Chapter 11: Globalization and
the Digital Divide
Learning Objectives
Upon successful completion of this chapter, you will be
able to:
• explain the concept of globalization;
• describe the role of information technology in
globalization;
• identify the issues experienced by firms as they
face a global economy; and
• define the digital divide and explain Nielsen’s three
stages of the digital divide.
Introduction
The Internet has wired the world. Today it is just as simple to
communicate with someone on the other side of the world as it
is to talk to someone next door. But keep in mind that many
businesses attempted to outsource different needs in technology,
only to discover that near-sourcing (outsourcing to countries to
Chapter 11: Globalization and the
Digital Divide | 245
Internet
Statistics by
Continent.
Source:
https://www
.internetworl
dstats.com/
stats.htm.
(Click to
enlarge)
which your country is physically connected) had greater advantage.
This chapter looks at the implications of globalization and the
impact it is having on the world.
What Is Globalization?
Globalization refers to the integration of goods, services, and
culture among the nations of the world. Globalization is not
necessarily a new phenomenon. In many ways globalization has
existed since the days of European colonization. Further advances
in telecommunication and transportation technologies accelerated
globalization. The advent of the the worldwide Internet has made all
nations virtual next door neighbors.
The Internet is truly a worldwide phenomenon. As of December
2017 the Internet was being used by over 4.1 billion people world
wide.
1
From its initial beginnings in the United States in the 1970s to
the development of the World Wide Web in the 1990s to the social
networks and e-commerce of today, the Internet has continued to
increase the integration between countries, making globalization a
fact of life for citizens all over the world.
1. [1]
246 | Information Systems for Business and Beyond (2019)
https://www.internetworldstats.com/stats.htm
https://www.internetworldstats.com/stats.htm
The Network Society
In 1996 social-sciences researcher Manuel Castells published The
Rise of the Network Society, in which he identified new ways
economic activity was being organized around the networks that
the new telecommunication technologies had provided. This new,
global economic activity was different from the past, because “it
is an economy with the capacity to work as a unit in real time on
a planetary scale.”
2
Having a world connected via the Internet has
some massive implications.
The World Is Flat
Thomas Friedman’s 2005 book The World Is Flat uses anecdotal
evidence to present the impact the personal computer, the Internet,
and communication software have had on business, specifically the
impact on globalization. Three eras of globalization are defi.
Interactive Powerpoint_How to Master effective communication
Globalization Digital Divide Chapter Explains Impacts Technologies
1. Chapter 11: Globalization and
the Digital Divide
Learning Objectives
Upon successful completion of this chapter, you will be
able to:
• explain the concept of globalization;
• describe the role of information technology in
globalization;
• identify the issues experienced by firms as they
face a global economy; and
• define the digital divide and explain Nielsen’s three
stages of the digital divide.
Introduction
The Internet has wired the world. Today it is just as simple to
communicate with someone on the other side of the world as it
is to talk to someone next door. But keep in mind that many
2. businesses attempted to outsource different needs in technology,
only to discover that near-sourcing (outsourcing to countries to
Chapter 11: Globalization and the
Digital Divide | 245
Internet
Statistics by
Continent.
Source:
https://www
.internetworl
dstats.com/
stats.htm.
(Click to
enlarge)
which your country is physically connected) had greater
advantage.
This chapter looks at the implications of globalization and the
impact it is having on the world.
What Is Globalization?
Globalization refers to the integration of goods, services, and
culture among the nations of the world. Globalization is not
necessarily a new phenomenon. In many ways globalization has
existed since the days of European colonization. Further
3. advances
in telecommunication and transportation technologies
accelerated
globalization. The advent of the the worldwide Internet has
made all
nations virtual next door neighbors.
The Internet is truly a worldwide phenomenon. As of December
2017 the Internet was being used by over 4.1 billion people
world
wide.
1
From its initial beginnings in the United States in the 1970s to
the development of the World Wide Web in the 1990s to the
social
networks and e-commerce of today, the Internet has continued
to
increase the integration between countries, making globalization
a
fact of life for citizens all over the world.
1. [1]
246 | Information Systems for Business and Beyond (2019)
https://www.internetworldstats.com/stats.htm
https://www.internetworldstats.com/stats.htm
4. The Network Society
In 1996 social-sciences researcher Manuel Castells published
The
Rise of the Network Society, in which he identified new ways
economic activity was being organized around the networks that
the new telecommunication technologies had provided. This
new,
global economic activity was different from the past, because
“it
is an economy with the capacity to work as a unit in real time
on
a planetary scale.”
2
Having a world connected via the Internet has
some massive implications.
The World Is Flat
Thomas Friedman’s 2005 book The World Is Flat uses anecdotal
evidence to present the impact the personal computer, the
Internet,
and communication software have had on business, specifically
the
5. impact on globalization. Three eras of globalization are defined
at
the beginning of the book.
3
:
• “Globalization 1.0″ occurred from 1492 until about 1800. In
this
era globalization was centered around countries. It was about
how much horsepower, wind power, and steam power a
country had and how creatively it was deployed. The world
shrank from size “large” to size “medium.”
• “Globalization 2.0″ occurred from about 1800 until 2000,
interrupted only by the two World Wars. In this era, the
dynamic force driving change was multinational companies.
The world shrank from size “medium” to size “small.”
2. [2]
3. [3]
Chapter 11: Globalization and the Digital Divide | 247
• “Globalization 3.0″ is our current era, beginning in the year
6. 2000. The convergence of the personal computer, fiber-optic
Internet connections, and software has created a “flat-world
platform” that allows small groups and even individuals to go
global. The world has shrunk from size “small” to size “tiny.”
According to Friedman, this third era of globalization was
brought
about, in many respects, by information technology. Some of
the
specific technologies include:
• Graphical user interface for the personal computer
popularized in the late 1980s. Before the graphical user
interface, using a computer was relatively difficult, requiring
users to type commands rather than click a mouse. By making
the personal computer something that anyone could use, the
computer became a tool of virtually every person, not just
those intrigued by technology. Friedman says the personal
computer made people more productive and, as the Internet
evolved, made it simpler to communicate information
worldwide.
