Login Signup
Verified Document

Security Overview Businesses Today Are Research Paper

Related Topics:
Dialysis Masters Business Administration Computer Security Organisational Culture
Open Document Cite Document

Matz (2010) summarizes the ways in which organizational culture both supports an organization and can blind the individuals in it to ways in which their actions may no longer be as effective as they once were: … the essence of organisational cultures consists of a set of 'unspoken rules' that exist without conscious knowledge of the members of the organisation. Over time the invisibility of the attributes at the deepest level of the culture becomes reinforced, which further complicates access in studies or casual interviews. Values and behaviour become manifestations that reflect the essence of the culture. Accordingly, it becomes necessary to examine the functions of organisational cultures and the impact the behavioural patterns of such cultures on the organisation as a whole. (Matz, 2010).

One of the most necessary aspect of any organizational culture to examine are the security mechanisms of the culture. Because most employers feel at least some discomfort in addressing security concerns (in no small measure because they do not want to think of their own employees as possible criminals), security systems are often allowed to lag behind.

Moving Toward an Era of Total Asset Protection

Dalton (2003) argues that most firms (and this has certainly been true of RAI) move through a predictable process of creating security systems. He describes this process as follows:

Step One: Physical Security Era: The primary role is reactive loss prevention

Step Two: Corporate Security or Global Security Era: An increased integration of security into business decisions, occurring simultaneously with the emergence of employee awareness programs

Step Three: Total Asset Protection Era, characterized by 'a focus on addressing all of the corporation's assets -- tangible and intangible' (Dalton, 2003, p.23).

Dalton argues that most companies (regardless of what sector they are in) are still focussed on one of the first two steps. This is certainly the case with RAI, which must shift toward a more complete and integrated version of how to supply security.

There are two different ways of assessing how far a company has proceeding along the path to Total Asset Protection. The first is what can be considered to be a technical one, one that assesses the ways in which (for example) alarm systems are wired and connected to live personnel. This is of course important. However, even more significant is how the overall corporate or organizational structure affects the company's ability to provide total asset protection. As suggested above, an essential part of the concept of Total Asset Protection (indeed, an essential part of any well-designed security system, regardless of what one calls it) must be the acknowledgement that all of the assets of a company must be protected from assaults from both the outside as well as the inside:

[a] criminological approach should be pursued to fully encompass the conceptual framework of the relations between provision of security and organisational culture. The effectiveness of an organisation is generally exposed to both internal and external threats. Organisational cultures and security structures respond differently to these types of threats. In the following the role and structure of security will be evaluated in relation to internal threats, primarily described as employee dishonesty and workplace violence. (Matz, 2010)

While it is not essential, it is certainly in almost all cases much easier to call in an outside company to provide an assessment of a security system's faults and strengths. Precisely for the reasons outlined above when describing what an organizational structure is (that is, something that affects every aspect of how those in an organization work in such a way that they are not always aware of it), it may prove to be impossible for employees to provide sufficiently insightful reviews of the system.

Moreover, bringing in an outside security firm to assess and initiate security systems provides the advantages that such a firm is much more likely to be aware of the latest developments in hardware as well as in practice. This is hardly to be unexpected: Security firms, after all, are paid to do precisely this. And finally, in terms of the pursuit of Total Asset Protection, having an outside firm design the process of securing the company means that fewer employees will have access to the details of the security system...

This does not mean that companies in fact had the need of simpler security systems but rather that they conceived of their security needs in simpler ways. Like the neighborhood where everyone keeps their doors locked, companies tend to follow the lead of their neighbors and institute only the same degree of security that other comparable businesses use.
Risk analysis can be broadly defined as any form of analysis that is used to, first, identify any and all possible factors that might put the success of any project into jeopardy. The term is usually applied to single projects but can also be applied to the overall goals of a company. One significant advantage of a risk analysis over other forms of security is that it can be used in a preemptive way. That is, it can be used as a way to predict what kinds of security problems may crop up and to put mechanisms into place to prevent these problems from becoming serious.

One way in which RAI can use this particular form of security strategy is to institute better screening of its employees as a way of looking ahead to prevent possible problems. Currently the company screens for past felony convictions but not for misdemeanors. This can be a distinct problem because many drug offenses are pled down to misdemeanor convictions, which has already allowed some previous drug-users to be employed at RAI.

Given that one of the most serious problems that the company faces is employee crime (as is true of other companies) and that the most valuable asset that the company has that can be stolen is medication, it would benefit the company to exclude individuals with drug conviction records from being hired. The company does not currently drug screen its employees. Instituting such screening might seem to be a good idea given the above suggestion to keep drug-users out of the employee pool, but the company CEO will not allow such testing, believing it to be a violation of employee civil rights.

