Cybersecurity policies and regulations should support not interfere with organization workflow, and ultimately provide the three most crucial components of security: confidentiality, integrity, and availability. That is, policies should support people doing their jobs. A successful security policy needs to demonstrate to employees the value of security, not just the requirement for security. Thus, establishing adequate organizational culture is important as it affects security structure and policy. In 750-1,200 words, discuss organizational factors in light of Christian worldview by answering questions below:
- How does trust grow in organizations? For example, in some organizations, there is lots of trust at the base of the organization, but this trust does not necessarily rise up.
- When are employees comfortable with whistleblowing? Should technology have a function in extending the whistleblowing capabilities of employees?
- It seems reasonable to assume that all organizations have implicit tradeoffs about what is more and less important in their expressions of policy. How can these be made more explicit so that policy and security architectures can more effectively capture these values?
- Within an organization, while monitoring can help with technical aspects (such as access violations), it does potentially worsen behavioral aspects. Discuss the deciding factor of how much monitoring is acceptable both ethically and legally by examining the ideological foundation of the Christian worldview.