• Build-out of the Internet infrastructure during the dot-com
7. boom during the late-1990s. During the late 1990s,
telecommunications companies laid thousands of miles of fiber
optic cable all over the world, turning network
communications into a commodity. At the same time, the
Internet protocols, such as SMTP (e-mail), HTML (web pages),
and TCP/IP (network communications) became standards that
were available for free and used by everyone through their
email programs and web browsers.
• Introduction of software to automate and integrate business
processes. As the Internet continued to grow and become the
dominant form of communication, it became essential to build
on the standards developed earlier so that the websites and
applications running on the Internet would work well together.
Friedman calls this “workflow software,” by which he means
248 | Information Systems for Business and Beyond (2019)
software that allows people to work together more easily, and
allows different software and databases to integrate with each
other more easily. Examples include payment processing
systems and shipping calculators.
8. These three technologies came together in the late 1990s to
create a “platform for global collaboration.” Once these
technologies
were in place, they continued to evolve. Friedman also points
out
a couple more technologies that have contributed to the flat-
world
platform, namely the open source movement discussed in
Chapter
10 and the advent of mobile technologies.
Economist Pankaj Ghemawat authored the book World 3.0 in
2011
in an attempt to provide a more moderate and research-based
analysis of globalization. While Friedman talked with
individuals and
produced an anecdotally-based book, Ghemawat’s approach was
to
research economic data, then draw conclusions about
globalization.
His research found the following:
• Mailed letters that cross international borders = 1%
• Telephone calling minutes that are international = 2%
9. • Internet traffic that is routed across international borders =
18%
• National, as opposed to international, TV news sources = 95%
• First generation immigrants as portion of world’s population =
3%
• People who at sometime in their lives will cross an
international border = 10%
• Global exports as portion of the value of all goods produced in
the world = 20%
4
According to Ghemawat, while the Internet has had an impact
on
4. [4]
Chapter 11: Globalization and the Digital Divide | 249
the world’s economy, it may well be that domestic economies
can be
expected to continue to be the main focus in most countries.
You
can watch Ghemawat’s Ted Talk here. Current and future trends
10. will
be discussed in Chapter 13.
The Global Firm
The new era of globalization allows virtually any business to
become
international. By accessing this new platform of technologies,
Castells’s vision of working as a unit in real time on a planetary
scale
can be a reality. Some of the advantages include:
• Ability to locate expertise and labor around the world.
Instead of drawing employees from their local area,
organizations can now hire people from the global labor pool.
This also allows organizations to pay a lower labor cost for the
same work based on the prevailing wage in different countries.
• Ability to operate 24 hours a day. With employees in different
time zones all around the world, an organization can literally
operate around the clock, handing off work on projects from
one part of the world to another as the normal business day
ends in one region and begins in another. A few years ago
three people decided to open a web hosting company. They
11. strategically relocated to three places in the world which were
eight hours apart, giving their business 24 hour coverage while
allowing each to work during the normal business day.
Operating expenses were minimized and the business provided
24/7 support to customers world wide.
• Larger market for their products. Once a product is being
sold online, it is available for purchase from a worldwide
customer base. Even if a company’s products do not appeal
beyond its own country’s borders, being online has made the
product more visible to consumers within that country.
250 | Information Systems for Business and Beyond (2019)
https://www.ted.com/talks/pankaj_ghemawat_actually_the_worl
d_isn_t_flat
In order to fully take advantage of these new capabilities,
companies need to understand that there are also challenges in
dealing with employees and customers from different cultures.
Some of these challenges include:
• Infrastructure differences. Each country has its own
infrastructure with varying levels of quality and bandwidth. A
12. business cannot expect every country it deals with to have the
same Internet speeds. See the sidebar titled “How Does My
Internet Speed Compare?”
• Labor laws and regulations. Different countries (even different
states in the United States) have different laws and regulations.
A company that wants to hire employees from other countries
must understand the different regulations and concerns.
• Legal restrictions. Many countries have restrictions on what
can be sold or how a product can be advertised. It is important
for a business to understand what is allowed. For example, in
Germany, it is illegal to sell anything Nazi related.
• Language, customs, and preferences. Every country has its
own unique culture which a business must consider when
trying to market a product there. Additionally, different
countries have different preferences. For example, in many
parts of Europe people prefer to eat their french fries with
mayonnaise instead of ketchup. In South Africa a hamburger
comes delivered to your table with gravy on top.
• International shipping. Shipping products between countries
in a timely manner can be challenging. Inconsistent address
13. formats, dishonest customs agents, and prohibitive shipping
costs are all factors that must be considered when trying to
deliver products internationally.
Because of these challenges, many businesses choose not to
expand globally, either for labor or for customers. Whether a
business has its own website or relies on a third-party, such as
Chapter 11: Globalization and the Digital Divide | 251
Comparison
of top world
Internet
speeds in
2019. Source:
https://www
.statista.com
/chart/
7246/
the-countrie
s-with-the-f
astest-intern
et/ (Click to
enlarge)
Amazon or eBay, the question of whether or not to globalize
must
be carefully considered.
14. Sidebar: How Does My Internet Speed
Compare?
How does your Internet speed compare with others in the world?
The following chart shows how Internet speeds compare
in different countries. You can find the full list of countries by
going
to this article . You can also compare the evolution of Internet
speeds among countries by using this tool .
So how does your own Internet speed compare? There are many
online tools you can use to determine the speed at which you
are
connected. One of the most trusted sites is speedtest.net, where
you can test both your download and upload speeds.
