The Desirability of Engagement Strategies Free Essay Example, 2000 words

Employee engagement is not the final objective of an effective organization. It is a way towards success. In reality, it is an important instrument because when the whole workforce is willingly aligned in favor of the organization s goals, data have shown that nearly all kinds of human capital costs diminish whilst market productivity rises. Employee engagement is an inimitable competitive advantage (Torrington, Hall, Taylor, 2008). The competitive advantage provided by an engaged workforce, the specific way engaged people to carry their commitment and enthusiasm to work, how they deal with or interrelate with their customers, is very difficult to imitate. It can be assessed and harnessed internally. However, employee engagement will only work when it is performed correctly. Sadly, there are numerous organizations that adopt engagement rules and processes as a universal remedy. Within this context, failure or frustration is certain. And the actual potential of engagement to realiz e preferred outcomes is misplaced. Engagement is never a universal remedy, but it is remarkably beneficial when it is used correctly in any organization. When an organization is genuinely and profoundly committed to examining its culture through a variety of engagement measures, it finds out that its current situation arose because of their habitual behavior towards its members (Torrington et al. , 2008). We will write a custom essay sample on The Desirability of Engagement Strategies or any topic specifically for you Only $17.96 $11.86/page

Peer Pressure - 1013 Words

Peer pressure From Wikipedia, the free encyclopedia Peer pressure is influence that a peer group, observers or individual exerts that encourages others to change their attitudes, values, or behaviors to conform the group norms. Social groups affected include membership groups, in which individuals are formally members (such as political parties and trade unions), or social cliques in which membership is not clearly defined. A person affected by peer pressure may or may not want to belong to these groups. They may also recognize dissociative groups with which they would not wish to associate, and thus they behave adversely concerning that groups behaviors.[citation needed] Contents [hide] 1 In Youth 2 Asch conformity 3 The Third†¦show more content†¦Jones, unable to explain to his students how the German populace could claim ignorance of the extermination of the Jewish people, decided to show them instead. Jones started a movement called The Third Wave and convinced his students that the movement is to eliminate democracy. The fact that democracy emphasizes individuality was considered as a drawback of democracy, and Jones emphasized this main point of the movement in its motto: Strength through discipline, strength through community, strength through action, strength through pride. The Third Wave experiment is an example of risk behavior in authoritarian peer pressure situations.[10][11] It is one useful tool in leadership. Instead of direct delegation of tasks and results demanding, employees are in this case, induced into a behaviour of self-propelled performance and innovation, by comparison feelings towards their peers. There are several ways peer pressure can be induced in a working environment. Examples include training and team meetings. In training, the team member is in contact with people with comparable roles in other organizations. In team meetings, there is an implicit comparison between every team member, especially if the meeting agenda is to present results and goal status.[12] Neural mechanisms[edit] Neuroimaging identifies the anterior insula and anterior cingulate as key areas in the brainShow MoreRelatedTaking a Look at Peer Pressure761 Words   |  3 Pages Peer pressure. No one can hear those two words and not feel bad in some way. Peer pressure happens in every school. Teens are being torn down by other teens. It is not okay to hurt anyone no matter what. Every year some kid runs away from home probable because of being peer pressured, peer pressure must be dealt with some way or another. If putting up laws helps get rid of peer pressure its worth it. Teen peer pressure has become a big problem in schools, and teens should be required to go aRead MoreThe Guide To Peer Pressure Essay949 Words   |  4 PagesPeer pressure should not be allowed because it may result in bad choices for the person experiencing it. Many kids entering high school, or middle school start experiencing all different kinds of peer pressuring. Whether it is encouraging you to join choir, track, o r dance. But, sometimes your friends can be pressuring you to try very dangerous things. For example, drugs, drinking, and dares that lead to very hard consequences. This is one of the toughest issues a teenageer will face. They feelRead MoreIs Peer Pressure Necessary?1047 Words   |  5 PagesIs Peer Pressure Necessary? By Hannah â€Å"Come on! Don’t be a wimp!† Words floated around Mike’s head. He was dizzy from all the things his supposed friends said to him. â€Å"You’re such a loser. Man up.† Mike dropped to the ground. Another voice hovered near his head. â€Å"Just do it.