research participants’ interpretations of the final visual models, which assisted in vetting and refining the theory and associated visual models.

Limitations

Some might argue that limiting the interviews to 15 reduces the generaliz- ability of the study. However, unlike quantitative research, which often relies upon a significant numbers of responses to determine how many responses are sought, grounded theorists stop seeking data once they reach saturation. Thus, 15 interviews proved more than enough data to reach saturation in all categories. As such, the number of interviews should not be considered a limitation. Additionally, theoretical sampling allowed for dispersal of inter- views so that 73.6% of all graduate Security Management programs in the United States were represented.

Another potential limitation relates to the sample selected. Given the practice-based implications of this study, one might emphasize the impor- tance of interviewing security practitioners for this research, as opposed to educators. This article reports the practice-based findings of a larger study related to ethics studies in security management education. As such, the focus was on the experiences of educators. However, 93.3% of the intervie- wees have significant experience as current or previous security practition- ers, which helped mitigate potential concerns about interviewing security educators instead of security practitioners.

Another potential limitation to the research method used is the re- searcher’s involvement in security, which may skew the validity of the find- ings herein. Thus, basic steps were taken not only to minimize researcher influence, but add to the credibility of the findings.

Validity and Credibility

Maxwell (2005) described two primary threats to validity in qualitative re- search: researcher bias and reactivity. Researcher bias involves subjectivity on the part of the researchers. Bias and reactivity are both concerns, because

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

Ethics in Security Management 45

the researcher is a security practitioner and instructor who is immersed in the security culture, and has certain expectations regarding ethics in secu- rity. Hammersly and Atkinson (1995) described reactivity as the unavoidable effect of the researcher on the group or person being studied. Researcher bias and reactivity were minimized by creating open-ended and objective questions free from any tone or implication that ethics should be included in security management, or that ethics should fill a particular role within the practice and profession of security.

Credibility refers to the confidence one can have in the truth of re- search findings (Bowen, 2005). Maxwell’s (2005) techniques of searching for discrepant evidence or negative cases, and triangulation were also used to maximize credibility. In addition, an anonymous wiki focus group was cre- ated to solicit feedback from interviewees, which added a layer of credibility to the models created.

The emergent grounded theoretical framework and visual models are intended as a foundation for future research. This grounded theory research used deliberate sampling methods for collection of data, systematic cod- ing and data analysis, while incorporating numerous checks and balances to maximize validity and credibility. The research is intended to advance or perhaps begin the empirical body of work related to ethics in security management.

RESULTS

Research Question 1

How do instructors and administrators of graduate level organizational Se- curity Management programs in the United States describe their definitions of ethics in security management?

Every participant emphasized the importance of ethics to security man- agement, and many went so far as to describe ethics as interwoven into security, and inseparable from security management. However, participants defined ethics in security management in differing ways. Some participants focused on adhering to professional standards and obeying the law while some focused on honesty or simply “doing the right thing” during the nu- merous opportunities that security managers face to be unethical. Other participants focused on promoting CSR within the organization and outside the organization by modeling appropriate ethical behavior or by making de- cisions in an unprejudiced and unbiased manner. Below are some quotes representing the participants’ responses.

When I look at ethics in security management, I’m really looking at ethics within the larger organization first. And I look at it as somewhat practical side and that is how do we promote an ethical corporation or an ethical agency. And then I’ll take it a little bit deeper into the security department

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

46 D. Adolf

and not only how do we promote ethics within the corporation as a whole, but how do we promote it within our particular department and how do we model it too? (Interview 15)

Ethics represent professional standards and normative expected behav- iors from all professionals in conducting their responsibilities in their day to day work in a fair and equitable manner. (Interview 6)

But in the end, it’s just quite simply . . . making sure you’d do the right thing in any situation that arises. (Interview 11)

