NIST Cyber Security Framework

It is unrealistic to try to protect every piece of information in a business because there is so much. Instead to figure out what is most important than start from there. First thing I would do as a CISO for public traded company is ask the employees to create a list of things they use often such as documents, applications, and other actively used activities. Then we would figure out what information is the most valuable out of the listings and start to come up with ways to protect those assets. Easiest way to protect and ensure availability is to use up to date encryption methods this allows only people with authorization to access the information. This is the most common practice to ensure availability. There are others that are not so directly tied to technology such as building very strong trust worthy relationship between employees. This ensure that information that is confidential is not spread by word of mouth. Another way to protect valuable information is to have an Authorizing Official, this job position is responsible for authorizing they system before it is allowed to operate and have a plan in place for how that system will be monitored. Lastly the final way I would implement protections to ensure availability are having frequent penetration test conducted on the company to see if we are still at risk and what can be done. All these procedures working in unison would provide a big leap to protect valuable information for this publicly traded company. Only allowing authorized individuals to seek this information not just anyone.

Opportunities for Work Place Deviance

The advancements in technology have created many opportunities for work place deviance. This was highlighted in a previous week’s reading about how forty three percent of data breaches are caused internally. That alone is a large portion of data breaches caused by employees working for said company. These types of data breaches are great examples of work place deviance that could have devastating results. Work place deviance takes place in many different forms and the formal definition of work place deviance is deliberate harm to an organization. This could be as big as an employee downloading valuable information before quitting a job or as little as changing other employees they may not like. All forms of this type of behavior are unacceptable in most if not all cases. Many companies like to keep track of employees lives and work habits to control this potential desire to cause harm. One thing to consider when conducting research about work place deviance is that it is much harder to find someone conducting deviance when they are simply just sitting behind a computer screen. It is not comparable to crime that you see happening in the streets that is more obvious to everyone than just seeing an employee looking like they are just doing work related activities. So, the rise of work place deviance has increased drastically over the years due to technology.

Information Technologies and the Politics of Mediation

Markets, Businesses, groups and individuals can be regulated or limited differently in the face of diminishing state power. Verbeek points out that we live in a world where we have become so a custom to technology in our day to day lives, that it is hard to see otherwise. They discuss how there are two new information and communications technologies and they are ’embedded’ information technology and augmented reality. Both of these very fast developing forms of technology are changing our lives without us knowing. Embedded information technology is a form that interacts with our physical environment such as 3D billboards that move and jump out at you. A great example of this is the downtown Toyoko cat billboard that was advertising a certain type of cat food, that displayed a huge realistic cat roaming a small room. These types of displays are going to be the standard for high traffic cities and busy environments. They can and will be regulated for certain places because some laws will not allow such things to be in cooperated to certain societies. Augmented reality can be argued a breach of privacy with talking about virtual heads up displays, Verbeek cleared discussed the problematic nature of such items. He brings up that Google glass is different than police body camera because one is obvious and the other is a flashy designer look frame. It can be problematic because there is a lot of people, that do not wish to be recorded. So, in a lot of places these types of virtual heads-up displays have been banned in public places. This is governments taking action in regulating what types of technologies can be used and not. I’m aware that if you are not a business and operating in a public space in England you need a license to do so or your technology or equipment will be confiscated. Of course, in other places they may have entirely different laws that allow you do as you wish. These are just a few examples on how these emerging types of technologies are being regulated.


Sources:

Capone, Jeff. “Capone – the Impact of Human Behavior on Security.” Google Docs, Google, 25 May 2018, https://docs.google.com/document/d/1J3v_V167mktbGVynbtHW8yHXW9onjaBzVASo-behDfY/edit.

Payne, Brian K., and Lora Hadzhidimova. “12b – Payne-Hadzidimova.pdf.” Google Drive, Google, 2018, https://drive.google.com/file/d/1AJ5R5Ia7KLp7GK9Ndt6uAF6ESWYQ9HqI/view.

Payne, Brian K., et al. “12a – USING_LABELING_THEORY_AS_A_GUIDE_TO_EXAMINE_THE_PA module11.Pdf.” Google Drive, Google, 3 Nov. 2018, https://drive.google.com/file/d/1nVyXy0Ty1v5f6U5oClx2LMz-TIOuQehE/view.

Verbeek, Peter Paul. “Verbeek – Designing the Public Sphere.pdf.” Google Drive, Google, 14 Nov. 2014, https://drive.google.com/file/d/1WAHx3muA_-0RXcoD8Gs9CzciWlc0cpFy/view.