Assess Organizational Readiness (Essay Sample)

Assess Organizational Readiness Name Institution  According to McNulty (2007), Flayton electronics experienced a breach in their data security. This owes to the reality that thieves stole social security numbers, credit card information, bank account information, and email addresses. The number of these cases was estimated at around 1,500 cases or more. However, the organization was undecided of the best decision forward because of the circumstances that surrounded the breach. For instance, the secret service required Flayton’s management not to disclose the information to the public, while some State laws required the organization to disclose such information to the public. This paper discusses Flayton’s critical success factors, risk culture, organizational readiness, project benefits, the initial risk categories, and recommendations for risks present at Flayton Electronic’s. The term critical success factors could be understood as the traits, variables, or conditions that have a serious and immediate influence on the performance of an organization. Flayton electronics had critical success factors that ascertained the organization’s competitive advantage. As a matter of fact, critical success factors at Flayton electronics were relevant to the data breach case. First, the organization had built their reputation based on trust. However, their reputation was at stake owing to the request from the secret service (to withhold the information from their clients). Stevens (2012) reveals that several States passed bills requiring government agencies and businesses to inform persons affected by breaches of such activities. The author further reveals that government agencies and businesses also have a duty to implement security programs for protecting the integrity and safety of data. It is clear that trust is a critical success factor to Flayton electronics, which is relevant to the case under discussion. Another critical success factor that is relevant to the case in question is effective communication. There is a small difference between trust and communication owing to the fact that the case in question involves relaying of information to the public. However, the issue of communication arises because of the time Flayton should take to communicate the case to various stakeholders. Timely communication is a critical success factor because it will assure the customers that Flayton is under a good management. As Stevens (2012) asserts it is crucial for organizations affected with data breach cases to communicate such events to the relevant stakeholders on time. It is clear that the management at Flayton Electronics has been aware of breach for a considerable time. However, they have not communicated the breach to the relevant stakeholders because of their dilemma. Therefore, timely communication is a critical success factor that is relevant to the data breach case at Flayton. It is critical to identify the risk culture, organizational readiness, and project benefits of the Flayton because it aids in understanding the entire discussion. To begin with, the Flayton case had several project benefits. Project benefits are the advantages realized from an event within an organization. The first project benefit for Flayton was to gain experience about data breach security. It is clear that the management in Flayton lacked the experience to handle cases of data breach. Therefore, the data breach provided the management with an opportunity to learn how to handle such cases in future. Additionally, the case that occurred at Flayton enabled the organization to identify flaws in their security systems for correction. This is supported by the fact that the chief information officer identified a disabled firewall meant to comprise of the wireless inventory system. Therefore, the main benefits resulting from the data breach at Flayton Electronics are to acquire experience and identify flaws in their system. The level of preparation for risk at Flayton Electronics was not strategic. As Sassa (2013) argues it is important for businesses to prepare for risks strategically. This could be done by avoiding, transferring, mitigating, accepting, and monitoring risks. The Flayton’s case reveals that their management was not ready for a breach in data security. This is evidenced by the reality that the organization’s management started discussing for possible solutions after occurrence of the event. Risk culture is a system of behaviors and values that determine the risk decisions within an organization. The management at Flayton Electronics had a less averse risk culture because they decided not to do anything and wait for the secret service to apprehend the criminals. It is evident that the management was willing to take the risk of letting the story leak out to the press instead of releasing the story themselves. Hence, Flayton had a less risk averse culture coupled with a poor strategy for risk preparedness. As mentioned before trust is a critical success factor at Flayton Electronics. Flayton has a duty to notify their clients in case of a breach in data security. Since the organization depends on trust to keep their clients, it is reasonable for the management to inform the affected clients. This should be done without raising attention from the public hence; the organization should use letters to communicate to the affected clients. However, the management should note that such a decision could harm the organization instead of shielding it against loosing clients. This is because one of the employees at Flayton reported that clients are always scared away from businesses with data insecurity. Therefore, before the organization decides to communicate to their clients, they should consider the outcomes of the action. An additional recommendation is for the organization to remain silent and hope that the secret service will resolve the problem. The fact that Flayton could shift attention from the media by directing journalists to the secret service is an opportunity for the organization to remain silent (transfer the risk). However, this decision could result into a lawsuit with Flayton Electronics as the defendant if the secret service fails. It is also notable that banks provide protection to the cardholders, which implies that the duty to notify the clients belongs to a second party. Therefore, Flayton could delay communicating the data breach to their clients in the hope that the secret service will resolve the problem. Lastly, the chief information officer should consider updating the security compliance from 75 percent to 100 percent. This should include fixing the disabled firewall that was meant to comprise of the wireless inventory system, which is a project benefit. At this point, it is clear that Flayton Electronics is facing several risks, which could be categorized into different levels. According to Hilson and Simon (2007), risks can be categorized...