Database Security Measures - Report Example

?Running Head: ORGANIZATIONAL INTELLIGENCE POLICY Organizational Intelligence Policy of Introduction Most organizations and business managers concur to the assertion that obtaining, processing, storing, and accessing data and knowledge is the key and power to organizational development and success. Particularly, this claim applies most appropriately to the computer and information technology industry, a rather highly competitive and highly expanding, and fast-paced industry that pit corporations, public companies, private companies, and individual business organizations against one another in the increasingly competitive market. To remain competitive and afloat in such a business environment, computer and information technology organizations must embark on the search for revolutionary and forward-looking techniques not only for creating but also for collecting, storing, capturing, organizing, managing, and distributing data/knowledge through its structure. Importantly, these techniques should allow for the easy and effective retrieval of needed information at the convenient moments (Ali et al., 2007). Organizations must however appreciate the level and nature of skills and competence required to develop and apply such knowledge and data management practices and techniques. Besides the need for IT and computer system executives, managers, systems analysts to be skilled and possess the competitive edge to perform the above functions and realize their data-related objectives, it is important that effective and elaborate Intelligence Organization policies are developed to ensure processes related to data collection, database systems’ security measures, data storage, diverse knowledge availability, information update, data-based decision-making processes, and data management training are not only relevant but also effective and support the attainment of organizational and personal growth among employees (Ali et al., 2007). This paper thus outlines an Organizational Intelligence (OI) policy for a computer and Information Technology organization regarding data processes such as collection, storage, dissemination, sharing, data-based decision-making, and data analysts and users’ training. The Purposes of an Organizational intelligence Policy Organizational Intelligence refers to the capacity and the ability of an organization to utilize various methodologies, concepts, techniques, and tools to achieve information or knowledge-related functions and processes, including data collection, database systems’ security measures, data storage, diverse knowledge availability, information update, data-based decision-making processes, and data management training (James, 1999). A sound Organizational Intelligence policy should, of most importance, outline the purposes for which the OI has been developed. First, an Organizational Intelligence policy should ensure that an organization comprehends and makes productive conclusions from all the knowledge/information relevant to its operations and objectives (James, 1999). Second, an IO should outline an organization’s abilities to use knowledge, data/information to create sense out of complex business situations, prompting employees and managers to act appropriately, maximizing on the opportunities presented by immediate or past circumstances. Third, an OI policy should be helpful in highlighting an organization’s ability not only to interpret but also to act on relevant circumstances, signals, or events in its environment. Fourth, an Organization Intelligence policy should promote the development, sharing, and usage of all information and knowledge relevant to an organization’s purposes by the promotion of learning by experiences and exposures. Gathering Competition Intelligence As the IT and computer industry develops, it becomes necessary that organizations develop an OI policy that would ensure the above functions are developed towards the building of a stronger, more relevant, and equally competitive Organizational Intelligence (OI). By competitive OI, a system that enables an organization to gather information about its competitors is referred to. Since no organization is an island and always has a competitor offering the same products, an OI should enable an organization to know how its competitor thinks, its strengths, weaknesses, vulnerabilities, and its aspects on which it could be attacked. There are four main steps or strategies for finding competitive intelligence about competitor organizations. The first two stages involve deciding what to collect then collecting the identified information. Third, the collected information should be converted into intelligence. These three steps could be summarized as collating, cataloguing, integrating, analyzing, and interpreting information (Steiger, 2008). Fourth, the intelligence is communicated and used to counter adverse competitor practices. Knowledge Management and Organizational Learning Knowledge management and organizational learning are two of the main elements of OI that should be included in an OI policy. That is, an OI should cover knowledge management and organizational learning since an OI policy simply refers to the manner in which an organization would apply knowledge management ideas in its business activities and surroundings. The other important inclusions in an OI practices are organizational learning and comprehension mechanisms and models. In addition, business value network models such as the balanced scorecard concept should be incorporated in an organization’s OI. Therefore, an organization should be able not only to make sense but also to create sense out of knowledge and act in flexible and adaptive ways, more so regarding collaborative decision-making and problem-solving among its stakeholders (Fullerton & Ness, 2010). The first important process in data intelligence and management that an OI policy should cover is data collection. There are two common methods of data collection that an organization may use: the quantitative and the qualitative methods. Quantitative and Qualitative Data collection methods Relying mainly on structured data-collection tools and random sampling, the quantitative approach is a rather diverse technique for easily summarized, comparable, and generalized data. To test hypotheses derived from theories, an organization should apply the quantitative data-collection method in establishing the size of the event or phenomenon of interest. Based on the nature of the questions or the problems being addressed, data collection may target random respondents or target situational characteristics to help in the statistical control of their influence on the dependent, or outcome, variable (Kalkan & Keskin, 2007). The strategies central to quantitative data collection include observation, interviews, Computer Assisted Personal Interviewing (CAPI), questionnaires, web-based questionnaires, recording of events, and collection