Information Security failures are attributed to deficiencies in current leadership styles resulting in negative publicity and loss of revenue for the organisation. Concepts of transformational leadership may be applied to improve an organisation’s security posture. Transformational leadership provides information security leaders with appropriate guidance enabling the organisation to focus on delivery while employees adopt secure practices. To augment the exploration of leadership, this paper will focus on the aspect of trust which underpins several areas of leadership and the importance trust has for the development of future information security leaders.
Reviewing and summarization of university ranking system to.pptx
The Importance of Trust for Developing Tomorrow’s Information Security Leaders - SANS STI ISM5400 Essay
1. The Importance of Trust for Developing Tomorrow’s Information Security Leaders 1
The Importance of Trust for Developing Tomorrow’s
Information Security Leaders
SANS STI ISM5400 Reflective Essay
Author: Ed Yuwono, Ed.Yuwono.MSISM at gmail.com
Peer reviewer: Kenneth G. Hartman
Accepted: December 2015
Abstract
Information Security failures are attributed to deficiencies in current leadership styles
resulting in negative publicity and loss of revenue for the organisation. Concepts of
transformational leadership may be applied to improve an organisation’s security posture.
Transformational leadership provides information security leaders with appropriate
guidance enabling the organisation to focus on delivery while employees adopt secure
practices. To augment the exploration of leadership, this paper will focus on the aspect of
trust which underpins several areas of leadership and the importance trust has for the
development of future information security leaders.
2. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
2
1. Introduction
The prevalence of information and knowledge systems makes them prime targets
for criminal exploitation. Exploitation such as data breaches and financial fraud share two
common themes: negative public exposure and Information Security failures within
organisations.
Negative publicity has a detrimental impact on organisations in one or more of the
following areas: share price, loyalty, goodwill, and/or trust. Failures in Information
Security highlight an urgent change is required to organisational practices. These changes
require leadership to facilitate a cultural shift allowing followers to embrace secure
information handling practices.
Failures in Information Security in 2015 include: the Ashley Madison data breach
(Hackett, 2015), the OPM breach (Nakashima, 2015), along with financial fraud through
computer misuse as seen with Carbanak (Kaspersky Lab, 2015), and the newswire hacks
(Federal Bureau of Investigation, 2015). The effect of events such as these data breaches,
impact both the organisation (IBM/Ponemon Institute, 2015) and the consumer (U.S.
Securities and Exchange Commission, 2015).
Information security leaders are under increasing pressure to address the issues
during a time when information security failures are regular news bulletins. As the
negative trend of data breaches increase, organisations are attributing breaches to the lack
of security professionals (Drinkwater, 2015) and are scrambling to address the issue
through extra expenditure on professionals (Peeler & Messer, 2015) and security
(Morgan, 2015). The shortfall of qualified security professionals present organisations
with a major challenge, the inability to secure systems against internal and external
threats in line with the growing public notoriety of attacks.
Over the last two years, there has been an increase in the cost of cybercrime and
frequency of attacks (IBM/Ponemon Institute, 2015). Despite the increase in expenditure
on security, the root cause of the issue remains with employees not adopting secure
practices. As with previous years, the Verizon Data Breach Investigation Report 2015
highlighted that people account for 90% of incidents (Verizon Enterprise Solutions,
2015). Verizon states that for the category of insider misuse (intentional and
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
3. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
3
unintentional) is the top category for breaches. The report attributes insider misuse as
trusted employees abusing their status for the sake of convenience (Verizon Enterprise
Solutions, 2015). In fact, breaches due to end user compliancy extend across several
categories including: social engineering, exploiting point of sale devices, web app attacks
through end user devices, physical theft/loss occurring at the victim’s work area, and
general user error (Verizon Enterprise Solutions 2015).
Despite the increase in security expenditure, behaviours in employees are not
changing (Verizon Enterprise Solutions, 2015). Compounded by the abundance of new
technologies, CSO/CISOs will need to adapt their thinking from denying employees
access to one of permitting with caution (Harkins, 2013). The need for information
security leaders to guide employees into undertaking secure behaviours is critical to
reducing the trend.
