Table of Contents
Abstract
Ethics concerns doing what is ‘right or wrong’, and has been explored from the ethical theories like the normative ethics. However, the concept is increasingly becoming common in security management owing to the realization that the profession too has to be based on some ethical codes of conduct to govern the behaviors and actions of the employees. As such, the subsequent paper discusses the importance of ethics in security planning and development. It recognizes that ethics is the essence and major driver of honesty, accountability and respect to confidentiality of which if adopted, the security professionals have their actions driven by ethics. Of particular emphasis is how a security plan can be based on ethics, the importance of ethics in planning for security management and how security management personnel can collaborate with the human resource department to ensure ethical training, including methods of training like seminars, workshops and e-learning as well as the way through which contractors can be made to understand and recognize the importance of ethics. Finally, the paper concludes that preventing a company from loss should be pursued through cost and compliance evaluation from which risks are identified, addressed and damages addressed or reduced.
Keywords: ethical code of conduct, training in ethics, integrity, confidentiality, privacy, honesty
Ethics in Security Management Planning and Development
Introduction
Ethics is such a broad construct that entails both the general term and use of ethics of behavior that guides professionalism. From the dictionary definition, ethics simply entails the rules of conduct and as such, those values and principles that direct people to engage in sound behavior (Gilman, 2014). However, in the professional field or area, ethics currently concerns the extent to which groups and individuals operate and function. In professionalism, ethics is defined within its own terms and this explains why ethics is studied in different professions like ethics in nursing, security, environmental ethics among others (Weaver, Treviño & Cochran, 2013). Therefore, for this exploration, the emphasis is on exploring ethics in the field of security management.
The application of the concept of ethics in the field of security has been explored from numerous perspectives and the raging question being whether security management qualifies as a profession. Security field is a profession without any doubt (). The increased importance of ethics in security management has come about due to the current state of security threats in the world. As of currently, there are issues with increased violence, crime and terrorism of which all expose organizations together with their assets to imminent threats (Burgess, 2015). As a result, security management has been integrated into all the activities and government systems while private organizations have equally followed suit. In light of the developments in security management, ethics in this area has become a vital aspect of which the success of profession is measured. For instance, it is now a prerequisite for companies to look for security personnel who have been properly and professionally trained (Betts & Sezer, 2014). As of currently, it is deemed unethical to have individuals who have not been properly trained to assume the roles of security management. Therefore, as security training becomes common and its importance and significance becomes apparent, ethics in security management has received such a weighty emphasis of which this paper seeks to explore into details.
Why is ethical behavior necessary for an effective security plan?
Security plan entails putting incentives for safeguarding the integrity of information and assets of an organization (Weaver et al., 2013). However, only ethical behavior can allow for the respect of the necessity to adhere with the set security protocols. One of the necessities that show the importance of ethics in security plan is that a security plan based on unethical behavior is most likely to leave loopholes in the organization for security threats (Betts & Sezer, 2014). Few of the major scandals like Enron, Aurthur Andersen and Tyco highlighted the need for embracing ethics in security planning. In this case, embracing ethical behavior during security planning is a measure towards ensuring that risks within the organization are moderated.
On the other hand, security plan needs to be developed based on ethical behavior because as of currently, the profile of the security personnel has been expanded. The implication is that the individuals are currently responsible for broader areas of management including personal safety, physical security as well as physical assets (Grysiuk, 2016). In addition, security executives and personnel are currently concerned with reputation risks of which ethical behavior is based. A security professional is expected to show an ethical behavior and uphold professionalism so that he or she can be entrusted with the security management task of the particular organizational context (McCarty, 2015). In this regard, ethics in security planning is basically meant or aimed at ensuring that the organization is not exposed to imminent and serious threats that may arise from unethical conduct that may expose the enterprise to security breaches because immoral behavior of the security personnel may undermine the current incentives for securing the organization.
