Scaling Internationally: Understanding International Implications Samuel Warren IS 469- Information Security Capstone Dan Morrill City University May 17, 2012 Scaling Internationally: Understanding International Implications Executive Summary International business is fraught with complexity. Because no two people are the same, no two countries are the same, despite the commonality shared by countrymen. This poses serious implications when considering changing a security policy to incorporate international addendums. To make one all-inclusive policy, one must pay scrutiny to the differences in thinking and communication between the host Country and any Countries that are using the new policy. Introduction Preparing a security policy that works well within the scope of a national company can present many challenges. Taking that and expanding it to a larger platform, namely the international stage, makes it far more complex and potentially risky. When designing and deploying a security policy that can be scaled to the international stage there are many things to take into account. Some of things that make cultures unique and beautiful can also cause the most difficulty and confusion when dealing with practical business application of the security policy. There are a whole host of different scenarios that need to be accounted for in a strong security policy such as internet coding standards, database protection standards, network infrastructure; and physical security; protection of company assets; data loss and recoverability among others. Going from a strong intra-national policy and scaling it outwards internationally means the dimensions provided for in the policy become far more complex. There are two major areas of complexity that are not typically fully covered because of the sheer size and implications thereof. Communication and thinking processes change from country to country. A simple example is the United States and the United Kingdom. While both speak English, both think and speak completely differently. Communication Differences One of the first things human children learn is how to communicate. All children, across the world learn to communicate in a manner that translates across all barriers, cultures, and countries: crying. There are different intonations for different needs, however even those are cross-cultural. When a baby cries because it is hungry, that same cry is understood whether the baby’s parent/guardian is Chinese speaking, German speaking, or English speaking. However, as the baby grows and develops, it learns to speak in the native language of its forebears, including all the cultural and family idiosyncrasies. Each of those plays a key part in how the individual communicates as an adult and directly plays into the culture as a whole. Communication is one of the most important things to consider while taking a security policy to the international stage. There are a lot of different laws from country to country that need to be deciphered; however, they are relatively easy compared to the challenge of communicating cross-culturally. A prime example could be viewed in the concept of negotiations. Americans see the goal of negotiations as to produce a binding contract which creates specific rights and obligations. Japanese see the goal of negotiations as to create a relationship between the two parties; the written contract is simply an expression of that relationship. (Salacuse, 1991) This is a crucial difference because for Americans, we view the end of the negotiations as a milestone and typically hand-off the control to another team. The Japanese want to be directly involved from beginning to end and work through the relationship as opposed to being handed off to another group that will “handle the next phases.” The aforementioned example encapsulates the fundamental differences that need to be addressed prior to expanding the policy to include international rules, policies and standards. Before work can begin on an international policy, a full discovery deep-dive must be performed to determine what Countries will have an impact on the policy and what requirement gaps exist. Then at least one security professional in each country, who knows the requirements and language of that Country, can customize the core policy in languages that work for the outlined countries and work through conceptual differences in language and culture. Thinking Differences Another major difference that needs to be accounted for in security policy expansion is the differences in thinking from Country to Country and culture to culture. This difference in thinking should be having attention paid from all angles. The problem is that most often when considering international policy, there is not enough emphasis placed on understanding the cultural thought patterns and how critical thinking is approached. From the Security policy standpoint, when a problem is broached, how does the security staff respond? The way a person in the United States thinks through a problem is completely differently than a person in Germany, or Japan. Through a set of experiments, Peng and Nisbett (1999) demonstrated that: 1) Chinese students preferred proverbs which contained apparent contradictions more than did their European-American counterparts; 2) Chinese students were less likely to take side in real-life social conflicts but more likely to choose a compromising resolution strategy than the European-American students; 3) Chinese students preferred arguments which based on the principle of holism while American students preferred arguments that relied on the law of noncontradiction; and 4) American students showed more polarized opinion after reading two seemingly contradictory accounts of the same issue whereas Chinese students would seek for an account which could accommodate both sides of the issue. (Miu-Chi Lun, 2010) The interesting thing about this discovery as discussed by Miu-Chi Lun is major difference in problem solving and critical thinking. The fact that Westerners chose polarization over neutral compromise shows that at a root level, the cultures and along with that the cultural thinking is different. How this affects security policy expansion is in the long term execution of the policy. The way the engineers or specialists will choose to solve problems related to the security of their systems may be fundamentally different. In security, there is a fine line between compromise and taking a polarized stand. This means that there will need to be a lot more defined in the policy of what is and is not flexible by country. Another major concern is how criminal hacking differs because of the change in thinking. For example: a hacker speaking English will write the code to create and execute a virus will have a different approach and syntax than one who speaks say Korean. The one redeeming factor is that the code used always using the same exact taxonomy. But the way it is implemented and propagated is completely different.   References Miu-Chi Lun, V. (2010). Examining the Influence of Culture on Critical Thinking in Higher Education. Retrieved from Victoria University of Wellington Research Archive: http://researcharchive.vuw.ac.nz/bitstream/handle/10063/1211/thesis.pdf?sequence=1 Salacuse, J. (1991). Making Deals in Strange Places: A Beginner's Guide to International Business Negotiations. Retrieved from University of Colorado, Conflict Research Consortium: http://www.colorado.edu/conflict/peace/example/sala7533.htm