Control Objectives for Information and Relation Technology - Assignment Example

of the of the 15 July Strategy David Hyman, Chief Executive of MOG (an Internet Music service that develops mobile software), says: “The mobile platform that creates the most ways to make money wins” (Burrows 28-34). Apple Incorporated is leading from the front and is substantially far from competitors (Burrows 28-34). Software developers working for the company have already developed more than 125,000 mobile applications that are compatible with Apple devices. The number of mobile applications is seven times more than Android that is a Google product. For this reason, as per the market research organization named as IDC (Burrows 28-34), the never ending diversity of mobile application development has facilitated iPhone to quickly gain 14% of the market share with comparing to 3.5% market share of Android. However, mobile application developers highlighted an issue with the pay they receive against their work, as they were not able to make money (Burrows 28-34). The reason for this issue is the freeware available on the Internet and the applications that are purchased are very few worth 99 cents or more. Few of the mobile application developers embedded advertisements in their application and gained benefits. Again, the scope of these advertisements was limited, resulting in less effective outcomes. In order to address these issues, Apple Inc. suggested several factors or ways employing user data and geo-location technology for making advertisement legitimate. For instance, if the user is surfing the web at lunchtime, he/she will see an advertisement on special deals for a restaurant nearest to the location (Burrows 28-34). In this way, the gadget, i.e., the iPhone capabilities, can also be utilized effectively. By taking this new approach forward, Apple Inc. recognized that there is a requirement of a network for advertisement agencies along with the technology for focusing and targeting specific advertisements to customer behavioral characteristics (Burrows 28-34). Similarly, by the end of 2009, Apple Inc. participated in the bidding for AdMob that is a leader in mobile advertisement sector (Shah and Shah 437-438). As a result, almost 50% advertisements were broadcasted on smartphones ended on Apple gadgets including iPhone and iPod touch, as iPod touch is also compatible to execute apple applications (Burrows 28-34). However, prior to complete the bid, Google Inc. that is considered to be the tough competitor for Apple Inc. announced an astonishing amount of $750 million for the organization. Apple Inc. quickly turned the decision from AdMob to Waltham (Mass.)-based Quattro Wireless, which is considered to be the closest competitor for AdMob (Burrows 28-34). However, in order to achieve business goals and maintain the competitive advantage, Apple Inc. defines its Information and Communication Technology (ICT) infrastructure as: The primary objective is to lodge all the key stakeholders has been resolved Consolidated and Centralized ICT management with distributed activities Ease of Development and deployment of technologies Sharing information among different stake holders and to make them familiar with ICT Cost effective ("Shri Jagdamba Samiti") Moreover, apart from the ICT infrastructure, Apple Inc. also maintains a data warehouse containing valuable data that can facilitate advertisement business. Apple Inc. knows exactly the type of downloads requested from iTunes that may not be limited to apps, video, podcasts and comprehensive information of customers (Burrows 28-34). This updated customer knowledgebase enables the organization to customize its advertisement on the basis of the user preferences available in the database (Burrows 28-34). Moreover, Quattro’s ad-serving technology is also incorporated for gaining customer behavior patterns. This technology is also facilitating Netflix, Procter & Gamble and other global leaders. The customer behavior patterns provide circumstances for any customer who interacts with any one of the advertisement links or banners. In my opinion, Apple should have incorporated free offers and coupons from these advertisements on the initial stage of the mobile advertisement project. As the users become aware of these advertisements, the original advertisement should be launched. Governance and Risk Management The Dreamliner project of Boeing was chartered to construct a leading edge aircraft that will be used commercially made with a carbon-fiber-reinforced plastic (CFRP) composite (Boeing Case Study 1-17). In the upcoming years, outsourcing was experimented by Boeing, as all the manufacturing services were outsourced in the United States along with international organizations (Plunkett 560). By outsourcing all the services, imposed greater risks, as scheduling, resource management and budgeting were affected. Boeing avoided the risk and reverted back to it guiding principles by doing investment in its local employees enabling 95% of the operations ‘in-house’ and safeguarding the intellectual property associated with technology and business. The role of the Dreamliner project describes terms and lines up processes and resources for delivering effective and efficient information for fulfilling project requirements. (Wagner and Norris 9-11) The aim of Boeing is to augment efficiency for delivering the adequate item to the correct destination during the construction process. The project team at Boeing also reflects objective analysis for its current capabilities for the provision of best value for the customers along with development of blueprint for accomplishing desired state for strategy and execution for engagement of customers. The project also defines the required actions to perform for accomplishing the ultimate strategy for meeting customer expectations and objectives. The strategic