cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Why good people do bad things

An extremely interesting article has been published on the Australian commission into banking practices.  We tend to be directed to banking literature for a number of aspects of risk management, but this says some really interesting things about ethics.

 

Once upon a time, Number Two Daughter worked for a leasing company.  I think she was still working for them when she opined that the further you got from selling something specific and real, the more dangerous the ethical quagmire became, and that selling leasing was about as close as you could come to selling nothing.

Here in Canada we've just had a round of investigations into the banks and their sales practices.  Our banks have similar characteristics of those described: big and monolithic.

The Daughters, and therefore, we, know a number of people who work for the banks.  I was amused by the "they'll employ anyone" comment in the article, because, although I assume it's true, it's sort of a Hotel California situation.  You can sign on any time you like, but you can never leave.  Once you are in the bank, your work, your social life, sometimes even your relationships and marriage are kind of confined to the bank.

Various parties and social functions are arranged by the bank and, while not exactly put down on your timesheet, your job performance reflects whether you attend a sufficient number.  It's hard to do that and maintain a separate social life as well.  And, once in, it can be hard on "non-bank" relationships, so it's easier to marry someone already in the cult sorry, bank, who understands the requirements.

There can be good reasons for this.  Banks, as much and possibly more than most companies, are alert to security and insider risks.  Having close relationships with all employees is one way to address these issues.

But the various aspects of groupthink (and, while the article raises a number of factors and then seems to note groupthink as a separate one, while I tend to think of all those factors as characteristics of groupthink) can, as the article notes, lead to failures in critical thinking and, in particular, failures in ethical consideration.

As noted in one of the quotes, "Unfortunately, I don't think I can control away inappropriate advice in every instance.  Some people, the minority, may, for whatever reason, be dishonest, put their own interest before others. I can't control that away."

It's extremely hard (probably impossible) to "control" for insider risk.  It's equally hard to "control" for ethics.  We are supposed to adhere to our code of ethics.  But, as I have frequently noted to my seminars, when trying to deal with the ethics area, there are some CISSPs who, after I've shaken hands with them, I count my fingers.

 

I hope you don't just read this and think that it's a good thing you don't work for a bank.  (Unless you work for a bank.)  Any large organization can develop the same characteristics.  That includes the companies you work for.  It also includes large bodies such as ISC2, and even just the international community of certificate holders.

The price of ethical behaviour is constant vigilance ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
6 Replies
CISOScott
Community Champion

I once attended an ethics presentation and the title was "What is the price of your ethics?". It revolved around a story of a Navy Captain who was caught stealing a $13 watch from a junior enlisted persons locker. He was fired from the Navy, suffered public humiliation before being discharged, lost some rank, and had his pension negatively affected, all over a $13 watch. So the price of his ethics was $13. He lost a six figure income over $13. Based on the low price of his ethics, I am pretty sure he didn't tell his wife the real reason he was fired.

 

The best ethics presentation I saw was one from an attorney. Every year at the annual employee gathering (on company time, not some forced after-hours activity) he would read his ethics poem which would intertwine the ethics rules and incidents that had happened so that it made the required annual ethics presentation both fun and memorable. People would actually anticipate being able to hear the "new poem" for this year. One memorable line was " If you want you career to go far, don't have sex in a bureau car." 

 

I'm sorry, but that place you described would have me looking for a new job immediately. I am totally against having my place of employment tell me how to spend my free time. I understand having some rules to prevent insider threat like having to ask permission to perform a second job, not working in certain industries that would reflect poorly on your main employer, or other rules about permissible after-hours activities, etc., but forced after-hours functions and tracking of who attends and basing your job performance on after-hours events is too controlling for me. Sounds like someone at the top had trouble making friends and led a very boring social life so they have to force their employees to have play dates with them. As an investigator of insider threats I can tell you that the scenario you described does nothing to diminish insider threats and instead actually makes an insider's job easier. It helps with collusion, helps with the ability to gather how the system works, what mechanisms are in place to prevent fraud, etc.. So I would love to know their reasoning behind it and see the data that proves me wrong.

Flyslinger2
Community Champion

 


@CISOScott wrote:

I once attended an ethics presentation and the title was "What is the price of your ethics?". It revolved around a story of a Navy Captain who was caught stealing a $13 watch from a junior enlisted persons locker. He was fired from the Navy, suffered public humiliation before being discharged, lost some rank, and had his pension negatively affected, all over a $13 watch. So the price of his ethics was $13. He lost a six figure income over $13. Based on the low price of his ethics, I am pretty sure he didn't tell his wife the real reason he was fired.

 



The cost of this $13 is huge. If you factor the principle of interest on his investments, his annual salary increases and other perks, etc., he could have bought a Rolex upon his retirement! 

billclancy
Contributor I

I frequently remind my co-workers..."Nothing in this building is worth killing the golden goose of your salary"
bhangad
Viewer

nice and very heart touching. 