Nonetheless, an effective security management plan should be based on sound codes of ethics of which the individual security professionals should follow and respect. In this respect, developing a security plan based on ethical behavior ensures that it considers the necessity for the individual professionals to follow and adhere to codes of ethics (Grysiuk, 2016). Through this, ethical behavior in security management and planning entails the security officers not only focusing on making ethical decisions but also highly inclined towards respecting the set codes of ethics. Ethical codes of conduct in security management can be evaluated from the perspective of relativism of which moral statements are believed as true when a person wishes or believe in them as true (Mohan & Vilcox, 2007). When a person’s behavior is inclined towards morality, moral virtue becomes standards and as such, guiding his or her behavior. The same approach implies to ethics in security management of which codes of ethics are meant to guide and inform behaviors of individuals.
By having the security plan based on and informed by ethical codes of conduct and behavior, the entire security management will run by individuals who value moral action and behavior of which their actions and behaviors are guided by the same (Grysiuk, 2016). The assertion is that security breaches occur when the professionals failure to act on codes of ethics whereby they do not see the good and necessity of upholding ethical behavior. However, by developing the security plan such that it is embedded on ethical codes of conduct and guidelines are provided as reference for sound ethics, the individuals will definitely see the good in every scenario.
The Importance of Ethics in Security Policy Development and Management Plan
In the policy development and management plan as with regard to security management, providing for ethic is a show that the plan considers and values the role of security personnel in safeguarding their reputation (Grysiuk, 2016). The statement implies that security professionals play an integral role in safeguarding the organization. Principally, including ethics in the plan ensures that the plan focuses on painting a positive image of the security professionals such that the can be entrusted with the vital assets of the organization.
An excellent example is the information security professionals who handle crucial information of the organization. By including ethics and ethical codes of conduct in the security management plan, it values the need for the organizations to be assured that the security personnel are trustable and can protect the assets of the organization from internal and external threats (Weaver et al., 2013). Having ethics as part of the security management plan does not only entails influencing behaviors of the security professionals within the organizations and premises but also guiding the behavior of the security personnel off-the-job and as such, assuring the public that the security personnel can be trusted (Mohan & Vilcox, 2007).
On the other hand, having the security management plan and policy based on ethics is set to ensure that all the professional activities are to be performed according to applicable laws and as such, upholding the highest ethical principles (Kaplan et al., 2017). In this case, ethics will help in ensuring that the security professionals uphold best standards and practices. Legal issues are some of the implications of unethical behavior of which having a security plan based on this recognition renders the organization fool-proof from legal liabilities (Mohan & Vilcox, 2007).
Nevertheless, embracing ethics to be part of the security management is a prerequisite for ensuring that the security personnel maintain the necessary and appropriate confidentiality of sensitive and proprietary information that they stumble upon during their course of professional activities (Morgan, 2015). In retrospect, the security management will be based on sound principles whereby ethical principle of confidentiality is upheld as the individuals embrace a non-disclosure attitude towards crucial information. Having the security management plan based on ethics helps in ensuring that the security professionals are discharging their professional responsibilities based on honesty and diligence (Morgan, 2015).
In addition, ethics in security development and management guarantees that the individuals embrace accountability by refraining from activities that can lead to conflicts of interests and as such, lead to a major damage to the reputation of the organization, the security profession or any other pertinent parties involved in security management (Morgan, 2015). Finally, ethics is important as it ensures that there are no cases of intentional injury or impugning the reputation of the colleagues, clients, professionals and clients.
We can do it today.
Few case examples highlight the need for having the security policy and development based on ethics. For example, the Bradley Manning, case the US Army soldier who was arrested for having transferred high profile information into his personal data as well as communicating crucial defense information to unauthorized size, or WikiLeaks. During this leak, around 250, 000 US diplomatic cables were shared (Gupta, 2011). Apparently, Manning is facing 22 charges of which all are carrying death sentence. Other examples are given of Sergey Aleynikov, a former computer programmer was faced conviction of having stolen proprietary source code mainly used in spotting tinny discrepancies within the stock prices and as such, helping him to earn enormous amounts of dollars in the year 2009 (Gupta, 2011).