Given these varied definitions for ethics in security management, one might surmise that each of the interviewees was at least partially correct, and simply described a definition that was most telling of their experiences. Thus, security management ethics will be described as striking a balance between organizational ethics, personal values, legal and liability concerns, international custom, and one’s professional ethical code in order to model ethical behavior by making morally reasonable and ethically sound security and management decisions. Such decisions are made through evaluation of situations, and making decisions that most align with societal norms and the organization’s ethical stance, while maintaining the individual security manager’s personal values and professional code. Figure 1 depicts a visual model of the aforementioned description of ethical decision making in se- curity management. The exterior circles represent the factors, which must be weighed when making an ethical decision. The center circle represents the final ethical decision making and modeling for organizational employees based on the balancing of the factors represented by the outside circles.

Research Question 2

How do instructors and administrators of graduate-level organizational Secu- rity Management programs in the United States describe the role that ethics play in security management as a practice and as a profession?

ETHICS IN THE PROFESSION

Although security management is on its way to becoming a profession, it does not fully meet the requirements of a profession.

It’s not a true profession at this point and the reason I say that is because we don’t have any sort of mandated international or national body which says, “Due to your experience and testing, you are now a professional.” (Interview 12)

Educators stated that any trade hoping to become a profession must es- tablish (a) education programs, (b) a body of knowledge, (c) a required certification or licensure, (d) a code of conduct, and (e) a system of

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

Ethics in Security Management 47

FIGURE 1 A model for ethical decision making in security management (Color figure avail- able online).

enforcement for breach of the code. In describing security’s lack of pro- fessional status, educators cited security’s (a) minimal body of work, (b) lack of required licensure or certification, and (c) lack of professional body with realistic process for identifying ethical breaches, or revocation authority to keep violators from practicing the security trade.

We’ve got ASIS International but there is no real mandatory professional body. You have to actually have to be a part of so, whose shoulders does it fall on to enforce this as a profession? (Interview 12)

Ethics and education are both fundamental to the public and organiza- tional leadership’s perception of security management as a true profession.

Yeah, I think the professionals and the ethics and continuing our edu- cation all kind of go hand in hand. I think as you learn more in your respective field, and you recognize that, just that it provides a level of awareness, which enhances the professionalism of the people that work in that industry. (Interview 5)

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

48 D. Adolf

Although security is still not considered a true profession by many, the importance of security, and subsequently, security professionalization, have gained momentum. This increased momentum was due in part to the 9/11 attacks. After 9/11, organizations became more aware of the need for a legiti- mate and dependable security component. As a result, the need for enhanced respectability, professionalism, and education among organizational security gained prominence and organizational leadership placed an increased em- phasis on hiring security personnel with advanced education and experience, which provided momentum toward increased security education programs, certifications, and industry regulation.

And it’s 9/11. Well, I shouldn’t say if it’s 9/11. I’m going to say, in the ‘70s slowly than ‘80s and then the ‘90s that came about the—like the ethical standards and professionalism of security, basically, had to be raised to win that level of—to become a professional, which we appeared then to be. After 9/11, it was a complete turnaround to the aspect of—basically, it’s not only do you have to perform your position, but you have to do it in the highest ethical standards possible. And that’s when ethics really came about within that security professional and they are more scrutinized than anything. Probably, more today, because the fact is this: now they are more educated. (Interview 3)

Security personnel’s increased contact with the public places them as representatives of their organizations and the security trade. This exposure further increases the need for professional perception, because the impres- sions security personnel make on the public will no doubt reflect upon the organization and security as a trade. From a management perspective, many of the decisions made by security managers can significantly affect public perception of the organization, as well as expose the organization to civil liability. Such consequences reinforce the need for security managers who are competent and capable.

ETHICS IN THE PRACTICE OF SECURITY MANAGEMENT

Every security function is built off the presumption of trust, and that trust does not exist without ethical decision making by organizational security personnel.

