Professional Documents
Culture Documents
Cyb 504
Cyb 504
REFERENCES……………………………………………………………………………….17
1
CHAPTER 1: ROLE OF SENIOR LEADERS AND STRATEGIC LEADERSHIP.
2
1.1. ROLES AND RESPONSIBILITIES OF SENIOR LEADERS IN A TECH SECTOR
SETTING.
Senior leaders in the tech sector have experience in technical capacity and leadership
capacity(L Cortellazzo · 2019). It means they oversee and implement the architectural
design by guiding the team members in technical matters and supervising system
modifications. Some of the functions of tech leaders are
Assess the existing operation and develop a smooth integration with the new system.
Foster the integration between the design team and the development team.
Tech leaders possess several skills, such as leader, system architect, system developer,
and system designer(L Dreier · 2019). As a leader, they can lead, coordinate teams, and
delegate tasks. As a system architect, they oversee the product's overall lifecycle and
ensure it adheres to regulatory standards. As a system developer, they utilise their
programming skill to refactor codes, automate testing, and ensure codes are reusable.
System designers must be able to utilise wireframe design and implement all the software
prototypes into the development processes. Tech leaders must clear every hurdle for the
programming teams and ensure that all the development team works together seamlessly.
Senior tech leaders work with product owners, engineering managers, project managers,
quality assurance engineers, software testers, and UI/UX designers(A Alami · 2022). The
product owner leads the development to satisfy the client's requirements, while the
engineering manager guides the development team through the development process. The
project manager ensures the project goal is completed within the planned timeline, while the
quality assurance engineer ensures the project meets the required specifications. The softer
tester ensures the project meets the performance and security standards, while the UI/UX
designer ensures the customer experience and interaction are easier to work with. All these
roles report to senior tech leaders within the project to ensure that the development process
is contrary to the design process.
Senior tech leaders must possess soft skills, including communication and leadership, crisis
management, problem-solving, visualising solutions, decision-making, quality assurance,
3
and administrative skills(DR Kolzow 2014). A tech leader needs to possess a skillset such as
developing a strength and weakness chart, goal breakdown chart, and development plan.
These skills will help tech leaders effectively manage the different units they are working
with.
Tech leaders are saddled with integrating security cultures into organisational operations.
The primary goal is to foster a sustainable and secure environment within every actor in the
project or organisation. A security-first culture instils a sense of responsibility among
employees, encouraging them to take proactive measures in identifying and reporting
security incidents (de Bruijn and Janssen, 2017; Cano, 2021; Hassandoust & Johnston,
2023). Fostering a security-first culture facilitates open communication and collaboration
among different departments and stakeholders (de Bruijn and Janssen, 2017; Cano, 2021;
Hassandoust & Johnston, 2023). It facilitates the exchange of information about potential
vulnerabilities and emerging threats, leading to a proactive response. Collaborative efforts
may involve cross-functional teams such as Information Technology (IT), legal, and software
testing teams, who work together to develop effective cybersecurity policies and procedures
(Van der Kleij, Kleinhuis and Young, 2017), see one for core and non-core members of a
software working group (Alvarez-Dionisi, 2019).
The security development lifecycle (SDL) is key to a sustainable security culture. SDL is the
process and functions each organisation agreed to before releasing software. It involves
processes like threat modelling, security testing and security requirements. Large
organisations like Microsoft have released their SDL free of charge. Every organisation
needs to have an SDL in place. Building a security community is crucial towards developing
a security culture. Security communities can organise weekly or monthly training among their
team to share knowledge about security matters.
4
CHAPTER 2: MANAGEMENT STREAMS AND PERFORMANCE MONITORING
MECHANISMS THAT RELATE TO INFORMATION SECURITY.
5
Measuring, monitoring and reporting on information security processes are required to
achieve organisational objectives. Methods to monitor security-related events across the
organisation must be developed; it is critical to design metrics that indicate the management
system's performance and effectiveness from a management perspective, the information
needed to make decisions to guide the organisation's security activities. The following
factors must be taken into consideration during the setup and implementation of an
information security measurement program:
Data that supports security measures needs to be readily available. Only repeatable
information security processes should be considered for measurement. Measures must be
useful for monitoring performance and directing resources.