252 | Information Systems for Business and Beyond (2019)
https://www.statista.com/chart/7246/the-countries-with-the-
fastest-internet/
https://www.statista.com/chart/7246/the-countries-with-the-
fastest-internet/
http://www.akamai.com/stateoftheinternet
https://www.statista.com/chart/7246/the-countries-with-the-
fastest-internet/
https://www.statista.com/chart/7246/the-countries-with-the-
fastest-internet/
http://www.speedtest.net/
15. The Digital Divide
As the Internet continues to make inroads across the world, it is
also
creating a separation between those who have access to this
global
network and those who do not. This separation is called the
“digital
divide” and is of great concern. An article in Crossroads puts it
this
way:
Adopted by the ACM Council in 1992, the ACM Code of
Ethics and Professional Conduct focuses on issues involving
the Digital Divide that could prevent certain categories of
people — those from low-income households, senior
citizens, single-parent children, the undereducated,
minorities, and residents of rural areas — from receiving
adequate access to the wide variety of resources offered
by computer technology. This Code of Ethics positions the
use of computers as a fundamental ethical consideration: “In
16. a fair society, all individuals would have equal opportunity
to participate in, or benefit from, the use of computer
resources regardless of race, sex, religion, age, disability,
national origin, or other similar factors.” This article
summarizes the digital divide in its various forms, and
analyzes reasons for the growing inequality in people’s
access to Internet services. It also describes how society
can bridge the digital divide: the serious social gap between
information “haves” and “have-nots.”
5
The digital divide can occur between countries, regions, or even
neighborhoods. In many US cities, there are pockets with little
or no
5. [5]
Chapter 11: Globalization and the Digital Divide | 253
Internet access, while just a few miles away high-speed
broadband
is common.
17. Solution
s to the digital divide have had mixed success over the
years. Many times just providing Internet access and/or
computing
devices is not enough to bring true Internet access to a country,
region, or neighborhood.
A New Understanding of the Digital Divide
In 2006, web-usability consultant Jakob Nielsen wrote an article
that got to the heart of our understanding of this problem. In his
article he breaks the digital divide up into three stages: the
economic divide, the usability divide, and the empowerment
divide
6
18. .
• Economic divide. This is what many call the digital divide.
The
economic divide is the idea that some people can afford to
have a computer and Internet access while others cannot.
Because of Moore’s Law (see Chapter 2), the price of hardware
has continued to drop and, at this point, we can now access
digital technologies, such as smartphones, for very little.
Nielsen asserts that for all intents and purposes, the economic
divide is a moot point and we should not focus our resources
on solving it.
• Usability divide. Usability is concerned with the fact that
“technology remains so complicated that many people couldn’t
use a computer even if they got one for free.” And even for
19. those who can use a computer, accessing all the benefits of
having one is beyond their understanding. Included in this
group are those with low literacy and seniors. According to
6. [6]
254 | Information Systems for Business and Beyond (2019)
Nielsen, we know how to help these users, but we are not
doing it because there is little profit in doing so.
• Empowerment divide. Empowerment is the most difficult to
solve. It is concerned with how we use technology to empower
ourselves. Very few users truly understand the power that
digital technologies can give them. In his article, Nielsen
explains that his and others’ research has shown that very few
20. users contribute content to the Internet, use advanced search,
or can even distinguish paid search ads from organic search
results. Many people will limit what they can do online by
accepting the basic, default settings of their computer and not
work to understand how they can truly be empowered.
Understanding the digital divide using these three stages
provides
a more nuanced view of how we can work to alleviate it. More
work
needs to be done to address the second and third stages of the
digital divide for a more holistic solution.
Refining the Digital Divide
The Miniwatts Marketing Group, host of Internet World Stats,
has
21. sought in 2018 to further clarify the meaning of digital divide
by
acknowledging that the divide is more than just who does or
does
not have access to the Internet. In addition to Nielsen’s
economic,
usability, and empowerment divides, this group sees the
following
concerns.
• Social mobility. Lack of computer education works to the
disadvantage of children with lower socioeconomic status.
• Democracy. Greater use of the Internet can lead to healthier
democracies especially in participation in elections.
• Economic growth. Greater use of the Internet in developing
countries could provide a shortcut to economic advancement.
Chapter 11: Globalization and the Digital Divide | 255
22. Using the latest technology could give companies in these
countries a competitive advantage.
The focus on the continuing digital divide has led the European
Union to create an initiative known as The European 2020
Strategy.
Five major areas are being targeted: a) research and
development,
b) climate/energy, c) education, d) social inclusion, and e)
poverty
reduction.
7
Sidebar: Using Gaming to Bridge the
Digital Divide
Paul Kim, the Assistant Dean and Chief Technology Officer of
23. the
Stanford Graduate School of Education, designed a project to
address the digital divide for children in developing countries.
8
In their project the researchers wanted to learn if children can
adopt and teach themselves mobile learning technology, without
help from teachers or other adults, and the processes and factors
involved in this phenomenon. The researchers developed a
mobile
device called TeacherMate, which contained a game designed to
help children learn math. The unique part of this research was
that the researchers interacted directly with the children. They
did not channel the mobile devices through the teachers or the
schools. There was another important factor to consider. In
24. order
to understand the context of the children’s educational
environment, the researchers began the project by working with
7. [7]
8. [8]
256 | Information Systems for Business and Beyond (2019)
parents and local nonprofits six months before their visit. While
the
results of this research are too detailed to go into here, it can be
said that the researchers found that children can, indeed, adopt
and
teach themselves mobile learning technologies.
What makes this research so interesting when thinking about
25. the digital divide is that the researchers found that, in order to
be
effective, they had to customize their technology and tailor their
implementation to the specific group they were trying to reach.
One
of their conclusions stated the following:
Considering the rapid advancement of technology today,
mobile learning options for future projects will only
increase. Consequently, researchers must continue to
investigate their impact. We believe there is a specific need
for more in-depth studies on ICT [Information and
Communication Technology] design variations to meet
different challenges of different localities.
26. To read more about Dr. Kim’s project, locate the paper
referenced
here.
Summary
Information technology has driven change on a global scale.
Technology has given us the ability to integrate with people all
over
the world using digital tools. These tools have allowed
businesses to
broaden their labor pools, their markets, and even their
operating
hours. But they have also brought many new complications for
businesses, which now must understand regulations,
preferences,
and cultures from many different nations. This new
globalization
27. has also exacerbated the digital divide. Nielsen has suggested
that
the digital divide consists of three stages (economic, usability,
and
empowerment), of which the economic stage is virtually solved.
Chapter 11: Globalization and the Digital Divide | 257
http://ldtprojects.stanford.edu/~educ39107/hyunkyung/IJED%20
-%20India%20-%20comparative.pdf/
http://ldtprojects.stanford.edu/~educ39107/hyunkyung/IJED%20
-%20India%20-%20comparative.pdf/
Study Questions
1. What does the term globalization mean?
2. How does Friedman define the three eras of globalization?
3. Which technologies have had the biggest effect on
28. globalization?