It fits in to a lot of what I said earlier but specifically, in every aspect to their job, there’s an element of trust in what they do and there’s an assumption that security professionals have a higher standard of ethics in protecting, you know, assets and people. So, in their daily function whether it’s a Security Officer or a Chief Security Officer, I think, that ethics in everything that we do is critical. (Interview 8)

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

Ethics in Security Management 49

The reason that ethics are particularly important to security managers is basically because when you’re a security manager . . . as a security manager, you have the keys to the kingdom. You are the person who is tasked to secure the most valuable assets that the organization has and of course, in today’s world, just could be on the IT side or it could be physical, usually, it’s a combination of both. And so, because you are given access to those sorts of things, ethics becomes extraordinarily important in security management. (Interview 12)

Well, ethics is the foundation with everything security personnel do. I mean, that’s the bottom line. It’s the ethical standards that basically play the most important part within that profession. (Interview 3)

I think ethics is a paramount consideration for security managers just like law enforcement officers. Whether we like it or not, we’re held to a higher standard. (Interview 11)

Breach of that trust removes credibility not only for security manage- ment as a profession, but the organization, and the individual security man- ager. Then, the security manager’s past decisions, investigations, and actions are questioned. Additionally, security managers who lose that trust will find themselves lacking credibility inside the organization and outside the orga- nization. Such loss of trust and credibility places security departments and security managers in jeopardy of removal due to ineffectiveness.

If the executives think you’re a waste of money because you’re—you know, having unethical practices or you’re doing things that—are even perceived as being shady; you will have a hard time convincing leader- ship to give you the resources so, that aspect alone is the most critical. (Interview 10)

I think that, you know, ethics underlies trust. And security managers, as all managers have to have, have to be trusted in their competencies and also trusted in their decision making and that the decision making will not expose the corporation or the agency to a legal liability, will not expose it to the adverse publicity. So I think ethics is a fundamental underlying principle and also a fundamental underlying behavior expec- tation. The corporations that have quality preparations of their security managers and if the security manager’s absent, they’re lacking in those, in the issue of perception being ethical, I think in a straightforward high valued company that that person will probably ultimately be removed from his position. Yeah, without ethics security managers would be inef- fective. Because it’s such an integral part of their job, every task they do. (Interview 15)

Ethics permeates through every aspect of security management, and one could argue that an organization’s willingness to create and fund an orga- nizational security component is a reflection of an organization’s dedication to business ethics or CSR, because of security’s emphasis on personal safety

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

50 D. Adolf

as well as identification of, and investigation of ethical infractions in the organization.

You know, if you’re willing to invest to the security program, then obvi- ously there’s behavior that is unacceptable to the organization. And also that includes, if the organization itself is engaged in illegal practices or unethical practices, and there’s some place that you can turn to within that organization to report that conduct. I think there is a statement there. I think security, proactive security, really does reinforce that ethical cul- ture. And then if you have reinforced ethical culture, I think you can reinforce performance and productivity across the board. So I would say certainly we perform them. That’s part of what we do, but that’s not all what we do. (Interview 15)

However, an alternative argument is that security cannot be a reflec- tion of an organization’s CSR, because security is inherently a form of self- preservation for the organization. Another participant argued that the ex- istence of a security program is not a reflection of CSR because one can be concerned with safety and security of others, while still being deeply unethical.

You know, the other, I guess, the other argument has been that—well, you know, you created ethics—you know, I’m sorry. You created an organizational Security and Emergency Preparedness in your organization as a function of your, you know, self-preservation, you know, and so that’s why people would maybe argue that it’s not supposed to be or that is not a reflection of your CSR. It’s actually the reflection of your selfishness. (Interview 10)

I admire people who feel that way. I don’t necessarily agree with what you’re saying. The reason that I say that is because I think you could be probably quite unethical, and still, you know, have a drive to save people’s lives and that sort of thing. (Interview 12)

Ethics literally starts at the top of an organization, and cascades down. Thus, security managers often find themselves having to decide between “what my boss is telling me to do and what I know is right.” Security man- agers are often put in situations in which they are being asked to complete a potentially unethical assignment or ignore an obvious ethical violation at the direction of senior management. Security managers must thus understand their values and how their personal ethics align with a potential employer. Such internal reflection may be facilitated through ethics-related concepts in security management education.