Particularly, security breaches do occur because the individuals have failed to act within particular codes of ethics (Gupta, 2011). In part, the security training they received lacked the recognition and stressing of the importance of upholding ethical codes of conducts, or the implications of breaching the ethical codes. As such, it is believed that setting sound or ethical behavior for every situation is not possible but it is plausible to state out the necessary guidelines a well as outlining the relating consequences as this is poised to lead the individuals towards the right path (Morgan, 2015).
An excellent example is on IT professionals because apparently, security management revolves much around information security. As the custodian of information, there is the need for the security management plan to be based on the highest ethical guideline such that it can guide or safeguard the information and as such, ensure that they are operating on judgment calls as well as decisions for the firm’s best interest (Grysiuk, 2016). The case examples of Wikileaks shows that failure to adhere to ethical codes of conduct in handling information and informing professional behavior can expose the company to criminal consequences and legal liabilities (Gupta, 2011).
Ethics in the security management ensures that the security planning and development is based on integrity as the governing principle or element of ethics (Mohan & Vilcox, 2007). The implication is that a security management strategy based on integrity is more inclined to make the individual personnel to be more robust in upholding and recognizing the importance of standards. As such, integrity implies that the security personnel are guided by the element or concept of self-governance, and as such, aligning their behaviors according to the laid out guiding principles (McCarty, 2015).
By basing the security management on integrity, ethics provides and establishes the guiding values as well as creating a security management and development environment that foster the development of ethically sound behaviors and as such, instilling the sense of shared accountability with the security management personnel as well as the general employees of the organization (Weaver et al., 2013). In this case, the security professionals will view the need and essence of obeying law as a vital or positive aspect of the profession and the organization.
Including ethics in the security planning and development is focused or concerned with the recognition that ethical values are necessary in shaping the search of opportunities within the organization, designing the organizational systems and as such, shaping the decision-making processes within the organization, by individuals and groups (Kaplan et al., 2017). In this respect, by developing or planning security management based on ethics, a common reference frame is established or providing to the security personnel of which serves as a unifying factor across different lines of business, functions and employees. The situation leads to the collaboration in security management and the security management professionals find it easy and convenient in working together with the employees within the organization to avert internal and external threats (Weaver et al., 2013).
Having security management based on integrity, as part of ethics, is concerned or aligned with such areas as the structural compliance-based initiatives line training the security professionals on the relevant law, setting out the mechanisms for proper reporting and investigating the areas of potential misconduct, controls, audits and as such, ensuring that all the standards of security management and development are followed (Weaver et al., 2013).
How to Ensure Contractors Are Being Ethical In Their Services and Products
To ensure adherence from the part of the contractors, the security development and management should be based on the policy requiring and compelling a check on the criminal as well as civil claims of the contractors (Heinecken, 2014). In this case, the contractors should be obligated to present and highlight and present any recent, pending or current criminal investigations. Furthermore, the policy should compel the contractors to disclose the instances of the civil litigations facing employees. Most importantly, the company shall have the chance or opportunity of accessing the interest and credibility of the contracting firm and evaluate whether it has laid out incentives for ethics and sound behavior (Burke, Lee-Koo & McDonald, 2014).
Nonetheless, proper and extensive assessment of the contractors can ensure that the right individuals are hired for the provision of security management products and services (Ferrell & Fraedrich, 2015). Notably, there should be a background check on the extent to which the company or the organization engages in disclosures. The implication is that accurate record keeping is an indication of the commitment of the contractor to abiding by or fulfilling the financial, legal regulatory as well as the management obligations. The assessment of the organization should ensure that the facts about the information and disclosure, as part of ethical behavior are accurate as a sign that the company being contracted values ethics (Board, 2014).
One of the ways through which the contracted company can be made to understand the importance and essence of ethical behavior within the company is by highlighting them about the policies and provisions on disclosure as adopted by the company (Burke et al., 2014). In this sense, the contractors should be notified about how the company does not allow falsification, alteration or hiding of information. In this case, their services and products should be based on integrity of which the company shall equally notify them about the essence and importance of providing services based on integrity and upholding professional or ethical behavior. In addition, to ensure that the contractors embrace ethical behavior, the security management plan should have plans and incentives for notifying them about the policy of the organization as with regards to privacy (Board, 2014). The security management plan should have a provision to the contractors on the extent to which the organization holds the rights of monitoring its assets as well as the work environment in a bid to ensure that there is strict compliance with the necessary local, state and federal laws.