If we would like to mention the critical success factors of an information security performance
management program, the following four interdependent components can be counted:
The foundation of strong upper-level management support is critical not only for the success
of the information security program but also for the program's implementation. The second
component is the existence of information security policies and procedures backed by the
people necessary to enforce compliance. Information security policies describe the
information security management structure, clearly assign information security duties and lay
the foundation to measure progress and compliance genuinely.
6
2.1 THE IMPORTANCE OF INTEGRATING MANAGEMENT AND OPERATIONAL
PROGRAMMES CONCERNING OPTIMUM LEVELS OF PERFORMANCE AND CYBER
RESILIENCE.
In addition, building cyber resilience in the organisation helps it build a good security team
that will respond to any security challenge before escalating the issue to the IT team (M
Dunn Cavelty · 2023). It will increase the response time to any cyber-attack challenges
within an organisation.
To enjoy the benefit of cyber resilience, organisations must develop strategies to identify the
risk, take steps to protect from the risk, use strategies to detect the kind of attack that
occurs, create strategies to respond to cyber-attacks and how to recover from attacks to
avoid disruption of service or delay in service.
7
organisation must be developed; it is critical to design benchmarks that indicate the
management system's performance and, from a management perspective, the information
needed to make decisions to guide the organisation's security activities.
Some of the factors that must be considered when implementing mechanisms to protect
information security are:
Finally, the information security measurement program itself must emphasise consistent
periodic analysis of the measured data. These results are used for lessons learned,
improving the existing security controls, and implementing future security controls to meet
new information security requirements as they occur.
8
2.3 HOW CULTURAL AND DIVERSITY-RELATED COMPLEXITIES IMPACT
MANAGEMENT AND PERFORMANCE MONITORING.
Cultural diversity relates to the employees of organisations with diversity in race, culture,
belief, age, physical abilities, ideologies and political belief(Hennekam S 2019). The
perception of employees about work diversity is linked to organisational performance, and
employees perceive their organisation as favourable when it is positive. Organisations bring
people from different backgrounds to boost creativity, knowledge and problem-sharing skills
in this age. (Roberson Q. M., 2019) Workplace diversity is believed to impact organisational
performance and good management practices positively. A generally positive view of cultural
diversity could positively impact the organisation or a new project with the organisation. The
management plays a vital role in forming workplace culture and promoting an environment
free of prejudice and personal bias (Syed J, 2008). Thus, creating an environment that
imitates respect, ethical behaviour, and understanding helps organisations reach greater
heights. However, this diversity is moderated around diverse beliefs. Still, a leader can
determine the various beliefs of employees and their various beliefs in a way that can help
the organisation reach greater heights. When managing a culturally diverse team, the main
concerns can be dissimilar attitudes, disagreements, and lack of communication among
team members (Mousa M., Massoud H. K 2020). Managers at any organisation must be
able to deal with such issues and reasonably treat all employees. In addition, research has
shown that leadership can mediate between age and gender diversity and organisational
performance. Hence, motivating a more diversified workforce and creating knowledge to
increase organisational performance must be recommended. (Georgakakis D 2017).We
must explore organisational justice as a moderator between the diversity dimension and
organisational performance. The notion that cultural diversity is a "double-edged sword" with
both positive and negative consequences suggests that cultural diversity may not affect all
firms equally(AnaGarcía-Granero , 2018). Therefore, we distinguish first between firms
based on the level of complexity of the firm's operations, measured by the number of
business segments in which the firm operates. For complex firms, i.e., firms that operate in
more than three business segments, cultural diversity does not affect performance. In
contrast, performance is negatively affected for non-complex firms, i.e., firms that operate in
three or fewer business segments.
9
CHAPTER 3 HOW THREAT AND RISK IDENTIFICATION AND MANAGEMENT IS
INTEGRATED INTO C-SUITE CONSIDERATIONS AND GOVERNANCE.
10
3.1 RISK MANAGEMENT AND THREAT IDENTIFICATION WITHIN THE CONTEXT OF
WIDER CORPORATE STRATEGY RESPONSIBILITIES AND GOVERNANCE.
There are five steps in large corporations to identify risks and mitigate the best solutions
around them. The areas are
Identify the risk: It is essential to identify the type of risk that could cause the profit in the
organization. This risk can be internal or external.
Analyze the risk: It is important to identify the effect of the risk on customer behaviour
patterns and the effect on the organization's staff. It will provide the effect of the financial
loss implication to the business.
Evaluate the risk: It is important to classify the risk based on the impact on the organization.
It will help to identify the severity of the risk to the organization and how it can be prioritized
when treating them.