It is important to have the perception of that group to be such that they’re thought of as highly ethical people and, you know, that standard

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

Ethics in Security Management 51

of professionalism comes from whoever is in-charge. I think the leader and the example they set, there’s a trickle-down effect from that. When you get somebody at the top, that causes, I think, a spillover of unethical conduct all the way through the organization. (Inter- view 14)

An additional concern is that ever increasing globalization is exposing security managers to significant variations in normative values among differ- ent cultures. Security managers now find themselves facing more complex ethical scenarios in an environment in which the ethical dilemma may not even constitute an ethical violation within the country or culture the security manager is currently immersed in.

The more responsible the security manager’s position is within the or- ganization, the more important ethics become. Ethics are arguably more important to security managers than to other organizational managers for several reasons:

• Although security personnel have similar authority to law enforcement within an organization, they are not bound by the same laws and restric- tions that limit law enforcement. Thus, organizational security personnel are required to exhibit ethical discretion for reasons other than legal limi- tations.

• Security managers have access to employee personal information. • As internal investigators, security managers often serve as the ethical ex-

ample within an organization. • Ethical failures by security managers can negatively affect the public’s

perception of the organization. • Security managers reduce loss through ensuring organizational functional-

ity, and maintaining the integrity of human capital as well as other organi- zational assets.

• Security managers model ethics for security workers and train them on matters related to ethics in security.

• Security is viewed as a cost center instead of a profit center. Thus, security managers find themselves justifying the existence of the security depart- ment because no profit is gained as a result of the department, and the cost savings produced by security are often not immediately quantifiable. If senior executives perceive the security entity to be of suspect ethical fiber, they will cut off funding because of the necessity for the aforemen- tioned trust. Thus, ethical knowledge and action among security managers is indeed a tangible necessity for career survival.

• A security manager’s success depends upon reputation both among orga- nizational leadership and among organizational workers. Ethical failures interfere with security managers’ ability to be relied upon with people’s

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

52 D. Adolf

personal information, with company secrets, with people’s safety, or during investigations, to be trusted with the truth from witnesses.

• Ethical infractions resulting in failed emergency response or security mea- sures can result in injury or death, as well as civil liability and negative press.

• Security managers’ duties as investigators, organizational representatives, and gatekeepers to organizational information and resources make them more likely to face situations, which may tempt them to make unethical decisions.

Organizational emergency planning and security measures must be ap- proached from an ethical standpoint, otherwise they are meaningless. Thus, continuity, emergency, and security plans are rooted in an ethical foun- dation. Although these plans are motivated ethically, peoples’ actions are often not ethically motivated during emergency situations. Indeed, ethical decision making is affected by the severity of events. As a result, ethi- cal decision making among security managers becomes even more impor- tant because security personnel are often on-scene commanders who make leadership decisions until emergency personnel arrive during emergency situations.

Figure 2 depicts interviewees’ descriptions of the interrelationship be- tween the trust necessary as the foundation for security management, and the duties of security management, which consistently expose them to eth- ical decisions. These ethical decisions are made while operating within an organizational environment that places security personnel in a position in which ethical failures are likely to result in more significant consequences than other organizational personnel. The large box represents the organi- zational environment for security managers, with text dispersed throughout describing organizational environmental factors, which foster the need for ethical decision making and increase consequences for ethical failure on the part of security managers. The large circle inside the box represents the job of the security manager, and a few of the many day-to-day tasks, for which trust is a requisite. The boxes at the bottom of the figure show the increased likelihood of ethical dilemma and the increased consequences for ethical failure, which foster an increased need for ethical decision making and moral reasoning among security managers.