† Mike took the cigarette from his friend’s outstretched hand. It would be okay, right? Just once. Just once to fit in. He pushed the cigarette closer to his mouth, closing his hand around it like in the movies. It did notRead MorePeer Pressure Speech1520 Words   |  7 Pagesreally leading? There are two kinds of peer pressure. The Positive kind, and the Negative kind. The positive kind of peer pressure is, being pressured or convinced to do a certain task that you may not have had the confidence to complete or to do yourself. Another kind of positive peer pressure is when friends convince you not to do something that may not have been in your best interest. Negative peer pressure is just what it sounds like—It is when Peers try to make you think that they know whatRead MoreThe Problem Of Peer Pressure953 Words   |  4 PagesOf course everyone is different, but most teenagers deal with the same problems. Peer pressure, beauty, responsibility, and the future, are common for a teenager of all ages to face. These â€Å"problems† do not always have to be problems, most of the time they are out of worry. Friends play an important role in life, peer pressure is being influenced, but is not always by a friend. When thinking about peer pressure drugs and alcohol come to mind. Most teenagers try drugs or alcohol out of fear.Read MorePeer Pressure Essay693 Words   |  3 Pagesgeneration. Peer Pressure. We have all at one stage in our lives, experienced it. We all know what it feels like to be pressured by a peer. Peer pressure today impacts on kids of my generation in a huge aspect. Teenagers feel social pressure in numerous ways such as clothing, music and entertainment choices, to unsafe areas such as drugs, alcohol and smoking. During adolescence, kids emphasize their independence and explore their identity. Yet they still crave the approval of their peers and worryRead MoreEssay on Overcoming Peer Pressure573 Words   |  3 PagesThe ugly reality is that peer pressure reaches its greatest intensity at just the age when kids tend to be most insensitive and cruel. -- Walt Mueller, Understanding Todays Youth Culture Overcoming peer pressure always proves to be a challenge; being in the moment with the intention of rejecting the pressure tends to breed fear. There are all types of pressures in life from people, to possible addiction causing agents, and the desire to have fun. Personally at UC Irvine people may say thereRead MoreThe Effects Of Peer Pressure On Youth1237 Words   |  5 Pagesaccomplish goals. Peer pressure has been identified as a big impact on teenagers, and contrary to popular belief, Secure Teen (2013) has found that peer pressure may encourage positive influences on our youth. To promote motivation and a high self-esteem students could participate in groups to thrive in the classroom. These groups would be called N-I-A-F (No-one is a failure), not a typical study group or therapy, a community of academic socializing to motivate students toward success. Peers would encourageRead More Negative Peer Pressure Essay1511 Words   |  7 Pages This is usually the typical outcome o f a scene like this. It is called peer pressure. It can be disguised in many different forms. In this essay I am going to look at different ways in which teenagers can be influenced by peer pressure. Many teenagers experiment with cigarettes, drugs or alcohol. It is likely that they take their first cigarette, drink or drug because of pressure from peers or friends. The influence of friends who smoke is the main reason teenagersRead MorePeer Pressure Research Paper4619 Words   |  19 PagesYour peers are the people with whom you identify and spend time. In children and teens, they are usually, but not always, of the same age group. In adults, peers may be determined less by age and more by shared interests or professions. Peer pressure occurs when an individual experiences implied or expressed persuasion to adopt similar values, beliefs, and goals, or to participate in the same activities as those in the peer group. What Is Peer Pressure? Peer pressure exists for all ages. Three-year-old

Mobile Network Communications and Telematics †MyAssignmenthelp

Question: Discuss about the Mobile Network Communications and Telematics. Answer: Introduction: Under the BYOD scheme, the employees of Aztek will be granted with the permission to bring and use their devices in office for the execution and completion of office related tasks. Aztek is an Australian firm and there are no particular laws that have been set up in Australia for the surveillance of the employee devices in case of the outsourcing. There is no specific governance policy set up; however, the finance industry does have certain rules and guidelines in place. These specific rules around finance will be applicable as per the territory of operation by Aztek which would either be South Wales or it would be Australian Capital. There is a government body called Australian Securities and Investment Commission (ASIC) that governs the financial activities at the federal level in Australia along with the state and territory levels. An e-payments code is also defined under ASIC for the tracking, management and regulation of the electronic payments (Asic, 2017). If the organizations allow its employees to use or access the organizational components such as specific tools or applications outside of the office boundaries, then the Government of Australia provides them with the permission to carry out surveillance on such activities executed by the employees. There is act that has been set up for this purpose called NSW Act. The employee activities will be monitored by Aztek as per the principles under this act and also, the employees will be prevented from sharing the specific organizational details with