Ethics Case Study Review_JKostak_APA_Style

ETHICS CASE STUDY REVIEW 1

Ethics Case Study Review

John Kostak

Georgetown University – School of Continuing Studies

Masters of Professional Studies in Technology Management

Capstone Course (MPTM-900-01)

January 21, 2017

Professor Mikah Sellers


Table of Contents Abstract ...........................................................................................................................................3 New Stakeholders ...........................................................................................................................4 Interwoven Ethics and Governance .............................................................................................5 Network Security ...........................................................................................................................6 Mitigation and Balance .................................................................................................................8 Works Cited ..................................................................................................................................11


Abstract

Since the beginning of modern business, there has never been a greater need and opportunity for

the application of Professional Ethics, than today. Given the volatile times we live in, companies

have to aggressively compete to meet their strategic business plan and achieve their mission, all-

the-while being responsible corporate stewards of their information-use policies and enterprise

network security. This case study review takes a look at the challenges facing a modern day

networked business and how to balance the interests of the organization with customer’s privacy

rights, need for security and public demand for greater transparency.


Ethics Case Study Review

At the core of the digital network age is a catalyst infrastructure of enterprise networks

and virtual networks, capable of providing unprecedented access to information. Never before

has it been so easy to acquire, store and transmit detailed information in a split second around the

world. (Vaccaro, September 4, 2012) CIOs have traditionally done well utilizing ethical analysis,

governance and best practices to set policy and security standards to protect against sensitive

information leaking and data breaches. However, a current trend, similar to that of enterprise

networks “extending” out into private and public clouds to deliver more services to customers

and partners (Hogue, 2010), has C-Suite executives scrambling to assess how the cataclysmic

growth of virtual networks and their communities will redefine their information and security

policies. It’s not enough now to just update the corporate communications, privacy and network

security policies. As big data becomes more valuable and marketers show no boundaries as to

how far they’ll reach out to engage their customer “community”, we’re witnessing firsthand the

integration of social and community networks with corporate networks. There are a few key

areas or business functions that senior executives in organizations will need to review regarding

resulting ethical issues and mitigation solutions for ultimately what should be the design and

implementation of new “virtual” information management, governance and security policies.

New Stakeholders

As the flow of information gets rerouted in response to the virtualization of networked

organizations, stakeholders will change. Those who were firewalled off so-to-speak for

transparency reasons by a third party, now may be a direct enabler and supporter of your

business model and vice versa. And the communications strategy to engage your key

stakeholders may change from being managed by corporate governance to a real-time dynamic


engagement model overseen by your social media plan. As referenced in the case study, Redfin

actually, through understanding their information flow structure, leveraged their virtual network

structure of social media and apps and reinvented their industry.

Interwoven Ethics and Governance

Ethical issues can become interwoven in the virtual network world. It’s not enough to

managed silos of functions, each managing their own ethical issues and providing governance,

like Corporate Communications, Investor Relations, Partner and Supply Chain, Social Media and

PR/Press. Many of these are becoming shades of gray, blurring the lines of where one policy

plan stops and another begins as a new discipline. It gets complicated and managers have to be

careful and provide sound and ethical judgment across the board. The privacy or information

security policy for one virtual area of your business may adversely affect another virtual area.

This impacts the best practice plans of corporate transparency and information reliability in

similar ways.

Our governance laws protecting information come from both the corporate world and

governments and both, more or less, focus on their own best interests and reducing risk. The

average corporate policy on information privacy considers mainly protecting intellectual

property within the private enterprise network and behind the physical, guns-guards-and-gates

security. (Harris, 2006) Few corporations have a modern privacy and information security policy

reflective of the new vulnerabilities and risks associated with managing business within the new

domains of virtual networks.

Government has made attempts over the years to introduce new legislature or modify

existing but is severely challenged to keep up with the tsunami of privacy issues related to virtual

and social network build out and integration. The Computer Fraud and Abuse Act can punish


anyone who’s attempted to commit an offense or conspiring to do so in regards to breaching a

computer and or the materials on it as a personal asset. (Congress, 1986) The Stored

Communications Act of 1986 has to do with the disclosure of ‘stored wire and electronic

communications and transactional records’ held by a third party ISP. It was also enacted in 1986

and helps to cover the gap left by the Fourth Amendment that protects our right against

unreasonable search and seizure but in this case, “protection” isn’t considering online or digital

assets. (Legislation) The Privacy and Security Responsibilities, Bureau of Consumer Protection

Business Center, Federal Trade Commission performs initial adjudicative fact-finding for the

Commission and resolves disputes made in discovery, explains the correct legality, applies the

law to the facts, and when necessary, issues an order on the remedy. The FTC is expected to be

a popular court to vet many of the up and coming issues related to information privacy.

