Object-Oriented Modeling Issues - Essay Example

Running head: IT INDUSTRY IT Industry Task The priority of Chief Information Officer (CIO) is to perform the job of innovator of change. The CIO is a strategic decision maker for every information needs of the organization and makes sure that all penetrations for cost, effort and monetary optimization are performed at its best. The role of the CIO is to understand, identify, prioritize and implement the information needs and requirements for growth, better productivity and seamless integrations of required business units for better communication of information in an accurate and timely manner. CIO is a leader and a motivator. A computer department manager is responsible for scheduling, optimizing, budgeting and controlling of the department for accomplishing all activities. He can be termed as a manager and not a leader. He executes and directs the resources for their functionality and observes discipline towards schedule and costs. Chief Information Officer (CIO) is a highest role on the technical side and embraces the technology change, adaptation, measuring deviations, adopting better strategies and managing the role of the IT in an organization. In 2010, the role of CIO would be more specific and in the area of their core expertise. Presently the general factor would be replaced with specialized factor for fetching the right solution to a problem. The segregation of the various roles would make sure that quality of execution would play a large role and enough space would be allowed to fetch the right thoughts for the ultimate benefit of the organization (CIO.com, 2008). The specificity in the roles and successful rotation would imply that CIO’s perform best at their core domain because of technological skills they embrace for years of practice and role rotation would expose them to other areas where they may obtain an overview to correlate the operations for further benefit. The division of work would also imply better innovation and research into a particular field and generating lucrative thoughts for business continuity and long term planning. The “general” factor and the nature to cater to the entire organization would make sure that all the various role played by the CIO would be divided into various sections namely operations, sales, technical architecture and so on. The CIO position would be shared by many champions in their field of technology and would cater better attitude and accountability for the various job sections (Chapman, 2007). One person handling the organizational risk is quite alarming and does not always make a sense in a larger organization where there are several issues to be taken care. Diving the role such as CIO (Technology adaptation), CIO (Technology risk), CIO (Technology sales), CIO (IT business continuity planning) and so on. The delegation would imply better forms of handling the authority with certainty in decision making and ability to meet less stressful management issues and requirements. Kerzner (2006) mentions risk must be taken as a separate department in the organization that must identify the very existence of risk in all activities of the organization with relation to internal and external elements. Risk identification and strategy for its existence must be made aware to the organization connected with implementing large IT projects. Once the identification of risks is made the very dynamic and coherent nature of the resources are taken into account. At this point one must determine the specific risks associated with it and would also provide the feedback for the mitigation of the risk. Large IT projects include several variables that have a direct or indirect impact on the project costs, time, people and other variables. CIO as a general position would be obsolete in larger organizations however they would continue to exist in smaller firms where business operations is yet to take a flight. The role and specificity would penetrate into the process as the business envelopes larger attitude and dimension for fetching the right decision. In comparison, the various roles of the traditional computer department manager are restricted to his department alone and not to the information needs of the enterprise. The scope of operations and the risk factors engaged in decision making, inappropriate planning, resource management and support is quite less. The areas of operation and the enterprise functionality on the whole would be of large scale for CIO but for the traditional computer department manager the scale of operations is really big. Task 2: Information strategy for any organization is purely based on their requirements to manage business and envelope operations into a system which would in turn effectively manage their resources and yield not only profits in the long run but satisfaction to its employees and customers (Laudon, 2002). Outsourcing is not only shipping jobs but an attempt to blame the principal economy for its lack of crucial resources for in-house development and growth. The following roles can be further attributed for the in-house development: 1. Rich human capital: The principal economy must upgrade its education and training facilities to produce ‘A’ level business and technological graduates. They must give due importance to the growth and retaining of high talent in terms of fundamental knowledge and high level of skills due to their immense strength of aptitude and quantitative ability. The human capital has capability to take up entrepreneurship and make a difference to their economy. 2. Cost efficiency: Several cost cutting measures for running and development of technology and infrastructure would amend the monetary policies that are favorable for development at low costs. 