Governance Guidelines

Listed below is governance guidelines that help IT professionals responsibly support goals and mission of their company. Use of these guidelines should enable understanding and clear communication of company's goals among all employees of the company. It will allow business processes to better support company's strategy while complying with the policy.

#1 - Establish a Framework

Using an established best practice, such as COBIT, ISO, or ITIL, documented form of methods and procedures should be in place within a company. A framework will establish how an organization makes decisions, evaluates risks, and measures performance (Mcloughlin, 2011). A company should consider using bits and pieces of major governance frameworks even if you run a small company.

#2 - Run IT as a business

An outcome on the idea of aligning IT with business needs should be in place and the focus should be running IT as a business. IT is increasingly becoming more focused on delivering services so companies should focus on the best ways to deliver their service to the customers. The key point of running IT as a business is to focus on the customers that are a crucial point to translate to the company.

#3 - Keep it small

This should be kept between a small number of people within a company. Top-level employees and managers are expected to have clear understanding of the needs and processes of the area they govern. It is beneficial to keep governance committees as small as possible. Also, this can ensure governance committees are responsible for conveying the governance strategy to people they manage.     

#4 - Top-down goals

This should always be dictated from the top down. Lower tier level processes and policies dictating the goals of a business indicates a problem with company’s governance. The main distinction to be made is the creation of policy at the higher levels and the implementation of the processes to support the policy at the the lower levels. This will use the talents of the employees at all levels within the company. 

#5 - Manage Risk

Risk is evident within any companies and can never be gotten rid of. It is crucial to manage risks to keep issues from escalating and ensure that all assets are not being wasted. Managing risk also means to identify the probability of a loss occurring within a specific area and determine if it is beneficial to reduce or eliminate the risks. 

#6 - Focus on Transparency

Allowing visibility of company's operations and goals creates a sense of cohesion and levels of trust with the stakeholders.  Chun (2005) described that being transparent means that processes are identified in a clear and understandable manner to anyone.

#7 - Enable Incentives 

This is a good way to motivate employees to have well performance and increase job satisfaction. It serves as a valuable way for holding on to good talent in a company. Incentives should be depended on what tasks are valuable to the company, and rewards should be substantial enough to warrant motivation.

#8 - Clarity over Quantity 

A company should focus on clarifying roles, responsibilities, and processes and not creating unnecessary rules, regulations, and delegations. Employees prefer to be free to govern themselves as much as they can and clarifying roles and responsibilities helps them accomplish this independence.

Read More

Policy Guidelines

Guidelines listed below outline the key areas and steps to cover to create and ensure that company policy is understood and followed. An effective policy will enable organizational conformance to the business strategy and establish documents and understanding of organization's goals.

#1 - Define a Scope of the Policy

Creating a scope of company policy includes identifying the individuals and processes that are working within the policy and people who are not affected by the policy. The scope outlines actions and impacts that the policy will have on the company. A definition of the scope sets up guidelines for accountability and the individual roles and responsibilities involved.

#2 - Define Roles and Responsibilities

This will clearly specify who and what is privileged. This can be broken down using the Responsibility Assignment Matrix (RACI) model for increased more clarification. This will make sure that employees know their role and can effectively execute their responsibilities.

#3 - Ensure Accessibility

Establishing policy should be available to all employees within a company and is easily accessed. It should be available through an online company website that all employees can access. All employees should receive a copy once they are hired as well as whenever major policy changes are made. 

#4 - Be Clear and Concise

An effective policy should be as short as possible while still covering all important areas within the company. The wording that is used should be simple, clear, and understandable to all employees in the company. Also, avoiding confusing wording and terminology will decrease policy infractions in the long term.  

#5 - Focus on Compliance

IT policy should be matched with standards of compliance that are required in a company. Whether complying with HIPAA, Sarbanes-Oxley, or accessibility rules, a company should ensure to integrate these standards into the policy.

#6 - Enable Accountability

This ensures that a company knows who is involved with a process so that a variety of different actions can be taken. These actions can range from answering questions about a process, offering recognition, and determining the source of problems. Also, accountability makes sure that the needs of a specific process or person are being met.