Transformational leadership and the aspect of trust in information security
leadership are two concepts that help contribute towards leading employees into adopting
secure practices.
Transformational leadership is the concept of aligning interests of the organisation
and its employees through empowerment (Bass, 1999). Several concepts defined within
transformational leadership serve to promote the internalisation of secure behaviours in
employees. One concept promoting employee involvement could lead to the
internalisation of organisational beliefs and providing a positive change to the
organisation’s security posture (Bass, 1999).
Trust is required to help facilitate the shift towards the transformational leadership
model (Bass, 1999). Trust has many incarnations, all of which are critical to the success
of an organisation, from minimising risk between working parties (Mayer, Davis, &
Schoorman, 1995) to the potential of trust becoming a commodity that could be traded on
the open market (Harkins, 2013).
While the discussion of trust in this paper is focused on transformational
leadership, the importance of trust in general, cannot be understated. This paper will
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
4. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
4
explore the deep relationship between trust and transformational leadership and how
transformational leadership can be applied by information security leaders.
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
5. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
5
2. Trust: A Key Aspect for Leadership Development
Trust is a fundamental element required for two parties to transact; without it,
organisations will be plagued with problems. Parties could consist of two peers or in the
context of this paper, a leader and a follower. Research completed by ToleroSolutions
show that 45% of employees state that the lack of trust in leadership is the biggest issue
affecting work performance (Morgan, J. 2014). To introduce the concept of Trust with
respect to leadership, transformational leadership and its applicability to information
security, we define trust in a qualitative form providing a means for discussion and
assessment.
To demonstrate the importance of trust in leadership development, we explore the
following hypotheses:
• the presence of trust is essential for leadership,
• the current style of organisational leadership falls short at promoting an
information security mindset in employees, and
• trust is a foundation for transformational leadership.
Finally, we merge the elements of trust and transformational leadership to
examine them both in the context of information security and its potential application of
transformational leadership in future information security leaders.
2.1. Quantifying Trust
There are several key concepts and factors to consider when defining trust for
assessment and the purpose of discussion.
Trust is defined when the trusting party (trustor) is willing to be accountable to
undertake a specific action passed from the trusted party (trustee); the specific action
from the trustor is of importance to the trustee and the action being undertaken is made
free of any scrutinizing or coercing (Mayer, Davis, and Schoorman, 1995).
Importantly, in order to satisfy the definition of trust, an element of risk must be
present in the action being undertaken (Mayer, Davis, and Schoorman, 1995). A follower
that is willing to undertake a risky action must trust the leader and believe that the
resulting action would benefit both parties. An example is that of a follower completing a
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
6. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
6
major change on behalf of the leader, which would improve the organisation, and the
follower being recognized for their efforts.
Bass defines trust as being between two individuals and not en-masse (Bass,
1999). Understanding this relationship is important. While a leader could present their
trustworthiness to a group, ultimately it is the follower who sees the leader as being
trustworthy.
This paper will draw on the concepts above to highlight why trust is essential
within organisations.
2.2. Organisational Leadership and Trust
The principle of transactional leadership is centred on an exchange between one
party and another in order satisfy the leader’s need (Kuhnert & Lewis, 1987). The
resulting exchange would need to benefit both parties appropriately otherwise;
inequalities within the transaction could lead to the withdrawal of the other party. An
example of this is the inadequate remuneration from employers resulting in a high
turnover of employees (Kuhnert & Lewis, 1987).
Deficiencies in transactional leadership force organisations to seek other means to
renumerate employees. Maslow defines a hierarchy of needs illustrating an individual’s
requirement for survival and their standing within a particular social class (SANS
Institute, 2013). According to the hierarchy, financial remuneration would satisfy the
basic needs of an employee (SANS Institute, 2013). However, employees seeking to
progress up Maslow’s hierarchy require other incentives in order to maintain motivation
(SANS Institute, 2013). Leaders could use Maslow’s ideas to maintain motivation in
followers. An example of maintaining motivation is through extrinsic motivation, where
it is delivered through a reward or goal attainment and satisfies the higher level need for
Esteem within Maslow’s hierarchy (SANS Institute, 2013). One example of the
application of trust is where incentives are not immediately deliverable. For example, a
successful organisation requires trust in a leader’s ability to deliver a bonus upon
completion to avoid demotivating employees.
