What is the difference between something being legal versus something being ethical? Can something be legal, but not ethical? How about visa versa? Give examples and explain your reasoning. How do the differing ethical models come into play?
Hey guys. My name is Rob, and I am a network administrator here in Central Vermont. Most of my hobbies include hanging out with my girlfriend, playing videogames, because the weather in Central Vermont is typically icy and videogames are awesome. When the weather isn’t absolutely terrible, we like exploring the green mountain state on our ’84 Honda Nighthawk 700sc. Nearing completion of my cybersecuirty bachelor program, I have taken classes in Management of Organizations, Business and Professional Writing, and Systems Assurance classes, but I am excited to experience the convergence of the two subjects, and study information assurance management. I feel as the department head of a modest information technology department, I believe I can accurately provide an inside perspective to the management of information technologies, and I also believe this class will provide me with a new set of skills that could be directly applicable to my current position, especially if I ever I am assigned subordinates.
An effective security plan is one that is simple. A security plan rife with over-complications and conditionals is no use to anyone, because if you can’t recall the policy, you won’t use the policy. Keep a plan that the layman can understand is essential. Person to person interaction is the weakest link in any security chain, and have a security plan that every link can relate to makes for a stronger chain. As a potential security manager, I believe I could bring simplicity to the table. By ensuring everyone under your purveyance understands why they should be security conscience, and what they should be wary of can influence every interaction with your company, and if the security manager is in control of that influence, it can make for a more secure, and more amicable face for your company. This may sound like general operations management, and in a way it is, but the important distinction between a security manager, and an operations manager is intent. A security manager is primarily focused on data retention, integrity, and assurance, whilst an operations manager should be worried about the bottom line and profits. In fact, only when the risk and likelihood of preventing a security breach outweighs the cost of preventing it, does an operations manager typically act upon the security managers recommendation, which really goes to show who is in charge.
In fact, these policy battles could easily frame an ethical and legal debate. Suppose it is within the letter of the law to provide passwords to users to protect their private information that it stored by your company. The security manager wants to enforce long and complicated passwords, and enforce two factor authentication, but the business manager argues that the law says they just need passwords, and the company cannot suffer the cost of two factor authentication support, and the business manager believes that complicated passwords will upset the elderly, a major demographic that supports your brand. The security manager installs the password program, foregoing the two factor authentication, but after a brief, internal ethical dilemma, he changes the password parameters past the letter of the law, enforcing 16 character size limits and doing what he feels is necessary to protect the personal information of all of those old people.