of data from management information systems. Unlike the quantitative technique, the qualitative approach allows for the understanding of the processes and reasons behind the observed results and is important for use in improving the quality of survey-based quantitative evaluations. Importantly, qualitative data collection methods are rather open-ended and have less structured protocols and rely more on interactive interviews. The sub-techniques of qualitative data collection techniques include in-depth interviews, observational methods, and document reviews (Andrews et al., 2003). Although data collection techniques abound, it is important that an organization realizes that different functions and goals may require different data collection methods, each with its advantages and disadvantages. Database Security Measures After data has been collected and stored in organizational databases, it is imperative that certain security measures are put in place to ensure their safety and authorized access. Among the various techniques by which databases may be protected include the Anonymous User Server Access and Network Address Access for Server Users among others (Steiger, 2008). The fact that anonymous users may log into databases using blank usernames and passwords makes it necessary that servers accessible from a network has its anonymous user access restricted either by rejecting anonymous users from the administrator groups or from the application roles (Sasaki, 2010). In addition, such anonymous user’s object and data privileges should be removed. In addition to the above security measures, anonymous users should be entirely denied from logging into servers so that they cannot trace the server logs, read users lists, access application names, or make any illegal server requests (Kalkan & Keskin, 2007). The second type of database security access, the Network Address Restriction for Server Access entails the use of IP address filtering (IP-enabled address) to specify the IP addresses allowed for connection to a server. For an illustration, an organization may restrict database accessibility for the IP addresses in the organization and its affiliates, a restriction that is reasonable in cases where unauthorized users could easily guess authorized users’ passwords. The other database security measures include minimum password length, database file protection, password expiration period, use permanent passwords, and restricting database application access. Information Technology Team and Roles For an Organizational Intelligence policy to be formulated, implemented, evaluated, and reformed as need may arise, there must be established a competitive Information Technology team, with each member or sub-department assigned specific responsibilities and roles. At the helm of this team should be the chief information officer who should be client-focused and supportive of process-based operations and decision-making practices (Sasaki, 2010). The second IT department is the enterprise technology solutions section, which should deal with processes such as the web development, corporate reporting, and document management. Therefore, among the core function of the personnel in this department would be to manage spatial data and provide end-user supports in addition to ensuring portal development of corporate internet/intranet support to address user-needs. The other important IT department is the corporate reporting and document management section, which would be mandated to plan, design, develop, implement, and maintain document and records management practices. A quality assurance department, responsible for emphasizing on change management and testing should also be established in for an effective Organizational Intelligence (Hong, 2006). This department and its staff have the mandate to work in collaboration with the managers in the development of IT applications, setting the application objectives, scopes, and other IT strategies (Sasaki, 2011). In this regard therefore, the quality assurance department identifies risks and success factors of all the IT processes and techniques in an organization. Systems support and operations and network support are the other important sections to be included in an IT department (Benfield & Szlemko, 2006). While the former section plans, directs, and manages the support systems and operations of an IT department, the latter section is responsible for all data networks, systems, and services, which it designs, implements, and supports besides giving recommendations for changes and improvements. An IT Customer Support section would also be important, more so in providing technical support to the users of IT in an organization. Conclusion To properly manage its affairs and compete favorably with its competitors, an organization must establish and implement a sound Organizational Intelligence (OI) policy. This policy not only addresses internal data collection, processing, management, access, and retrieval matters but also explores the various mechanisms by which an organization may gather intelligence about its competitors. Among the vital elements of an OI policy include purposes of OI, modes of data collection, security, knowledge management principles, and organizational learning strategies. Of equal importance is a strong IT team, with each sub-department and personnel assigned duties and responsibilities in which they are competent and skilled. References Ali, E. et al. (2007). Organizational intelligence: a Structuration view. Journal of Organizational Change Management, 20(3), 289. Andrews, D. et al. (2003). Electronic Survey Methodology: A Case Study in Reaching Hard-To-Involve Internet Users. International Journal of Human-Computer Interaction, 16(2), 210. Benfield, J. A., and Szlemko, W. J. (2006). Internet-Based Data Collection: Promises and Realities. Journal of Research Practice, 2(2), 234. Fullerton, T., and Ness, L. R. (2010). Information technology Flexibility: A synthesized Model from Available Literature. Journal of Information Technology Management, 21(2), 51. Hong, T. (2006). The Influence of Structural and Message Features on Web Site Credibility. Journal of the American Society for Information Science and Technology, 57(1), 114. James, G. M. (1999). The pursuit of organizational intelligence. Oxford: Blackwell Publishers. Kalkan, V. D., and Keskin, H. (2007). Antecedents and Consequences of Organizational Intelligence: An Overview. International Journal of Business Strategy, 7 (3), 85. Sasaki, H. (2010). Information Content Security. International Journal of Organizational and Collective Intelligence (IJOCI), 1(4), 78. Sasaki, H. (2011). Decision Support Systems and Crisis Management Systems. International Journal of Organizational and Collective Intelligence (IJOCI), 2(4), 122. Steiger, D. M. (2008). Knowledge Creation through User-Guided Data Mining: A Database Case. Journal of Information Systems Education, 19 (4), 383. Read More