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
7. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
7
2.2.1. Importance of Trust within Leadership
Regardless of leadership style, trust underpins several areas of leadership and is
critical for the success of any leader.
The success of a leader requires competency across several skill areas (SANS
Institute, 2013), including and not limited to communication, innovation, motivation,
team development. Trust is embedded into each skill area as it requires an interaction
between the leader and a follower.
Research conducted by Zeffane, Tipu & Ryan (2011) in the area of
communication concluded that there is a strong relationship between communication,
commitment and trust, with trust being key to the relationship. In fact, trust extends to
other leadership skill areas, including and not limited to: innovation (Ellonen, Blomqvist,
& Puumalainen, 2008), motivation (Gagné, & Deci, 2005) and team development
(Spector, & Jones, 2004).
The importance of trust in leadership is so paramount that Warren Bennis, a
leader in organisational leadership, distilled four competencies of successful leaders, one
of those competencies being trust (Bennis, 1993).
This confirms the first hypothesis stating that trust is one of the most important
traits that a leader must possess in order to lead employees within an organisation.
2.2.2. Limitations of the Current Forms of Leadership
The present form of transactional leadership presents several issues, especially
when Information Security is often perceived by senior management as a ‘non-core’
organisational function. An organisational function that does not deliver defined
organisational benefits, such as financial or productivity benefits is defined as ‘Non-
core’.
While there is little research into the failures transactional leadership has on
Information Security, we draw parallels with other perceived ‘non-core’ organisational
areas. A study by Groves & LaRocca (Groves, & LaRocca, 2011) on a non-core
organisational area, Corporate Social Responsibility (CSR), reveals several interesting
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
8. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
8
similarities. Their research on CSR compares transactional leadership along with
transformational leadership.
Firstly, it is important to discuss that a need for change stems from the public
notoriety surrounding information security incidents. The parallel drawn relates to
corporate scandals and the demise of businesses. Groves & LaRocca raises concerns
behind the absence or weaknesses of CSR within organizations such as Enron, Lehman
Brothers and Bear Sterns, leading to a major catastrophe (Groves, & LaRocca, 2011). A
similar situation applies to information security where a disruption of organizational
assets hosted on information systems could also lead to a major catastrophe. This is
evident in numerous cases where organisations file for insolvency or have consequently
shut down after a catastrophic security event, such as a breach: Diginotar (Zetter, 2011),
Mt Gox (Takemoto, & Knight, 2014) and Altegrity (Fitzgerald, 2015).
Secondly, as there is an associated cost with any interaction, transactional leaders
focus on delivery and are not willing to go above and beyond the call of duty. The
following quote noted the reluctance of transactional leaders promoting CSR: “research
suggests that the transactional leadership process is based upon utilitarian values and
reciprocity norms, which are unlikely to generate strong beliefs in stakeholder
perspective on CSR.” (Groves, & LaRocca, 2011). As with the concept of CSR,
employees are less likely to adopt information security best practices unless they are
provided with an incentive or they are coerced. As non-core functions would incur an
additional expense, there is reluctance for organisations to divert resources away from
core activities.
Reluctance is further exacerbated within organisations bound by limited budgets
or resources. With this thought, a transactional leader would very difficult to instil a
culture of security within the organisation.
While no data is available supporting theories that a poor security culture in
organisations is due to transactional leadership shortcomings, there is historical data
demonstrating that organisational change is required to promote information security.
Verizon stated that over 11 years, breaches attributed to employees continue to count for
the majority of data breaches (Verizon Enterprise Solutions, 2015).
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
9. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
9
The correlation between CSR and information security serves to hold the second
hypothesis stating that the current form of leadership is inadequate to promote a strong
information security mindset in employees. Just as there is an important requirement for
CSR within organisations to promote ethical values, the same requirement could be
expressed for information security.
2.3. The Importance of Transformational Leadership
While transactional leadership has its place to serve the lower needs of Maslow’s
hierarchy, the limitations found in transactional leadership could be addressed through
the introduction of transformational leadership (Bass, 1999).