4. What are some of the advantages brought about by
globalization?
5. What are the challenges of globalization?
6. What perspective does Ghemawat provide regarding
globalization in his book World 3.0?
7. What does the term digital divide mean?
8. What are Jakob Nielsen’s three stages of the digital divide?
9. What was one of the key points of The Rise of the Network
Society?
10. Which country has the highest average Internet speed? How
does your country compare?
Exercises
29. 1. Compare the concept of Friedman’s “Globalization 3.0″ with
Nielsen empowerment stage of the digital divide.
2. Do some original research to determine some of the
regulations that a US company may have to consider before
doing business in one of the following countries: China,
Germany, Saudi Arabia, Turkey.
3. Give one example of the digital divide and describe what you
would do to address it.
4. How did the research conducted by Paul Kim address the
three
258 | Information Systems for Business and Beyond (2019)
levels of the digital divide?
30. Lab
1. Go to speedtest.net to determine your Internet speed.
Compare your speed at home to the Internet speed at two
other locations, such as your school, place of employment, or
local coffee shop. Write a one-page summary that compares
these locations.
1. Internet World Stats. (n.d.). World Internet Users and 2018
Population Stats. Retrieved from
http://internetworldstats.com/↵
2. Castells, M. (2000). The Rise of the Network Society (2nd
ed.).
Cambridge, MA: Blackwell Publishers, Inc.↵
3. Friedman, T. L. (2005). The world is flat: A brief history of
31. the
twenty-first century. New York: Farrar, Straus and Giroux.↵
4. Ghemawat, P. (2011). World 3.0: Global Prosperity and How
to
Achieve It. Boston: Harvard Business School Publishing.↵
5. Kim, K. (2005, December). Challenges in HCI: digital divide.
Crossroads 12, 2. DOI=10.1145/1144375.1144377. Retrieved
from
http://doi.acm.org/10.1145/1144375.1144377↵
6. Nielsen, J. (2006).Digital Divide: The 3 Stages. Nielsen
Norman
Group. Retrieved from http://www.nngroup.com/articles/
digital-divide-the-three-stages/↵
7. Miniwatts Marketing Group. (2018, May 23). The Digital
Divide,
32. ICT, and Broadband Internet. Retrieved from
https://www.internetworldstats.com/links10.htm↵
8. Kim, P., Buckner, E., Makany, T., and Kim, H. (2011). A
comparative analysis of a game-based mobile learning model in
Chapter 11: Globalization and the Digital Divide | 259
low-socioeconomic communities of India. International Journal
of Educational Development. Retrieved from https//doi:10.1016/
j.ijedudev.2011.05.008.↵
260 | Information Systems for Business and Beyond (2019)
Chapter 12: The Ethical and
Legal Implications of
33. Information Systems
Learning Objectives
Upon successful completion of this chapter, you will be
able to:
• describe what the term information systems ethics
means;
• explain what a code of ethics is and describe the
advantages and disadvantages;
• define the term intellectual property and explain
the protections provided by copyright, patent, and
trademark; and
• describe the challenges that information
technology brings to individual privacy.
34. Introduction
Information systems have had an impact far beyond the world of
Chapter 12: The Ethical and Legal
Implications of Information
business. New technologies create new situations that have
never
had to be confronted before. One issue is how to handle the new
capabilities that these devices provide to users. What new laws
are
going to be needed for protection from misuse of new
technologies.
This chapter begins with a discussion of the impact of
information
35. systems has on user behavior or ethics. This will be followed
with
the new legal structures being put in place with a focus on
intellectual property and privacy.
Information Systems Ethics
The term ethics means “a set of moral principles” or “the
principles
of conduct governing an individual or a group.”
1
Since the dawn
of civilization, the study of ethics and their impact has
fascinated
mankind. But what do ethics have to do with information
systems?
The introduction of new technology can have a profound effect
on human behavior. New technologies give us capabilities that
36. we
did not have before, which in turn create environments and
situations that have not been specifically addressed in an ethical
context. Those who master new technologies gain new power
while
those who cannot or do not master them may lose power. In
1913
Henry Ford implemented the first moving assembly line to
create
his Model T cars. While this was a great step forward
technologically
and economically, the assembly line reduced the value of human
beings in the production process. The development of the
atomic
bomb concentrated unimaginable power in the hands of one
37. government, who then had to wrestle with the decision to use
it. Today’s digital technologies have created new categories of
ethical dilemmas.
1. [1]
262 | Information Systems for Business and Beyond (2019)
Facebook logo
For example, the ability to anonymously make perfect copies of
digital music has tempted many music fans to download
copyrighted music for their own use without making payment to
the
music’s owner. Many of those who would never have walked
into a
music store and stolen a CD find themselves with dozens of
38. illegally
downloaded albums.
Digital technologies have given us the ability to aggregate
information from multiple sources to create profiles of people.
What would have taken weeks of work in the past can now be
done in seconds, allowing private organizations and
governments
to know more about individuals than at any time in history. This
information has value, but also chips away at the privacy of
consumers and citizens.
Sidebar: Data Privacy, Facebook, and
Cambridge Analytica
In early 2018 Facebook acknowledged a
data breach affecting 87 million users. The
39. app “thisisyourdigitallife”, created by Global
Science Research, informed users that they
could participate in a psychological research
study. About 270,000 people decided to
participate in the research, but the app failed
to tell users that the data of all of their
friends on Facebook would be automatically
captured as well. All of this data theft took place prior to 2014,
but it
did not become public until four years later.
In 2015 Facebook learned about Global Science Research’s
collection of data on millions of friends of the users in the
research.
40. Global Science Research agreed to delete the data, but it had
already
Chapter 12: The Ethical and Legal Implications of Information
Systems | 263
been sold to Cambridge Analytica who used it in the 2016
presidential primary campaign. The ensuing firestorm resulted
in
Mark Zuckerberg, CEO of Facebook, testifying before the U.S.