any external entity. There are specific applications and software that can also be used for tracking of these activities. Workplace Privacy Act 2011 is an act that defined the steps that an organization may take to track and monitor the emails that are sent by the employees for sharing the organizational information. The logs of the mail server are captured and reviewed as per the norms of this act defined by Australian Government (Act, 2016). There are various unknown and unwanted communications that often take place in organizations that lead to the occurrence of security attacks. Telecommunications Act 1979 was defined to put a check on such activities by tracking and monitoring the communication integrity (Coe, 2011). It shall also be monitored by the rules under Intellectual Property. The privacy of the information associated with Aztek can also be secured and protected by the norms of Privacy Act (APP 5). It states that the employee-owned devices must never have the private or sensitive information of the company or any of its stakeholders. The access rights shall be provided only on the basis of the use role and any suspicious activity shall be immediately reported to the concerned authorities for information protection (Oaic, 2014). Security Posture Review of Aztek Many of the prevailing security norms and principles at Aztek shall be analyzed and updated after the implementation of BYOD in the company. Some of these updates will revolve around the security and usage of mobile devices, geographical strategies and security methods in general. The legal and political policies and rules that Aztek shall follow have been discussed in the section above. Security is another area in which there shall be certain modifications that must be made. After an analysis of the security aspect and status of Aztek, there are a few loopholes that have been observed. The organization is still using the old desktops, computer systems and networking devices that are based upon the outdated technology. It is also difficult or impossible to upgrade these systems to the latest concepts and advancements and this may lead to the emergence of many security attacks. The company is still using magnetic cards and readers for the purpose of identification of the resources and their identity. There shall be use of advanced measures for this purpose and it shall include the biometric recognition. Most of the servers, applications and systems are present in-house in Aztek. This may possess a great risk from the security point of view as there is a single failure point associated. There shall be use of virtual spaces and third party suppliers for server locations. Many updates need to be done on the legacy systems and databases also. The replacement of the devices all at once will demand a huge investment for Aztek. They should make sure that the replacement is done but it shall be carried out in a series of phases. This will ensure that the expenses can be easily met. The use of BYOD will ensure that the business continuity is maintained. Security of the Devices and Information For the organizations in which there is a single supplier or provider of all the devices and systems, the control and management in terms of security and tracking becomes easy. There are uniform policies that can be implemented so that the security is maintained. In the case of organizations that use outsourcing of the devices or systems, maintenance of security is rather difficult. In Aztek, employees will have the permission to get their devices as work. These devices will have varying properties and nature along with varied security capabilities and status. The application of a single policy to secure all these devices will not be a possibility. Therefore, development of suitable and proactive strategies will be required for the management and safety of all the devices and information (Curran, Maynes and Harkin, 2015). In case of Aztek, the common approaches that the organizations adapt to like locking of the devices beyond office network etc. would not work. The devices are the personal properties of the employees and they will have the right to use them outside of the office. The security strategies to be implemented will be required to be flexible and adaptable. One of the controls that may be applied may be in the form of restriction on usage of critical organizational applications beyond office network (Gillies, 2016). The devices of the employees will also bring in many attacks and risks from the security perspective. These devices may get broken, stolen or may also get lost. In case of their connectivity with the VPN at the time of any of such incident, the information will get disclosed to the party that may access the device. There shall be use of advanced trackers to track the devices in such events. Issues around authority and ownership may also come up in this case. The employees would want complete authority on their devices and may attempt to jailbreak the same to avoid the security controls set up by the organization. This would be hazardous for the device and for the security as well. This may lead to avoidance by the employees to bring and use their devices in office (Tokuyoshi, 2013). The device and information security shall be enhanced by restricting to some of the basic principles and mechanisms towards security. An analysis and investigation of the complete device and its properties must be done in adherence to the security policies of Aztek before it is approved