#7 - Train and Educate

Policy can be changed depending on the changing needs of a company. For this reason, it is necessary to regularly train and educate employees about current policy and impacts on their work. Training will also reduce errors and provide employees with clear understanding of what is and is not acceptable for them to do under the company policy (Taylor, 2001).

#8 - Create Policy Map
This is used by a company that is required to meet the regulations set by the government. Policy mapping indicates the individual rules that require compliance by a company and establishes areas where they need to assure compliance is obtained. Policy mapping is equivalent of a checklist that the company creates to ensure all regulation requirements are fulfilled.

Read More

Strategy Guidelines

Strategy guidelines are a selection of guidelines that is utilized in the management of business strategy. Guidelines below work in conjunction with each other to establish an effective, adaptable, and valuable strategy. 

#1 - Have a Mission Statement
This is a statement of purpose for a company. It contains overall long-term objective, aims of the company, and reasons for the existence of the company itself. Establishing a mission statement allows stakeholders, customers, and employees to understand what the company is about and what they are striving to achieve.

#2 - Perform a SWOT Analysis

Performing an analysis of the Strengths, Weaknesses, Opportunities, and Threats (SWOT) within a company is a precursor to creating a roadmap for company's strategy. This assessment can be broken down into the departments and business processes to concentrate on particular areas of the company. "The health of your company’s key business priorities and IT strategy as they relate to your culture, capabilities, and infrastructure,” stated by Johnson (2012).

#3 - Use a Core Capabilities Matrix

This defines the main capabilities, which can drive business value and subdivides the small processes and areas that support the core capabilities (Schoemaker, 1992). Using a core capabilities matrix is a step in the direction of creating a understanding strategy roadmap. The core capabilities of a company are identified to provide a visual aid in the creation of the strategy roadmap.

#4 - Build a Strategy Roadmap

This allows stakeholders to have understanding of the people and processes involved with the operating a company. A strategy roadmap enables for clear communication across different departments in the company and supports the desired business-process outcomes.

#5 - Be Cost Effective

It has been a trend to adopt new technology without thoroughly understanding if the technology will fit and benefit a company. This concept applies to all assets involved with a business. Being cost-effective to can determine if something will yield any quantitative or qualitative value to a company.

#6 - Identify Business Drivers Based On Investment Returns and Performance Indicators

This will identify to IT managers which process areas are optimized in support of the major business drivers. Also, this can help to identify areas that need less funding and resource allocation if they aren't beneficial to a company.

#7 - Ability to Accommodate Rapid Change Management

In order to improve a company, it must be flexible and employ change management procedures and people who allow for this to happen. Enabling fast and effective change management processes eases organizational relationship strain that is quite cost-effective.

#8 - Identify and Match Strategy to Stakeholder Requirements

This is obvious to most IT professionals, and it is vital for organizational strategy to the needs of the stakeholders. IT professionals need to focus on what you deem is the direction and needs of the stakeholders. Since stakeholders determine the success of a company, the company has to create a strategy that appeals to them.

Read More

IT Glossary

Balanced Scorecard

"A strategic planning and management system that is used extensively in business   and industry, government, and nonprofit organizations worldwide to align business activities to the vision and strategy of the organization, improve internal and external communications, and monitor organization performance against strategic goals (Balanced Scorecard Institute, 2014)."

Business Process

"A business process is a collection of activities designed to produce a specific output for a particular customer or market. It implies a strong emphasis on how the work is done within and organization, in contrast to a product's focus on what. A process is thus a specific ordering of work activities across time and place, with a beginning, an end, and clearly defined inputs and outputs: a structure for action (Sparx Systems, 2004)."

Business Value

"Business value is the standard measure of value used in business valuation. Different standards of value may lead you to different conclusions as to what a business is worth. It is not surprising, for example, that an investor focused on purely financial returns may value a business differently than an entrepreneur looking to fulfill personal goals (ValuAdder, 2014)."

IT Assurance

"The role of IT assurance in the financial services sector has expanded – both in the ever-increasing complexity of systems, IT processes and continued regulatory requirements over security and data integrity, as well as in the continued demand for IT to deliver real value to the organisation (Moore Stephens)."

