The Chief Information Security Officer: An Exploratory Study

The proliferation and embeddedness of Information Technology (IT) resources into many organizations’ business processes continues unabated. The security of these IT resources is essential to operational and strategic business continuity. However, as the large number of recent security breaches at various organizations illustrate, there is more that needs to be done in securing IT resources. Firms, through organizational structures, usually delegate the management and control of IT security activities and policies to the Chief Information Security Officer (CISO). Nevertheless, there seem to be a number of firms without a CISO and for the ones that do, there is little consensus regarding who the CISO should be reporting to. This exploratory study investigates the organizational security reporting structures using a dataset of all the firms that hired a CISO between 2010 and 2014. The results suggest that the number of firms hiring CISOs is increasing and that the hired CISOs are predominantly coming from outside the firm. Also, CISOs who are hired to fill newly created positions tend to report to the CEO whereas replacement hires for existing positions tend to report to the CIO. These findings have implications for both academics and practitioners

Environmental modelling of the Chief Information Officer

Since the introduction of the term in the 1980’s, the role of the Chief Information Officer (CIO) has been widely researched. Various perceptions and dimensions of the role have been explored and debated. However, the explosion in data proliferation (and the inevitable resulting information fuelled change) further complicates organisational expectations of the CIOs role. If organisations are to competitively exploit the digital trend, then those charged with recruiting and developing CIOs now need to be more effective in determining (and shaping) CIO traits and attributes, within the context of their own organisational circumstances and in line with stakeholder expectations. CIOs also need to determine their own suitability and progression within their chosen organisation if they are to remain motivated and effective. Before modelling the role of the future CIO, it is necessary to synthesise our current knowledge (and the lessons learnt) about the CIO. This paper, therefore, aims to identify and summate the spectrum of key researched ‘themes’ pertaining to the role of the CIO. Summating previous research, themes are modelled around four key CIO ‘dimensions’, namely (1) Impacting factors, (2) Controlling factors (3) Responses and (4) CIO ‘attributes’. Having modelled the CIOs current environment, and recognising the evolving IT enabled information landscape, the authors call for further research to inform the recruitment and development of the future CIO in terms of personal attributes and the measurable impact such attributes will have on their respective organisation

The Qualified Legal Compliance Committee: Using the Attorney Conduct Rules to Restructure the Board of Directors

The Securities and Exchange Commission introduced a new corporate governance structure, the qualified legal compliance committee, as part of the professional standards of conduct for attorneys mandated by the Sarbanes-Oxley Act of 2002. QLCCs are consistent with the Commission\u27s general approach to improving corporate governance through specialized committees of independent directors. This Article suggests, however, that assessing the benefits and costs of creating QLCCs may be more complex than is initially apparent. Importantly, QLCCs are unlikely to be effective in the absence of incentives for active director monitoring. This Article concludes by considering three ways of increasing these incentives

Whistleblowing and corporate governance: Accidental allies or lifetime partners?

This paper discusses various issues of whistleblowing, from imposing liability on any employee for failing to act when faced with any corporate wrongdoing, to exploring the legislative protection that would be available to him, should he decide to do so. Whistleblowing has long been seen as a terrible thing to engage in, offering little or no benefit to the whistleblower involved. However, several key legislations, such as the United States Sarbanes-Oxley Act 2002, the United Kingdom’s Public Interest Disclosure Act 1998, along with Malaysia’s very own Capital Market Services Act 2007, show that whistleblowing has come a long way. All these Acts, while conceived for different purposes, all share common traits, to recognize and legitimatize the act of whistleblowing and to provide sufficient protection to whistleblowers. All this is done with the hope that the stigma that is frequently associated with whistleblowing is removed, in order to encourage more employees to bring to light corporate misconduct, as well as to encourage more voluntary whistleblowing in order to promote and enhance transparency and accountability in corporate governance

“Canada’s Roll of Honour”: Controversy over Casualty Notification and Publication During the Second World War

During the Second World War, the Canadian Army’s announcement of casualties to next–of–kin and the press often caused controversy. Even though the army tried to notify the family and public as quickly as possible, it could not always do so. Unofficial communications with the family, procedural failures, and more frequently press and censorship errors, cause occasional mistakes in casualty reporting. Moreover, the interests of Canada’s allies often prevented the timely publication of casualty names and figures, as in the aftermath of the Dieppe Raid, Sicily campaign and Normandy landings. These delays were often for alleged security reasons, sometimes with questionable justification. This led to widespread, albeit inaccurate, suspicion of political manipulation of this process by the Canadian Army and federal government

The Qualified Legal Compliance Committee: Using the Attorney Conduct Rules to Restructure the Board of Directors

The Securities and Exchange Commission introduced a new corporate governance structure, the qualified legal compliance committee, as part of the professional standards of conduct for attorneys mandated by the Sarbanes-Oxley Act of 2002. QLCCs are consistent with the Commission\u27s general approach to improving corporate governance through specialized committees of independent directors. This Article suggests, however, that assessing the benefits and costs of creating QLCCs may be more complex than is initially apparent. Importantly, QLCCs are unlikely to be effective in the absence of incentives for active director monitoring. This Article concludes by considering three ways of increasing these incentives