Transformational leadership is the leaders’ ability to motivate people to want to
change, improve and to be led (Hall, Johnson, Wysocki & Kepner, 2002). This differs
from transactional leadership, where the leader focuses on delivery, contrasting with
transformational leadership, where the leader focuses on empowering followers (Bass,
1999). The power of transformational leadership is realised as followers take ownership
for the success of an organisation. This behaviour is best observed in a cooperative
organisation, where all members have a vested interest and their personal actions
contribute to the success of the organisation.
Core to transformational leadership are four factors known as the ‘four I’s’:
idealized influence, inspirational motivation, intellectual stimulation and individual
consideration (Hall, Johnson, Wysocki & Kepner, 2002).
2.3.1. Developing a Leader Through Trust and Transformational
Leadership
As with transactional leadership, trust also has a strong presence within
transformational leadership. This section will provide evidence that trust is rooted within
the ‘four I’s’ —the essential foundations for transformational leadership.
Leaders possessing idealised influence are trusted to make good decisions that
benefit the organisation (Hall, Johnson, Wysocki & Kepner, 2002). Explained below,
Mayer et al’s (1995) definition of trustworthy aligns the relationship between trust and
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
10. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
10
idealised influence. Mayer, et al, deconstructs trustworthiness down to three main factors:
ability, benevolence, and integrity.
Ability requires the leader to be skilled in a particular domain (Mayer, Davis, and
Schoorman, 1995). Without the appropriate skills, the leader could not make good
decisions for the organisation.
Benevolence is the leader’s capacity to want to be able to perform with the best
interests of the organisation (Mayer, Davis, and Schoorman, 1995), aligning with the
definition of idealised influence.
Finally, integrity is the alignment and adoption of a set of principles (Mayer,
Davis, and Schoorman, 1995), where the leader is aligned with the organisation that they
are accountable to and reflects their values.
The ability to motivate employees to commit to the vision of the organisation is
defined as Inspirational motivation (Hall, Johnson, Wysocki & Kepner, 2002). It is
important to note that motivation is not maintained through further incentives rather,
motivation is maintained by ensuring that employees are not de-motivated (SANS
Institute, 2013). Through intrinsic motivation, a leader allows a follower to undertake
important tasks in order to avoid de-motivation (SANS Institute, 2013). Important tasks
used as motivators are defined by Herzberg to include responsibility and job challenges
(SANS Institute, 2013). The follower assumes ownership of the task and possesses the
inclination to complete it with additional attention (SANS Institute, 2013). In doing so,
the leader bears risk by trusting the follower to undertake the task (Mayer, Davis, and
Schoorman, 1995).
Conversely, Mayer et al, noted that an organisation with low trust leads to
increased monitoring of employees which creates a demoralizing effect that could result
with employees striking back, establishing a tit-for-tat environment (Mayer, Davis, and
Schoorman, 1995).
Intellectual Stimulation defines leaders who encourage creativity through
intellectual challenges (Hall, Johnson, Wysocki & Kepner, 2002). To illustrate trust for
the criteria of Intellectual Stimulation, research from Ellonen et al, shows that trust
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
11. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
11
through foundations established by the organisation is a major contributor in promoting a
culture of innovation (Ellonen, Blomqvist, & Puumalainen, 2008). Ellonen et al relates
reliability to Mayer et al’s definition of integrity where reliability in leadership
supporting innovation is ‘critical’ to steer innovation (Ellonen, Blomqvist, &
Puumalainen, 2008).
Individual consideration defines leaders as mentors helping followers achieve
mutual organisational and personal goals (Hall, Johnson, Wysocki & Kepner, 2002).
When aligned with a common vision, both the leader and the follower work
together to achieve a common goal. A trustworthy leader will possess the ability to lead
within the follower’s domain, demonstrating to the follower that the goal is also for their
benefit (Mayer, Davis, and Schoorman, 1995).
The common vision can build trust in two ways: between followers towards the
organisation and also between leadership and their followers. Building trust between
followers and the organisation occurs by training managers on how to empower followers
to take initiative and to operate autonomously (Gagné, & Deci, 2005).