Congress in 2018 on what happened and what Facebook would
do in the future to protect users’ data. Congress is working on
legislation to protect user data in the future, a prime example of
technology advancing faster than the laws needed to protect
users.
More information about this case of data privacy can be found
41. at
Facebook and Cambridge Analytica.
2
Code of Ethics
A code of ethics is one method for navigating new ethical
waters.
A code of ethics outlines a set of acceptable behaviors for a
professional or social group. Generally, it is agreed to by all
members of the group. The document details different actions
that
are considered appropriate and inappropriate.
A good example of a code of ethics is the Code of Ethics and
Professional Conduct of the Association for Computing
Machinery,
3
42. an organization of computing professionals that includes
academics, researchers, and practitioners. Here is a quote from
the
preamble:
Commitment to ethical professional conduct is expected of
every member (voting members, associate members, and
student members) of the Association for Computing
Machinery …
239
9
foRming a CybeR
seCuRiTy CulTuRe
Introduction
43. Much has been written regarding the importance of how
companies
deal with cyber threats. While most organizations have focused
on
the technical ramifications of how to avoid being compromised,
few
have invested in how senior management needs to make security
a
priority. This chapter discusses the salient issues that
executives must
address and how to develop a strategy to deal with the various
types
of cyber attack that could devastate the reputation and revenues
of any
business or organization. The response to the cyber dilemma
requires
evolving institutional behavior patterns using organizational
learning
concepts.
History
From a historical perspective we have seen an interesting
evolution
44. of the types and acceleration of attacks on business entities.
Prior to
1990, few organizations were concerned with information
security
except for the government, military, banks and credit card
companies.
In 1994, with the birth of the commercial Internet, a higher
volume of
attacks occurred and in 2001 the first nation-state sponsored
attacks
emerged. These attacks resulted, in 1997, in the development of
com-
mercial firewalls and malware. By 2013, however, the increase
in
attacks reached greater complexity with the Target credit card
breach,
Home Depot’ s compromise of its payment system, and JP
Morgan’ s
exposure that affected 76 million customers and seven million
busi-
nesses. These events resulted in an escalation of fear,
particularly in
the areas of sabotage, theft of intellectual property, and stealing
of
money. Figure 9.1 shows the changing pace of cyber security
82. p
re
se
nt
at
io
n.
)
241ForMInG A CYber seCurItY Culture
The conventional wisdom among cyber experts is that no
business
can be compromise proof from attacks. Thus, leaders need to
realize
that there must be (1) other ways beyond just developing new
anti-
software to ward off attacks, and (2) internal and external
strategies to
83. deal with an attack when it occurs. These challenges in cyber
security
management can be categorized into three fundamental
components:
• Learning how to educate and present to the board of directors
• Creating new and evolving security cultures
• Understanding what it means organizationally to be
compromised
Each of these components is summarized below
Talking to the Board
Board members need to understand the possible cyber attack
expo-
sures of the business. They certainly need regular
communication
from those executives responsible for protecting the
organization.
Seasoned security executives can articulate the positive
processes that
are in place, but without overstating too much confidence since
there
84. is always risk of being compromised. That is, while there may
be expo-
sures, C-level managers should not hit the panic button and
scare the
board. Typically, fear only instills a lack of confidence by the
board in
the organization’ s leadership. Most important is to always
relate secu-
rity to business objectives and, above all, avoid “ tech” terms
during
meetings. Another important topic of discussion is how third-
party
vendors are being managed. Indeed, so many breaches have
been
caused by a lack of oversight of legacy applications that are
controlled
by third-party vendors. Finally, managers should always
compare the
state of security with that of the company’ s competitors.
Establishing a Security Culture
The predominant exposure to a cyber attack often comes from
care-
less behaviors of the organization’ s employees. The first step
85. to avoid
poor employee cyber behaviors is to have regular
communication with
staff and establish a set of best practices that will clearly
protect the
business. However, mandating conformance is difficult and
research
242 InForMAtIon teChnoloGY
has consistently supported that evolutionary culture change is
best
accomplished through relationship building, leadership by
influence
(as opposed to power-centralized management), and ultimately,
a
presence at most staff meetings. Individual leadership remains
the
most important variable when transforming the behaviors and
prac-
tices of any organization.
Understanding What It Means to Be Compromised
86. Every organization should have a plan of what to do when
security
is breached. The first step in the plan is to develop a “ risk”
culture.
What this simply means is that an organization cannot maximize
protection of all parts of its systems equally. Therefore, some
parts of a
company’ s system might be more protected against cyber
attacks than
others. For example, organizations should maximize the
protection
of key company scientific and technical data first. Control of
network
access will likely vary depending on the type of exposure that
might
result from a breach. Another approach is to develop consistent
best
practices among all contractors and suppliers and to track the
move-
ment of these third parties (e.g., if they are merged/sold,
disrupted
in service, or even breached indirectly). Finally, technology
execu-
tives should pay close attention to Cloud computing alternatives
87. and
develop ongoing reviews of possible threat exposures in these
third-
party service architectures.
Cyber Security Dynamism and Responsive Organizational
Dynamism
The new events and interactions brought about by cyber security
threats can be related to the symptoms of the dynamism that has
been the basis of ROD discussed earlier in this book. Here,
however,
the digital world manifests itself in a similar dynamism that I
will
call cyber dynamism .
Managing cyber dynamism, therefore, is a way of managing the
negative effects of a particular technology threat. As in ROD,
cyber
strategic integration and cyber cultural assimilation remain as
distinct
categories, that present themselves in response to cyber
dynamism.
Figure 9.2 shows the components of cyber ROD.
88. 243ForMInG A CYber seCurItY Culture
Cyber Strategic Integration
Cyber strategic integration is a process that firms need to use to
address
the business impact of cyber attacks on its organizational
processes.
Complications posed by cyber dynamism, via the process of
strategic
integration, occurs when several new cyber attacks overlap and
create a
myriad of problems in various phases of an organization’ s
ability to oper-
ate. Cyber attacks can also affect consumer confidence, which
in turn
hurts a business’s ability to attract new orders. Furthermore, the
problem
can be compounded by reductions in productivity, which are
complicated
to track and to represent to management. Thus, it is important
that orga-
nizations find ways to develop strategies to deal with cyber
89. threats such as:
1. How to reduce occurrences by instituting aggressive organi-
zation structures that review existing exposures in systems.