The 'Cat's Paw of Dictatorship': State Security and Self-Rule in the Gold Coast, 1948 to 1957

On February 28th, 1948, a deadly police shooting at a veteran’s demonstration in the Gold Coast sparked three days of rioting in the capital city of Accra and surrounding communities. It was the first crisis of its kind for the British colony and a clear indication of the shifting political realities of the post-war era. Though colonial rule had been in place for several generations, the people of the Gold Coast would increasingly balk at an imperial system that denied them a voice in their own government. The following nine years would witness the Gold Coast’s extraordinary transition from British colony, to self-ruled territory, and eventually an independent state that renamed itself the Republic of Ghana.In the more than sixty years since Ghana’s independence in 1957, scholars and commentators alike have recognized the February riots as a turning point in Ghanaian and imperial history, signaling the new wave of decolonization that would sweep across sub-Saharan Africa in the years to follow. What has remained unknown and relatively unstudied is the fact that the riots also compelled the development of a government intelligence network in the Gold Coast. Before British officials accepted that colonial rule was as its end in West Africa, they sought to safeguard the state by providing it a domestic intelligence organization. This organization operated throughout the terminal years of British rule in the Gold Coast and succeeded in both altering the nature of the colonial state and the process of decolonization in unexpected ways.This dissertation interrogates the role of government intelligence in the Gold Coast between the years of 1948 and 1957. By examining police superintendents, Security Service officers, and colonial administrators, it reconstructs the establishment and application of intelligence resources to better understand the process and politics of decolonization in the Britain’s West African empire

Semi-Annual Report to Congress for the Period of April 1, 2011 to September 30, 2011

[Excerpt] I am pleased to submit this Semiannual Report to Congress, which highlights the most significant activities and accomplishments of the U.S. Department of Labor (DOL), Office of Inspector General (OIG) for the six-month period ending September 30, 2011. During this reporting period, our investigative work led to 226 indictments, 172 convictions, and $50.9 million in monetary accomplishments. In addition, we issued 40 audit and other reports which, among other things, recommended that$677.1 million in funds be put to better use. OIG audits and investigations continue to assess the effectiveness, efficiency, economy, and integrity of DOL’s programs and operations. We also continue to investigate the influence of labor racketeering and/or organized crime with respect to internal union affairs, employee benefit plans, and labor-management relations. In the employment and training area, an OIG audit of Recovery Act funds spent on green jobs found that with 61 percent of the training grant periods having elapsed, grantees have achieved just 10 percent of their job placement goals. We recommended that the Employment and Training Administration (ETA) evaluate the program and obtain estimates of the need for the remaining $327 million of unspent grant funds. Another OIG audit found that ETA needs to better ensure that the Job Corps’ outreach and admissions service providers enroll only eligible students. If ETA’s recent and planned changes to the Job Corps’ student enrollment process are effectively implemented, then we estimate that nearly$165 million in funds could be put to better use by ensuring only eligible students are enrolled. Another audit estimated that up to $124 million in Workforce Investment Act funding was spent on training participants who did not obtain training-related employment, or information was insufficient to make the determination that training-related employment was obtained. An OIG investigation found a pattern of misconduct involving the Veterans’ Employment and Training Services (VETS) Assistant Secretary and two other senior VETS officials, which reflected a consistent disregard of Federal procurement rules and regulations. The Assistant Secretary and his Chief of Staff resigned following the issuance of our report. Our investigations continued to identify vulnerabilities and fraud in DOL programs. For example, an investigation resulted in two business owners being sentenced to more than three years in prison and ordered to forfeit$2.8 million as a result of their roles in an H-1B visa fraud conspiracy. Another investigation resulted in the owner of a medical practice group being sentenced to serve more than a year in prison and ordered to pay more than $2.5 million in restitution for fraudulent billings that were submitted to DOL’s Office of Workers’ Compensation Programs, Medicaid, Medicare, and private insurance companies. OIG investigations also continue to combat labor racketeering in the workplace. For example, one major investigation resulted in the sentencing of the former secretary-treasurer of the District Council of Carpenters to 11 years in prison and restitution of$5.7 million for receiving prohibited payments from contractors to allow the underpayment of contributions to the union-sponsored benefit plans, resulting in financial harm to union members. Another OIG investigation led to a former Plumbers Union worker being sentenced to three and one-half years in prison, among other things, after pleading guilty to charges of theft from an employee benefit plan and embezzlement of approximately $412,000 in union dues. The OIG remains committed to promoting the integrity, effectiveness, and efficiency of DOL. I would like to express my gratitude to the professional and dedicated OIG staff for their significant achievements during this reporting period. I look forward to continuing to work with the Department to ensure the integrity of programs and that the rights and benefits of worker and retirees are protected

The Obama Administration and the Press: Leak Investigations and Surveillance in Post-9/11 America

U.S. President Barack Obama came into office pledging open government, but he has fallen short of his promise. Journalists and transparency advocates say the White House curbs routine disclosure of information and deploys its own media to evade scrutiny by the press. Aggressive prosecution of leakers of classified information and broad electronic surveillance programs deter government sources from speaking to journalists