Therefore, ethics in the security management plan should subject the contractors to high levels of scrutiny. In the same sense, the contractor is not expected to have privacy when using the company’s assets and using space like the information system of the organization (Ferrell & Fraedrich, 2015). On the other hand, for the company, the security management plan should clearly state out the obligation that the contractor has in respecting security laws as well as regulatory requirements. Moreover, ethical behavior is evoked among the contractors by ensuring that there is a rule clearly stating out that the supplier is obligated towards meeting the reasonable security protection of the personal information not only for the organization, also by employees, customers, and suppliers (Board, 2014).
Respect for ethical codes of behavior by the contractors begins by informing them about confidentiality as well as how the current security management is meant to safeguard on the intellectual property (Ferrell & Fraedrich, 2015). Particularly, the contractors should be informed on how or to what extent does the company or the organization values the protection of intellectual property. The implication is that confidentiality is part of ethical principles that should equally govern the behaviors and actions of individuals or professionals. The contractors should be encouraged to embrace the principle or slogan of non-disclosure of which they should be reminded that such can risk the organization or plunge it into the instances and cases of productivity and financial losses, or to a greater extent, damage to the company’s reputation (Board, 2014).
Training and informing the individual contractors about confidential should involve highlighting them about the need to protect the legal documents of the company and as such, the intellectual property especially the competitive strategy, costs, investment, trading secrets, financial methods and pricing information (Ferrell & Fraedrich, 2015). On the other hand, the contractors should be informed that any action towards revealing the confidential information found within the organization should be treated as an act of breaching or violating the ethical code of conduct and as such, liable for losing the contract. Therefore, when managing the contractors, it is equally imperative that they should be notified about the need of acting with integrity and accountability. For contractors to embrace ethical behavior, all should incentives should be focused or directed towards notifying them the importance and value of ethical behavior, the codes of ethics upheld by the organization and some of the damages that could occur if they behave unethically (Burke et al., 2014).
How to work with Human Resources in training employees on ethical behavior
One of the ways through which the security management plan and development can be used in training employees on ethical behavior is by working with the human resource management department to create an environment that values and recognizes ethical behavior in business (Weber, 2015). Part of the incentives is working closely with the human resource manager and other personnel like supervisors so that the training and development aligns with the mission statement of the organization, especially when it comes to the ethical conduct or behavior. However, for the human resources to be used effectively in training employees on ethical behavior, all should begin through sound leadership.
The human resource manager, in particular, should be used in the training by stating that the organization does not tolerate cases of unethical behavior. In this case, the human resource manager will set out the objectives of ethical training of which the goals and aims of the training are clearly stated, especially on the need for the employees to embrace ethical behavior because it aligns with the need of the organization of ensuring that an ethical workplace is developed whereby illegal behaviors like fraud, theft, and other demeanors are nor tolerated (Weber, 2015). Hence, the executive human resource management team should take precedence in outlining the need and necessity of ethical behavior (Craft, 2010). For instance, the training program should integrate the philosophy of the human resource management that ethical behavior is needed in the business and as such, should be demonstrated by all, including the executive management down to the junior level staff.
During in ethical training, there is the need for providing the employees with the drafts and well documented ethics code of which the individuals should make reference to throughout the training period (Craft, 2010). The human resource management should help in setting out the rules of conduct as well as moral principles for guiding people’s behavior. The need for working closely with the human resource manager in drafting the values and ethical principles of behavior stems from the fact that the manager knows and understands the values that the company stands for (Nel, Nel & du Plessis, 2011). More so, the principles of ethics highlighted in the training will align with the values and sound organizational behavior that the management promotes.
Accordingly, Craft (2010) asserts that it is the inherent role of the human resource department in constructing the code that highlights how individuals can handle different situations within the organization especially those that are compelling them to engage in ethical decision making. The assertion is that through the human resource management, the employees can be notified on how best they can nurture their decision making skills, more so how they can embrace acceptable practices and desist from unacceptable practices (Weber, 2015).