Figure 3 depicts the enhanced consequences resulting from ethical fail- ures by security personnel, which were described by interviewees. The figure shows immediate consequences such as loss of trust within the organization for security, negative publicity for the organization, and immediate failure of the security mission such as failed crisis response, security breaches, and failed internal investigations. The figure then shows the transition from im- mediate consequences to subsequent consequences.

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

Ethics in Security Management 53

FIGURE 2 Security management duties, organizational environment, and ethics (Color figure available online).

DISCUSSION

Defining Ethics in Security Management

The interviewees’ inability to form a consistent definition for ethics in security management is a clear indication of the need for this research. Interviewees did, however, provide pieces of the larger concept of ethics in security management. These findings were especially appropriate given past authors’ focus on application instead of theoretical concepts.

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

54 D. Adolf

FIGURE 3 Consequences associated with ethical failure by security personnel, and results of the loss of trust in security (Color figure available online).

Trautman (2008) and Hertig (2008) each addressed ethics in organiza- tional security management by focusing on the role of security managers in supervising and training subordinate security officers to make ethical deci- sions and act ethically. Both authors also emphasized the need for security managers to develop ethical behavior among subordinates by modeling eth- ical behavior and incorporating ethics training and requirements for subor- dinate security officers.

Trautman’s (2008) statement that organizational leadership, at all lev- els, must promote an ethical focus was echoed by several interviewees in this research. However, Trautman’s (2008) assertion that hiring practices and internal training practices are inadequate in promoting ethics was not ad- dressed by interviewees.

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

Ethics in Security Management 55

Hertig (2008) focused on applied ethics in security, and emphasized a few approaches to creating a focus on ethics among security officers: (a) display a code of ethics in the workplace, (b) model ethical behavior, (c) require security officers to sign an ethical code annually, (d) create a super- visory relationship in which subordinates feel comfortable seeking feedback related to ethical decisions, (e) conduct proper workplace training to in- crease job knowledge and decrease unprofessional behavior, and (f) have security officers attend ethics training.

Hertig (2008) also used the acronym PORT to describe an ethical deci- sion making model, which can be applied by the practicing security manager or security officer. First, security personnel must define the problem, and con- sider writing a problem statement to assist in defining the variables. Next, the options must be assessed. This step goes beyond options that are im- mediately apparent, and asks decision makers to consider every imaginable option. Third, decision makers should evaluate and prioritize their responsi- bilities to different entities, such as the organization or a supervisor. Finally, decision makers are asked to consider if the decision will stand the test of time, and be a decision that the individual is proud of in a decade.

The theoretical model developed in this research complements Hertig’s (2008) focus on applied security ethics and how to make an ethical deci- sion. However, the model developed in this research focuses more broadly upon defining ethics in security management as an overall practice and pro- fession, as opposed to recommended approaches to an ethical decision. Additionally, Hertig’s (2008) model addresses how security managers should approach ethical decisions while the model depicted herein reflects how security managers currently approach ethical decision making.

Analysis, refinement, and compilation of educators’ descriptions of ethics in security management resulted in the following definition for ethics in security management: Striking a balance between organizational ethical stance, personal values, legal and liability concerns, international custom, and one’s professional ethical code in order to model ethical behavior by making morally reasonable and ethically sound security and management decisions. Such decisions are made through evaluation of situations, and making decisions that most align with societal norms and the organization’s ethical stance, while maintaining the individual security manager’s personal values and professional code.

The Role of Ethics in the Practice and Profession of Security Management

Participants consistently listed trust as the foundation of organizational se- curity, and described numerous repercussions for breach of that trust. Thus, ethical knowledge and action are literally the foundation of organizational security, and embedded in everything security personnel do on a daily basis.

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

56 D. Adolf

Although many professionals can claim an overt reliance upon ethics, few can so readily and so directly link ethical failure by practitioners to immedi- ate task failure, career failure, organizational failure, and professional failure. Additionally, many of the respondents also described the very existence of organizational security and emergency preparedness as a reflection of the organization’s emphasis on CSR. Indeed, one might argue the social con- tract alluded to within CSR theory is reflected by investment of funds into a department, with the sole purpose of protecting personnel and assets from harm or loss, both inside and outside the organization.