IT Governance

"The responsibility of executives and the board of directors; consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise's strategies and objectives (ISACA, 2014)."

IT Policy

"Generally, a document that records a high-level principle or course of action that has been decided on. The intended purpose is to influence and guide both present and future decision making to be in line with the philosophy, objectives and strategic plans established by the enterprise’s management teams (ISACA, 2014)."

IT Risk

"The business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise (ISACA, 2014)."

IT Resource

"Any enterprise asset that can help the organization achieve its objectives (ISACA, 2014)."

IT Strategic Plan

"A long-term plan (i.e., three- to five-year horizon) in which business and IT management cooperatively describe how IT resources will contribute to the enterprise’s strategic objectives (ISACA, 2014)."

Key Goal Indicator (KGI)

"A measure that tells management, after the fact, whether an IT process has achieved its business requirements; usually expressed in terms of information criteria (ISACA, 2014)."

Key Performance Indicator (KPI)

"A measure that determines how well the process is performing in enabling the goal to be reached (ISACA, 2014)."

Return On Investment (ROI)

"A measure of operating performance and efficiency, computed in its simplest form by dividing net income by the total investment over the period being considered (ISACA, 2014)."

Scoping Process

"Identifying the boundary or extent to which a process, procedure, certification, contract, etc., applies (ISACA, 2014)."

Service Level Agreement (SLA)

"An agreement, preferably documented, between a service provider and the customer(s)/user(s) that defines minimum performance targets for a service and how they will be measured (ISACA, 2014)."

Strategic Planning

"The process of deciding on the enterprise’s objectives, on changes in these objectives, and the policies to govern their acquisition and use (ISACA, 2014)."

Supply Chain Management (SCM)

"A concept that allows an enterprise to more effectively and efficiently manage the activities of design, manufacturing, distribution, service and recycling of products and service its customers (ISACA, 2014)."

Read More

Cloud Security & Protection

Benson, K., Dowsley,  & R., Shacham, H. (2011). Do you know where your Cloud files are? Retrieved from http://cseweb.ucsd.edu/~rdowsley/pdf/BenDowSha11.pdf

Although there are many ways of Amazon Cloud services can be verified to know where a file is being storing such as by end users and by contracts or service-level agreement, it’s not enough for users because of fear of losing the data. Moreover, even if cloud providers allow users to check if their data is replicated onto multiple disks, the providers still have to deal with the difficult task of assuring that their copies are store in the different locations. Therefore, this paper proposed a solution to how to verify the geolocation of data in the cloud and successfully identified the approximate geolocations of data in Amazon's Cloud.

Melchor, C., Fau, S., Fontaine, C., Gogniat, G., & Sirdey, R. (2013). Recent Advances in Homomorphic Encryption. IEEE Signal Processing Magazine, 108-117.

For years computer scientists have talked about the very interesting challenge regarding the desire to be able to operate over encrypted data in an advanced way called Homomorphic Encryption. This is a field that gets nuanced fast, with terms like partially homomorphic relevant to many existing systems that are in place, but Fully Homomorphic Encryption (FHE) thought by many to be so far away to be just a dream. This paper presented recent advances in FHE both from a cryptographic and software engineering point of view.

Song, D., Shi, E., Fischer, I., & Shankar, U. (2012). Cloud Data Protection for the Masses. IEEE Computer Society, 39-45.

Cloud computing promises low costs, rapid scaling, easy maintenance, and service availability: however, a key challenge is how to ensure and build confidence that the data in the cloud is secure. Although users are having a huge interest in cloud computing, they concern about security, availability, and privacy of their data. Therefore, Data Protection as a Service (DPaaS) is a suite of security primitives that build in data-protection solutions at the platform layer to enforce data security and privacy.

