Information and Communication Technology Management and Information Technology - Assignment Example

ICT Management and Information Technology Name: Registration number: Course Title: Code: Instructor: Date: ICT Management and Information Technology Question 1 Part A Information technology forms one of the integral parts of organizations. Information technology offers numerous avenues for organisations to achieve competitive advantage in their field of operation. Thus, these systems require proper management and protection from intrusion (Whitman and Mattord, 2010, p. 2 and 3). In the process of developing information system, numerous decisions are made and numerous challenges are encountered. To avoid this it is requisite to recruit overall project manager who will be in charge of the system development. The main work of a project manager is to ensure process adhere to timelines and schedule. In addition he/she ensures that quality standards are met (Whitman and Mattord, 2010, p. 16, 17, 18 and 19). Apart from the above, there are other pivotal areas integral to the successful realisation of information system security projects. Thus, the other recommendation charley could offer to iris include leadership factors, communication and modelling. Leadership can be seen as a soft skill or people skill that is derived from interpersonal skills and cognitive power (Papulova & Mokros, 2007, p. 4; Gillard, 2009, p. 724). This stance is because there are some employees or managers are successful yet they have limited education as illustrated by Ramesh (2010, p. 3). There have been numerous theories developed to try and explore the concept of leadership in an organization. While there is formal educational training, those who make it are the one who are able to inspire and motivate her/his team. Motivation leads to higher synergy and thus successful results. Influential products and or services are as a result of innovative ideas. Software development is an intensive knowledge field that encompasses human and social factors. The interesting observation is that no single worker can claim to be knowledgeable in all fields thus the need for well coordinated information flow among team members (Concas, Damiani & Scotto, 2007, p. 161). Modeling is a critical requirement during system development process. It is important in the event of performance evaluation, system validation and provision of prediction and comparison of alternative design. The above process can be achieved through representation and analysis of the program system dynamic tied on performance model to provide a feedback (Wirsing, Knapp & Basamo, 2002, p. 35). Part B The most important aspect in development of information system and its security is the strategic planning and decision making (Whitman and Mattord, 2010, p. 38). Project managers are faced with numerous options for utilizing their scarce resources. The success of a project and organizational performance is greatly predetermined by what appropriate choices are made. Choices to be made during the project lifetime include whether to outsource or not, identifying the supplier, the number of staffs and the allocation of resource. The key competency required of management and other technician employees is the critical eye for logical decision making process that will allow them to develop a product that is well argued out. This calls for thorough decision making process in the form of analysis of viability, duration and costs. Projects have becomes gradually complex as a result of the multiple risks and uncertainties associated with them. The key obstacles are how to conceptualize model and visualize risks, define and monitor the risks’ impacts, analyze the probability of risk occurrence and mitigate the negative impact of risks. These concerns can be addressed through proper decision making process that is well structured thus offering best solution to a problem. A well structured decision making process, observes three principles. They include consistency, comprehensiveness and continuity. Consistency helps in standardizing of decision analysis process for similar kinds of problems or opportunities. Comprehensiveness on the other hand contributes towards holistic analysis of the business situation as incomplete information can lead to half bakes solution. Lastly, is the continuity, which addresses the need of viewing decision making as a process and not a one stop event (Bhushan and Rai, 2004, p. 72, 73 & 74). Question 2 Top-down strategic planning is tied to planning policies and operations advanced by the top level management. One principal function of the top level management is of initiating high level policies for an organisation. These policies are made into reality by low level management and enforced by mid level management. The formulation of these policies must be tied to the overall organisations mission, vision, goal and objectives. Top level initiated strategic planning is always guaranteed of any financial and material support. However, the challenge that is usually encountered is about making that concept widely acceptable to the other levels of management especially the implementers and the doers. Thus, the wise approach would be to incorporate the rest of the team by using joint application development team (Whitman and Mattord, 2010, p. 54 and 55). On the other hand, bottom up approach to strategic planning emanates from the grass root administrators who usually work with these systems. These employees understand these systems in terms of weakness and strengths and are thus best placed to offer areas for improvement on technical grounds. System development is a long and expensive process that requires proper planning in terms of time schedule and cost budgeting in advance. This greatly helps in determining the level of success in terms of following guidelines, resource allocation and sourcing of technicians (Lum et al, 2003, p. 8 & 9; Peter, 2010, p. 129). Cross (2011, p.27) notes that deduction process in designing involves that proving something must be. On the other hand, induction process shows that something is operative. While abduction suggests that something may be. The first two approaches entail operating in a comfort zone. Deductive approach rotates around