100 likes | 273 Views
IA Policy Roll-Out. John Parlee & Neo zhe Han. Communication. Establish a Communication Plan for the Roll-out. Different users will be affected in different ways Specific & targeted communication When will Who be informed of What by Whom ?.
E N D
IA Policy Roll-Out John Parlee & Neo zhe Han
Communication • Establish a Communication Plan for the Roll-out. • Different users will be affected in different ways • Specific & targeted communication • When will Who be informed of What by Whom?
When will Who be informed of What by Whom? • When • Before, during, and after each phase of roll-out • Who • The affected user/personnel • What • What to expect? • When to expect it? • What do I have to do? • Whom • Who should inform the user? • Boss or IT Staff?
Related to IT Security? • How much details should users be allowed to know? • Network Monitoring Policy? • E.g. “Network traffic will be monitored” vs “Network traffic will be monitored for excessive network traffic during office hours” • Office Computer Monitoring Policy?
What If TSA ran your IT Dept? • It’s Monday Morning. You have a big presentation to the regional head of the company at 10 am. • You reach the company at 8 am to make final preparations. • You seat down at your desk and boot up your computer when you find that your computer is locked. • You cannot run any programs or access any files on your computer.
COMPUTER SCAN IN PROGRESS Computer Scan In Progress Time Left: 3 Hrs This is a random security scan to ensure that your system is in compliance with the company security policy. To ensure that users do not try to circumvent security scans, these scans are carried out at random times of the day, and without any prior alerts.
Case Study Considerations • This is a large scale roll-out for the organization (800 employees) • Policy change affects most departments across the city, including important functions (Emergency Services, Law Enforcement, etc.) • Most public sector employees are union workers. • Have to get support of the union. • Public sector is a slow-changing environment.
Which Strategy to choose? • Empirical-Rational (Offering Carrots) • Normative-Reeducative • Power-coercive (Threatening with Stick) • Environmental-Adaptive
Change Strategy Evaluation • Empirical-Rational (Offering Carrots) • Requires good communication • May not be easy to spread message to large number of affected users • Requires good incentives (may require more $$$) • Easier to get Unions on board • Overall: Possibly Good • Normative-Reeducative • Culture is hard to change in public sector • Overall: Not likely… • Power-coercive (Threatening with Stick) • Not likely to go down well with unions • Overall: Bad, unless Union is on board. • Environmental-Adaptive • May not be easy to change environment due to Unions. • Overall: Requires cooperation from Unions.