Please provide a response to each discussion question
For #1 and #2 here are the requirements:
Evaluate your peer’s discussion of four methods of managing a company’s information assets by non-technical employees and indicate aspects of their post that effectively address the issues of protecting information assets. Suggest additional issues not considered in their initial post. Support your suggestions and recommendations with evidence from your sources.
Your responses should be a minimum of 150 words.
#1. Sandra
Management Information Assets: Company or Employee
As the CIO of a 10,000-employee organization, it is imperative to ensure the security of all proprietary information assets. The following four legal methods and or protocols will be employed to regulate and manage the use of our company information assets by non-technical employees.
- Identification and documentation of all proprietary assets.
- All proprietary assets will be logged and added to legal disclosures to ensure the organization has adequate protection when employees separate from the organization. According to Greensfelder & Gale (2014), “Before a business can protect its confidential information, or expect someone else not to disclose it, the business must be able to specifically identify what the information is that it considers being confidential” (para. 2). Any trade secret information should be documented/labeled clearly and have limited access given (Reynolds, 2015).
- Limit access to proprietary information
- Access to sensitive information and code should be kept limited. Controls will be placed on who may access what assets through job/role-related means. Access to information should be set through Human Resource and InfoSec teams with ongoing auditing and assessments to ensure the controls are performing as expected (Stratix Systems, 2018)
- Non-disclosure agreements & non-compete disclosure
- Each employee must sign a non-disclosure and non-compete agreement as a condition of employment. According to Reynolds (2016), “Because organizations can risk losing trade secrets when key employees leave, they often try to prohibit employees from revealing secrets by adding on disclosure clauses to employment contracts” (p. 233)
- The non-disclosure agreement will be reviewed periodically against the propriety assets log to ensure all assets are accounted for in disclosure language.
- Non-compete agreements are used to prohibit employees from using intellectual property information at a competitor for a specific period of time. Some will offer language attempting to limit the employee from working for a competitor at all for a set amount of time (Reynolds, 2015). It is important to note that some states do not recognize these agreements, however it should not be overlooked as a legal attempt to reduce the chances of trade secrets being shared with competitors.
- Confidentiality and Trade Secrets Training
- Upon hire and annually all employees will participate in confidentiality training that will include information on trade secrets as protected by the “Uniform Trade Secrets Act and the Economic Espionage Act” (Reynolds, 2015, p. 233). This training will help reinforce the expectation of confidentiality and will enforce acknowledgment annually of each employee’s understanding and acceptance of the non-disclosure and non-compete agreements held between them and the organization.
References
Greensfelder Hemker & Gale PC. (2014, September 15). Steps a business can take to protect its confidential information | lexology. Retrieved June 8, 2021, from https://www.lexology.com/library/detail.aspx?g=7920551b-257a-4e04-8bc7-7868b84d34f7 (Links to an external site.)
Reynolds, G. W. (2015). Ethics in information technology (5th ed.). Cengage Learning. https://doi.org/com.cengage.1469269_2, 9781305142992 (Links to an external site.)
Stratix Systems. (2018, July 28). Proprietary information – how to control it. how to protect it. – stratix systems | managed it and technology systems. Stratix Systems | Managed IT and Technology Systems. Retrieved June 8, 2021, from com/proprietary-information-how-to-control-it-how-to-protect-it/” target=”_blank” rel=”noopener”>https://stratixsystems.com/proprietary-information-how-to-control-it-how-to-protect-it/
#2. Kari
Protecting the company’s proprietary information, processes, and strategies should be a chief concern when determining employment conditions and the exit process, when an employee leaves the company. Tools such as non compete agreements my prevent a technically skilled employee from taking their skills and technical knowledge to another company in the industry, but a non-technical employee, like a clerk, could also pose a risk to a company with their knowledge.
To protect information assets, a company may include a clause in the employment contract stating that intellectual property created by the employee during the time they are employed, using company resources, is the intellectual property or copyright of the company. This could apply to many types of media or literature that an employee creates for the company. Non-technical employees would be subject to this condition as well, and future employers would not be able to benefit from this material or media.
Similar to copyrights, a company may patent inventions created by employees using company resources, even if the employee is not involved in product or software design. A company’s patent gives them control over who can replicate the invention, and under what circumstances (Reynolds, 2015).
