Steve Jobs shows off the new Apple iPad 2 in 2011
Can a Leadership Style Adversely Affect the State and Quality of an Organization's Information Security?
Apple's Co-founder and former CEO, Steven Paul Jobs (1955 - 2011), passed away on October 5, 2011. May he rest in peace, and may his family and friends be comforted and experience rapid healing during their time of intense loss.
Much has been said of Mr. Job's visionary contributions to the work of computing and personal communications, and how he empowered the masses by having the vision to humanize technology and make it useful. That is all noteworthy, and significant, and it has certainly made the world a more interesting place.
But this article shows the real Steve Jobs, and the way he treated the people around him, who were executing his vision to change the world. http://gawker.com/5847344/what-everyone-is-too-polite-to-say-about-steve-jobs. I was aware of these traits, but it's documented so well here that it deserves to be shared. I was also aware that Mr. Jobs' tyrannical ways worked some people so hard that it broke up marriages and almost drove some people crazy. It's a poor leadership style that in my opinion could not have continued, if he had continued to live.
And since this is a blog for a course in Information Security Management, the point of this post, however, is that I personally believe that a poor tyrannical, leadership style, based on bullying, intimidation, and humiliation, can itself constitute a threat to information security because it increases risks that an organization doesn't want. This is because when things start to go awry, many people who work on the Team of a Tyrant may become passive aggressive and enjoying watching a Tyrannical Leader fail. I believe that there is a human trait in which people like to see what goes around comes around. If a tyrant mistreats people, those people will probably be happy to see him or her get what is coming to them. If that means watching a tyrant take the heat for situations like 1) the compliance penalities associated with a data breach; or 2) failing to secure something that should have been secured during an information security-related project; or 3) a Business Continuity Plan that is missing critical components that will ultimately doom it to failure if and when it is ever executed; employees will be only too glad to see these things occur, despite the fact that it could and will adversely affect an organization. So I believe that a poor leader can create situations that in raise the information security risk factors in an organization.
What's the answer? I will share what I believe is the answer in a in a post that follows this one.