HR Capabilities for Information Security Systems

Question: Discuss about the Report of HR Capabilities for Information Security Systems. Answer: The purpose of this literature review is to identify and evaluate the key issues on Human Resource (HR) capabilities for Information Security Systems Development (IISD) within the United Arab Emirates (UAE). The report, therefore, discusses the types of research that predominate the field along with the research philosophy and methodology. The report further undertakes a review of relevant literature to understand the viewpoint of the previous researchers and scholars about the issues in this field i.e. issues on HR capabilities for IISD. The literature review also undertakes a critique of the arguments and their supporting evidence presented by various authors in order to compare and contrast their approach and identified issues. In addition, the report also presents how the literature review has helped in broadening the understanding of the subject area and its impact on the development of the research topic. Part A: Research types In order to identify or explore the issues on human resource capabilities for information security systems development within the United Arab Emirates, previous researchers have adopted qualitative as well as quantitative researches, albeit, qualitative research types primarily dominate this field of study. Additionally, case study methods are employed to identify the issues on the selected topic of study (Panneerselvam 2014). Research methodology Research methodology can be understood as a blueprint of the research and provides guidance and direction to the research work. It includes research approach, research design as well as data collection methodology used to undertake the research. Therefore, research methodology can be understood as means that helps in reaching a firm conclusion and achieving research objectives. As the objective of this research objective is to explore the issues on human resource capabilities for information security systems development within the United Arab Emirates, positivism theory, deductive methodology and descriptive design of research has been employed. Moreover, for the collection of data, both primary and secondary methods of data collection have been used; and for the collection of primary data, non-probabilistic sampling methods have been used (Mackey and Gass 2015). Research philosophy The purpose of this study is to explore the issues on human resource capabilities for information security systems development that can be better understood by adopting positivism research philosophy (Knobe and Nichols 2013). The positivism philosophy helps in establishing the relation between the factual knowledge gained through observation and empirical studies with the research objectives. Therefore, positivism philosophy would help in recognizing the issues related to HR capabilities for IISD within UAE. Part B: In the late 20th century, United Arab Emirates first experienced the effectiveness of the Information Technology in their local market. UAE has been able to adopt the technology to such an extent that bank reports, audit works, government working and business activities became highly dependent on the use of IT. However, at the same time UAE experienced a growing need for data security in order to prevent the human-made as well as natural hazards with respect to maintenance of business continuity as well as the security of international and national investments. It has been identified by various studies that human resource plays a great role with regard to maintaining the information security system within the organization. As stated by Yahya et al. (2016), there are several areas of human resource management, which actively contribute to strengthening the information security system of the organization. The importance of these areas is described below: Building capability: In the current competitive marketplace, the organizations in UAE have perceived that more strategic approach to information security is highly necessary against the ever-increasing threat in the cyber world. Hall et al. (2011) has successfully identified that in order to mitigate the risks, it is necessary to develop a strategically enhanced and organization-wide defensive approach. On the other hand, Ahmed et al. (2015) argued that there is no scope to focusing solely on information security system as the 70 percent of all fraudulent incident regarding IT sector is internal. In support of this fact, the IT manager of Abu Dhabi Security Market has expressed the vulnerability against constant cyber attack irrespective of the system advancement. The information security system team is bound to prepare an effective data recovery plan (DRP) in order for the business organizations to maintain the security and identify the opportunity for data recovery. According to (Bada et al. (2014), the understanding of the information security laws as well as regulations are highly imperative for the information security professionals to be aware of every nuance of cyber threat to the organizations. On the other note, Atoum et al. (2014) revealed that the professionals of information security need to grasp the idea of contemporary circumstances of information assets and risks. It enhances the flexibility of the professionals to respond to the immediate threat. In the same context, the perception of the program sources, as well as programming ability also, plays a crucial role with respect to developing the essential capability of the information security experts (Ahmed et al. 2015). The human resource in UAE mostly emphasized on recruiting most efficient and expert professionals in order to develop the information security team. Atoum et al. (2014) expressed that it is a highly proficient strategy for developing the organizational capabilities for fighting against the contemporary cyber attack. However, Clemente (2015) contradicted that as the technical means of attack are changing in a rapid fashion the personal and professional development program for the information security professionals would be crucial for maintaining their technical competencies. Matching individual and organizational expectations: It has been identified by Al-Awadi and Saidani (2010) that information security professionals are highly expected to maintain several core principles in order for the organizations to enhance the level of security. These principles are defined as confidentiality, integrity as well as availability. However, Al-Khouri et al. (2014) revealed that organizational expectations from the professionals are based on compliance with several security policies. These policies are ranged from organizational to issue-specific to system-specific. On the other note, Elbeltagi