Which option for securing IVK in the aftermath of the security incident would you choose?
A: Personally, I agree with the team’s decision to shut down the company for a few days and explain it to the public as a maintenance upgrade. As far as I’m concerned, there were way too many coincidences involved in the attack to assume that there were no intruders. Time is also very important – waiting two weeks and investing heavily in parallel systems only to incur new, more devastating attacks is not a risk I’d be willing to take.
What would you disclose?
A: I would only disclose requested information. In the current IVK situation, it would be of best interest to not release any information about this incident on a voluntary basis. Going with the third proposed solution to this issue almost eliminates the need to disclose any details to anyone outside of IVK operations. The only time IVK would need to disclose information regarding the security threat would be if there was direct questioning about it from customers.
Did CEO Williams make the best decision for IVK? Why didn’t Williams fire Barton?
A: I think the CEO undermined how serious this cyber threat really is to IVK. As the CEO, he refused to disclose information in order to safe his reputation. It seems like he cares more about saving face and didn’t make the right decisions regarding how he handled the attack.
Williams didn’t fire Barton because it would only put fuel on the fire right now. Had he fired Barton, he would have to work on not only handling the breach but also finding a new CIO. Barton has also put the time in to try and understand his new role as CIO. Williams has noticed the efforts he has made in his new job.
Conventional wisdom suggests that it’s important to “manage your boss.” As a CIO, what is the best approach to managing your boss? How should Barton handle the bad “advice” coming from Williams?
A: First, try to understand your boss. Accept that your boss is human, with strengths and limitations just like yourself. Don’t try to be a reformer. Then, build on strengths. One effective way to manage your boss is supporting them in doing what they themselves are good at. Even though strengths is important, their real value only comes when they are applied to the things that matter. Finally, build your relationship.This should ideally help build trust, respect and understanding.
Jim Barton should communicate with the CEO. Although Carl Williams seems to be showing interest in IT, Jim Barton is not sure whether IT decisions made by Carl Williams would be appropriate.
How should Barton communicate with people outside the IT department to rebuild his organization’s credibility?
A: Barton needs to provide a thorough analysis of the DoS attack event to various business groups. The report should list the level of impact, containment actions that will be taken and the deadline for implementation actions. Jim Barton should involve key stakeholders in IT strategy and transformation decisions, both in the short run and long run.
In an environment of internet access and real-time information, how effective is the “Doctrine of Completed Staff Work”?
A: The era of real-time information and internet access demands a greater need for effective Doctrine of Completed Staff Work. The demand for efficiency with this strategy stems from the information era itself. As a manager in the contemporary work environment, it is imperative to have effective communication with subordinates because managers are bombarded with a barrage of information on a daily basis. They cannot afford the time to sift through and dissect large amounts of information. What managers need from their employees is precise and clear information in the most efficient on next course of action and support for these suggestions.
Given near-universal web access, ubiquitous personal net-connected portable devices, and the widespread use of social technologies, can companies still keep their information “secret”? As a manager, what should you assume people outside the company know?
A: In our social media age, a world of speed and as its happening immediacy, personal inter-connectedness and global reach, blogs, Facebook, Twitter, etc. are tools of tremendous power. These tools also pose problems. A few keystrokes can magnify intolerance or bullying, spread a falsehood or incomplete story, often with dire circumstances. Therefore, in today’s society, it is difficult for companies to keep their secrets.
A manager should assume that most activities about their company’s operations will be made public, whether or not the information is inflammatory or entertaining will determine if the issue needs to be addressed or ignored.
How would you respond to Bernie Ruben’s three questions about how IVK should respond to emerging technologies?
A: I agreed with the responses from Juvvani, Gordon and Barton regarding these three questions. Doing nothing about this blog post might be the best course of action as to not bring more attention to what should be “white noise/boring” information. The information should remain contained. Contacting the blogger or address this in anyway will only make the information spread more quicker. Gordon suggests protecting the private information inside IVK by law. Therefore, when signing the employment document, it should be stated in the contract that the leakage of relevant private information is prohibited.
What advice would you offer to Barton to help him break the cycle of constant firefighting? Is Barton becoming like Davies? Is this inevitable?
A: Barton needs to identify who in his team can take a lead role in handling these issues that keep emerging. He needs to do this in order to allow himself to be more proactive than reactive. While his team addresses the immediate problems, Barton can work on generating solutions to prevent these issues from arising again in the future. Otherwise these fires will continue to pop up and delay progress.
As IT increasingly penetrates into our daily lives, do you think younger employees might think about and do work differently than earlier generations? If so, what kinds of difficulties or opportunities might arise from this difference?
A: Absolutely. The newer generations will certainly turn to technology for solutions to problems. The generation has been raised their entire lives with new and exciting ways to generate instant results via technology and they will demand the same for their work environment. The opportunities will be improved work efficiency from the speed and accuracy that the transition from human based work to technological functions will provide. This automation process will generate a greater level of productivity from technological investments versus the slower human based performance. The downside of this transition will be a far greater public awareness of an entity’s business operations and exposure risks will be greater from an increase in shared information.