3. Quality of Domestic Companies: The domestic companies must be quite resource capable in fetching the right expertise to perfect a job and offer enough support for retaining the customer. They must meet the ISO, SEI CMM compliances and meet international standards for performance and task audit. The up-gradation of quality factors would determine better strategy for right focus for in-house development. 4. Better communication facilities: The communication technologies like mobile technologies must be researched and have to capacitated the use in business and critical regions where any flag of disadvantage would tremble business confidence and tension service level contracts. Such innovation would boost business confidence in the international market and has built confidence to take up in-house developments which are handled with enough care and trust. The new roles that are required internally are the various policies for upgrading the resources with regard to infrastructure, technology, human capital and many more. The decision making ability and the up-gradation of technical abilities and compliances to global standard practices would enrich in-house development objectives. Young (2004) mentions that the balanced scorecard approach would enable the right integration of service level agreements with the measure of business objectives. It is a right tool to incorporate value drivers like customer service, innovation, operational efficiency and financial performance in outsourcing activities. The right control and exercise are the primary factors for which balanced scorecard is successful. An outsource contract is capable of proving its good with the help of balanced approach as it underlines all the service level commitments and its compliances from time and again. Task: 3 Answer: a The most appropriate step would be to set up a managed service consultancy team who would be able to take up the responsibility of serving with their expertise. The following can be the set of characteristics which I would look forward to in seeking a partner: 1. Domain expert: The managed service partner must be a domain expert and must possess enough blend of knowledge in IT and management of hospital systems. They must possess professionals who have a long experience is handling the IT infrastructure of the hospital systems. One exposure to such systems makes sure that they understand the various risk factors engaged in the system and the possible penetrations for better system design and handling. Some professionals in the commerce domain are also encouraged as the system would be developing invoice payments and ledger managements. 2. Transparent SLAs: The service-level agreements must be supported well with strict norms for compliance with regard to quality and services. The Right to Information act must reveal all inside details of the performance and security acts. The various norms for fetching the right service must be enforced. 3. Smooth communication: The communication with the managed service partner must be kept smooth so that all the innovation and knowledge transition takes place timely. 4. Documentation: The documentation for the various processes must be done so that one is able to understand the architecture at any point of time and propose better strategies for security, risk management, technology innovation and development of major business processes. Answer: b The takeover of various IT issues at NHS by the managed service consultancy would raise various issues for fetching them the right amount of detail to manage effectively the resources: 1. Interface issues with respect to networks: a. The various networks would hold the feature of interconnecting with various systems for data communication which must check the compatibility issues of the various software’s. b. The issues of the network ability and monitoring must be taken care for the handling any negative regulations and handling risks. 2. Interface issues with respect to help desk: a. The help desk issues relate to the various collaborations that are required for solving user queries and ensure timely support for customer queries and issues handling. b. Special trained professional and enough demand for updated knowledge would be the key success factors for the partners. 3. Interface issues with respect to training: a. The training issues make sure that all the various innovations and business processes are handled 4. Interface issues with respect to fault escalation: Task: 4 The tolerance limit of the business and its various projects make sure that international business confidence is managed well. The various factors responsible for making the plan possible would be to enforce the information and communication technology safety for an organization. The following can be considered essential for business continuity issues: Software applications: The reliability aspect of the software applications enable one to understand the various exceptional situations, risks and threats pertaining to the various external elements over the system. The business information is often stored in databases and enables one to store and retrieve information simultaneously. The security of the data and the transactions are very essential for the long term success of the business. Web content security: It forms the greater part of the security as they are aimed at non-representation or illegal presentation of false content that a user is not expected to see. The term cross site scripting (or XSS) is often used in conjunction with the web content and links that are to be secured for a website. Acunetix (2007) own product Acunetix Web Vulnerability Scanner is easily downloadable and comes free. Using that one could scan their website for any such flaws. Directory traversal attacks: The directory traversal attacks are quite common where the links are traversed to a very different path where the information flows to the hackers. It is due to the malfunction of the codes at the client and server sides. The code efficiency and link path requires to be checked periodically so that one is able to redesign and test the system for