for the usage. There shall be use of automated applications and trackers for the management of mobile devices. Remote management of the devices must be allowed along with the ability to wipe out all the information remotely. Critical and sensitive applications must not be accessible from the networks that are outside of the office location or VPN (Beckett, 2014). The applications that would belong to Aztek may get adversely impacted by mainly two forms of risks. These include malware threats and attacks along with the security weaknesses. There are several controls that are present for the avoidance and prevention of these two risk categories (Romer, 2014). The devices and the applications that are installed in these devices must always be scanned and updated to avoid security risks. Risk Assessment The process for risk assessment that shall be used in the case of Aztek shall have the framework which should include the definition of all the functionalities along with the categories that must be specified in terms of security and associated references. The process of security and risk management must include the identification, protection of the assets, control of the access, identification of the incidents, response planning and data recovery. The security measures must make sure that the information in the database and the one that is transmitted on the networks is secured and protected. There are various standards that have been set up to identify the security status of a particular organization. Tier 1: It is the security status of the organization in which the assets are partially protected and there are no formal definitions of the controls and measures to be applied. Tier 2: It is the security status in which the identification of the risks is completed and a formal definition is in place for the management of the risks. Tier 3: It is the state in which the leadership and management provide a go ahead on the security steps to be taken and the use of methods is also explained clearly. Tier 4: It is the state in which proactive and adaptive measures are taken that is ad-hoc in nature and there is no constant policy for the management of the risks. However, any of the risk or attack can be tackled in this state. Tier-4 is the state at which Aztek must work upon in order to reach so that the risks associated with the devices of the employees can be handled. The threats landscape is very dynamic in this case and would be possible to be handled only by the security mechanisms as defined under tier-4 (Singh et al., 2014). TVA Analysis (Threat Vulnerability Assessment) Name of the Risk Impact of the risk (5 being highest) Likelihood of the risk (5 being highest) Risk Ranking (Impact x Likelihood) Recommended strategy for risk control and management Breaching of the data and information sets 4 5 20 Avoidance strategy for the risks and attacks Leakage of the data and information sets 5 3 15 Avoidance strategy for the risks and attacks Loss of the data and information sets 5 3 15 Avoidance strategy for the risks and attacks Device loss or stealing 5 1 5 Mitigation strategy for the risks and attacks Insider Attacks Deliberate or Accidental 4 3 12 Transfer strategy for the risks and attacks Man in the Middle Attacks 4 4 16 Avoidance strategy for the risks and attacks IP Spoofing Threats 3 3 9 Avoidance strategy for the risks and attacks Exploitation of system and application vulnerabilities 4 3 12 Avoidance strategy for the risks and attacks Hacking of accounts 4 4 16 Mitigation strategy for the risks and attacks Denial of Service and distributed denial of service attacks 5 4 20 Avoidance strategy for the risks and attacks Malware Threats Virus, Worms, Ransomware, Logic Bombs, Spyware, Adware, Trojan Horses 4 4 16 Avoidance strategy for the risks and attacks Routing Control 4 2 8 Mitigation strategy for the risks and attacks Traffic Analysis and Monitoring 4 2 8 Avoidance strategy for the risks and attacks Social Engineering Risks and threats 4 3 12 Mitigation strategy for the risks and attacks Table 1: Risk Register for BYOD Countermeasures and Security Steps Many different countermeasures can be applied to control the risks and threats listed above in the table. Aztek must carry out a detailed planning for the management of the risks by defining the scopes, objectives and the goals that must be set up in terms of the BYOD scheme. The use of networks and the range of the devices must be considered for this. The prioritization in terms of the application of the treatment strategy or the handling of the identified risks must be set up. There shall be measures that must be taken for the analysis of the setting up of the priorities (Kumar and Singh, 2015). The risks that may have a higher likelihood of occurrence along with a higher impact especially on the sensitive data sets must be separately handled. These risks shall be treated with the highest priority. A mapping of the risks with the countermeasures to be applied shall be done. Not all the risks can be handled by using administrative checks only and not all of them would require extensive technical control. Such situations shall be decided on the basis of the type of risk (Stoecklin et al., 2016). There are many different types of controls that have been created for the purpose of risk handling and management. These control types along with their applicability has been described below. Preventive Controls: These are the types of controls which shall be applied for the enhancement of the