Treat the risk: Resolving the risk or resolving the positive impact of the risk and reducing the
negative implication is crucial. It will help in preparing contingency plans for the solutions.
Monitor risk: It is important to track the variable of the risk and problems that could arise from
the variables. It is important to create a strategy for risk assessment and ways to mitigate the
risk before escalating to important areas of the business. In achieving this, the strategy must
be developed to avoid, reduce, transfer, and accept risks.
11
3.2 IMPACT OF POOR OR INEFFECTIVE C-SUITE UNDERSTANDING AND DIRECTION.
The success rate of an organization depends on how the C-suite team can work together to
achieve a common goal(JY Akparep · 2019). When many C-suites do not collaborate or
understand the organization's vision, it becomes very difficult to implement the business
goal. Poor or ineffective c-suite can be attributed to siloed focus, tenuous trust, distance
disconnect and stagnating performance.
Siloed Focus: Some C-suites work more to focus on their target or metric rather than
working with a vision or goal of the organization(JY Akparep · 2019).. It often makes them
ineffective despite working so hard. Some personal or departmental target needs to be
planned alongside the organizational goal and target to avoid distraction for C-suite staff
members of the organization.
Tenuous trust: Lack of trust by c-suite members in the leader or CEO often leads to
ineffective or poor performance. Most C-suite members may not wish to contribute or give
crucial feedback because they fear how others will react. In reality, they do not perform
effectively in critical feedback.
Distant Disconnect: Due to the adoption of remote work for most staff due to COVID, most
executives feel distant from the staff. It can affect building their work relationship or
interactions that foster performance(R Lissillour, 2022). The work synergy will be reduced,
and more staff may use their time for other activities besides the organization's mission. It
has greatly reduced the relationship of C-suite executive with their colleagues.
Stagnating Performance: Most CEOs of organizations get stuck with their old ways of doing
things and do not innovate within their business space. It leads to stagnation and exhaustion
within the organization. It may result in poor performance due to tiredness. Most CEOs need
to research and adopt the latest industry trends to stay relevant within their space.
12
ethics, you can create an environment that values integrity, transparency, and accountability
(Grigoropoulos · 2019.)
As a leader, you must be responsible for setting the tone for ethical behaviour within your
organization. It begins with understanding the principles of business ethics and taking
measures to instil them in your team. You can do this by establishing policies and codes of
conduct that reflect your organization's values. By clearly communicating these principles to
your team, you can create the foundation for a workplace culture that prioritizes integrity and
ethical behaviour. The benefits of business ethics include:
· · Compliance with set business ethics improves a business's image, making it more
attractive to talent, customers, and investors.
· Ethics in business help create a motivating work environment where employees love to
be since their morals align with the company's. (Grigoropoulos · 2019.)
Though complying with ethical practices is mostly voluntary, some ethical business
practices, such as obeying the rule of law, are mandatory. Early Compliance saves
businesses from future legal action, such as large fines or business failure resulting from
non-compliance with rules and regulations.
13
CHAPTER 4 DATA PROTECTION LEGISLATION IMPACTS CONSIDERATIONS OF
STRATEGY-SETTING AND STRATEGIC LEADERSHIP.
14
4.1 HOW MAJOR DATA PROTECTION LAWS IMPACT ON C-SUITE STRATEGIC LEVEL
DECISION MAKING AND STRATEGY SETTING.
The responsibility of C-Suite involves strategy, financial performance, risk management and
corporate governance (A Ellul · 2015). Data protection laws like GDPR can severely disrupt
the operation, decreasing revenue, production level, and the company's strategic direction.
The impact of data protection law can disallow board members from implementing their full
responsibilities. Some recent laws have seen the CEO facing legal action, suspension and
loss of job most times.
Major data protection laws have hugely affected the reputation of many organisations and
impacted the trust many shareholders have in the company, increasing revenue instability
and market losses(I Agenda · 2016). For instance, C-suite companies in the United States
have long resisted adopting the "chin-and-chip" credit card law, which requires users to enter
a personal identification number to authenticate their transactions at the point of sale and
ATM. It created lots of security vulnerabilities that have not been addressed to date.
As it has been proven, data breaches can result in substantial losses beyond the cost of
data breaches. The organisation will incur expenses during the investigation process, which
amounts to a loss in revenue for the organisation.
15
core business operations. A data breach affects many stakeholders, including customers,
employees, vendors, etc. These affected parties may decide to take legal action and file a
lawsuit.