While there is certainly the possibility that failing to drug test employees will increase the chance that drugs will be used by employees either off-site or even at work, there are also advantages to it. Assessing risks includes both an assessment of what can increase risk as well as what can decrease it. Drug testing is an excellent example of an action that has the potential both to reduce and to increase risk. Because employees know that they will not be tested, they may be more likely to use drugs, which increases risk. However, the experience at RAI has been that not having drug tests makes the employees more loyal. This is likely to decrease the chance that the employees will use drugs.

Even more importantly in terms of the bottom line is the fact that RAI has a much lower turnover rates than do comparable companies. Given how expensive turnover is in terms of retraining, this is a significant benefit to the company, as it would be to any company. A company that offers medical services to individuals who are in a vulnerable position in their lives will in all likelihood be grateful to a company where they can count on seeing the same staff faces each appointment.

Concluding Thoughts

RAI presents us with an excellent case of how complicated the process of protecting a firm's security may be because it includes the need for both traditional forms of security as well as the most up-to-date. The company is not doing a bad job, but it could certainly improve the quality of the security that it offers to both staff and clients.

The most important change that the company can and should make is to integrate its different departments more closely. The company has designed a process for providing dialysis that offers many more and substantially better medical services to its clients. This much-higher level of service allows the company to charge higher rates than can other dialysis clinics. RAI has tried to compete with these other clinics in terms of cost, a holdover from before it overhauled its medical protocol two years ago.

One aspect of security that the company has not yet been attentive to is the fact that good security has to be based on a…

Continue Reading...
Sources used in this document:
References

Dalton, D.R. (2003). Rethinking Corporate Security in the Post 9/11 Era, New York: Butterworth-Heinemann

Deal, T.E. & Kennedy, a.A. (1982). Corporate Cultures: The Rites, and Rituals of Corporate Life, London: Penguin.

Gartenberg, M. (2005). How to develop an enterprise security policy. http://www.computerworld.com/s/article/98896/How_to_develop_an_enterprise_security_policy.

Johnston, L. & Shearing, C. (2003). Governing Security: Explorations in Policing and Justice. London: Routledge.
Matz, S. (2010). Soren Matz's Blog. http://sorenmatz.wordpress.com/category/corporate-security-governance/
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Security Policy of a Dental
Words: 1254 Length: 3 Document Type: Term Paper

SECURITY and PRIVACY - the following security and privacy requirements apply: The Office does not accept responsibility for the privacy, confidentiality or security of data or information not generated by this office or transmitted from external sources into the system. The Office does not accept responsibility for loss, corruption, misdirection or delays in transmission of personal data through the system. Users are responsible for the integrity of all data and

Read More
Essay
Security Awareness the Weakest Link
Words: 8202 Length: 30 Document Type: Case Study

To offer an information security awareness training curriculum framework to promote consistency across government (15). Security awareness is needed to ensure the overall security of the information infrastructure. Security awareness programs is the can help organizations communicate their security information policies, as well as tips for users, to help keep systems secure, and the practices the entire organization should be utilizing. However, as Kolb and Abdullah reiterate, "security awareness is not

Read More
Essay
Computers and the Internet Security
Words: 1313 Length: 4 Document Type: Term Paper

The goal of corporate security policies is to identify the procedures, guidelines and practices for configuring and managing security in an environment. By enforcing corporate policy, corporations can reduce their risks and show due diligence to their customers and shareholders (Importance of Corporate Security Policy, 2010). Before making choices regarding the Information Security strategy, long or short-term, organizations need to have a sound appreciative of their sole risk profile. Risk

Read More
Essay
Cloud Computing and Data Security
Words: 5196 Length: 18 Document Type: Term Paper

It's a tidal wave that's going to engulf us all within the next five years. Cloud services will be a $160 billion industry by the end of 2011" (Ginovsky 2011, 21). Although the decision to transition from a traditional approach to cloud computing will depend on each organization's unique circumstances, a number of general benefits have been cited for those companies that have made the partial or complete transition to

Read More
Essay
Managerial Impact on Small Businesses
Words: 16627 Length: 55 Document Type: Term Paper

This is because this thesis has some limitations that should be observed when taking into consideration the importance of the thesis and its assistance. This thesis has concentrated on a subject that has been an extremely large and leading one, that is, the managerial impact on small businesses and the underlying reasons being reluctance shown by small business managers to make use of information technology and Internet. Undoubtedly, this

Read More
Essay
CRM Overview and Discussion
Words: 1279 Length: 5 Document Type: Research Paper

Customer relationship management (CRM) is a technology driven practice that works to integrate customer information in an attempt to improve service quality and influence behavioral outcomes such as customer loyalty and repeat sales as well as increased customer satisfaction in general. CRM technologies can be implemented in virtually any industry and with virtually any size business -- now including small businesses. CRM software modules can also be integrated with other

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now