Restoring Confidence in the information policy of the Office of Emergency Management department
In order to restore confidence in information sharing in the department, I hereby propose adoption of administrative approach and technological approach of information system management.
Administrative Approach: Integration of Office of Emergency Management Culture in Information System
The management should consider having an encryption in the intranet for the Office of Emergency Management. This is a secured internal or private network of an organization that connects all computers to ingress that access the internet. Such security encryption puts a stop to abuses of the system like social networking, inapt use of the web, among others.
In order to implement this, the management should introduce a compulsory periodic training of the staff on the vital aspects of system protection. An information system that adopts a participatory approach in design internalizes the aspect of responsibility of the staff since each will have first hand information on the importance of avoiding negligence. This aspect will eliminate the ignorance exhibited by some of the staff members who are not careful with their passwords. Through participatory information system training, the staff will be equipped with relevant and necessary skills for taking personal responsibility for every information security breach originating from their computers. In the participatory information design model, the staffs are liberated to understand how the system work and the consequences of carelessness on their part.
As it happens in other organizations, there should be laid down structures formulated in to keep staff in healthy and stable mind in their duty of serving the Office of Emergency Management department’s interest through regulatory ethical communication models. These models define expected behavior, procedural patterns, and response to every deviation. Motivation can be in the form of behavior review and increment, recognition for a well performed duty, equality, and fair treatment. The management should encourage the department’s ethics that will keep the staff within their moral suasion value when accessing the information system of the Office of Emergency Management department.
Thus, the department should introduce an ethical conduct on information sharing and access. As mentioned above, the codes of ethics are educative and useful in the solutions to unbecoming behavior such as dishonesty, revenge, and corruption. This decision cannot be motivated with a reward or catalyzed by punishment for not obeying the code of ethics. Rather, comprehensive review of the situation or factors that led to such a dilemma should be analyzed with an intention of reversing the unwanted occurrence of the information system breach because it is possible that a member of the staff was responsible for the same. Besides, these factors are directly linked to internal and external interacting social aspects that control the pattern of thought and expressed feelings. Thus, in order to control this ethical dilemma, the department’s culture and moral goals should be used to remodel the work ethics and introduce communication and information sharing code.
Technological Approach: Stringent Security Policy
The Office of Emergency Management should adopt a strict information security policy that establishes the acceptable behavior guidelines. Specifically, the Office of Emergency Management should establish a clear relevant and concise security system for the employees on the need for protection of their passwords and accountability for every access to the system using these passwords. In addition, the system should include physical security of the licensing network system that prompts the administration of every download, origin of the download, and the person responsible for that computer.
In order to give the information security policy the implementation strength, the components should be communicated to the staff and a hard copy of the policy hanged on all the rooms in the Office of Emergency Management department. In this way, none of the staff will argue on the basis of ignorance whenever security breach is identified. In order to implement this policy, the Office of Emergency Management department should hire an information security professional to offer periodic trainings on cultured security systems as a component of employee orientation training to include direct effects of the policy on staff’s work life.
In order to make the policy effective, the management should appoint a chief information security officer who is expected to hold meetings with the CEO at least twice in a month to confer on the vulnerabilities of the department’s information management system. In addition, the information security officer and his or her team should be given the necessary information management tools such as password trackers, system monitors, and network reviewers to be in a position to prevent a possible breach of information security and offer an efficient and immediate response to an identified threat.
Therefore, the system support staff should be given unrestricted access to the department’s bulletin boards, user group accounts, and list servers in order to monitor the actions of the staff in the information system and install program that prompts them of any irregular activity. Moreover, the system staff will update all the current operating system and software running in the information system with prompts for all the required updates such as passwords and usernames.
The management should consider using internet tools such as VoIP and Groupware. These technology tools would provide a good avenue for interaction between the information security support and the staff members and the ease of integrating secure administrative applications of the department. When this policy is implemented, the issues of internal and external information management system compromise will be minimized.