Week 1 Discussion IT Policies: Ethical and Cultural Considerations Working across cultures can be enriching and meaningful.

Week 1 Discussion

IT Policies: Ethical and Cultural Considerations

Working across cultures can be enriching and meaningful. Colleagues can build cross-cultural awareness by engaging with people who are similar to and yet different from them. At the same time, working across cultures also has its challenges.

Consider a time when you were exposed to cultural bias or to a case where you needed to take culture into consideration. You examine how culture can influence interactions in an organization.

To prepare for this Discussion, locate and read resources about cultural worldviews (such as the one in Appendix B of the Information Security Governance course text). Then narrow your search by focusing on cultural perspectives related to information security.

By, in 350-500 word, share an experience that you have had, or that you read about, where you think someone exceeded the ethical boundaries in applying an IT policy.

Address the following in the experience that you have shared:

Consider what ethical and cultural considerations you would incorporate in the IT policy of the organization to help guard it against similar breaches. Explain why the considerations are needed and why you think existing IT policies were insufficient in terms of addressing ethical and cultural considerations. Explain how the revised policy will benefit the organization.

Support your response with citations from credible sources. Since you may not know all the facts, state any assumptions you make in order to complete the Assignment.

Readings

Brotby, K. (2009). Information security governance: A practical development and implementation approach. Hoboken, NJ: Wiley.

Appendix B: "Cultural Worldviews"

In this appendix you are introduced to the cognitive orientations of people belonging to different cultures. You will investigate the manner in which a culture perceives and expresses its relation to the existing world.

Chapter 1, "Governance Overview—How Do We Do It? What Do We Get Out of It?"

In this chapter you are introduced to the concept of governance in general as well as information security governance. You will explore different aspects of information security governance, including definitions, outcomes, and value of information.

Chapter 2, "Why Governance?"

In this chapter you are introduced to the benefits of information security governance to an organization. You will examine the different ways information security governance helps an organization.

Chapter 3, "Legal and Regulatory Requirements"

In this chapter you are introduced to the legal and regulatory requirements of information security governance. You will explore the different elements of information security governance that an organization needs to deal with as well as the compliance levels.

Chapter 6, "Information Security Outcomes"

In this chapter you are introduced to the six desired outcomes of an effective information security program. You will investigate each of the six outcomes and how they help define information security governance objectives.

Chapter 7, "Security Governance Objectives" Section 7.4 "ISO/IEC 27001/27002"

Section 7.5 "Other Approaches"

1 of 3

In these sections you are introduced to the different standards and codes of practice that serve to provide different approaches to security governance. You are also introduced to a comprehensive set of actions that are required for security governance and can serve as a detailed basis for determining the desired state as well as objectives.

Cole, G.A. (2010). Table of laws and regulations: Consumer protection law...and more. Columbia, SC: Compliance Risk Management Consulting.

Cole, G. (2010, February 27). Table of laws and regulations: Consumer protection law...and more. Retrieved from http://www.bankersonline.com/tools/gac_lawsandregs.pdf. Used by permission of Gale Askins Cole.

National Conference of State Legislatures. (2012). State security breach notification laws. Retrieved from

World Bank. (n.d.). Global banking load database. Retrieved June 19, 2012, from