C-1.docx

Q1) Imagine that you have just been promoted to IT manager within a 500 seat call center [2], which falls in the category of managing the delivery of an IT service. You got the promotion because the manager before you was fired because of overly restrictive password policies that led to many passwords being written on easily findable notes. The cleaning staff sold the passwords on the web and the consequent “clean-up” is at $250,000 and mounting. The manager, cleaning staff, and 37 call center reps were fired. The best rep for the past 5 years was one of the fired and had written on a note underneath the keyboard the unique system-generated passwords to the five most important systems in order to provide the best and quickest service possible. The CIO was most unhappy that rep had to be let go and blamed the former manager for causing it.

You have just met with the CIO. She has asked you to spend the next week investigating the situation and make some recommendations for passwords and password policies in the call center. She insists that you incorporate “good human factors” in them. She also asks you to specifically address four questions for delivery of IT as being critical to success:

· Are adequate confidentiality, integrity and availability in place for information security?

· Does IT support business priorities, and business/IT strategy to create value for the business?

· Do the IT systems operate with good quality at minimal cost and provide support for a great “customer experience?”

· Is the organization’s workforce able to use the IT systems productively and safely to provide callers with a great “customer experience?”

You first do a search on “human factors passwords” and discover some good and trustable sources from, e.g., the FAA [3] and Human Factors International [4]. You then investigate the security breach incident and discover the call center personnel use 57 different systems and the IT manager had initiated a new policy that each month each user would be given a new 9-random-character password generated by the system unique to each of the systems. That it was “only” 9 characters (instead of 16 or 20) was a concession made by the former IT manager to allow “easy” memorization. By policy, the reps were required to summon a manager to get any password, if they could not remember it, that is, they could not write any passwords down. They were paid for quicker and accurate performance (to support a great “customer experience”); but, summoning the manager often added over 5 minutes to the call. Your last discussion on the matter is with the call center’s business process owner who tells you the top business priority is the customer’s call “experience” as the call center handles sales and service calls for top-end online merchants and they want to have every customer have noticeably “better” buying experiences.

Within 1 or 2 pages, develop a set of recommendations for passwords that will lead the call center to have positive answers to the CIO’s questions:

Q2) Do a web search to locate risk management resources appropriate for the IT manager. To get you started, the NIST has a rich set of free resources available on the web, e.g., http://csrc.nist.gov/index.html and https://csrc.nist.gov/projects/risk-management/rmf-overview. Many of these have general IT management applicability. Here is a list of some NIST resources applicable to managing IT risk of government systems:

Home page:

https://csrc.nist.gov/projects/risk-management/risk-management-framework-(rmf)-overview

Framework slides:

https://csrc.nist.gov/csrc/media/projects/risk-management/documents/ppt/risk-management-framework-2009.pdf

Federal Information Processing Standards (FIPS):

https://www.nist.gov/itl/publications-0/federal-information-processing-standards-fips

Online Course- Applying the Risk Management Framework to (Federal Information) Systems:

https://csrc.nist.gov/projects/risk-management/rmf-training

Risk Management Framework- FAQs, Quick Start Guides, etc.

https://csrc.nist.gov/projects/risk-management/risk-management-framework-quick-start-guides

Pick one tool or resource that you found in your search that the IT manager can beneficially use and answer these questions below about the tool or resource:

How is the resource or tool accessed?

How is the resource or tool used?

What is the value of the resource or tool for the IT manager?

General comments on the resource or tool:

Q3) Two years have passed since you successfully solved the problem described in questions 2 through 4. The organization is considering building a new call center. The CIO remembers the good job you did on the human factors of passwords. She now has asked you to investigate the ergonomic layout of the call center reps new workspaces. Of course you agree and do a web search on ergonomic workspace design. Of the trustable sources, you find a web tool for workspace design and ergonomics from OSHA [5] useful, http://www.osha.gov/SLTC/etools/computerworkstations/. You also realize that the call center director will be retiring right after the completion of the new call center and that the CIO is hinting you are on the list as a possible replacement (a big promotion for you). Do so in 2 pages.