Cyber attacks as
an independent
variable
Organizational
dynamism
Requires
How to formulate risk-
related strategies to deal
with cyber attacks
Symptoms and
implications
Cyber
cultural
90. assimilation
Requires
Cyber
strategic
integration
Figure 9.2 Cyber responsive organizational dynamism. (From
Langer, A., Information Technology
and Organizational Learning: Managing Behavioral Change
through Technology and Education , CRC
Press, Boca Raton, FL, 2011.)
244 InForMAtIon teChnoloGY
2. What new threats exist, which may require ongoing research
and collaborations with third-party strategic alliances?
3. What new processes might be needed to combat new cyber
dynamisms based on new threat capabilities?
91. 4. Creating systems architectures that can recover when a cyber
breach occurs.
In order to realize these objectives, executives must be able to
• Create dynamic internal processes that can function on a
daily basis, to deal with understanding the potential fit of new
cyber attacks and their overall impact to the local department
within the business, that is, to provide for change at the grass-
roots level of the organization.
• Monitor cyber risk investments and determine modifications
to the current life cycle of idea-to-reality.
• Address the weaknesses in the organization in terms of how
to deal with new threats, should they occur, and how to better
protect the key business operations.
• Provide a mechanism that both enables the organization to
deal with accelerated change caused by cyber threats and that
integrates them into a new cycle of processing and handling
change.
• Establish an integrated approach that ties cyber risk account-
92. ability to other measurable outcomes integrating acceptable
methods of the organization.
The combination of evolving cyber threats with accelerated and
changing consumer demands has also created a business
revolution that
best defines the imperative of the strategic integration
component of
cyber ROD. Without action directed toward new strategic
integration
focused on cyber security, organizations will lose competitive
advan-
tage, which will ultimately affect profits. Most experts see the
danger
of breaches from cyber attacks as the mechanism that will
ultimately
require the integrated business processes to be realigned, thus
provid-
ing value to consumers and modifying the customer- vendor
relation-
ship. The driving force behind this realignment emanates from
cyber
dynamisms, which serve as the principle accelerator of the
change in
transactions across all businesses.
93. 245ForMInG A CYber seCurItY Culture
Cyber Cultural Assimilation
Cyber cultural assimilation is a process that addresses the
organiza-
tional aspects of how the security department is internally
organized,
its relationship with IT, and how it is integrated within the
organiza-
tion as a whole. As with technology dynamism, cyber dynamism
is
not limited only to cyber strategic issues, but cultural ones as
well. A
cyber culture is one that can respond to emerging cyber attacks,
in
an optimally informed way, and one that understands the impact
on
business performance and reputation.
The acceleration factors of cyber attacks require more dynamic
activity within and among departments, which cannot be accom-
94. plished through discrete communications between groups.
Instead,
the need for diverse groups to engage in more integrated
discourse
and to share varying levels of cyber security knowledge, as well
as
business-end perspectives, requires new organizational
structures that
will give birth to a new and evolving business social culture.
In order to facilitate cyber cultural assimilation, organizations
must
have their staffs be more comfortable with a digital world that
contin-
ues to be compromised by outside threats. The first question
becomes
one of finding the best structure to support a broad assimilation
of
knowledge about any given cyber threat. The second is about
how that
knowledge can best be utilized by the organization to develop
both
risk efforts and attack resilience. Business managers therefore
need
to consider cyber security and include the cyber staff in all
95. decision-
making processes. Specifically, cyber assimilation must become
fun-
damental to the cultural evolution.
While many scholars and managers suggest the need to have a
specific entity responsible for cyber security governance; one
that is
to be placed within the organization’ s operating structure, such
an
approach creates a fundamental problem. It does not allow staff
and
managers the opportunity to assimilate cyber security-driven
change
and understand how to design a culture that can operate under
ROD.
In other words, the issue of governance is misinterpreted as a
problem
of structural positioning or hierarchy when it is really one of
cultural
assimilation. As a result, many business solutions to cyber
security
issues often lean toward the prescriptive instead of the
analytical in
addressing the real problem.
96. 246 InForMAtIon teChnoloGY
Summary
This section has made the argument that organizations need to
excel
in providing both strategic and cultural initiatives to reduce
exposure
to cyber threats and ultimate security breaches. Executives must
design
their workforce to meet the accelerated threats brought on by
cyber
dynamisms. Organizations today need to adapt their staff to
operate
under the auspices of ROD by creating processes that can
determine
the strategic exposure of new emerging cyber threats and by
establish-
ing a culture that is more “ defense ready.” Most executives
across indus-
tries recognize that cyber security has become one of the most
powerful
97. variables to maintaining and expanding company markets.
Organizational Learning and Application Development
Behavioral change, leading to a more resilient cyber culture, is
just
one of the challenges in maximizing protection in organizations.
Another important factor is how to design more resilient
applications
that are better equipped to protect against threats; that is, a
decision
that needs to address exposure coupled with risk. The general
con-
sensus is that no system can be 100% protected and that this
requires
important decisions when analysts are designing applications
and sys-
tems. Indeed, security access is not just limited to getting into
the sys-
tem, but applies to the individual application level as well. How
then
do analysts participate in the process of designing secure
applications
through good design? We know that many cyber security
architec-
98. tures are designed from the office of the chief information
security
officer (CISO), a new and emerging role in organizations. The
CISO
role, often independent of the chief information officer (CIO),
became
significant as a result of the early threats from the Internet, the
9/11
attacks and most recently the abundant number of system
compro-
mises experienced by companies such as JP Morgan Chase,
SONY,
Home Depot, and Target, to name just a few.
The challenge of cyber security reaches well beyond just archi-
tecture. It must address third-party vendor products that are part
of
the supply chain of automation used by firms, not to mention
access
to legacy applications that likely do not have the necessary
securities
built into the architecture of these older, less resilient
technologies. This
99. 247ForMInG A CYber seCurItY Culture
challenge has established the need for an enterprise cyber
security solu-
tion that addresses the need of the entire organization. This
approach
would then target third- party vendor design and compliance.