moving from broad principle to specific principles. This is also termed as waterfall or top down approach. On the other hand, inductive process entails moving from specific to general. Though, Baggetun et al (2007) cited in Schadewitz and Jachna (2007, p.3) observes that all these processes are important for knowledge building. From personal view and in reference to the above noted points, system developments associated with bottom up approach are usually more innovative since the initiators are the daily users of these systems. However, in certain circumstances they may not be guaranteed the necessary funding to develop the required security improvements for the company information systems. On the other hand, top level initiated strategic planning is usually guaranteed higher level material support, but the truth about them is that they tend to be abstract in nature. However, as noted earlier all approaches are integral in realizing success of organisation in securing their system and data. Thus, even in large and diverse organisation it should in two fronts. This means strategic planning for information systems security should bottom up and top down driven. This is because Gillard (2009, p. 725) notes that employees form the integral part of organisational success. While on the other hand with newly redefined management scope, the top level managers only act as leaders and motivators. Question 3 The coca cola company mission which is enduring is dictated by their purpose as a company, and it serves as a standard in which they weigh their actions. Their mission is to refresh the world, inspire moments of optimism and happiness and lastly create value and make difference. The vision of the company to people and work environment, development of quality portfolio, partner to create a winning network, creation of long term profit for share holders and being highly productive (coca cola, 2010). Nokia’s mission statement is ‘‘connecting people’’. The intention is to provide people with incredible mobile products and enable the world’s population acquire more opportunities in life through the use of incredible mobile products and services. To further increase chances of achieving this mission, Nokia recently acquired a new strategy, leadership and operational structure. This new way of doing business includes plans for future strategic partnerships, maintaining global leadership in the telecommunication industry, promoting both value and volume global leadership in the mobile products and services industry, sustain the company’s future as a world giant and leader and lastly drive and implement change in the strategy and strategy of Nokia (Nokia, 2009). McDonald’s emergence can be traced back in 1954 when its founder saw a hamburger store in California and envisioned the same at a nationwide scale. In 1957 the company launched a motto entitled quality, service, cleanliness and value. McDonald’s ranks globally as one of the market leaders in food service. The company aims at offering value through safe, quality food, affordability and convenience (McDonald’s, 2009, p. 10-13) Samsung ahs got three core value systems. The first relates to what they term as Samsung values that forms their initial identity. The second is management philosophy that drives their existence, mission and ultimate goal and direction. The third is the business principles that ties to corporate social responsibility (Samsung, 2009). From the above paragraphs, most companies analyzed do not directly state their security concern in their overall mission, vision and goals. However, how their missions and visions are framed indicates the value they attach to information system in order to achieve their desired goals. For instance most companies desire for global leadership through creation of value to their customers and partners. In this they realize how important ban information system can be to an organization success. From the above observation, Nokia and Samsung have clearly articulated the need for new strategies of doing business. Question 4 The responsibility for business continuity lies solely in the hand of board of directors and senior management team. These calibres of top level management are expected to design business continuity policy, procedures, guidelines y setting attainable minimum standards. It is important to document them and subject them to internal and external review. One key component of risk management is business continuity planning. Risks management entails the protection of firm’s valuable components from a threat. The protection can be in term of physical security, back up of data, and insurance. Risk management help in mitigating of operational risks associated with certain business (Smith, 2003, p. 49). For the realization of business continuity plan in an event of adverse situations, there is need to document the procedures and place them under the custody business continuity management team. The management team should include co-ordinators drawn from senior management, functional departmental heads, line managers and risk management officers. In addition, the company can have crisis management team. However, theses services can be outsourced. The recovery plan should be guided by five levels which reflect the business continuity management life cycle. These are strategic level, process level, resource recovery, awareness and education and testing, maintenance, measurement and audit. Risks related to financial aspects are better addressed by business impact analysis (Smith, 2003, p. 50). Business impact analysis covers areas such as firm’s critical objectives and resumption time frame, resource requirements over time after disruption. These resources include staffs, data and information systems, alternate locations, backup strategies. After business impact assessment is done, one should develop risk assessment so as to identify key priority areas for immediate resumption. Risk assessment addresses factors like unacceptable concentration of risks, identification of internal and external threats, prioritisation of threats and provision of information for risk control management strategy (Smith, 2003, p. 51). The field of business is full of uncertainties and risks/ adverse conditions/ disruptions. These risks