any malfunction. SQL injection: It is another method where intruders are capable to draw information from one website using SQL languages to illegally fetch customer’s data for obtaining their financial information or to manipulate information for wrong use. The website must be checked periodically for such incidents and must also make sure that customer records are encrypted using 128 bit security layers at the database side. The database security must be checked for getting sure that no such activity is evident. The customer’s financial information would be encrypted to hide it from easy access from hackers. E-commerce transactions security: The use of SSL 3.0 makes sure that all vulnerabilities regarding the tapping of information so that one’s purchases are safe in all respects. The use of this protocol makes sure that a secured channel is followed for communication between the client communicating clients. The use of Transport Layer Security (TLS) is important and can be enabled for any website for securing the communication to the communicating clients. IETF (2007) explains that TLS composes of point to point authentication techniques and communications privacy over the internet strengthening the encryption. Web server checks and database security checks: The periodic checks are done to put a check on performance of the website and database usage. All the relevant links and database security is checked for overall assurance. Database backup: The database backup plans must be devised accordingly for keeping the records safe to protect against unforeseen disasters (Navathe, 2002). Network security: It can be ensured using the network applications that take care of digital data communication and security must be enforced for safeguarding them against malicious programs. a. Firewalls It is a device which permits, restricts computer traffic in accordance to the security policies enforced in the business rules. Firewalls are either implemented through hardware, software, or both. They work best in detecting attacks that could enter or leave your system through an open port, such as worms and some Trojan horses. They do not scan the fragmented packets so in that way malwares attached to e-mails are still threats inside the network. b. Gateways It is an excellent network device which functions for communication with various types of networks with a different architecture and protocol usage. It also handles security to a great extent as it is an interface for alignment of various other networks. Types of attacks at secured networks a) Interceptions of communications. The electronic communications can intercept and the data can be copied or modified. Interception it can be realized with various ways. Potential damage: The outlaw interception can cause damage, so as much violation of private life of individuals, what via the exploitation of data that they have been intercepted (Panko, 2004). Likely solutions: Defense against interception can emanate with the encryption of data that is transmitted via the network. b) Not permitted access in computers and networks of computers (hacking, cracking) The not permitted access in computer or in a network of computers is usually realized malicious with the intention of copy, modification or destruction of data. Potential damage: The not permitted access has occasionally as motive mental challenge and no speculation. The protection at the not permitted access in personal information, included economic information, banking accounts and data of health, constitutes right of individuals (Thomas, 2004). Likely solutions: The most common method of protection against not permitted access is the installation of a firewall. However, with this is provided limited only protection and also it should be supplemented by other controls of safety, as the recognition of attacks, the detection of access and the controls in the level of application (included “intelligent cards "). c) Perturbation of networks (denial of service) That is to say challenge of network collapse because of overloading. The networks are to a large extent digitized and are checked by computers. The most common reason of perturbation of network existed at the past the damage in the system of computer that checks the network, while the attacks against network were directed mainly to their in question computers. Today, most attacks exploit weaknesses and liabilities of constitutive elements of network (functional systems, routers, switches, DNS etc). The attacks can receive various forms: a) Attacks against DNS, b) Attacks of routing, c) Attacks of refusal of benefit of service. Such software, networking and hardware related securities and threats are identified early and make sure that all the various loopholes are capitalized upon for better design and techniques to safeguard business. It also helps a business to gain investor confidence and continue with profitable spirits for better business continuance and successful integration. References/ Bibliography Acunetix (2007). Web Site Security Center: Check & Implement Web Site Security. Retrieved 8, November 2008 from http://www.acunetix.com/websitesecurity/ Chapman, C.B. and Ward, Stephen (2007). Project Risk Management- Processes, Techniques and Insights. Chichester, John Wiley & Sons. CIO.com. Retrieved 6, November 2008 from http://www2.cio.com/analyst/report1661.html IETF (2007). Transport Level Security. Retrieved 8, November 2008 from http://www.ietf.org/html.charters/tls- charter.html Kerzner, Harold (2006). Organizational Management at CIO- A Systems Approach To Planning, Scheduling, And Controlling. Sixth Edition, John Wiley & Sons, Inc. Laudon, Kenneth (2002). Managing Information Systems: Organization and Technology, Fourth Edition. Young, Tim (2004). Measuring the Value of IT Outsourcing. Retrieved 7, November 2008 from http://www.cioupdate.com/insights/article.php/3439271/Measuring-the-Value-of-IT-Outsourcing.htm. Read More