Sedayao, J. (2012). Enhancing Cloud Security Using Data Anonymization. Retrieved from http://www.intel.com/content/dam/www/public/us/en/documents/best-practices/enhancing-cloud-security-using-data-anonymization.pdf

Cloud computing is worth to be invested in terms of availability of the data; however, the security of cloud infrastructure is a major concern nowadays. Intel believe that data anonymization is able to ease this concern, allow for simpler demilitarized zone and security provisioning, and enable a more secure public cloud. According to Sedayao (2012), “Data anonymization is the process of obscuring published data to prevent the identication of key information.” Data anonymization can maintain data privacy on the cloud; in the meantime, the data owners can still process their data to obtain useful information.

Read More

Computer Security

Deyhle, R. & Schaub, F.  (2012). Password entry usability and shoulder surfing susceptibility on different smartphone platforms. In E. Rukzio. ISBN: 978-1-4503-1815-0

In this paper, the authors discuss how different on-screen layouts of smartphones  affect a user’s ability to easily input a password while limiting shoulder surfing.  Password composition and input are optimized to be used on a physical keyboard, and this layout may not translate equally to smartphones. In discussing password composition, the authors cited that it has significantly affected usability, and mnemonic and persuasive text passwords have proven to be more usable. Significant variances exist between the different keyboard layouts. The different keyboard layouts included the iOS keyboard, Windows Phone, multiple Android, and Symbian. In their experiment, the authors found that the Windows Phone and IOS faired best in usability, but their keyboard layouts rated low in security. In conclusion, these results suggest the obviously widespread gap between security and usability. 

Budi, A. & Denis, B. (2004). Computer Security Impaired by Legitimate Users.  Computers & Security, 23, 253-264. doi:10.1016/j.cose.2003.09.002

In this research, the authors discuss the issues about computer security involving legitimate users. They mention that technical solutions are not adequate, and we need to focus on an individual user more. This includes taking into account the activities that individual users will be trying to accomplish and the manner in which they will perform them. Within this process, we encounter the trade-off between usability and security. Most often people strive for the least effort required producing acceptable results, the same idea applies to security. Understanding this trade-off is an important concept for developers to apply to the development cycle. A good example involves looking at passwords that offer more security as they grow longer and more complex but become much harder to remember. Moreover, these trade-offs exist within multiple layers of an organization and can be addressed looking at Reason’s model. In order to address these issues, the authors suggest looking at the organizations security culture that involves educating staff, making security user-centered, and allowing users to work in an environment not dominated by procedures. 

Read More

IT Service Delivery

Takabi, H., & Joshi, J. B. D. (2012). Policy management as a service: an approach to manage policy heterogeneity in cloud computing environment. 45^th Hawaii International Conference on System Sciences (HICSS). 5500-5508. doi:10.1109/HICSS.2012.475.

In this research on cloud management frameworks, Takabi and Joshi, researchers in the school of information sciences at the University of Pittsburgh, attempt to introduce Policy Management as a Service (PMaaS) to prevent security and privacy issues of cloud computing that are delaying fast adoptions of cloud computing and security mechanisms. The authors describe that PMaaS is a desirable solution designed to give users a unified control point for managing access policies to control access to their resources. In other words, it can reduce security issues of cloud computing by putting users in full control of their resources regardless of where they are stored. This understanding of the security and privacy risk will play an important role for developing the effective solutions that enable integrated access control system and can be used worldwide.

Anerousis, N., Diao, Y.,& Heching, A. (2010, April). Elements of system design optimization in service quality management. Network Operations and Management Symposium (NOMS), 2010 IEEE, 19-23. doi:10.1109/NOMS.2010.5488434.

There is a lot of competition between Information Technology (IT) service providers for the customers’ attention. Service quality has emerged as a key area of opportunity to innovate and deliver outstanding results to the customers. Besides, IT service providers have been trying to reduce costs while improving the quality of their services. In this research, the authors, researchers at the International Business Machines (IBM) Corporation, introduce an optimized system model adopted from the Lean Sigma methodology, which is a quality control framework, to minimize the variance of key quality indicators and deliver predictable capabilities. The optimized system model, as guidelines, enables an IT service provider company to receive, classify, and distribute their work. In conclusion, the model improves service quality with lower cost in the IT incident management process.

Diao, Y., Heching, A., Northcutt, D.& Stark, G. (2011, December). Modeling a complex global service delivery system. Simulation Conference (WSC), Proceedings of the 2011 Winter, 690-702. doi:10.1109/WSC.2011.6147797.