can emanate from internal or external factors. In addition, they can be either man made or natural factors. Business continuity plan/ business recovery plan is a document that stipulates how to guarantee continuity in the event of uncertainties occurring. The key objective of business continuity planning is to guarantee a competitive advantage and value system integrity in the event of these threats. These adverse conditions include vandalism, theft, fire, earthquakes and floods. In more detailed and precautionary approach, any instance that might curtail or threaten organisations operation should be treated as adverse condition worth planning for. The adverse effects can be felt in supply chain interruption, loss and or damage to integral component such as computer hard disks containing data bases among others. The above recovery plan is proactive measure even though it did not give enough focus on the importance of data loss and its recovery. The plan was more focused on financial recovery yet information forms one of the integral components of a firm. Question 5 Policy is predetermined course of action. It is a formal statement of the organisation’s managerial philosophy. In this context policy is applied in relation to organisation’s information security. Policies form the building block for planning, management and maintenance of the information security. Policy defines ideals and consequences related to breaching of the stipulated contents (Whitman and Mattord, 2010, p. 121). The basic rule of thumb in formulation of policies relates to developing the policy in the context of law. In other terms policies should never conflict with laws. The second is the ability of policy being able to stand up in a court of law if challenged. The final one is that policy must be properly supported and administered (Whitman and Mattord, 2010, p. 120). According to Whitman and Mattord (2010, p. 121) there are three types of information security policies. The first is enterprise information security policy (EISP), the second is issue-specific security policy (ISSP) and the last is system-specific security policy. EISP describe precisely the importance of information security to the organization’s mission and objective. EISP document has the elements such as an overview of the corporate philosophy on security, information relating to information security organization and individuals charged with this role, responsibilities towards security by all members and those particular to certain individuals (Whitman and Mattord, 2010, p. 123). ISSP covers guidelines that inform staffs about the use of a process, technology or system in the organization. It is not an enforcement tool as such, but a tool for creating common understanding. ISSP is more detailed than EISP which at a time is its undoing as it ends up being more confusing (Whitman and Mattord, 2010, p. 125). Initial two policies are broad level usually covering the whole organisation, but they do not provide sufficient information. On the other hand, system-specific security policy is system specific (Whitman and Mattord, 2010, p. 126). From the above observation, it would be prudent to apply for large organisations to apply system-specific security policy. This allows for formulation of policies tied to various systems. The later connects with the reality that large organizations can have numerous systems and large number of employees to control. To control these large numbers, we do not need overall policy, but a specific that touches on every one of them. On the other hand, Small organizations with few systems and small number of employees to be controlled can utilize EISP OR ISSP to formulate policies on handling information systems. References Bhushan, N. and Rai, K. (2004). strategic decision making: applying the analytic hierarchy process. Bangalore, India: Springer. Coca cola. (2010). Mission, vision and values. Retrieved on 16th December 2011 from: http://www.thecoca-colacompany.com/ourcompany/mission_vision_values.html Concas, G., Damiani, E. and Scotto, M. (2007). Agile processes in software engineering and extreme programming: 8th international conference, XP 2007, Como, Italy, June 18-22, 2007 : proceedings. Cross, N. (2011). Design thinking: understanding how designers think and work. Oxford: Berg Gillard, S. (2009). “Soft skills and technical expertise of effective project manager”, Issues in informing science and information and technology, Vol. 6, Retrieved on 16th December from: http://iisit.org/Vol6/IISITv6p723-729Gillard599.pdf. Lum et al. (2003). “Handbook for software cost estimation”, JPL D-26303, Rev. 0, Retrieved on 16th December from: http://ceh.nasa.gov/downloadfiles/Web%20Links/cost_hb_public- 6-5.pdf McDonald’s. (2009). worldwide corporate responsibility online report: the values we bring to the table. Retrieved 16th December 2011 from: www.mcdonalds.at/presse/maps/McDCSR.pdf Nokia. (2009). Nokia’s Vision of the Future. Retrieved, December 16, 2011. Papulova, Z. and Mokros, M. (2007). Importance of managerial skills and knowledge in management for small entrepreneurs. Retrieved on 16th December 2011 from: http://www.g- casa.com/PDF/Papulova-Mokros.pdf Peter, H. (2010). Practical software project estimation: a toolkit for estimating software, development effort and duration, USA, Benchmarking standard groups. Ramesh, M. (2010). The ace of soft skills: communication and etiquette for success, Noida, Dorling Kindersly. Samsung. (2009).Our value system. Retrived on 16th December 2011 from: http://www.samsungcnt.com/EN/overview/vision.asp Schadewitz, N. and Jachna, T. (2007). Comparing inductive and deductive methodologies for design patterns identification and articulation. Retrieved on 16th December 2011 from: http://oro.open.ac.uk/15257/1/IASDR_PAPER_schadewitz_final.pdf Smith, M.R. Weather can make or break your business. Retrieved on 17th December 2011 from: http://www.weatherdata.com/services/news_makeorbreak.pdf Whitman, M.E. &Mattord, H.J. (2010). Management of Information Security 3ed Course Technology:Boston. Wirsing M, Knapp A & Balsamo S 2002, radical innovations of software and systems engineering in the future: 9th international workshop, RISSEF 2002, Venice, Italy, October 7-11, 2002: revised papers, Volume 9. Read More