direction of the project team also focuses for the provision of customer segmentation and strategies for interaction to accomplish an exceptional level of service for customers specifically addressed on their preferences and requirements. The BusinessDictionary defines risk analysis as “Relative measure of risk or asset value based on ranking or separation into descriptive categories such as low, medium, high; not important, important, very important; or on a scale from 1 to 10.” Numeric values are assigned for measurements that can be analyzed to determine risk priorities. For performing risk analysis for the enterprise network, stages are divided in order to focus specific stage precisely. The objective is to make the system secure from threats and vulnerabilities. The methodology will illustrate decisions as outputs for each stage (Mazareanu 75-80). The first step is to gather information which lays the foundation for conducting risk analysis. The system related information includes hardware, software, data, IT support staff, processes performed on the network, mission critical systems, data sensitivity. The operational environment of the enterprise network includes network design and topology, security architecture, system users, functionality of the network, methodologies for protecting the data in parallel with availability, confidentiality and integrity, input and outputs of the network, management controls, security controls, physical security, and environmental security controls. The outputs for this stage are system boundaries, project functionality, Criticality of the system and data, Sensitivity of the system and data (Mazareanu 75-80). The second step is to analyze any potential threats for the network. While analyzing threats, is it essential to consider all possible, potential threats and sources which may disrupt or harm the network and information systems. The third step is to analyze any possible vulnerability within the project. This step concludes the weaknesses and flaws which are currently present in the project. The assessment of possible vulnerabilities is not an easy task as some previous history is required to perform vulnerability assessment. If the project is already initiated, a thorough analysis is conducted. The previous reports of risk assessment, audit reports, system anomaly reports are considered. The fourth step is to identify and evaluate project management controls along with the likelihood against the controls that are implemented by the organization. The controls are divided in to two categories. Technical control consists of software or hardware for protecting the network. For example, intrusion detection system, firewall, identification and authentication software etc. Technical controls require technical expertise. However on the other hand, non-technical controls consist of management and security controls. The output of this step is the list of current and planned controls. The list is used to validate compliance and non-compliance (Mazareanu 75-80). The fifth step is to rate the probability of potential vulnerability by evaluating the source and capability of threats, nature of vulnerability and efficiency of current controls. The rating is categorized in high, medium and low priorities. High priority means that the threat is highly capable and the current controls are not sufficient. Medium priority means that the threat is highly capable and current controls are implemented to eliminate the vulnerability. Low priority means that the threat is incapable and lacks capability. The sixth step is the impact analysis that is conducted by considering current processes along with mission critical data and systems sensitivity. The information can be extracted from previously impact analysis reports or existing documentation. Impact analysis prioritizes the impact levels linked with the conciliation of the organizations assets. The seventh step is to establish the risk for each specific threat and vulnerability. The process involves the likelihood of a threat source challenging to exercise a specific vulnerability, degree of the impact of vulnerability and the sufficient planning of current controls for minimizing risks. The output of this step involves likelihood of threats, degree of impact and sufficient planning of current controls. The result is the associated risk along with risk levels, which can be prioritized by severity and criticality of their impact on the project. Step eight provides the processes and controls to eliminate the threats which are vulnerable to projects. The objective is to eliminate the levels of risks to an acceptable level. The project risk management for the Dreamliner Project is defined in stages. The stages are Identity, Analyze, Plan Response and Monitor/Control. The identification stage addresses all members of the Dreamliner project to contribute in the responsibility of classifying potential risks (York 5-22). One of the examples includes the role of the project execution officer (PEO) who can be the risk initiator and the risk owner as well. The purpose of risk identification is a continuous monitoring process associated with project activities and other vulnerabilities that can be utilized by threats. The task of the Risk initiator is to draw the risks with all relevant details by utilizing Risk Data Sheet (York 5-22). This sheet is utilized by the project team to get a better picture of the associated risks to the project. Moreover, qualitative and quantitative risk assessment tools are used to determine the validity of identified risks. Two of the primary activities that are associated with risk validity are probability of occurrence and Impact. The table 1.1 below demonstrates probability of occurrence (York 5-22). Remote Unlikely Even Chance Highly likely Near Certain Outcome is equal to non-existent No likeliness of