Post on 23-Feb-2017
ETHICS CASE STUDY REVIEW 1
Ethics Case Study Review
John Kostak
Georgetown University – School of Continuing Studies
Masters of Professional Studies in Technology Management
Capstone Course (MPTM-900-01)
January 21, 2017
Professor Mikah Sellers
ETHICS CASE STUDY REVIEW 2
Table of Contents Abstract ...........................................................................................................................................3 New Stakeholders ...........................................................................................................................4 Interwoven Ethics and Governance .............................................................................................5 Network Security ...........................................................................................................................6 Mitigation and Balance .................................................................................................................8 Works Cited ..................................................................................................................................11
ETHICS CASE STUDY REVIEW 3
Abstract
Since the beginning of modern business, there has never been a greater need and opportunity for
the application of Professional Ethics, than today. Given the volatile times we live in, companies
have to aggressively compete to meet their strategic business plan and achieve their mission, all-
the-while being responsible corporate stewards of their information-use policies and enterprise
network security. This case study review takes a look at the challenges facing a modern day
networked business and how to balance the interests of the organization with customer’s privacy
rights, need for security and public demand for greater transparency.
ETHICS CASE STUDY REVIEW 4
Ethics Case Study Review
At the core of the digital network age is a catalyst infrastructure of enterprise networks
and virtual networks, capable of providing unprecedented access to information. Never before
has it been so easy to acquire, store and transmit detailed information in a split second around the
world. (Vaccaro, September 4, 2012) CIOs have traditionally done well utilizing ethical analysis,
governance and best practices to set policy and security standards to protect against sensitive
information leaking and data breaches. However, a current trend, similar to that of enterprise
networks “extending” out into private and public clouds to deliver more services to customers
and partners (Hogue, 2010), has C-Suite executives scrambling to assess how the cataclysmic
growth of virtual networks and their communities will redefine their information and security
policies. It’s not enough now to just update the corporate communications, privacy and network
security policies. As big data becomes more valuable and marketers show no boundaries as to
how far they’ll reach out to engage their customer “community”, we’re witnessing firsthand the
integration of social and community networks with corporate networks. There are a few key
areas or business functions that senior executives in organizations will need to review regarding
resulting ethical issues and mitigation solutions for ultimately what should be the design and
implementation of new “virtual” information management, governance and security policies.
New Stakeholders
As the flow of information gets rerouted in response to the virtualization of networked
organizations, stakeholders will change. Those who were firewalled off so-to-speak for
transparency reasons by a third party, now may be a direct enabler and supporter of your
business model and vice versa. And the communications strategy to engage your key
stakeholders may change from being managed by corporate governance to a real-time dynamic
ETHICS CASE STUDY REVIEW 5
engagement model overseen by your social media plan. As referenced in the case study, Redfin
actually, through understanding their information flow structure, leveraged their virtual network
structure of social media and apps and reinvented their industry.
Interwoven Ethics and Governance
Ethical issues can become interwoven in the virtual network world. It’s not enough to
managed silos of functions, each managing their own ethical issues and providing governance,
like Corporate Communications, Investor Relations, Partner and Supply Chain, Social Media and
PR/Press. Many of these are becoming shades of gray, blurring the lines of where one policy
plan stops and another begins as a new discipline. It gets complicated and managers have to be
careful and provide sound and ethical judgment across the board. The privacy or information
security policy for one virtual area of your business may adversely affect another virtual area.
This impacts the best practice plans of corporate transparency and information reliability in
similar ways.
Our governance laws protecting information come from both the corporate world and
governments and both, more or less, focus on their own best interests and reducing risk. The
average corporate policy on information privacy considers mainly protecting intellectual
property within the private enterprise network and behind the physical, guns-guards-and-gates
security. (Harris, 2006) Few corporations have a modern privacy and information security policy
reflective of the new vulnerabilities and risks associated with managing business within the new
domains of virtual networks.
Government has made attempts over the years to introduce new legislature or modify
existing but is severely challenged to keep up with the tsunami of privacy issues related to virtual
and social network build out and integration. The Computer Fraud and Abuse Act can punish
ETHICS CASE STUDY REVIEW 6
anyone who’s attempted to commit an offense or conspiring to do so in regards to breaching a
computer and or the materials on it as a personal asset. (Congress, 1986) The Stored
Communications Act of 1986 has to do with the disclosure of ‘stored wire and electronic
communications and transactional records’ held by a third party ISP. It was also enacted in 1986
and helps to cover the gap left by the Fourth Amendment that protects our right against
unreasonable search and seizure but in this case, “protection” isn’t considering online or digital
assets. (Legislation) The Privacy and Security Responsibilities, Bureau of Consumer Protection
Business Center, Federal Trade Commission performs initial adjudicative fact-finding for the
Commission and resolves disputes made in discovery, explains the correct legality, applies the
law to the facts, and when necessary, issues an order on the remedy. The FTC is expected to be
a popular court to vet many of the up and coming issues related to information privacy.