et al. (2013) disclosed that the majority of the information security professionals are highly inclined towards their career progression. Considering this particular fact, the human resource sector of UAE has concentrated on the initiating personal and professional development program for the information security professionals. This facility allows the experts to enhance their skill and abilities in the advanced technology application Vogel and Broer (2013). In various extensive studies, it has been observed that the continuous professional learning help the experts to anticipate as well respond well to the technical vulnerabilities. This particular strategy also benefits the employees, as they are able to enhance their abilities. On the contrary, Vacca (2013) stated that the already employed professionals lack necessary enthusiasm to continue with the personal as well as professional development program arranged by human resource department. In order to match the individual and organizational expectations, the human resource departments in UAE are immensely driven by several goals of information security governance. According to Lowry et al. (2015), the information security governance generally focuses on several crucial areas which are highly competent to maintain the amalgamation of individual and organizational expectations. These areas are strategic alignment, risk management, resource management, performance management as well as value delivery. Strategic Alignment: As per the study of Al-Khouri et al. (2014), it has been revealed that human resource departments need to ensure the understanding of benefits, policies, strategy, service levels as well as security costs in a transparent manner. On the same note, development of information security policies has been proved as a major factor. In addition to that, the information security policy, strategy as well as control framework has to be also communicated efficiently. On the other hand, Singh and Sharma (2015) disclosed that the security incidents must be defined in terms of business impact. The clear perception of the relation of IT resources as well as business impact risk will be essential for matching the individual and organizational expectations. Risk Management: Various IT firm in UAE must follow several goals in order to manage as well as mitigate the risks as well as potential impacts. The foremost goal is protecting all information assets along with reducing chances of security risk on the information asset. Ahmed et al. (2015) revealed that it could be conducted only by assessing the level of risk potentiality in a regular manner. However, contradicting the above statement Bada et al. (2014) argued that the organizations must restrict the access of sensitive data to authorized personnel. The IT continuity plan plays a major factor to mitigate the risk on information asset as well. Resource Management: Atoum et al. (2014) that the knowledge as well as the infrastructure of information security can be confirmed as most effective for matching the individual as well as organizational expectations have identified it. As every information security professional is inclined to receive appropriate acknowledgment for their capabilities, they would likely to appreciate their designation where they can explore their abilities. In the same context, the organizations will be benefitted they would not waste any resources, which will help them against the rising cyber threat. However, Clemente (2015) reveals that the organization must follow several core principles in order to maintain proper resource management, which are Maintaining integrity Avoiding and Recovering from error or deliberate threat Protecting all information assets Performance Management: In order to evaluate the performance of the information security professionals properly, the organizations need to work on several principles Lowry et al. (2015). The organizations must identify the individual incidents that have damaged the organizational reputation. Moreover, the systems those are not capable enough to meet the security requirement must be pointed out. The organizations also have to perceive the necessity of changing, removing as well as granting access. In addition to that, the organizations must focus on every dispute or mistake occurred in an overall security system in a crucial manner. Although, these responsibilities depend on the information security professionals, must be monitored by the organization as well. Value Delivery: As stated by Vogel and Broer (2013), the information security professionals must focus on initiating the security system that supports the objectives of the organizations. In order to deliver the value with optimal investment levels, the organization must ensure trustful information exchange as well as automated business transactions. The organization also need to availability as well as minimum interference of IT service. However, at the same time, the organizations also have to focus on minimizing the security vulnerabilities of the business impact Vacca (2013). Increasing security strength: In the absence of central national cyber security body, UAE organizations are highly vulnerable to the constant cyber threat (Forstenlechner et al. 2012). In order to reduce the cyber threat along with increasing the strength of information security, the organizations must focus on alternative options to develop a preventive approach. In this context, Marchon and Toledo (2014) identified that majority of the organizational firms have focused on developing a highly impressive education as well as a training system for the information security professionals. This approach is highly critical for enhancing the technical skills and abilities of the security experts so that they are able to response to any cyber threat. In the same context, it has also been observed that numerous business organizations have been focused on highly strict management practices within their organizations. The major focus of their business approach has been critical monitoring of every dispute and mistakes in t heir security system so that they can always be ready for any critical situation. However, Vassilopoulou et al. (2015) revealed that it is not sufficient for the organizations to focus only on the training program and management practice. There are several organizations who has taken the initiative to make a collaboration with the educational as well as research institutions to produce most efficient human resource workforce as well as greater technology. This way they organizations can effectively make a contingency plan for their future information security approach. Managing compensation expectation: As the information security is one of the most important elements of successful future for the