Financial Penalties: Governing bodies or parties can impose penalties or fines on
organisations for non-compliance. These fines may be different depending on the severity of
the offence. Some may cost up to five per cent of the organisation's total revenue (S Young ·
2017). Most penalties may have severe implications on the operation expenses of the
business (S Young · 2017).
Reputational damages: Businesses may lose their brand reputation due to sanctions
imposed by regulatory bodies. It may result in the loss of customers or vendors, which will
cause a drastic drop in the company's revenue. Some businesses may close from this
implication if it is not properly managed. Customers will lose trust in the company, and it
could take a long time before the business restores its reputation to its former glory (N
Nguyen · 2013).
Imprisonment: A prison sentence can be issued to some violators of certain laws. The
degree of the offence may determine the range of sentences that may be issued to the
organisation for violating the law. It may lead to a long jail term for the owner of the business
or some of the business's staff.
Business Closure: Violating some legislation can lead to the complete closure of the
business. Some laws may ground the business operation when being violated. Due to the
reasons mentioned above, this may lead to the gradual closure of the business (A Bull ·
2003). Some of these offences may lead to the withdrawal of some of the business facilities.
16
REFERENCES
The Role of Leadership in a Digitalized World: A Review. 2019; 10: 1938. Published online
2019 Aug 27. doi: 10.3389/fpsyg.2019.01938
Laura Cortellazzo,1,* Elena Bruni,1,2 and Rita Zampieri1
Systems Leadership for Sustainable Development: Strategies for Achieving Systemic
Change(2019) Written by Lisa Dreier, David Nabarro and Jane Nelson
de Bruijn and Janssen, 2017; Cano, 2021; Hassandoust & Johnston, (2023) The Role of
Organizational Culture in Cybersecurity: Building a Security-First Culture
Kersten, Wolfgang (Ed.); Blecker, Thorsten (Ed.); Ringle, Christian M. (Ed.) Proceedings
Digitalization in Supply Chain Management and Logistics: Smart and Digital Solutions for an
Industry 4.0 Environment(2017)
Making cyber security more resilient: adding social considerations to technological fixes
Myriam Dunn Cavelty, Christine Eriksen &Benjamin Scharte
Pages 801-814 | Received 10 Jun 2022, Accepted 05 Apr 2023, Published online: 08 May
2023
Information Systems for Business and Beyond Copyright © 2014 by Dave Bourgeois and
David T. Bourgeois
Annual Handbook for Group Facilitators by J. William Pfeiffer & John E. Jones (Eds.), San
Diego, CA: Pfeiffer & Company by TM Thomson(1998)
Hennekam S., Bacouel-Jentjens S. and Yang I., “Ethnic diversity management in France: a
multilevel perspective,” International Journal of Manpower, Vol. 40 No. 1, 10.1108/IJM-10-
2017-0272, pp. 120–134, 2019
Roberson Q. M., “Diversity in the Workplace: A Review, Synthesis, and Future Research
Agenda,” Annual Review of Organizational Psychology and Organizational
Behavior Vol. 6:69–88, pp. 69–88, 2019
17
Syed J. "Pakistani model of diversity management: rediscovering Jinnah’s vision".
International Journal of Sociology and Social Policy. 2008
Mousa M., Massoud H. K. and Ayoubi R. M., “Gender, diversity management perceptions,
workplace happiness and organisational citizenship behaviour,” Employee Relations, Vol. 42
No. 6, 10.1108/ER-10-2019-0385, pp. 1249–1269, 2020
Georgakakis D., Greve P. and Ruigrok W., “Top management team faultlines and firm
performance: Examining the CEO-TMT interface,” The Leadership Quarterly Volume 28,
Issue 6, pp. 741–758, 2017.
Vol.8 No.1, March 2019 The Influence of Leadership Style on Organizational Performance at
TumaKavi Development Association, Tamale, Northern Region of GhanaJohn Yaw
Akparep1*, Enock Jengre2, Alisa Afusah Mogre3 Department of Management Studies,
School of Business and Law, University for Development
Perspect Clin Res. 2011 Jan-Mar; 2(1): 34–37. Quality assurance: Importance of systems
and standard operating procedures- Kishu Manghani
Industry Agenda May 2016 Shaping the Future of Construction A Breakthrough in Mindset
and Technology Prepared in collaboration with The Boston Consulting Group
18
19