Network Security
Virtual breaches can be just as damaging if not worse than corporate enterprise breaches.
As recounted in the 2011 Data Breach Investigations Report (DBIR) (Verizon RISK Team with
cooperation from the Australian Federal Police, 2012), 2011 could go down as a year of civil and
cultural uprising. This unrest was not limited to the physical world, as the online world was
riveted with the clashing of ideals, taking the form of activism where the theft of corporate and
personal information was a core tactic. “Hacktivism” haunted organizations around the globe.
The following are snapshots of the summaries of the breach report findings:
ETHICS CASE STUDY REVIEW 7
ETHICS CASE STUDY REVIEW 8
The difficulty in preventing security breaches has dropped over the past few years as better
and easier to configure/deploy technology is available. The challenge comes in mitigating the
risks and balancing security with transparency as it relates to information production and
dissemination over the new “integrated virtual network”, in example:
• The corporate enterprise network – definition and boundaries
• Extended enterprise and VPNs – definition and boundaries
• Partner extranets – definition and boundaries
• Member login portals – definition and boundaries
• Private, public, community and hybrid clouds – definition and boundaries
• The public internet – definition and its boundaries
CIOs and their team must consider all of these types of networking topologies when defining
who corporate, privileged, partner, customer and public users will be, and set the security
policies and configurations accordingly.
Mitigation and Balance
It’s one of the most important balancing acts that a CIO or CTO will face in the new
virtual networked business community; how to balance your customer’s privacy rights, need for
security, and public demand for greater transparency with the interests of your organization. One
of the concluding points from the case study was to remember at the end of the day (or
beginning!) to have an “individual conscious”. The article continues to remind us that the new
business community of stakeholders “has no borders – no rules”.
I believe first and foremost that those who are ultimately responsible for the viability of
the organization (C-suite/board of directors/advisors) need to spear head a new model for Ethics
that spearheads a service-oriented approach to solving the ethical and security issues in the new
ETHICS CASE STUDY REVIEW 9
virtual networked organization. Even before defining the vision (where do we want to go?) and
the mission (how are we going to get there), moral thought needs to be front and center and an
ethics policy should be defined for the common good of the whole company. The ethics policy
could be a framed box of principles for what the company stands for and where the “line(s)”
where they will stop at during the process of achieving their vision.
I’d like to introduce an architecture as a possible model to follow. I call it the “Virtual
Enterprise Ethics Engagement Model” (ve3) for defining and managing Ethics, Transparency,
Compliance, Governance, Security and Risk.
Ethics and the subsequent guidelines focused on managing the flow of information
within the organization stakeholder community are critical methodologies and processes to
manage because when it comes to breaches, misinformation and information leaks, it’s not a
matter of “if”, but “when”. The ve3 model can help manage all of the key variables that will
impact the way information should flow and to whom. When defining governance guidelines,
ETHICS CASE STUDY REVIEW 10
inputs about the kind of information that will be required, processed, stored and shared can be
assigned priorities that will determine a suggested output policy to follow and it can assign a risk
score to feed into the risk analysis function.
The model will need to include an audit and measure process so that it can continue to
evolve as the virtual networked community evolves. And yes, we should have a real-time ve3
app for this! Our organization’s community (virtual
networks) will only grow and become more sophisticated
and complex. Senior executives need to embrace the
changes, but stay out in front of it and don’t let this
evolution and revolution control their business vision and
mission. What can save them hardship down the road, is
leading with an ethics policy and management model. If
they can put this stake in the ground early on, they may
find that the following traditional guidelines concerning
information for IR, communications and commerce will
be easier than ever to establish.
ETHICS CASE STUDY REVIEW 11
Works Cited
Congress, U. S. (1986). Computer Fraud and Abuse Act. Harris, S. (2006, August). Information Security Governance Guide. Retrieved April 2012, from
Tech Target: http://searchsecurity.techtarget.com/tutorial/Information-Security-Governance-Guide
Hogue, F. (2010, September 30). CIO Update. Retrieved October 8, 2012, from IT Business Edge: http://www.cioupdate.com/trends/article.php/3906131/How-to-Govern-the-Ever-Extending-Enterprise.htm
Legislation, U. S. (n.d.). Stored Communications Act of 1986. Vaccaro, A. (September 4, 2012). Ethics Hold the Key to Network Contradictions. DEEPinsight,
7. Verizon RISK Team with cooperation from the Australian Federal Police, D. N.-C. (2012). 2012
Data Breach Investigations Report. Retrieved October 8, 2012, from Verizon Business: http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf