Cali Valdivieso
26 April 2025
CYSE 200T
Different Components to Maintain an Ethically Sound Organization
Introduction:
Technology has taken the world by storm since the introduction of the internet. From everyday use at our work to the simple task of being able to control the air conditioning at home, technology is everywhere in our lives. Technology is now starting to have the ability to keep one’s life running. Verbeek (2015) assists with this idea of technology by stating how it has begun to “merge ever more intricately with our physical environment. Walls, beds, doors, cars—many everyday objects are currently being equipped with forms of ‘ubiquitous computing’ or ‘ambient intelligence’, as a large electronics multi-national has come to call it.” Objects that used to only work from the operation of humans are becoming intelligent in their own right. Since technology is involved in every aspect of life organizations are now faced with many questions. How can they ensure that these advancements will be used ethically? What frameworks can be put in place for companies to follow inorder to help with consumer safety? As a Chief Information Officer (CIO), What would I do to help protect the safety of the organization’s information? This report will be examining each question to discover possible answers.
How an organization can determine its stance ethically:
For something to be considered good ethically, it needs to align with people’s morals. As the world evolves and humans study more things, we will end up with more interdisciplinary studies. In this specific case, we are examining whether BioCybersecurity, when it comes to the use of DNA in technology, is ethically good or bad. Ethically, I believe that people have to give access to the company they provided their DNA to, to use it in any future studies. These companies must notify the customers how their DNA information is being stored, as well as protected. I think there needs to be a constant improvement in the security of this information as well. As the world progresses, technology will also. We may not think it’s possible now for this DNA to be used maliciously, but we also at one point thought the world was flat. I think that the idea of companies having access to DNA is something to be weary of.. Companies in the past have been caught selling our information, who is to say they wouldn’t do this with DNA. In order for this to be seen as ethical in the long run, organizations must constantly have leadership held accountable and frameworks put in place to ensure safety.
How an organization’s framework can contribute to it being good ethically:
The National Institute of Standards and Technology (NIST) can help benefit organizations by using their framework in a multitude of ways. It first helps a company establish the basis of how secure they would like to have the company against a cybersecurity risk. Once they have established a framework, companies can take a look into the organization and identify its needs. Even in the future, they can decide to orchestrate the framework to be more secure or to cut back in places where they think resources could be lessened. The framework displays a baseline for companies to see which tier their security measures align with. Once companies run the framework to see their standing, they can look into how each different category aligns. From this, companies can create a target profile that they strive for the system to improve to. This is great for companies that are expanding and seeing the need to increase security risk in a specific area.This can also be a great resource for companies that are expanding in to areas where their technology will be holding consumers private information. A company can repeat this cycle constantly by running the framework and creating a target profile to keep up with its changes as the company evolves.
In the future this framework would be extremely helpful in the workplace. It will allow organizations to constantly assess and reassess their risk management protocols to see if there are any needs for changes. They should first prioritize and scope the organization objectives. After the objectives have been identified, they will need to orient what they want to protect. This will lead them to create the current profile to show their baseline. They would then use the current profile and conduct a risk assessment. This risk assessment will help create a target profile and where they want to be among the different tiers. They will compare the current profile alongside the target profile to distinguish any gaps. This will lead them to create an action plan that can apply to achieve the target profile. This framework would have to align with the ethical standpoint of the organization.
How can executive positions contribute to an ethically sound organization:
If I were the Chief Information Security Officer (CISO) of a publicly traded company, certain protections and departments would be under constant improvement to guarantee our company’s safety and ethical position. I would create separate designated departments to run certain aspects of the company’s security. One department would strictly be devoted to policies. This department would ensure we are keeping up with any new technology policies and also make sure that all employees are following these policies. This department would send out constant phishing emails to employees. These would be great resources to see which employees are more likely to fall for the bait. In this department, I would create a separate branch that specializes in sanctions for employees who fail to abide by policies. They would place employees who have received sanctions through education courses. These courses will help improve the employee’s ability to follow policies as well as avoid falling for scams. Thus improving the company’s safety. The third department would be dedicated to looking up privacy techniques we can use to ensure employees’ safety. We would use something like a multi-factor authentication app like Duolingo. Implementing this requires employees to confirm off another device that they are accessing the account. Due to the company being publicly traded as the CISO, employees’ and customers’ security must be heavily guarded. This would be done through the use of multiple checks and balances. For a customer’s account to be adjusted or changed. The departments would have 3 different balances that must be approved for It to occur. Through the use of departments that review and create new policies, sanctions and educate employees on relevant safety measures, and a system of checks and balances that not only ensures employees’ safety but also consumer information safety. I would be able to complete the role of CISO efficiently.
Conclusion:
Through the use of the techniques listed above, the idea of responsible cyber-infrastructure and how it can be possibly achieved has been discussed at different levels. whether it is how the organizations view its ethical standpoint. How frameworks will be put in place to protect the safety of consumer information. Lastly, how leadership positions will take a stand to keep the integrity of the organization at standard. These three things are only tiny factors in a giant wheel that must be monitored and adjusted to ensure companies are holding themselves to positive standards. If one part were to fall behind in the goal of being ethically good, the whole organization could be headed towards disaster. In order to prevent this from happening organizations must continue to revisit these departments and try to identify any bugs needed to be fixed.
Resources:Floridi, L., & Springerlink (Online Service. (2015). The Onlife Manifesto : Being Human in a Hyperconnected Era. Springer International Publishing.