After developing an ethical code of conduct, the document should be disseminated, through human resource department (Nel et al., 2011). From this, the department can engage in training through workshops and seminars to stress the importance and the need of embracing ethically sound behavior within the organization. Nonetheless, supervisors should show commitment to training the employees towards embracing ethically sound behavior and as such, through the training, the manager together with the supervisor should lead by an example in implementing the aims and objectives of the ethical training (Weber, 2015).
How to Conduct Training in Ethics
When conducting the training, the security management personnel can work with the human resource management department in choosing the best and appropriate medium for training the employees. In this case, all the resources should be exploited. For instance, the human resource department should provide the technology-based learning and training methods like the online-media enabled channels for learning (Weber, 2015). In addition, the department can provide the employees with written materials, especially books, articles. Conversely, the department can help in integrated ethical training to the entire human resource management by attaching it through the information systems. From this, the learning can be embedded to the communication devices of the employees whereby they have close reference to such elements like ethical code of conduct, how to engage in ethical decision making and at best, as a reminder of the need to embrace ethical behavior(Nel et al., 2011).
Even so, the human resource management department can help in conducting or carrying out periodic sessions for training whereby the aim is for teaching as well as reviewing the techniques that can aid the employees in engaging in ethical decision making (Weber, 2015). For this case, regular meetings are necessary because for the employees to model sound and ethical behavior, they need constant and regular training to ensure a real life shift in their attitude and practice towards ethical decision making. The human resource department can aid in this case by hiring external consultants to provide training and coaching in ethical behavior (Nel et al., 2011).
Part of the training should involve exposing the employees to real-life scenarios as well as bringing case studies during the training sessions. The supervisors of the organization can help with this role by bringing the learning materials and organizing the employees into individual groups and assigning them practical simulations (Nel et al., 2011). Furthermore, through the human resource management, the employees can be assigned the task of discussing potential issues in case studies and exploring the inherent consequences of ethical implications. Training in ethical decision making should expose the employees to examining cases from all sides and as such, producing options based on the ethical code of conduct of the company (Weber, 2015). However, the practical simulation is best achieved when the human resource management works in collaboration with the training experts.
Part of the training should include providing rewards for the employees for continued ethical behavior. In this case, the employees should be evaluated based on their ethical decision making and as such, rewards provided for those who have shown exemplary character in ethical behavior (Craft, 2010). The implication is that rewards ensure that employees have continued with the adherence to ethical behavior which in turn becomes a norm thereby indicating the success of the ethical training.
Strategic Approach to Ensure Effective Protection of an Organization from Loss
For loss prevention, it is imperative for the organization to set out plans for managing costs as well as compliance with the set rules and regulations (Burgess, 2015). For example, when the business data is not properly protected, the organization becomes vulnerable to potential loss like data theft, identity theft and major financial losses that occur due to security breaches. The best strategic approach to preventing losses to the organization is by properly managing the expenditure on security management. Conversely, proper budget should be allocated towards protecting the organization from potential vulnerability (Betts & Sezer, 2014). Incentives such as physical security input like CCTV cameras can avert potential losses.
However, a larger part of the cost management incentives should be directed towards training the employees on the need and essence of upholding ethically sound behavior by embracing the attitude of reporting cases of fraud or security breaches (Burgess, 2015). Nonetheless, the cost and compliance strategy focuses on ensuring that the business recognizes and complies with some of the government as well as industry-specific regulations. Partly, there should be higher expenditure in ensuring that the employees have been notified about some of the regulatory standards that they need to uphold and how they are vital in enabling the company or the organization to comply with these set rules and regulations (McCarty, 2015).
