How to Sale Security from a Physical Security Standpoint to a Cultural Standpoint as an Investment and not a Liability or an Asset Drain for a Company

By

Acknowledgement

For this piece of work, I acknowledge and want to thank my teaching staff, family and friends for the support and assistance they provided me throughout the completion phase. Their belief and guidance made me able to complete this study by countering various hurdles.

Signature: ______________________

_______________________

Declaration

I declare that all the information and data, presented in this research, is my personal research effort and no external assistance has been taken for it. I further declare that this work is not submitted to any academic institution and at any educational or professional level. All the information in this research presents my personal views and observations and they are not associated with the academic institution.

Signed: __________________ ________________

Acknowledgementii

Declarationiii

Introduction1

Background1

Rationale2

Aims and Objectives3

Research Questions3

Literature Review4

Security and Organizational Culture4

Risk Management6

Methodology7

Research Design7

Literature Search8

Ethical Dilemmas8

Discussion and Analysis8

Analysis of a Security System8

Perceived Ability to React to Problems11

Competency of Security Team12

Conclusion13

References16

Introduction

Background

Organizational security practices have long been exalted in the academic and practitioner literatures ((Wright, 2001; Tomarken & Waller, 2005; Thomas & Loader, 2000; Shi, 2007). The claimed benefits have gone beyond the simple reduction of risk to extend to performance improvements throughout the enterprise (Taleb, 2007). Despite the purported benefits of managing risks, Organizational security is not practiced in a number of important business contexts including outsourcing. Lonsdale (1999) notes, for example, that firms have made outsourcing decisions without regard to certain important risks. Prior researchers have claimed that many of the firms that outsource functions do not appreciate the risks they face (Purpura, 2008).

Scholars have suggested that Organizational security may be viewed as an administrative hassle, that it may require skills project participants lack, and that the information required to perform Organizational security effectively may be lacking (Tanet al. 2003). These disparate reasons, however, have not been assembled into a theory to explain why Organizational security practices get adopted in some instances and not in others. Protecting information from a wide variety of security threats is an important and sometimes daunting organizational activity. Firms increasingly devote considerable resources to ensure the confidentiality, integrity, and availability of information contained within their walls. These efforts have most often concentrated on the acquisition and implementation of technological solutions such as firewalls, monitoring systems, and intrusion prevention and detection systems.

Despite these large investments in sophisticated technological advancements, technology cannot solve human problems. Security researchers have recently shifted their attention to the systematic study of individuals who are given control of this information in their daily work environments (i.e., organizational insiders). This discipline has been termed behavioral security and focuses extensively on the human aspect of organizational security (Stanton et al. 2006). One of the major tenets of behavioral security asserts that the protection of organizational information assets is best achieved when the detrimental behaviors of organizational insiders are effectively deterred and the beneficial activities of these individuals are appropriately encouraged.

Rationale

A security department needs more than the old core ...