basic security for the avoidance of the attacks from occurring in Aztek. The mechanisms like firewalls, access control and proxy servers would be included in this category. Detective Controls: The preventive controls may not always be successful and the malicious attackers may give shape to the attacks. The controls like intrusion detection, integrity checks along with maintenance of security logs shall be done for the detection of the attacks. Corrective Controls: In spite of the attack prevention and detection, the occurrence of the attacks may not be possible to be avoided. There are corrective controls that shall be applied in this case so that the damage can be controlled and corrected, for instance, information encryption (Blizzard, 2015). Deterrent Controls: The malicious entities must be made aware of the organization capabilities and readiness towards the attacks by informing them about the controls that they have taken. All of the policies and controls will be included in this category. Recovery Controls: Aztek must take the back up of their data sets so that in case of a risk occurrence, the damage is controlled and the recovery of the information sets and systems is possible. These controls would be included under this category. Compensating Controls: There can be use of alternate security controls in case of scenarios like unavailability of the desired control and likewise. These compensation controls shall be used in such cases. Data Information Security There are various assets that Aztek handles and manages. One of the most important and significant asset for the organization is its data sets. Out of the risks that have been listed in the risk assessment section of the report above, there are many risks that are specific only to the data and information security. There are many controls that can be applied for the purpose of securing the data like implementation of advanced access control mechanisms, recording and resolution of the incidents that are reported by the users, adherence to the best practices and standards, implementation of anti-malware packages and many others. The use of encryption techniques and user awareness sessions must be carried out as well. The data breaches in Aztek may occur due to several causes like malicious codes or attacks, system errors or user errors. With the implementation of the BYOD scheme, there will be many new forms of data security risks and attacks that will emerge. There will be increased likelihood of such attacks and the attacking surface will also enhance. It will be necessary to use advanced data protection and end-to-end security mechanisms. The employees may also be the carriers of the threats as they may disclose the information to the unauthorized entities or may also lead to device mismanagement. The security policies must be created for the protection of these forms of attacks as well. The employees shall be provided with the training sessions so that they may be aware of the risks and attacks that may occur. Many of the severe impacts may result out of these attacks in the form of legal risks and financial implications. The following measures must be taken for the protection of data and information. The logs that are maintained by the organization must include network logs, user activity logs and device logs and these logs must be reviewed regularly by using automated applications. Advanced Password Managers with the involvement of senior management must be present. The users shall be informed about the difference between strong passwords and weak passwords. They shall be encouraged to use strong passwords and PIN codes for data protection. The employees must not be allowed to access the critical applications on their home connections or public networks. Training sessions and schedules must be set up and executed so that the employees are made aware of the activities to be done and security practices to be followed. Information Classification Analysis of Security The data that will be handled by Aztek has been classified in different categories with different security mechanisms. Data Classified Type of information included in this category Type of Damage that may be caused Security policies and strategies applicable Extremely Sensitive Information Information such as social security number of the clients and the staff members, bank account details and credential to access the accounts The security risks and their occurrence can be extremely dangerous as there may be legal punishments and penalties along with financial penalties that may be applied by the victim These are the most critical data sets and shall be protected by using preventive, detection, deterrent, corrective and recovery controls. Viewing rights shall be given to CIO, CEO and Data Administrator with no updates allowed (Morrow, 2012). Internal Information: Confidential in nature Project information that will be covered by the organization, contractual terms with the third parties The customers will feel cheated and will avoid any form of engagement with the organization with the occurrence of such security risks and attacks (Yoo, Park and Kim, 2012) The use of technical and administrative checks must be done for data protection. Access must be given to senior management and senior officials in the security team. Modification shall be allowed to be made only by the Data Admin. Private Information Sets Internal strategies and decisions with set of plans and policies. Demographic details of the employees