In this research, the authors, researchers at the International Business Machines (IBM) Corporation, describe the applicability of a modeling framework for analyzing complex service delivery systems. This study shows that the model is a solution for enterprises and Information Technology (IT) service providers to improve the quality of service at lower the cost of service delivery. The interaction among key factors in the model enables decision-making around staffing skill levels, scheduling, and service level constraints in system design. In the simulation-based approach section, the authors demonstrate the flow and core complements of the model, which consist of service requests, service delivery units, dispatching engine, and performance calculation. The model supports IT service provider companies to effectively balance dynamic customer workload, strict service level constraints, and diverse service personnel skills. 

Heikkinen, S.& Jantti, M. (2012, September). Identifying IT Service Management Challenges: A Case Study in Two IT Service Provider Companies. Database and Expert Systems Applications (DEXA), 2012 23rd International Workshop, 55-59. doi:10.1109/DEXA.2012.32.

Heikkinen and Jantti’s research proposes types of challenges existing in Information Technology Service Management (ITSM) from Information Technology (IT) service provider’s perspective. Information Technology Infrastructure Library (ITIL) is widely used ITSM approach and explains a way to structure service management. ITIL approaches service management from the service lifecycle viewpoint. The researchers focus on Continual Service Improvement (CSI) that is one of the service lifecycle phases. IT services should be significantly improved and developed to increase quality and cost effectiveness, and CSI is capable of enabling identification of bottlenecks and weak areas in the services. In conclusion, this research results will contribute to IT service provider companies who use CSI as an actual improvement target to avoid ITSM challenges.

Rosu, D., Cheng, W., Jan, E., & Ayachitula, N. (2012, July). Connecting the dots in IT service delivery: From operations content to high-level business insight. Service Operations and Logistics, and Informatics (SOLI). IEEE International Conference, 410-415. doi:10.1109/SOLI.2012.6273572.

Nowadays, Information Technology (IT) service providers rely on analyzing data to make strategic decisions to drive a highly cost-effective IT service delivery business. Understanding the collective value of various aspects of delivery operations are invaluable to achieve excellent service quality and solid profit margin. Nonetheless, the inability to integrate data models and taxonomies across business components is causing an issue. In this study, the authors, researchers at the International Business Machines (IBM) Corporation, introduce one of innovative solutions, which is called Business-Knowledge Discovery Component (B-KDC), to bridge the gaps between available content and higher-level business insights. B-KDC is a fundamental component of an IT service delivery business information system and contains content analysis tools. The authors also identify the main business problems and explain how B-KDC can address them through a number of techniques such as data-quality awareness and semi-automated adaptability.

Read More

IT Policy

Bruce, R., Dynes, S., Brechbuhl, H., & Johnson, E.M. (2010). Protecting critical information infrastructure: developing cybersecurity policy. Information Technology for Development, 83-91. doi: 10.1002/itdj.20096

In this article, the authors present their best practices and methodologies to foster a globally effective cyber security policy. They focus particularly on the expansion of the internet and communication technologies into developing organizations and countries. The elements of an effective cyber security policy share characteristics including trust, shared behaviors, and pervasive relationships. These traits often must be guided by non-regulatory organizations which often have their own motives at the forefront of their business policies. This is showing organizations the benefits of trusting relationships and developing the equivalent of SLA’s between previously uncooperative groups whose requirements are guided by functions rather than affiliation. Moreover, introducing governance and policy frameworks can show how cyber security frameworks can ensure organizational success.

Read More

IT Governance

Definition

IT Governance builds structure around how companies align their IT strategies with business strategies. IT Governance enables companies to make sure that the companies stay on the right direction to accomplish their strategies and goals. In addition, it can be implemented to measure IT performance of companies.

