case study

User Generated

yvffv422

Business Finance

Description

Read the case study and submit a 4 page paper (excluding the cover page and reference page) answering the questions related to the case study "Data Security." Incorporate theories and practices you learned during this course into your paper. Be sure to follow APA guidelines and write your paper in the proper format, not as a question and answer.

QU E S T I O N S

1. How would you communicate a data security

policy that required software checking of

employees’ emails?

2. What elements should a data security policy

for a bank include?

3. Employee data theft most frequently occurs

with new employees or when an employee has

given notice and is leaving. How would you

deal with these two very different issues?

Unformatted Attachment Preview

CHAPTER 14 H R 499 Risk Management and Worker Protection E X P E R I E N T I A L Due to an increase in recent employee layoffs because of economic conditions and the increased risk of workplace violence, as well as an increase in domestic restraining orders that several employees have recently obtained against former spouses, company management has decided it is time to take a proactive position and develop a workplace violence action plan. There are many factors to consider, as your company has three locations P R O B L E M S O L V I N G and more than 500 employees. For information to assist you in identifying workplace violence categories and prevention strategies, visit the website at www.fbi.gov/publications/violence.pdf. 1. Which workplace violence categories are of most concern to your company? 2. What steps and provisions do you need to include in your workplace violence action plan? C A S E Data Security Policing the workplace used to mean reminding employees about personal phone calls and making sure that paper clips did not disappear. But with the computer revolution at work that began in the 1990s, checking on employee behavior at work became considerably more technical. The threats to data security, not to mention other threats for potential lawsuits (e.g., sexual harassment), are now more complex as well. New federal laws pertaining to financial and medical records have put increased pressure on companies to protect their data. But auditing user privacy cannot be done without input and buy-in from HR, notes a senior consultant with an IT security firm in Massachusetts. Whether the concern is in appropriate Internet usage or transferring files outside the company, HR may be the first to learn of a problem. Although the possibility of outside attacks on the computer network is a real problem, the threat of internal security breaches is even greater. The growing insider problem and the sheer volume of electronic messages coming into and out of a company (a large company easily processes one million e-mails per day) present HR with a challenge on data security policy development, implementation, and enforcement. HR may be asked to “identify personnel at risk” who might require more stringent watching, such as people who are sending out résumés. In many cases, people leaving organizations take advantage of the opportunity to take intellectual property with them. Security software identifying employee behaviors will always require HR involvement. Policy violations, banned sites, and stealing identity data are examples. Companies look very bad when sensitive customer or employee data are stolen or leaked to the public. Employees can easily resent the security measures and see the security as “Big Brother” watching. However, the growth of identity theft and spyware means that more employees have been personally affected by data security and are more likely to recognize the need for their employers’ data security efforts. At Spherion, HR publishes a “computer and telecom resources policy” that specifies appropriate usage and a code of conduct. Employees must read and sign the policy. The company also has an IT Risk Team with members from HR, accounting, internal auditing, and other departments. There are, of course, attempts at a purely technical solution to the problem. But it is clear that HR must have a role in balancing employee privacy with company risk management. A simple act, such as a bank’s loan officer burning credit information to a CD and selling the data to another bank, can undo all the technical protections. The human side—developing a policy, communicating it, helping people understand why it is needed, and applying it fairly—is the big piece for HR.56 QUESTIONS 1. How would you communicate a data security policy that required software checking of employees’ emails? 2. What elements should a data security policy for a bank include? 3. Employee data theft most frequently occurs with new employees or when an employee has given notice and is leaving. How would you deal with these two very different issues?
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: DATA SECURITY CASE STUDY

Date Security Case Study

Name:

Institutional affiliation:

1

DATA SECURITY CASE STUDY

2

Date Security Case Study

How to Communicate the Data Security Policy

Date security is an important element to consider in any given institution, and thus proper
communication should be upheld irrespective of the situation. In essence, coming up with an
appropriate communication avenue will adequately help in ensuring that the policies are
correctly followed by the employees. In this case, I would communicate a data security policy
through the human resource department. In most cases, the human resource department is well
aware of all the expectations, and the aspirations of the client base, and thus through making use
of their services I will be able to ensure that the software is installed and is allowed to check the
emails of the employees. From various assessments, the human resource department tends to
understand the welfare of the employees, and thus they can be able to communicate the policy
without facing a lot of opposition from the employees. One of the strategies which the
department can resolve is champion for a sit-down meeting where they will be able to
communicate the basics of the policy. Furthermore, the strategy will be able to adequately
convey the benefits, and the constraints which come along with the implementation of the policy.
In essence, the employees will also be in a position to adequately communicate their grievances,
and also seek clarity to some of the areas which the policy seeks to infringe (Peltier, 2016).
Furthermore, the sit-down meeting helps in reducing any aspects of doubt concerning the reasons
as to why the management has decided to set and implement the policy.

On the other hand, I would consider communicat...

Similar Content

Related Tags