Blog 1
Setting the right tone at the top is
vital to allows the ethical climate to be filtered down to the employees below.
Wrong tone could mean a wrong turn. This concept is also important in terms of
IT Governance. Can the attitudes of the management really help prevent risky
behaviours?
The Standards Australia Technical
Committee developed standards with a governance framework that encourage management leadership in
IT projects. The standards were prepared in light of recent IT failures
that were attributed to the absence of good IT governance from management such
as the $1.2 billion Queensland Health Payroll debacle. Protiviti found
that organisation with oversight and direct questions from the board responded
much better to IT security issues. Protiviti's 2014 IT Security and Privacy
Survey found that a highly engaged board with IT security creates a
security-conscious environment.
Even on a smaller scale, it becomes
clear how people mimic the work of their superiors. I once interned at a
private agency. The management had placed the usernames and passwords needed to
log onto the system on every desktop in full view of interns, casual staff and
clients. This gave access to client information, the payroll system and the
company intranet. The lower level staff were not worried and allowed the
interns unsupervised access to the system.
I believe that management emphasis on
the importance of IT governance is the key to successfully constructing a
no-tolerance attitude to risky IT behaviours. Like the pyramid above, the
values of management will filter down to the employees below and encourage a IT
risk-averse environment because the employee will do what the employee sees.
No comments:
Post a Comment