Another method of controlling the use of company information assets by non-technical employees is the use of activity disclosures and monitoring, such as investments monitoring. In my own work in finance technology, employees whose work may expose them to sensitive investment or trade information may need to report on their investment activity on a periodic basis. This applies to employees who are not otherwise involved with any form of trading or investing, but may be exposed to it through their work.
A final method for managing information assets is requiring employees to disclose outside business activities. If an employee is working in the same industry for another company, even if they are non-technical, they may still expose company information to a competitor.
Reynolds, G. (2015). Ethics in information technology (5th ed.). Retrieved from https://redshelf.com
For #3 and #4 here are the requirements:
Carefully review several of your peers’ Ethical Mission Statement’s and respond to at least two. Explain whether or not you agree with your peer’s Ethical Mission Statement and determine if they have sufficiently supported their position, providing a rationale for your decision. Offer at least one aspect that your peer could address in order to improve their mission statement.
Your responses should be a minimum of 200 words.
#3. Bryan
As CIO of the organization it is important to instill a true mission statement that everyone will adhere and display the values the mission statement stands for. After reading the textbook and the articles provided this week it is apparent how important it is for the ethical mission statement should be made easily accessible for everyone to see and also should be clearly stated. In the article by William Miller it states, “ Emphasize that the code is a valuable resource to help guide employees in their decision making, when necessary, stress that the code was written for the benefit of employees,highlight that the company is committed to responsible business practices, make employees familiar with the structure of the code, demonstrate the importance of the document to the company’s business and to the work of employees, offer employees an opportunity to ask questions about the code or have their concerns addressed by their managers, and reiterate the business ethics resources available to employees. The mission statement for the organization is, “We strive to recognize each and every individual within the organization and also our customers. We respect the opinions and values of everyone and maintain integrity. We are transparent and honest and will continue to treat others fairly. We ensure that all business transactions are conducted and adhered to accordingly by the rules and guidelines that we follow and the laws that are in place. This organization is a safe place where no one should feel as if they do not have a voice to speak out and we take pride in that.” In terms of why an Ethical Mission Statement is in place is because it will be there to ensure that people are set in knowing what ethical values the organization lives by and what the standards are for being in the organization. Any non-ethical behavior that is performed would result in consequences that could result in termination of job and also training depending on the situation. There will be ethics training given as soon as someone on boards to the organization and also annual training required so that people know what the ethical standards are for the organization and also the consequences of displaying unethical actions.
Reference:
Miller, W. (2004). Implementing an organizational code of ethics (Links to an external site.). International Business Ethics Review, 7(1), pp. 1, 6-10. Retrieved from http://business-ethics.org/articles/Codes%20of%20E…
#4. Bambang
According to Reynold (2015), “ethics is a set of beliefs about right and wrong behavior within a society” (p.3). Ethical behavior refers to a set of widely accepted standards, many of which are nearly universal. When it comes to creating codes, most companies use one of two approaches: compliance or values-based. Compliance-type code is usually written in the manner of legal documents. The values-based code takes a new approach to how an organization’s standards are communicated to its workers, and this code is focused on the organization’s core values and principles. The values-based code establishes the bridge between values, standards, and employee conduct. Employees are considerably more likely to accept a standard when they understand and grasp the relationship between that standard and how it promotes a business’s core value. The proper implementation of a code should include a formal statement of the code to the employee and should serve company goals such as (Miller, 2004):
- Emphasize that the code is an essential reference for the employee to use when making decisions.
- Emphasize that the code was built for the benefit of employees.
- Define clearly the company’s commitment to ethical business practices.
- Make employees familiar with the code.
- Make the employee aware of where to find the business ethical resources.
To address unethical behavior, the company can include guidance in the company’s code of ethics on the step for employees reporting unethical activity, such as reporting unethical behavior to his/her managers, HR legal affair, or setting up an anonymous ethical hotline 24 hours.
CIO should use an ethical mission statement as a set of guiding principles for the company because it will promote and support ethical business practices in the marketplace, private, and business sectors. It will encourage commercial honesty and openness. It is recognizing and honoring employees that support the cause of ethical business practice. When ethical business practice becomes the guiding principle, it will benefit the company by minimizing the negative impact on unethical behavior, especially when the unethical become legal issues.
Reference
Miller, W. (2004). Implementing an organizational code of ethics. International Business Ethics Review.
Retrieved from http://business-ethics.org/articles/Codes%20of%20Ethics.pdf (Links to an external site.)
Reynolds, G. (2015). Ethics in information technology (5th ed.). (p.3)
Retrieved from https://redshelf.com
0 comments