Secondly, leaders that are trustworthy possess ability, benevolence and integrity.
These traits are important for leaders to mentor followers benefiting both the follower
and the organisation (Mayer, Davis, and Schoorman, 1995).
The presence and importance of trust within the four I’s satisfy the third
hypothesis that trust is required in transformational leadership.
3. Developing Information Security Leaders through
Transformational Leadership
There is evidence that transformational leadership has a place in the development
of information security leadership to instil a culture of security within an organisation.
Harkins applied several transformational leadership concepts during his tenure as Intel’s
first CISO. Harkins defined information security professionals as being in the “behaviour
modification business”, indicating that security professionals must change behaviour in
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
12. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
12
order to improve the organisation’s security posture (Harkins, M. 2013). This resonates
with the core of transformational leadership.
Information Security leaders must develop their organisations beyond the basic
level of compliance to avoid being susceptible to compromise. By making the
organisation more aware of the threats, their security posture increases beyond that of
compliance alone (Harkins, M. 2013). To achieve this, Harkins seeks to move from
employees possessing ‘compliant’ behaviour over to ‘committed’ behaviour (Harkins, M.
2013), similar to what Groves, & LaRocca pointed out with respect to CSR (Groves, &
LaRocca, 2011). Harkins realizes the pitfalls with current styles of information security
leadership and he encourages leaders to establish a ‘process’ to lead employees to adopt a
personal stake in information security (Harkins, M. 2013). He defines ‘committed
behaviour’ as being able to define an emotional relationship with security, such that
employees will act beyond their call of duty (Harkins, M. 2013). Harkins’ definition of
‘committed’ behaviour is in line with the core of transformational leadership, adopting
the same approach where leaders possess the ability to get people to change, improve and
be led (Hall, Johnson, Wysocki & Kepner, 2002).
Applications of Transformational Leadership through the concepts defined by the
four I’s and the requirement for trust is seen in Harkins’ leadership style.
Influencing employees to adopt secure behaviours at work and at home requires
Harkins to possess Idealised Influence. The reason Harkins is seen by Intel as trustworthy
is because he demonstrates that he is a champion within the information security domain,
performing with the best interests of all parties and adopting principles, which are aligned
with the organisation (Harkins, M. 2013). Harkins was quoted as saying, “If employees
trust us, they are more likely to believe our warnings and act on our recommendations”
(Harkins, M. 2013). This highlights the importance of trust in Information Security
leadership.
One demonstration of Idealised Influence is the fact that Harkins elevates himself
to serve as a role model for security within Intel. He achieves this through frequent
communication with managers about information security (Harkins, M. 2013). When
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
13. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
13
noticing an increase in laptop theft resulting in the loss of information, Harkins highlights
the thefts to managers with the aim to reduce losses (Harkins, M. 2013).
With respect to information security, the positive response from Intel employees
during a HR survey was an example of Inspirational motivation. The survey
commissioned through an external organisation on behalf of Intel HR was thwarted when
employees mistakenly reported it as a phishing attempt to the security team (Harkins, M.
2013).
An application of Intellectual Stimulation is demonstrated within Intel through
permitting the use of personal devices for corporate use. Through the mantra ‘protect to
enable,’ Harkins aligns information security with Intel’s organisational culture which
promotes innovation (Harkins, M. 2013). By challenging traditional information security
beliefs regarding the use of personal devices in the organisation, Harkins has permitted
the use of personal devices for corporate use (Harkins, M. 2013). Harkins states that, as
employees are the owners of the device, employees will take better care of devices
(Harkins, M. 2013). This innovative thinking resulted in reducing the loss of devices,
thus also reducing the instance of data loss (Harkins, M. 2013).
Another success story combining trust and aspects of transformational leadership
involves the exchange of threat information with other organisations. Legal and
competition threats makes the exchange of threat information to be a high risk move.
