BUSI: CONSULTING PRACTICE
pete2021
similarity28.docx6
Individual Assignment 1
Peiman Kalarestaghi (1811830)
University Canada West
CMPT 641- FALL-03
Professor: Li, Samuel
15th November 2020
Question 1:
To: President
From: Peiman (1811830)
Date:
Subject: IT GOVERNANCE
It is not enough for organizations to have IT systems and bring strategic value to them. There needs to be an instrument to control, display, and oversee the IT systems' value creation labours. The information provides below will discuss IT governance and its importance to an organization. It will also highlight the various steps that can be used in implementing IT management in an organization.
Information Technology governance, also called IT administration, is used to monitor and regulate critical information technology capability choices to safeguard key-value distribution to key investors in a corporation. IT governance aims to ensure effective and efficient commercial results delivery rather than IT systems performance or IT risk management. This means that the method can influence, either positive or negative, the organization's consequences. Proprietorship and accountability cannot be left out when mentioning IT governance. The key stakeholders in an organization have a proprietorship stake in the organization. The management is also very answerable to these stakeholders. IT governance deals with documentation, formation and connecting of the IT systems' mechanisms to manage risks and certify that their presentation complies with the stated aims.
Some of the chief fundamentals of IT governance include value delivery, risk management, performance management, strategic management and resource management. There is a struggle between the welfares of the organization and those handling the IT systems. The IT governance team is tasked with ensuring that IT initiatives and projects move from the organizations incrementally closer to its objective of e-business readiness (Gregory et al. 2018). IT governance is required to warrant that the IT systems are doing as they should and that the aims of the chief executive officer (CEO) and the Chief Information Officer (CIO) are at par. IT governance should include all crucial stakeholders in the organization from the executive’s management, the board to other stakeholders such as staff members, stockholders and regulators.
There are various steps that managers, CEO and CIO, should conduct in establishing IT governance in an organization. They should first summarize the organization’s course on IT governance by classifying and telling the strategic and tactical IT governance roles and aims. This will be followed by creating an IT governance implementation strategy that matches specific conditions with needs. The following step is the formation of an IT governance road map and a plan for long-term policies. IT governance should be synchronized with the more broad and strategic enterprise governance aims.
An IT governance methodology promotes the board and management to comprehend the proposals and critical results of IT. It also aids in making sure that the business can uphold its operations and perform the strategies desirable to widen its functions. The next step is to aim for short-term IT governance aims, followed by knowing and managing IT-related risks and opportunities. Afterward, the IT governance strategies will be re-evaluated consistently, as this will enhance its transparency. Lastly, exceptions to processes in governance will be introduced.
It is, therefore, essential that members understand the effectiveness of IT governance in an organization. The better the understanding of IT management and its related issues, the more influential its operations.
Question 2: Information Security
Introduction
Increasing global cybersecurity threats, compounded with the ever-developing technology, has elevated fears. It has given an increase in grave information security-related worries. More erudite intimidations, including those informed to enter the weak spots in organizational data frameworks, improved ransomware fundamentals, and interior human error-based information risks, are all sources of amplified cybersecurity actions. The information provided below will illustrate some of the challenges faced in information security and suggest solutions.
Challenges
One of the challenges in information security is the potential insider threats. There are 2 kinds of internal data risks troubling enterprises. The first is supported by hateful determination, and the second one is virtuously unintended and has the aforesaid human error component attached to it. Internal data leakages and infrastructure harm is a significant source of worry for IT organizations due to insufficient actions against this precise test. The spiteful insider leakages have obvious purposes behind them are rare. However, accidental intimidations to data could be an everyday incidence of the snowballing number of individual units. These devices, which use the internet of things, are linked with uncertain security protocols in place. This then results in data being either captured on insecure devices or seeped out to another party, which may not be a member of the society (Alotaibi, Furnell & Clarke 2016).
The other challenge is weak links in the supply chain. Irrespective of the business, every organization has a supply chain, subject to data susceptibilities. Throughout the product development cycle, delicate info, either linked to the product, the development procedure and technologies used, or the company itself, is collective to various parties, including vendors. This directly takes full control of the data out of the business’s hands and maybe into gatherings with ulterior reasons. Furthermore, even if the external groups do not make malicious use of data, their systems, on which the transmitted data is stowed, could be conceded, resulting in unintentional information leaks (Bergström, Lundgren & Ericson 2019).
The third challenge in information security is the Internet of Things (IoT) centric breaches. The IoT is connectivity at the moment, with a massive number of smart devices being connected over a significant network. This signifies a substantial susceptibility in terms of privacy of information. Since the tools need some form of data input to operate correctly and twisted across the entire network, at any point in the twist, the data could be retrieved by external sources such as the vendor or another party related to the IoT network (Bergström, Lundgren & Ericson 2019).
Mitigation steps and conclusion
Each of the susceptibilities stated has some participation in coding, development inattention or both. This can be easily avoided through information security exercises, which will be managed according to each of those mentioned above, and more challenges. Insider threats can be detached by providing infrastructure-boosting information security training, which brings useful knowledge of data security basics, tuned to present and upcoming technologies. Weak links in the supply chain can be corrected by implanting information risk management in the vendor management and procurement processes. Matters on devices based on the internet can be removed by instructing safer networks that ensure anticipation of data dribbles and unnecessary relays. It will be necessary to deliver efficient cybersecurity learning to streamline data frameworks and create better and secure organizational infrastructure (He & Johnson 2017).
References
He, Y., & Johnson, C. (2017). Challenges of information security incident learning: an industrial case study in a Chinese healthcare organization. Informatics for Health and Social Care, 42(4), 393-408.
Bergström, E., Lundgren, M., & Ericson, Å. (2019). Revisiting information security risk management challenges: a practice perspective. Information & Computer Security.
Alotaibi, M., Furnell, S., & Clarke, N. (2016, December). Information security policies: a review of challenges and influencing factors. In 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST) (pp. 352-358). IEEE.
ORIGINALITY REPORT
PRIMARY SOURCES
Submitted to Danford College 15%
Student Paper
Submitted to American Public University System 5%
Student Paper
Submitted to CollegeAmerica Services, Inc. 4%
Student Paper
Internet Source
ibimapublishing.com 1%
Internet Source
www.ey.com 1%