jiuer7845
Viewer

https://www.yeezyslidess.us.com/ Yeezy Slides https://www.yeezyslidess.us.com/category/yeezys-350/ Yeezy 350 https://www.yeezyfoamrunner.net/ Yeezy Foam Runner https://www.yeezyslides.us.com/ Yeezy Slides https://www.yeezy-shoes.us.com/ Yeezy Shoes https://www.yeezy-shoes.us.com/category/yeezys-slides/ https://www.yeezy-supplys.us.com/ Yeezy Supply https://www.yeezy-foamrunner.com/ Yeezy Foam Runner https://www.yeezyshoess.us.com/category/yeezys-slides/ https://www.yeezyshoess.us.com/ Yeezy Shoes https://www.yeezysupplys.us.com/ Yeezy Supply https://www.yeezyslidess.com/ Yeezy Slides https://www.yeezyslidess.us.com/ Yeezy Slides https://www.yeezyfoamrunner.net/ Yeezy https://www.yeezyslides.us.com/ Yeezy Slides Website https://www.yeezy-shoes.us.com/ Yeezy https://www.yeezy-supplys.us.com/ Yeezy Shoes https://www.yeezy-foamrunner.com/ Yeezy https://www.yeezy-supplys.us.com/category/yeezys-slides/ Yeezy Slides https://www.yeezyshoess.us.com/ Yeezy Shoes For Women https://www.yeezysupplys.us.com/ Yeezy https://www.yeezyslides.us.com/category/yeezys-500/ yeezy 500 https://www.yeezyslidess.com/ Yeezy Slides 2022 https://www.yeezyoutlets.com/ Yeezy Outlet https://www.yeezyoutlets.com/category/yeezys-350/ https://www.yeezysupplywebsite.com/ Yeezy Supply Website https://www.yeezysupplywebsite.com/category/yeezys-350/ https://www.yeezystore.org/ Yeezy Store https://www.yeezyshoess.us.com/category/yeezys-350/ https://www.yeezystore.org/category/yeezys-350/ https://www.yeezysupplyshipping.com/ Yeezy Supply https://www.yeezysupplyshipping.com/category/yeezys-350/ https://www.yeezyslidesprice.com/ Yeezy Slides Price https://www.yeezysofficialwebsite.com/ Adidas Yeezy Official Website https://www.yeezysofficialwebsite.com/category/yeezys-380/ https://www.yeezy-supplys.us.com/category/yeezys-350/ https://www.yeezy-supplys.us.com/category/yeezys-380/ https://www.yeezy-shoes.us.com/category/yeezys-350/ https://www.yeezy-supplys.us.com/sitemap.xml https://www.yeezyoutlets.com/sitemap.xml https://www.yeezystore.org/sitemap.xml https://www.yeezysupplywebsite.com/sitemap.xml https://www.yeezyslidess.us.com/sitemap.xml https://www.yeezyfoamrunner.net/sitemap.xml https://www.yeezyslides.us.com/sitemap.xml https://www.yeezyslidesprice.com/sitemap.xml https://www.yeezyslidess.us.com/sitemap.xml https://www.yeezy-shoes.us.com/sitemap.xml https://www.yeezysupplyshipping.com/sitemap.xml https://www.yeezysofficialwebsite.com/sitemap.xml https://www.yeezyshoess.us.com/sitemap.xml https://www.yeezyslidess.com/sitemap-misc.xml https://www.yeezyslidess.com/sitemap-post-2022.xml https://www.yeezyslidess.com/sitemap-post-2015.xml https://www.yeezyslidess.com/sitemap-post-2014.xml https://www.yeezyslidess.com/sitemap-post-2013.xml https://www.yeezyslidess.com/sitemap-blocks-2016.xml https://www.yeezyslidess.com/sitemap-product-2024.xml https://www.yeezyslidess.com/sitemap-featured_item-2016.xml https://www.yeezyslidess.com/sitemap-category.xml https://www.yeezyslidess.com/sitemap-post_tag.xml https://www.yeezyslidess.com/sitemap-product_cat.xml https://www.yeezyslidess.com/sitemap-featured_item_category.xml https://www.yeezyslidess.com/sitemap-page.xml https://www.yeezy-supplys.us.com/sitemap-misc.xml https://www.yeezy-supplys.us.com/sitemap-post-2024.xml https://www.yeezy-supplys.us.com/sitemap-post-2022.xml https://www.yeezy-supplys.us.com/sitemap-post-2015.xml https://www.yeezy-supplys.us.com/sitemap-post-2014.xml https://www.yeezy-supplys.us.com/sitemap-post-2013.xml https://www.yeezy-supplys.us.com/sitemap-blocks-2016.xml https://www.yeezy-supplys.us.com/sitemap-product-2024.xml https://www.yeezy-supplys.us.com/sitemap-featured_item-2016.xml https://www.yeezy-supplys.us.com/sitemap-category.xml https://www.yeezy-supplys.us.com/sitemap-post_tag.xml https://www.yeezy-supplys.us.com/sitemap-product_cat.xml https://www.yeezy-supplys.us.com/sitemap-featured_item_category.xml https://www.yeezy-supplys.us.com/sitemap-page.xml https://www.yeezyshoess.us.com/sitemap-misc.xml https://www.yeezyshoess.us.com/sitemap-post-2022.xml https://www.yeezyshoess.us.com/sitemap-post-2015.xml https://www.yeezyshoess.us.com/sitemap-post-2014.xml https://www.yeezyshoess.us.com/sitemap-post-2013.xml https://www.yeezyshoess.us.com/sitemap-blocks-2016.xml https://www.yeezyshoess.us.com/sitemap-product-2024.xml https://www.yeezyshoess.us.com/sitemap-featured_item-2016.xml https://www.yeezyshoess.us.com/sitemap-category.xml https://www.yeezyshoess.us.com/sitemap-post_tag.xml https://www.yeezyshoess.us.com/sitemap-product_cat.xml https://www.yeezyshoess.us.com/sitemap-featured_item_category.xml https://www.yeezyshoess.us.com/sitemap-page.xml

leekimjd
Newcomer III

That's very well said about insider threat and insider risk. But even within the financial services sector (or as to banks themselves), they have different security postures and risk appetites. For anyone who wants to start developing or is trying to revamp their insider threat program, I would recommend this guide from CERT/CC: https://insights.sei.cmu.edu/library/common-sense-guide-to-mitigating-insider-threats-seventh-editio... - their insider threat research team is fabulous - as is their guidance.

 

Lee Kim

2024 board of directors candidate

www.linkedin.com/in/leekim