organizations, the information security professionals are likely to expect an impressive remuneration for their service. According to Singh and Sharma (2015), the human resource department of various firms in UAE greatly recognize this fact and take proper action. The human resource department believes that proper compensation for their service will be a major tool to encourage them towards their task. It will motivate them to acquire highest job satisfaction so that they will be motivated to secure the information assets of the organization. However, Clemente (2015) contradicts that the rewarding on the basis of their performance appraisal are considered as the most popular mean of compensating the information security professionals. It will ensure a better effort from them to perform well in their task. Talent Management: The human resource departments in UAE are highly responsible for acquiring most talented workforce with respect to information security. According to Hall et al. (2011), they evaluate each and every candidate based on their skills, knowledge as well as experiences. As stated by Singh and Sharma (2015), the most talented workforce generally equates better performance of information security. In the same context, Singh. and Sharma (2015) commented that the human resource department needs to place every professional according to their own skills so that they will get a better scope for performing. Part C: With the advancement of technology, the importance of Information Security Development cannot be understated. Information Security Systems Development is highly important in order to ensure the quality and the efficiency of the service. Every form of official work and business activity has started getting dependent on IT. However, this also poses a serious threat to the question of data security. For this reason, recruitment of the very talented and highly skilled IT professionals has become necessary in UAE. I have come across critics claiming that in most of the situations, there is an internal threat to an IT database of an organization. However, it cannot be denied that external threats are equally malicious, and if an organization does not take steps, I believe it can lead to data theft, vandalism and even disruption of service. Since this may lead to a serious damage and subsequent loss of the financial position of an organization, the HR of the organization must play an important role in mitigating the risk of data theft, by recruiting the most deserving candidates. I think the HR primarily need to identify the source of threats to the IT database, and should accordingly frame security policy guidelines. Besides, recruiting the most qualified as well as experienced experts for the position of IT security professionals. I also think that if the professionals lack sufficient knowledge and understanding, the Cyber training programs for polishing their IT skills, is to be arranged by the HR department. Further, before an employee resigns from the organization, the HR must ensure that he has not stolen any sensitive data from the particular organization. Above all, the HR must ensure that the IT professionals receive sufficient employment benefits, including the salary, incentive, and other allowances, so that they do not leave the organization. Nearly 60% of employees steal data before they leave their jobs, and hence employee satisfaction plays an integral role in the information Security Systems Development in UAE. Reference List: Ahmed, A.M.M.B., Ramadan, M.Z. and Al Saghbini, H., 2015. Sustainable Improvement for United Arab Emirates' SMEs: A Proposed Approach.International Journal of Customer Relationship Marketing and Management (IJCRMM),6(3), pp.25-32. Al-Awadi, K. and Saidani, M., 2010,"Justifying the need for a data security management plan for the UAE", Information Management Computer Security, Vol. 18 Iss 3 pp. 173 184 Al-Khouri, A.M., Farmer, M. and Qadri, J., 2014. A government framework to address identity, trust and security in egovernment: The Case of UAE Identity Management Infrastructure.European Scientific Journal,10(10). Atoum, I., Otoom, A. and Abu Ali, A., 2014. A holistic cyber security implementation framework.Information Management Computer Security,22(3), pp.251-264. Bada, M., Creese, S., Goldsmith, M., Mitchell, C. and Phillips, E., 2014. Computer Security Incident Response Teams (CSIRTs): An Overview. Clemente, C.J., 2015. Development of an Information Technology Management Model for Madinat Zayed and Ruwais Colleges in Abu Dhabi, United Arab Emirates.Review of Integrative Business and Economics Research,4(1), p.184. Elbeltagi, I., Al Sharji, Y., Hardaker, G. and Elsetouhi, A., 2013. The role of the owner-manager in SMEs adoption of information and communication technology in the United Arab Emirates.Journal of Global Information Management (JGIM),21(2), pp.23-50. Forstenlechner, I., Madi, M.T., Selim, H.M. and Rutledge, E.J., 2012. Emiratisation: determining the factors that influence the recruitment decisions of employers in the UAE.The International Journal of Human Resource Management,23(2), pp.406-421. Hall, J. H., Shahram, S. Thomas, A., Mazzuchi., 2011,"Impacts of organizational capabilities in information security", Information Management Computer Security, Vol. 19 Iss 3 pp. 155 176 Knobe, J. and Nichols, S. eds., 2013.Experimental philosophy(Vol. 2). Oxford University Press. Lowry, P.B., Posey, C., Bennett, R.B.J. and Roberts, T.L., 2015. Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust.Information Systems Journal,25(3), pp.193-273. Mackey, A. and Gass, S.M., 2015.Second language research: Methodology and design. Routledge. Marchon, C. and Toledo, H., 2014. Re-thinking employment quotas in the UAE.The International Journal of Human Resource Management,25(16), pp.2253-2274. Panneerselvam, R., 2014.Research methodology. PHI Learning Pvt. Ltd.. Singh, A. and Sharma, J., 2015. Strategies for talent management: a study of select organizations in the UAE.International Journal of Organizational Analysis,23(3), pp.337-347. Vacca, J.R. ed., 2013.Managing information security. Elsevier. Vassilopoulou, J., Tatli, A., Ozbilgin, M., Pinnington, A.H. and Alshamsi, A.M., 2015. Identifying Effective Talent Management Policies and Practices in the United Arab Emirates (UAE).Comparative Political and Economic Perspectives on the MENA Region, p.292. Vogel, M. and Broer, V., 2013. Security Compliance MonitoringThe next Evolution of Information Security Management?!. InISSE 2013 Securing Electronic Business Processes(pp. 183-194). Springer Fachmedien Wiesbaden. Yahya, F., Walters, R.J. and Wills, G.B., 2016, June. Goal-based security components for cloud storage security framework: a preliminary study. In2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)(pp. 1-5). IEEE.