Intellectual Stimulation through innovation allowing the exchange of threat information
has enabled Intel to gain valuable insights in several areas, such as best practices for
managing security operations (Harkins, M. 2013). This can only be achieved by
promoting both Intellectual Stimulation and Individual Consideration. Highlighting the
importance of trust, Harkins adopts a sliding scale where, the more trustworthy the
external organisation is, the higher the sensitivity of the information that can be shared
(Harkins, M. 2013). Likewise, organisations must place a lot of trust in Harkins and Intel
before exchanging information with them.
Relating threats directly to an individual’s personal life invokes a sense of
Individual Consideration, where leaders help followers achieve mutual goals that benefit
both the individual and the organisation (Hall, Johnson, Wysocki & Kepner, 2002). In
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
14. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
14
one example, Harkins states that he taps into an individual’s emotions in order to
highlight the importance of security (Harkins, M. 2013). Further to this, he carries this
theme on to other aspects of personal life such as keeping children safe online and tips for
wireless security at home (Harkins, M. 2013). Importantly, Harkins recognises the need
to align organisational and personal values in order to create trust (Harkins, M. 2013).
The combination of these factors has provided Intel with a strong security posture.
One example of this can be seen through the physical loss of laptops. Harkins states that
the loss was less than 1% annually over several years, significantly lower than the
industry standard of 5-10% annually (Harkins, M. 2013).
Relating transformational leadership to efforts as demonstrated by Harkins and his
initiatives in Intel, future information security leaders could benefit immensely from
adopting transformational leadership and creating a culture of trust.
4. Conclusion
Trust is the core to creating successful information security leaders. Empowering
followers through trust and transformational leadership is a powerful means to increase
an organisation’s information security posture. Powerful benefits, such as autonomy,
development and intrinsic motivation amongst followers, aid both the organisation and
the individual. Trust is the catalyst to facilitate the adoption of these benefits.
5. Further Research
Applications of transformational leadership have the potential to promote further
proactive behaviours, such as adopting secure development mindsets and developing
detective behaviour.
While this paper examine components of transformational leadership applied
within one organisation, further research could investigate other organisations to see if
transformational leadership has been applied with success within the realm of
Information Security leadership.
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
15. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
15
Conversely, while this paper focuses on the benefits trust has on leadership and
information security, the absence of trust provides an opportunity for further research.
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
16. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
16
References
Bass, B. M. (1999). Two decades of research and development in transformational
leadership. European Journal of Work and Organizational Psychology, 8(1), 9-
32. doi:10.1080/135943299398410
Bennis, W. G. (1993). An invented life: Reflections on leadership and change. Reading,
MA: Addison-Wesley Pub. Co.
Drinkwater, D. (2015, April 16). Cyber-security pros blame breaches on skills gap.
Retrieved Sep 26, 2015 from http://www.scmagazineuk.com/cyber-security-pros-
blame-breaches-on-skills-gap/article/409393/
Ellonen, R., Blomqvist, K., & Puumalainen, K. (2008). The role of trust in
organisational innovativeness. European Journal of Innovation Management,
11(2), 160-181.
Federal Bureau of Investigation. (2015, August 11). FBI — Nine people charged in
largest known computer hacking and securities fraud scheme. Retrieved Sep 26,
2015 from https://www.fbi.gov/newyork/press-releases/2015/nine-people-
charged-in-largest-known-computer-hacking-and-securities-fraud-scheme
Fitzgerald, P. (2015, August 20). U.S. settles whistleblower suit against Altegrity.
Retrieved Oct 10, 2015 from http://www.wsj.com/articles/u-s-settles-
whistleblower-suit-against-altegrity-1440090102
Gagné, M., & Deci, E. L. (2005). Self-determination theory and work motivation.
Journal of Organizational behavior, 26(4), 331-362.
Groves, K. S., & LaRocca, M. A. (2011). An empirical study of leader ethical values,
transformational and transactional leadership, and follower attitudes toward
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
17. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
17
corporate social responsibility. Journal of Business Ethics, 103(4), 511-528 doi
10.1007/s10551-011-0877-y
Hackett, R. (2015, August 26). Ashley Madison hack: Everything to know. Retrieved
Sep 26, 2015 from http://fortune.com/2015/08/26/ashley-madison-hack/
Hall, J., Johnson, S., Wysocki, A., & Kepner, K. (2002, June). Transformational
leadership: The transformation of managers and associates. Retrieved Sep 19,
2015 from http://edis.ifas.ufl.edu/hr020
Harkins, M. (2013). Managing risk and information security: Protect to enable. New
York: Apress.
