IT Managers, Data Access and Privacy - Research Paper Example

? IT Managers, Data Access and Privacy. Submitted to, Submitted By, of the Submitted on, [February 20th, Data Access and Privacy are two of the most critical issues that govern any organization. With the ongoing rapid advancements in the field of information and communications technology, the issues related to the sanctity of data have become more severe. How they affect the responsibilities of IT managers and their roles has been attempted to be discussed in the report narrated below. Let’s address the core issues of Data Security and Privacy first. Data Security This is a very vast term that is used to denote varying aspect of sanctity associated with data. Formally speaking, “protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure” is the definition.” (Its, 2012) as quoted at the Institute of Telecommunication Science Colorado. Data is everywhere around man. Present in different forms, it becomes of utmost importance when it holds value as information. The data pertinent to an organization needs to be kept from any alterations or maltreatment so as to prevent it from being damaged or being misused by unauthorized personnel. Thus the security that needs to be associated with all forms of data is referred to as data security. Privacy “Freedom from unauthorized intrusion” (Merriam-webmaster, 2012) is the formal way privacy may be explained. It may well be used interchangeably with data security as data also needs to be kept private in order to be secured. It is this Privacy that keeps the level of data and knowledge management at distinct levels within an organization. The discussion further proceeds with how data security and privacy issues are catered with the IT managers and Project Managers respectively. Bottom of Form IT MANAGERS VERSUS PROJECT MANAGERS: Project managers as compared to IT managers bear limited responsibility. The main role of project managers is to manage and handover a working project to a company, Afterwards the IT managers take over the running and overall execution of that project. Both the managers can be compared in terms of employee volume as project managers maintain and manage a very limited crew throughout their task whereas IT managers manage and fulfill the IT needs of whole organization. The main activities performed through the information system of an organization are always monitored and tested under IT managers. The requirements of business process re-engineering are initiated by the IT management and it always seeks a better IT system for an organization. Project managers on the other hand tend to reduce the workload by keeping the new requirements from springing up. IT managers are responsible for chipping in and processing the data of whole organization. This role demands imposition of certain ethical obligations regarding data sharing and security. The issue of data security is related to both i.e. organizational data (internal data, like personal data of employee etc.) and business data (external data like trade volumes and bidding details etc.). IT managers are responsible for safeguarding internal and external data. Regarding personal data of employee various hazards can easily be anticipated in case of any mishandling of data. For example all or few of the employee information like, employee history, increments, promotion evaluations, compensation offered by the company, previous employment record, salary amount, social security number and account information if leaked out, can not only be misused against that employee, but would also create a significantly negative impact on the whole organization. The usage and sharing of such information must be done under tightest scrutiny. The system designed for the purpose may be highly secure but the usage and sharing of data highly depends on the authorized IT personnel. There may be Standard Operating Procedures for data management and security but what if those rules are not properly enforced or followed. There are a lot of events happen inside an organization that demand data movement and sharing. This makes the data security more vulnerable as it doesn’t require any malicious act to breach the data security protocols. Instead the processes like database sharing and multi-dimensional query executions are enough to create insecure data traffic inside an organization. There are certain questions that arise here. How much responsible are the data managers for securing data? Would they be accountable for security breach in any case? How perfect are the data security mechanisms and what role do the authorize data managers ethically play in order to keep the organizational data secure? How would it be possible to assure compliance of ethical obligations by data managers? Since there would be no flawless solution to the problem of data security, to what extent the data managers can be constrained for ensuring maximum data security? KNOWLEDGE MANAGEMENT: Modern computing sciences address this issue under the head of knowledge management. According to Bertino et al (2006), “Knowledge management enhances the value of a corporation by identifying the assets and expertise as well as efficiently managing the resources. Security for knowledge management is critical as organizations have to protect their intellectual assets. Therefore, only authorized individuals must be permitted to execute various operations and functions in an organization.” Bertino et al (2006). SECURITY ISSUE UNDER KNOWLEDGE MANAGEMENT: Though not regarded as an integral part of an organizational setup, the security of knowledge management should not strictly be overlooked at any level within an organization. Often as a lack of effective knowledge management, organizations fall victim to knowledge management related security issues. Training can be one important phenomenon that can be used to address the conscience of security among the developers. For this purpose it is also a good practice to enable developers to be able to access a central repository on a regular basis that would have updated instructions on latest privacy issues. This is with special reference to large organizational setups. A software security portal is one of the most effective mediums that can be used to address the privacy issues connected to knowledge management within an organization. Such a portal is proposed to address a number of key issues. These would include: Management of a main repository that would incorporate within itself a record of all the organization’s main policy documents, process documents, best practice memos and development documentation. The creation of a model for the business processes to organize them upon. Only the building up of the first model would take the effort. The rest of the business processes would have for themselves a sort of a guideline that would serve as a building block for them. Stakeholders should be provided with the return on security investment that they would be receiving as a result of their association with the company. For that the actual data pertaining to the improvements in the productivity of the company and the reduction in the vulnerability of security may be used. The organization may formulate an organization wide wiki that may serve as a unanimous source of norms and information serving as a knowledge sharing portal for each individual concerned with the organization. A software Wiki would be an even better Wiki that would serve to evaluate and re assess the code snippets being promulgated within the securing fences of the organization. CONCLUSION Conclusively it may be said that IT Managers may be held responsible for the data security issues and privacy concerning an organization but that may also be done only till a particular level. Beyond that, the Managers should not be held responsible. There should be persistent laws that would cater to organizational needs beyond the IT managers’ jurisdiction. REFERENCES: Craig, T., & Ludloff, M. E. (2011). Privacy and big data. Sebastopol, Calif: O'Reilly. Subramanian, M. (2000). Network management: Principles and practice. Reading, Mass: Addison-Wesley. ITS. (2012) Data Security. Institute of Telecommunication Science, Colorado. Retrieved from http://www.its.bldrdoc.gov/ Bertino, E., Khan, L. R., Sandhu, R., & Thuraisingham, B. (2006). Secure knowledge management: confidentiality, trust, and privacy. Systems Man and Cybernetics Part A Systems and Humans IEEE Transactions on, 36(3), 429-438. Retrieved from http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1632278 Read More