Thus,
cyber security architecture requires integration with a firm’ s
Software
Development Life Cycle (SDLC), particularly within steps that
include
strategic design, engineering, and operations. The objective is
to use a
framework that works with all of these components.
Cyber Security Risk
When designing against cyber security attacks, as stated above,
there
is no 100% protection assurance. Thus, risks must be factored
into
the decision-making process. A number of security experts often
ask
100. business executives the question, “ How much security do you
want,
and what are you willing to spend to achieve that security?”
Certainly, we see a much higher tolerance for increased cost
given the
recent significance of companies that have been compromised.
This sec-
tion provides guidance on how to determine appropriate security
risks.
Security risk is typically discussed in the form of threats.
Threats
can be categorized as presented by Schoenfield (2015):
1. Threat agent: Where is the threat coming from, and who is
making the attack?
2. Threat goals: What does the agent hope to gain?
3. Threat capability: What threat methodology, or type of
approach is the agent possibly going to use?
4. Threat work factor: How much effort is the agent willing to
put in to get into the system?
101. 5. Threat risk tolerance: What legal chances is the agent
willing
to take to achieve his or her goals?
Table 9.1 is shown as a guideline.
Depending on the threat and its associated risks and work
factors,
it will provide important input to the security design, especially
at the
application design level. Such application securities in design
typically
include:
1. The user interface (sign in screen, access to specific parts of
the application).
248 InForMAtIon teChnoloGY
2. Command-line interface (interactivity) in online systems.
3. Inter-application communications. How data and password
102. information are passed, and stored, among applications across
systems.
Risk Responsibility
Schoenfield (2015) suggests that someone in the organization is
assigned the role of the “ risk owner.” There may be many risk
owners
and, as a result, this role could have complex effects on the way
sys-
tems are designed. For example, the top risk owner in most
organiza-
tions today is associated with the CISO. However, many firms
also
employ a chief risk officer (CRO). This role’ s responsibilities
vary.
But risk analysis at the application design level requires
different
governance. Application security risk needs involvement from
the
business and the consumer and needs to be integrated within the
risk
standards of the firm. Specifically, multiple levels of security
often
103. require users to reenter secure information. While this may
maximize
safety, it can negatively impact the user experience and the
robust-
ness of the system interface in general. Performance can
obviously
also be sacrificed, given the multiple layers of validation. There
is no
quick answer to this dilemma other than the reality that more
secu-
rity checkpoints will reduce user and consumer satisfaction
unless
cyber security algorithms become more invisible and
sophisticated.
However, even this approach would likely reduce protection. As
with
all analyst design challenges, the IT team, business users, and
now
the consumer must all be part of the decisions on how much
security
is required.
As my colleague at Columbia University, Steven Bellovin,
states
in his new book, Thinking Security , security is about a
104. mindset. This
mindset to me relates to how we establish security cultures that
can
Table 9.1: Threat Analysis
THREAT AGENT GOALS RISK TOLERANCE WORK
FACTOR METHODS
Cyber criminals Financial Low Low to medium Known and
proven
Source : Schoenfield, B.S.E., Securing Systems: Applied
Security Architecture and Threat Models ,
CRC Press, Boca Raton, FL, 2015.
249ForMInG A CYber seCurItY Culture
enable the analyst to define organizational security as it relates
to new
and existing systems. If we get the analyst position to
participate in
setting security goals in our applications, some key questions
105. accord-
ing to Bellovin (2015) are:
1. What are the economics to protect systems?
2. What is the best protection you can get for the amount of
money you want to spend?
3. Can you save more lives by spending that money?
4. What should you protect?
5. Can you estimate what it will take to protect your assets?
6. Should you protect the network or the host?
7. Is your Cloud secure enough?
8. Do you guess at the likelihood and cost of a penetration?
9. How do you evaluate your assets?
10. Are you thinking like the enemy?
The key to analysis and design in cyber security is recognizing
that
it is dynamic; the attackers are adaptive and somewhat
unpredictable.
This dynamism requires constant architectural change,
accompanied
with increased complexity of how systems become
compromised.
Thus, analysts must be involved at the conceptual model, which
106. includes business definitions, business processes and enterprise
stan-
dards. However, the analysts must also be engaged with the
logical
design, which comprises two sub-models:
1. Logical architecture : Depicts the relationships of different
data
domains and functionalities required to manage each type of
information in the system.
2. Component model : Reflects each of the sub-models and
appli-
cations that provide various functions in the system. The
component model may also include third-part vendor prod-
ucts that interface with the system. The component model
coincides, in many ways, with the process of decomposition.
In summary, the ROD interface with cyber security is more
com-
plex than many managers believe. Security is relative, not
absolute,
and thus leaders must be closely aligned with how internal
cultures
must evolve with changes environments.
107. 250 InForMAtIon teChnoloGY
Driver /Supporter Implications
Security has traditionally been viewed as a support function in
most
organizations, particularly when it is managed by IT staff.
However,
the recent developments in cyber threats suggest, as with other
aspects
of technology, that security too has a driver side.
To excel in the role of security driver, leaders must:
• Have capabilities, budgets and staffing levels, using
benchmarks.
• Align even closer with users and business partners.
• Have close relationships with third parties.
• Extend responsibilities to include the growing challenges in
the mobile workforce.
108. • Manage virtualized environments and third-party ecosystems.
• Find and/or develop cyber security talent and human capital.
• Have a strategy to integrate millennials with baby boomer
and Gen X managers.
251
10
DigiTal TRansfoRmaTion
anD Changes in
ConsumeR behavioR
Introduction
Digital transformation is one of the most significant activities
of the
early twenty-first century. Digital transformation is defined as “
the
changes associated with the applications of digital technology
in all
aspects of human society” (Stolterman & Fors, 2004, p. 689).