IBM/Ponemon Institute. (2015, May). IBM 2015 Cost of data breach study. Retrieved
Sep 19, 2015 from http://www.ibm.com/security/data-breach
Kaspersky Lab. (2015, February 16). The great bank robbery: The Carbanak APT.
Retrieved Sep 19, 2015 from https://securelist.com/blog/research/68732/the-
great-bank-robbery-the-carbanak-apt/
Kuhnert, K. W., & Lewis, P. (1987). Transactional and transformational leadership: A
constructive/developmental analysis. Academy of Management review, 12(4),
648-657.
Mayer, R. C., Davis, J. H., & Schoorman, F. D. (1995). An integrative model of
organizational trust. Academy of Management Review, 20(3), 709-734.
Morgan, J. (2014, September 11). Trust in the workplace: What happened to it, and how
do we get it back. Retrieved Nov 23, 2015, from
http://www.forbes.com/sites/jacobmorgan/2014/09/11/trust-in-the-workplace-
what-happened-to-it-and-how-do-we-get-it-back/
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
18. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
18
Morgan, S. (2015, July 9). Worldwide cybersecurity market continues its upward trend.
Retrieved Sep 26, 2015, from
http://www.csoonline.com/article/2946017/security-leadership/worldwide-
cybersecurity-market-sizing-and-projections.html
Nakashima, E. (2015, July 9). Hacks of OPM databases compromised 22.1 million
people, federal authorities say. Retrieved Sep 26, 2015 from
http://www.washingtonpost.com/blogs/federal-eye/wp/2015/07/09/hack-of-
security-clearance-system-affected-21-5-million-people-federal-authorities-say/
Peeler, J., & Messer, A. (2015, April 17). (ISC)² Study: Workforce shortfall due to
hiring difficulties despite rising salaries, increased budgets and high job
satisfaction rate. Retrieved Sep 26, 2015 from
http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-
hiring-difficulties-despite-rising-salaries-increased-budgets-a.html
SANS Institute. (2013). MGT514.5: Leadership and management competencies. Author.
Spector, M. D., & Jones, G. E. (2004). Trust in the workplace: Factors affecting trust
formation between team members. The Journal of social psychology, 144(3),
311-321.
Takemoto, Y., & Knight, S. (2014, February 28). Mt. Gox files for bankruptcy, hit with
lawsuit. Retrieved from http://www.reuters.com/article/2014/02/28/us-bitcoin-
mtgox-bankruptcy-idUSBREA1R0FX20140228
U.S. Securities and Exchange Commission. (2015, September 22). Investor alert:
Identity theft, data breaches and your investment accounts. Retrieved Sep 26,
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com
19. The Importance of Trust for Developing Tomorrow’s Information Security
Leaders
19
2015 from http://www.sec.gov/oiea/investor-alerts-
bulletins/ia_databreaches.html
Verizon Enterprise Solutions. (2015, July 9). 2015 Data Breach Investigations Report
(DBIR). Retrieved Sep 19, 2015 from
http://www.verizonenterprise.com/DBIR/2015/
Walder, N., Stempel, J., & Ax, J. (2015, August 12). Hackers stole secrets for up to $100
million insider-trading profit. Retrieved Sep 27, 2015 from
http://www.reuters.com/article/2015/08/12/us-cybercybersecurity-hacking-
stocks-arr-idUSKCN0QG1EY20150812
Zeffane, R., Tipu, S. A., & Ryan, J. C. (2011). Communication, commitment & trust:
Exploring the triad. International Journal of Business and Management, 6(6),
77-87
Zetter, K. (2011, September 20). DigiNotar files for bankruptcy in wake of devastating
hack. Retrieved Oct 17, 2015 from http://www.wired.com/2011/09/diginotar-
bankruptcy/
Ed Yuwono;Ed.Yuwono.MSISM at gmail.com