Fort (1996, 1999), argued that business should be considered a medi- ating institution and that it should only positively contribute to society, and not harm society. Business should contribute to the common good through creation of wealth and efficient provision of goods and services. Through application of the common good approach to CSR theory to organizational security management, one might assert that business should uphold funda- mental rights of individuals in society through the installation and continued support of protective measures and emergency preparedness capabilities related to the organization, its workers, and the community wherein it lies.

Mele (2002) argued that business contributes to commerce, which often facilitates peaceful and friendly living conditions for those within a com- munity, thereby fulfilling its CSR role. This research indicates that perhaps organizations are also adding to an organization’s CSR role by further cre- ating friendly living conditions within a community by creating a safe and secure environment on organizational grounds, and mitigating any spillover of unsafe conditions into the outlying community. Alford and Naughton (2002) also suggested that businesses are responsible to the common good of the wider community. What better way to fulfill that responsibility to the community than by mitigating negative results of crime, security breaches, or failed crisis responses?

The debate, however, remains as to the motivation behind creation of a security department. Some will say that, if the security department was created for reasons other than a perceived duty owed to employees and the public as a part of that organization’s place in the web of society (O’Brien, 2008), that security department is not a reflection of the organization’s CSR orientation. The question of motivation may only be answered on a case-by- case basis. Simply put, some organizations may create a security department because it is “the right thing to do,” while others may invest in a security department as a form of risk abatement, to reduce insurance costs, or to reduce exposure to civil liability. One might look toward the robustness of the security department as one piece of evidence as to the organization’s intent, and CSR orientation.

Tombs and Smith (1995) also argued that a strong link exists between an organization’s ethical position and its level of crisis preparedness. Inter- viewees also agreed with Tombs and Smith (1995), who emphasized that

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

Ethics in Security Management 57

crisis management, another primary duty of security managers, is connected to CSR because crisis planning is rooted in ethics. Some interviewees stated that ethical decision making is affected by the severity of events, and per- ceived necessity created by crisis can create a type of sliding scale related to ethical decision making. As a result, ethical decision making among se- curity managers becomes even more important because security personnel are often on-scene commanders who make leadership decisions until emer- gency personnel arrive during emergency situations. Thus, the investment in security personnel and emergency plans may be another form of reflection of an organization’s CSR because the organization is using funds to inject its own personnel, resources, and planning to mitigate the potentially hazardous ethical decision making of crisis victims. Other findings were important to security’s development as a profession.

Participants were in agreement with other researchers (Black & Hertig, 2008; Simonsen, 1996), who stated that any trade hoping to become a pro- fession must establish (a) education programs, (b) a body of knowledge, (c) a required certification or licensure, (d) a code of conduct, and (e) a sys- tem of enforcement for breach of the code. In describing security’s lack of professional status, participants agreed with Khurana, Nohria, and Penrice’s (2005) emphasis on ethical enforcement in determining professional status. Educators cited security’s (a) minimal body of work, (b) lack of required licensure or certification, (c) lack of professional body with realistic process for identifying ethical breaches, and (d) lack of revocation authority to keep violators from practicing the security trade as reasons for security’s lack of professional status.

Black and Hertig (2008) also posited that the public must perceive a par- ticular field to be a profession for it to be so. Security personnel’s increased contact with the public further increases the need for that professional per- ception. Interviewees emphasized security’s consistent exposure to the pub- lic as evidence that security personnel are making some sort of impression on the public. The question is whether the specific interaction will enhance or detract from the public’s already lacking perception of security as a true profession.