Another vital strategy for preventing the organization or company from imminent loss is by embracing a risk identification approach of which the fraud is identified in time and prevented because plunging the business into serious loss. In this regard, fraud risk management depends on the identification of the early signs and putting incentives for mitigation the risk thereby protecting the company from serious losses. For example, an integrated approach to risk identification that makes use of the available resources including web service and multi-layered solutions, all aim and focus on preventing fraud. Part of such incentives can include provisions on identity verification for individuals such that the authorization to enter or access crucial areas of the business and information is ensured. Identification of risks also entails putting up incentives for carrying out proper investigations such that there is a comprehensive response to the fraud in the event the issues or concerns occur.
Conclusion
In summary, the paper has argued for the importance of ethics in security management plan and development. Ethics, as it stands from the exploration, guides individuals into making proper and sound decisions and desisting from engaging in acts that can compromise the security of the organization. Through ethics, the security management plan is based on integrity, honesty, confidentiality and honesty. However, as security management expands to include the external players like contractors and consultants, they too need to be notified about the ethical codes of conduct of the organization and as such, assessed or evaluated to make sure that their respective organizational cultures respect and value ethics. Most importantly, training on ethics should be carried alongside the human resource management since it understands the mission of the organization and how such can be integrated into people management. Therefore, the human resource management department shall provide the resources and necessary personnel for helping with the training of the employees. To address issues with losses, the risk management and plan should develop a policy of risk identification and supplement the strategy with proper cost management as well as the compliance with the necessary rules or legal requirements to avoid plunging the company into unnecessary losses.
- Betts, J., & Sezer, S. (2014, May). Ethics and privacy in national security and critical infrastructure protection. In Proceedings of the IEEE 2014 International Symposium on Ethics in Engineering, Science, and Technology (p. 49). IEEE Press.
- Board, B. A. C. (2014). Professional and ethical compliance code for behavior analysts. Retrieved April, 7, 2016.
- Burgess, J. P. (2015). 5 An ethics of security. Transformations of Security Studies: Dialogues, Diversity and Discipline, 94.
- Burke, A., Lee-Koo, K., & McDonald, M. (2014). Ethics and global security: a cosmopolitan approach. London: Routledge.
- Craft, J. L. (2010). Making the case for ongoing and interactive organizational ethics training. Human Resource Development International, 13(5), 599-606. doi:10.1080/13678868.2010.520484
- Ferrell, O. C., & Fraedrich, J. (2015). Business ethics: Ethical decision making & cases. Nelson Education.
- Gilman, S. C. (2014). Codes, damn codes, and laws: continuing controversies in public administration ethics. Public Administration Review, 74(5), 571-572.
- Grysiuk, M. (2016). Conducting a business and systems analysis to protect your ECM investment. (cover story). Information Management Journal, 50(2), 20-24.
- Gupta, U. (2011, July). What is the Role of Ethics?
- Heinecken, L. (2014). Outsourcing public security: The unforeseen consequences for the military profession. Armed Forces & Society, 40(4), 625-646.
- Kaplan, D. M., Francis, P. C., Hermann, M. A., Baca, J. V., Goodnough, G. E., Hodges, S., & … Wade, M. E. (2017). New concepts in the 2014 ACA Code of Ethics. Journal of Counseling & Development, 95(1), 110-120.
- McCarty, S. R. (2015). Social security planning: the business case. Retirement Advisor, 16(10), 26.
- Mohan, T. O., & Vilcox, M. W. (2007). Contemporary issues in business ethics. New York: Nova Science Publishers, Inc.
- Morgan, W. (2015). Baring all: Legal ethics and confidentiality of electronically stored information in the cloud. Cath. UJL & Tech, 24, 469.
- Nel, P., Nel, L., & du Plessis, A. (2011). Implications For human resources and employment relations practice with regard to the integration of corporate ethics programmes into the culture of organizations. International Employment Relations Review, 17(2), 55-74.
- Weaver, G. R., Treviño, L. K., & Cochran, P. L. (2013). Corporate ethics practices in the mid-1990s: an empirical study of the Fortune 1000. In Citation Classics from the Journal of Business Ethics (pp. 625-640). Springer Netherlands.
- Weber, J. (2015). Investigating and Assessing the quality of employee ethics training programs among US-Based global organizations. 129(1), 27-42. doi:10.1007/s10551-014-2128-5