109. From a
business perspective, digital transformation enables
organizations to
implement new types of innovations and to rethink business
processes
that can take advantage of technology. From this perspective,
digital
transformation involves a type of reengineering, but one that is
not
limited to rethinking just how systems work together, but rather,
that
extends to the entire business itself. Some see digital
transformation
as the elimination of paper in organizations. Others see it as
revamp-
ing a business to meet the demands of a digital economy. This
chapter
provides a link between digital transformation and what I call “
digital
reengineering.” To explain this better, think of process
reengineering
as the generation that brought together systems in the way that
they
talked to one another— that is, the integration of legacy systems
with
110. new application that used more robust software applications.
The advent of digital transformation requires the entire
organization
to meet the digital demands of their consumers. For some
companies, the
consumer is another company (B2B, or business-to-business),
that is, the
consumer is a provider to another company that inevitably
supports a con-
sumer. For other businesses, their consumer is indeed the
ultimate buyer.
I will discuss the differences in these two types of consumer
concepts later
in this chapter. What is important from an IT perspective is that
reengi-
neering is no longer limited to just the needs of the internal
user, but rather
the needs of the businesses consumer as well. So, systems must
change,
252 InForMAtIon teChnoloGY
111. as necessary, with the changes in consumer behavior. The
challenge with
doing this, of course, is that consumer needs are harder to
obtain and
understand, and can differ significantly among groups,
depending on
variables, such as ethnicity, age, and gender, to name just a few.
As a result, IT managers need to interact with the consumer
more
directly and in partnership with their business colleagues. The
con-
sumer represents a new type of user for IT staff. The consumer,
in
effect, is the buyer of the organization’ s products and services.
The
challenge becomes how to get IT more engaged with the buyer
com-
munity, which could require IT to be engaged in multiple parts
of
the business that deals with the consumer. Below are six
approaches,
which are not mutually exclusive of each other:
1. Sales/Marketing : These individuals sell to the company’ s
112. buy-
ers. Thus, they have a good sense of what customers are look-
ing for, what things they like about the business, and what
they dislike. The power of the sales and marketing team is
their ability to drive realistic requirements that directly impact
revenue opportunities. The limitation of this resource is that
it still relies on an internal perspective of the consumer; that
is, how the sales and marketing staff perceive the consumer’ s
needs.
2. Third-party market analysis/reporting : There are outside
resources available that examine and report on market trends
within various industry sectors. Such organizations typically
have massive databases of information and, using various
search and analysis tools, can provide a better understand-
ing of the behavior patterns of an organization’ s consumers.
These third parties can also provide reports that show how the
organization stacks up against its competition and why con-
sumers may be choosing alternative products. Unfortunately,
if the data is inaccurate it likely will result in false generaliza-
tions about consumer behavior, so it is critical that IT digital
leaders ensure proper review of the data integrity.
3. Predictive analytics : This is a hot topic in today’ s
competitive
113. landscape for businesses. Predictive analytics is the process
of feeding off large data sets (big data) and predicting future
253dIGItAl trAnsForMAtIon
behavior patterns. Predictive analytics approaches are usually
handled internally with assistance from third-party products
or consulting services. The limitation is one of risk— the risk
that the prediction does not occur as planned.
4. Consumer support departments: Internal teams and external
vendors (outsourced managed service) have a good pulse
on consumer preferences because they interact with them.
More specifically, these department respond to questions,
hande problems and get feedback from consumers on a reg-
ular basis. These support departments typically depend on
applications to help the buyer. As a result, they are an excel-
lent resource for providing up-to-date things that the sys-
tem does not provide consumers. Unfortunately, consumer
support organizations limit their needs to what they expe-
rience as opposed to what might be future trends of their
consumers.
114. 5. Surveys: IT and the business can design surveys (question-
naires) and send them to consumers for feedback. Using
surveys can be of significant value in that the questions can
target specific issues that the organization wants to address.
Survey design and administration can be handled by third-
party firms, which may have an advantage in that the ques-
tions are being forwarded from an independent source and
one that does not identify the interested company. On the
other hand, this might be considered a negative— it all
depends on what the organization is seeking to obtain from
the buyer.
6. Focus groups: This approach is similar to the use of a
survey.
Focus groups are commonly used to understand consumer
behavior patterns and preferences. They are often conducted
by outside firms. The differences between the focus group
and a survey are (1) surveys are very …
Assignment 1
(Top priority & High-Quality work required)
Select an organization that has a Global platform (that operates
in more than one country) and has demonstrated operational
excellence. In this paper, perform the following activities:
· Name the organization and briefly describe what goods or
115. services they sell and where they operate.
· Note how they are a differentiator in the market.
· Note the resources used to ensure success in their industry
(remember resources are comprised of more than just people).
· Explain what actions the company took to achieve operational
excellence.
Submission Requirements
Font: Times New Roman, size 12, double-space
Citation Style: APA
Length: At least 3 pages
References: At least 4 references
NO PLAGIARISM
Assignment 2
Textbook:Information Systems for Business and Beyond
Please answer the following
From Chapter 11 – study questions 1-10, Exercise 1
From Chapter 12 – study questions 1-11, Exercise 1
All the above questions should be submitted in one Word
document
Please understand that Plagiarism will not be tolerated
Submission Requirements
Font: Times New Roman, size 12, double-space
Citation Style: APA
Length: At-least 4 pages, make sure not to limit your work to 4
116. pages, but answer all the questions.
References: Please use citations and references where
appropriate
No Plagiarism
Assignment 3
Textbook:Information Technology and Organizational Learning
Please answer the Following
From Chapter 9 – Review the section on Establishing a Security
Culture. Review the methods to reduce the chances of a cyber
threat noted in the textbook. Research other peer-reviewed
source and note additional methods to reduce cyber-attacks
within an organization.
From Chapter 10 – Review the section on the IT leader in the
digital transformation era. Note how IT professionals and
especially leaders must transform their thinking to adapt to the
constantly changing organizational climate. What are some
methods or resources leaders can utilize to enhance their change
attitude?
Submission Requirements
Font: Times New Roman, size 12, double-space
Length: At least two pages
Citation Style: APA
References: Please use citations and references where
appropriate
117. No Plagiarism
Assignment 4
Please answer the following
Please explain the concept of globalization and the role
information technology has in the global market.
Submission Requirements
Font: Times New Roman, size 12, double-space
Citation Style: APA
Length: At-least 500 words
References: At least 2
No Plagiarism