Importance of Ethics in Security

Security personnel conduct background investigations, protect executives, investigate internal fraud, plan crisis responses, ensure physical security sys- tems are protecting workers and assets, and myriad other duties, which place them in the public spotlight and require enhanced authority and access to information. Further, no clearly defined set of laws limits the actions of se- curity personnel, unlike their counterparts in public law enforcement who are subject to the criminal justice system of checks and balances to minimize unreasonable infringement of rights.

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

58 D. Adolf

Regardless of the role the security manager is performing, this research showed an increased likelihood of the need for ethical decision making as well as heightened consequences for ethical failure. All of the consequences, however, stem from the loss of trust for the security manager or security de- partment by the public, organizational leadership, or workers. Consequences include financial loss for the organization, physical harm to workers, civil lia- bility, reduced revenue, dissolution of the security department, and removal of the security manager upon loss of trust. The aforementioned characteris- tics of security positions and the significant consequences for ethical failure only serve to reinforce the importance of ethical decision making among security managers.

CONCLUSION

This research used qualitative interviews to uncover original results, which begin to paint the picture of ethics in the practice and profession of security management. This study provided a much needed model for ethics in se- curity management, which emphasizes a balance between personal values, organizational ethics, professional ethics, international custom, applicable laws, and liability concerns as the source of ethical security management decisions, which are so important to modeling ethical behavior for orga- nizational employees. Future research might add to this by evaluating the common ethical scenarios, which practicing security managers and security executives claim to face throughout the country, and how those scenarios differ from other organizational managers. Further research might also ex- plore the role, if any, of security management education in fostering ethics within security management.

Additionally, this research uncovered characteristics of a security man- agement trade, which is rooted almost completely in trust, while operating in an organizational environment, which gives security managers “the keys to the kingdom,” and simultaneously exposes security employees to increased ethical tests, all under the public microscope. As a result, security managers find themselves more exposed to ethical decision making, which due to the nature of security’s enhanced authority, safety-related duties, and access to information, could result in dire consequences for ethical failure. Additional research should be conducted focused on outlining and detailing all of the organizational factors and job responsibilities that expose security personnel to ethical decisions, and how those factors correlate.

Finally, from a theoretical perspective, this study uncovered an unex- pected link between organizational security and emergency preparedness, and an organization’s CSR. Indeed, these findings indicate that, depending upon the reasoning for creation of an organizational security department, an organization’s investment in a security department may be viewed as a

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

Ethics in Security Management 59

reflection of an emphasis on CSR. Future Research should further examine the link between CSR and organizational security by perhaps evaluating the opinions of organizational executives regarding their reasoning for funding a security department, and those executives’ opinions on how their security departments contribute to their organizations’ CSR, if at all.

REFERENCES

Alford, H., & Naugthon, M. (2002). Beyond the shareholder model of the firm: Working toward the common good of a business. In S. A. Cortright and M. Naugthon (Eds.), Rethinking the purpose of business: Interdisciplinary essays from the Catholic social tradition (pp. 27–47). Notre Dame, IN: Notre Dame University Press.

ASIS International. (2008). Proceedings from the ASIS academic/practitioner sympo- sium. Alexandria, VA: ASIS International.

ASIS International. (2010a). Guide to college security programs. Alexandria, VA: ASIS International.

ASIS International. (2010b). Proceedings from the ASIS academic/practitioner sym- posium. Alexandria, VA: ASIS International.

Black, I. S., & Hertig, C. A. (2008). Professional certifications: Milestones of profes- sionalism. In S. Davies & C. Hertig (Eds.), Security supervision and manage- ment: Theory and practice of asset protection (pp. 173–182). Burlington, MA: Butterworth-Heinemann.

Bowen, G. A. (2005). Preparing a qualitative research-based dissertation: Lessons learned. The Qualitative Report, 10(2), 208–222.

Brooks, D. J. (2010). What is security: Definition through knowledge categorization. Security Journal, 23(3), 225–239.

Charmaz, K. (2010). Constructing grounded theory: A practical guide through qual- itative analysis. Thousand Oaks, CA: Sage.