and the clients The stakeholders will feel cheated and will avoid any form of engagement with the organization with the occurrence of such security risks and attacks The use of technical and administrative checks must be done for data protection with application of preventive, detective and corrective controls. Access must be given to senior management and senior officials in the security team. Modification shall be allowed to be made only by the Data Admin and the Security Manager. Public Information Sets Set of services and products that are provided by the organization, contact details The market reputation and brand image of Aztek may negatively suffer Stakeholders shall be able to access and modify the information after the confirmation by the Data Admin. These must be protected using detective and preventive controls. Table 2: Classification of the Data Sets Security Strategies Conclusion Bring Your Own Devices (BYOD) is scheme that has been approved and is soon going to be implemented in Aztek. The issues and specific risk areas and their control measures have been specified. The main aim of Aztek is to provide its clients with the reliable and good quality financial services. There are several stakeholders associated with the organization that are working to achieve this goal. The BYOD scheme is also an attempt to achieve the same as the employees would be more comfortable with their personal devices leading to better operational services and efficiencies. The project has been evaluated as feasible from the operational perspective along with technical, political and organizational aspects. The specific rules around finance industry will be applicable on the BYOD project as per the territory of operation by Aztek which would either be South Wales or it would be Australian Capital. Workplace Privacy Act 2011 is an act that defined the steps that an organization may ta ke to track and monitor the emails that are sent by the employees for sharing the organizational information. Telecommunications Act 1979 was defined to put a check on unwanted communication activities by tracking and monitoring the communication integrity. Other applicable acts and policies include NSW, ASIC guidelines and Privacy Act. In Aztek, employees will have the permission to get their devices as work. These devices will have varying properties and nature along with varied security capabilities and status. The application of a single policy to secure all these devices will not be a possibility. Therefore, development of suitable and proactive strategies will be required for the management and safety of all the devices and information. Issues around authority and ownership may also come up in this case. The process of security and risk management in Aztek must include the identification, protection of the assets, control of the access, identification of the incidents, respons e planning and data recovery. It will also be necessary to use advanced data protection and end-to-end security mechanisms. References Act (2016). Workplace Privacy Act 2011. [online] Available at: https://www.legislation.act.gov.au/a/2011-4/current/pdf/2011-4.pdf [Accessed 27 Sep. 2017]. Asic (2017). ASIC Home | ASIC - Australian Securities and Investments Commission. [online] Asic.gov.au. Available at: https://asic.gov.au/ [Accessed 27 Sep. 2017]. Beckett, P. (2014). BYOD popular and problematic. Network Security, 2014(9), pp.7-9. Blizzard, S. (2015). Coming full circle: are there benefits to BYOD?. Computer Fraud Security, 2015(2), pp.18-20. Coe (2011). Telecommunications (Interception and Access) Act 1979. [online] Rm.coe.int. Available at: https://rm.coe.int/1680304330 [Accessed 27 Sep. 2017]. Curran, K., Maynes, V. and Harkin, D. (2015). Mobile device security. International Journal of Information and Computer Security, 7(1), p.1. Gillies, C. (2016). To BYOD or not to BYOD: factors affecting academic acceptance of student mobile devices in the classroom. Research in Learning Technology, 24(1), p.30357. Kumar, R. and Singh, H. (2015). A Proactive Procedure to Mitigate the BYOD Risks on the Security of an Information System. ACM SIGSOFT Software Engineering Notes, 40(1), pp.1-4. Morrow, B. (2012). BYOD security challenges: control and protect your most sensitive data. Network Security, 2012(12), pp.5-8. Oaic (2014). Chapter 5: APP 5 Notification of the collection of personal information| Office of the Australian Information Commissioner - OAIC. [online] Oaic.gov.au. Available at: https://www.oaic.gov.au/agencies-and-organisations/app-guidelines/chapter-5-app-5-notification-of-the-collection-of-personal-information [Accessed 27 Sep. 2017]. Romer, H. (2014). Best practices for BYOD security. Computer Fraud Security, 2014(1), pp.13-15. Singh, M., Sin Siang, S., Ying San, O., Hassain Malim, N. and Mohd Shariff, A. (2014). Security Attacks Taxonomy on Bring Your Own Devices (BYOD) Model. International Journal of Mobile Network Communications Telematics, 4(5), pp.1-17. Stoecklin, M., Singh, K., Koved, L., Hu, X., Chari, S., Rao, J., Cheng, P., Christodorescu, M., Sailer, R. and Schales, D. (2016). Passive security intelligence to analyze the security risks of mobile/BYOD activities. IBM Journal of Research and Development, 60(4), pp.9:1-9:13. Tokuyoshi, B. (2013). The security implications of BYOD. Network Security, 2013(4), pp.12-13. Yoo, S., Park, K. and Kim, J. (2012). Confidential information protection system for mobile devices. Security and Communication Networks, 5(12), pp.1452-1461.