a negative outcome There is likeliness of a negative outcome It is very likely that a negative outcome will be certain It is almost certain that the negative outcome will come Table 1.1 The table below demonstrates Probability of Occurrence Low Minor Moderate Significant High Cost Resolution expected to cost less than .05% of project budget Resolution expected to cost between .05% and .12% of project budget Resolution expected to cost between .12% and .25% of project budget Resolution expected to cost between .25% and .5% of project budget Resolution expected to cost more than .5% of project budget Schedule Minimal or no impact Chance of missing interim checkpoint review. No impact to final production date Interim review checkpoints will not be met Minor schedule slip of more than 2 weeks to critical path activities Critical path affected (1 month schedule slip) Will not meet Interim review checkpoints and/or milestones (increment production delivery) Will not meet solution delivery 2 month schedule slip to critical path Performance No reduction in performance No reduction in performance to critical system functions Does not meet operational availability objectives by less than 2% Does not meet acceptance criteria Does not Function Table 1.2 To mitigate each identified risk, the project management office assigns risk owner to mitigate each risk associated with the project. Similarly, to address potential risks for other projects, the Dreamliner project utilized repeatable procedures to address risks (York 5-22). These comprehensive and efficiently defined procedures incorporate Communication, Reporting, measuring performance and continual process improvement. As risk environment is constantly a change with the influence of upcoming new technology and practices, my observation will be to establish a risk assessment model that continually or periodically monitor project risks, measure performance by KPI and KGI and efficiently communicate with reporting requirements. Process Control, Efficiency and Risk Management Today, business is derived by stakeholders, competitors, regulations and trends that may influence organizations directly or indirectly. The ultimate factor that is missing from all these factors is a high percentage of dependence over IT and all these factors altogether impacts enterprise governance. Control Objectives for Information and Relation Technology focuses on efficient alignment on business, defines management expectations and views, clearly defined ownerships and responsibilities on given processes, provides a general platform that conforms to third parties and regulators as well. For financial regulations, it complies 100% with COSO that is an essential IT control (Neto, da Fonseca and Webster 6-9). For downsizing the company and to rectify current issues, we will use the following processes illustrated in table 1.3 COBIT Processes Focus Area Issues Saving Options PO1 and PO10 Program Management Incapability to highlight and terminate IT initiatives Seize recurring expenses Seize renewal of licenses PO5 Investment Management Irrelevant business cases and Return on Investments (ROI) on IT Do not purchase or extend the time for purchases Deploy workarounds instead of replacements PO5 Budgeting and Cost Management Inadequate consideration of current costs Monitor and control licenses PO10 Project Management Projects are over budgeting and not delivering on time Incorporate fixed cost deliveries Pick the low cost vendor Link finalized payment with delivery objectives PO4 IT management and Organization Not effective outsourcing engagements, no optimal usability for IT organization as per business requirements PO7 Deployment of Human Capital High recruitment cost Staff retention Use of Contractors Skills are not available to handle competencies Inability to hire new employees is needed Turnover of staff is more and morale is low Percentage of outsourcing costs is high as compare to overall cost of employees Table 1.3 Where do you want to go? I want to be a chief information officer, as I want to put myself for tough challenges for defining strategies and their execution and most importantly I want results. I want to reshape the expectations of the organization by translating IT goals in to business goals. For ensuring effectiveness of IT services, I want to plan insight and foresight issues and most importantly assure things are done the right way. For sustaining value and building a highly energetic culture, I want to introduce IT in new innovative ways for augmenting benefits and value for higher ROI and meeting expectations for stakeholders or investors. Overall, I want to focus on ICT infrastructure and environment, Generic business environment, enterprise environment and focus on emerging and future technological trends and possibilities. Works Cited “Boeing Case Study.” MarketLine, a Datamonitor business, 2012. Print. Burrows, Peter. "Apple VS Google. (Cover Story)." BusinessWeek 4164 (2010): 28-34. Print. Mazareanu, Valentin Petru. "Understanding Risk Management in Small 7 Steps." Young Economists Journal/Revista Tinerilor Economisti 9.16 (2011): 75-80. Print. Neto, Joao Souza, Helga da Fonseca Valesca O., and Ian Lawrence Webster. "Importance of Inputs/Outputs within COBIT Processes." COBIT Focus 3 (2009): 6-9. Print. Plunkett, Jack W. Plunkett's Biotech and Genetics Industry Almanac 2006 (Plunkett's Biotech & Genetics Industry Almanac). Plunkett Research Ltd. Print. Shah, Tarang, and Sheetal Shah. Venture Capitalists at Work: How VCs Identify and Build Billion-Dollar Successes, 437-438. Print. "Shri Jagdamba Samiti." Web. 14 July 2012. . Wagner, Mark Scott, and Guy Norris. Boeing 787 Dreamliner: 9-11. Zenith Press. Print. "What is risk analysis? definition and meaning." Web. 14 July 2012. . York, Kathie. "RISK MANAGEMENT PLAN FOR 787 DREAMLINER." (2001): 5-22. Print. Read More