Network Security

Virtual breaches can be just as damaging if not worse than corporate enterprise breaches.

As recounted in the 2011 Data Breach Investigations Report (DBIR) (Verizon RISK Team with

cooperation from the Australian Federal Police, 2012), 2011 could go down as a year of civil and

cultural uprising. This unrest was not limited to the physical world, as the online world was

riveted with the clashing of ideals, taking the form of activism where the theft of corporate and

personal information was a core tactic. “Hacktivism” haunted organizations around the globe.

The following are snapshots of the summaries of the breach report findings:



The difficulty in preventing security breaches has dropped over the past few years as better

and easier to configure/deploy technology is available. The challenge comes in mitigating the

risks and balancing security with transparency as it relates to information production and

dissemination over the new “integrated virtual network”, in example:

• The corporate enterprise network – definition and boundaries

• Extended enterprise and VPNs – definition and boundaries

• Partner extranets – definition and boundaries

• Member login portals – definition and boundaries

• Private, public, community and hybrid clouds – definition and boundaries

• The public internet – definition and its boundaries

CIOs and their team must consider all of these types of networking topologies when defining

who corporate, privileged, partner, customer and public users will be, and set the security

policies and configurations accordingly.

Mitigation and Balance

It’s one of the most important balancing acts that a CIO or CTO will face in the new

virtual networked business community; how to balance your customer’s privacy rights, need for

security, and public demand for greater transparency with the interests of your organization. One

of the concluding points from the case study was to remember at the end of the day (or

beginning!) to have an “individual conscious”. The article continues to remind us that the new

business community of stakeholders “has no borders – no rules”.

I believe first and foremost that those who are ultimately responsible for the viability of

the organization (C-suite/board of directors/advisors) need to spear head a new model for Ethics

that spearheads a service-oriented approach to solving the ethical and security issues in the new


virtual networked organization. Even before defining the vision (where do we want to go?) and

the mission (how are we going to get there), moral thought needs to be front and center and an

ethics policy should be defined for the common good of the whole company. The ethics policy

could be a framed box of principles for what the company stands for and where the “line(s)”

where they will stop at during the process of achieving their vision.

I’d like to introduce an architecture as a possible model to follow. I call it the “Virtual

Enterprise Ethics Engagement Model” (ve3) for defining and managing Ethics, Transparency,

Compliance, Governance, Security and Risk.

Ethics and the subsequent guidelines focused on managing the flow of information

within the organization stakeholder community are critical methodologies and processes to

manage because when it comes to breaches, misinformation and information leaks, it’s not a

matter of “if”, but “when”. The ve3 model can help manage all of the key variables that will

impact the way information should flow and to whom. When defining governance guidelines,


inputs about the kind of information that will be required, processed, stored and shared can be

assigned priorities that will determine a suggested output policy to follow and it can assign a risk

score to feed into the risk analysis function.

The model will need to include an audit and measure process so that it can continue to

evolve as the virtual networked community evolves. And yes, we should have a real-time ve3

app for this! Our organization’s community (virtual

networks) will only grow and become more sophisticated

and complex. Senior executives need to embrace the

changes, but stay out in front of it and don’t let this

evolution and revolution control their business vision and

mission. What can save them hardship down the road, is

leading with an ethics policy and management model. If

they can put this stake in the ground early on, they may

find that the following traditional guidelines concerning

information for IR, communications and commerce will

be easier than ever to establish.


Works Cited

Congress, U. S. (1986). Computer Fraud and Abuse Act. Harris, S. (2006, August). Information Security Governance Guide. Retrieved April 2012, from

Tech Target: http://searchsecurity.techtarget.com/tutorial/Information-Security-Governance-Guide

Hogue, F. (2010, September 30). CIO Update. Retrieved October 8, 2012, from IT Business Edge: http://www.cioupdate.com/trends/article.php/3906131/How-to-Govern-the-Ever-Extending-Enterprise.htm

Legislation, U. S. (n.d.). Stored Communications Act of 1986. Vaccaro, A. (September 4, 2012). Ethics Hold the Key to Network Contradictions. DEEPinsight,

7. Verizon RISK Team with cooperation from the Australian Federal Police, D. N.-C. (2012). 2012

Data Breach Investigations Report. Retrieved October 8, 2012, from Verizon Business: http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

Documents

Ethics Case Study Review_JKostak_APA_Style