Craighead, G. (2003). High-rise security and fire life safety. Woburn, MA: Butterworth- Heinmann.

Creswell, J. (2007). Qualitative inquiry & research design: Choosing among five approaches (2nd ed.) .Thousand Oaks, CA: Sage Publications.

Creswell, J. (2009). Research design: Qualitative, quantitative, and mixed methods approaches (3rd ed.). Thousand Oaks, CA: Sage.

Fay, J. J. (2006). Contemporary security management (2nd ed.). Burlington, MA: Butterworth-Heinemann.

Fort, T. L. (1996). Business as mediating institutions. Business Ethics Quarterly, 6(2), 149–164.

Fort, T. L. (1999). The first man and the company man: The common good, tran- scendence, and mediating institutions. American Business Law Journal, 36(3), 391–435.

Glaser, B. G. (1998). Doing grounded theory: Issues and discussions. Mill Valley, CA: Sociology Press.

Glaser, B. G. (2001). The grounded theory perspective: Conceptualization contrasted with description. Mill Valley, CA: Sociology Press.

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14

60 D. Adolf

Glaser, B. G., & Strauss, A. L. (1967). The discovery of grounded theory: Strategies for qualitative research. New York, NY: Aldine Publishing Company.

Hammersly, M., & Atkinson, P. (1995). Ethnography: Principles in practice. New York, NY: Routledge.

Hertig, C. A. (2008). Appendix A. In S. Davies & C. Hertig (Eds.), Security supervi- sion and management: theory and practice of asset protection (pp. 120–122). Burlington, MA: Butterworth-Heinemann.

Khurana, R., Nohria, N., & Penrice, D. (2005). Management as a profession. In J. W. Lorsch, J., L. Berlowitz, & A. Zelleke (Eds.), Restoring trust in American business (pp. 232–150). Cambridge, MA: MIT Press.

Mahon, J. F., & McGowan, R. A. (1991). Searching for the common good: A process- oriented approach. Business Horizons, 34(4), 79–87.

Manunta, G. (1999). What is security? Security Journal, 12(3), 57–66. Maxwell, J. A. (2005). Qualitative research design: An interactive approach (2nd ed.).

Thousand Oaks, CA: Sage. McCrie, R. D. (2001). Security operations management. Woburn, MA: Butterworth-

Heinemann. Mele, D. (2002). Not only Stakeholder Interests. The firm oriented toward the common

good. Notre Dame, IN: Notre Dame University Press. O’Brien, T. (2008). Reconsidering the common good in a business context. Journal

of Business Ethics, 85(1) 25–37. Post, R. S., & Kingsbury, A. A. (1991). Security Administration. London, UK:

Butterworth-Heinemann. Saldana, J. (2009). The coding manual for qualitative researchers. Thousand Oaks,

CA: Sage. Simonsen, E. (1996). The case for: security management is a profession. International

Journal of Risk, Security and Crime Prevention. 1(3), 229–232. Smith, T. W. (1999). Aristotle on the conditions for and limits of the common good.

American Political Science Review, 93(3), 625–637. Strauss, A., & Corbin, J. (1998). Basics of qualitative research techniques and proce-

dures for developing grounded theory (2nd ed.). London, UK: Sage. Tombs, S., & Smith, D. (1995). Corporate social responsibility and crisis management:

The democratic organization and crisis prevention. Journal of Contingencies and Crisis Management, 3(3), 135–148.

Trautman, N. (2008). Unethical acts by security officers. In S. Davies & C. Her- tig (Eds.), Security supervision and management: theory and practice of asset protection (pp. 117–120). Burlington, MA: Butterworth-Heinemann.

Velasquez, M. (1992). International business, morality and the common good. Busi- ness Ethics Quarterly, 2(1), 27–40.

D ow

nl oa

de d

by [

T he

A ga

K ha

n U

ni ve

rs ity

] at

2 0:

57 0

5 N

ov em

be r

20 14