Concepts and Methods

Concept: Business IT Alignment - is used to ensure that a company is able to effectively use Information Technology (IT) to achieve its business strategies and goals (Wikipedia, 2014). While organizational models continue to evolve and management techniques continue to change, IT business alignment, its close relative and process technology alignment remain as the major goals for many organizations. According to Gartner (2013), "How technology will support growth and results is a fundamental question for the future. It's no longer sufficient to tend the IT garden and declare success. Digital technologies provide a platform to achieve results, but only if companies adopt new roles and behaviors to hunt for digital value. A new agenda that secures IT's future strategic role, funding, and skills is necessary."

Method: IT Steering Committees - are people who ensure that a company is heading in the right direction and aligning with its IT strategies (Barclays, 2014). The purpose of the Information Technology Steering Committee of a company is mainly to: 

• Oversee major IT related strategies, projects and technology architecture decisions; 
• Monitor if the company’s IT programs effectively support the company’s business goals and strategies; 
• Consult with the company’s senior IT management team; 
• Inform the higher-level directors on IT related matters.

Tools and Best Practices

Heller (2012) introduces the five best practices for IT Governance as the following comprehensive terms:

1) Get your business priorities straight
Align IT investment with strategic business objectives.

2) Use the rear-view mirror
Look at the success and funding of previous IT projects to make determinations about future expenditures.

3) Keep it small and elite
Keep involvement of governance to executives and business leaders.

4) Don’t mistake good governance for project success
Governance is not the same as project management. Don’t forget about a project after it has been approved by the governance committee.  Make all those involved accountable to ensure project success.

5) Right-size your approach and stick with it
Match company's governance strategy with the size and complexity of the organization and maintain it that way.

The information represents valuable knowledge that can be easily explained and adapted to any organization’s governance practices regardless what particular industry they might be in. 

My Approach

Heier et al (2009) described "increasing IT pervasiveness and the growing difficulty for executives to avoid IT decision making." This strengthens the correlation with the importance of IT governance and business success. My approach to using IT Governance in a cost-effective manner is to keep governance processes up to date with current business and IT strategy. Horne and Foster (2013) emphasized that companies should prioritize more on capabilities, not projects. This approach is more for highly innovative capabilities which have an long-term payoff analysis. An overview of current business capabilities is performed and determined whether or not to proceed with the project. It acknowledges that there are successful ways to govern IT which have the potential to create significant business value for a company that might be looked over.

Secondly, my approach is demonstrated by the Accenture Company (2012). They identified that in order to develop value through IT Governance, it is crucial that high-performing businesses are successful in adopting the right governance structure and implementing good IT value practices. Particularly, the following success factors are also identified by the Accenture Company (2012):

1. Establish an overarching IT Governance framework
2. Focus on tight business and IT alignment
3. Make IT a business driven activity
4. Plan IT demand professionally
5. Bridge the skill gap between business and IT
6. Run IT as a business

Those factors demonstrate the importance of cohesion and integration of both business and IT. The real objective of IT Governance is to be able to manage IT as the business is managed. Nevertheless, much of the success of those ideas lies in the employees working within a company. Adopting the correct governance strategies and employing the right people leads to value in the form of higher profits, better business returns on IT investment, and positive impact on shareholder value (Accenture, 2012).

Read More

IT Policy

Definition

IT Policy is guidelines within a company to correctly use IT tools and resources in order to support company's goals and missions in the best possible way. Different companies can have different IT policies depending on their own use and access that they have into their systems.

Concepts and Methods

Concept: Security Risk - is how an organization protect and secure its information, business, and so on from operational risks (ControlRisks, 2013). There is much possibility that an organization's assets that are insufficiently safeguarded against threats is very high. The protection shortfall against loss, damage or compromise is known as risk. If decision makers are aware of the risk, this issue is compounded because of them who may be unaware of all the actions available to them to mitigate risk. To prove this, it's only needed to look at the high degree of breaches even if security tools and practices are more prevalent than ever. There are two policy models that are widely used today; risk-based and rule-based (Discini, 2006). Traditionally, rule-based policies were developed to control computing assets at a time when regulatory compliance and security risk weren't even merit a passing thought. On the other hand, the goal of risk-based policies is not to provide remedies for every security breach or gap, but to delineate a comprehensive, systematic approach to risk mitigation and management.

Method: Security Policy - is used by an organization to state how its members should behave (Walt, 2001). Security policy is one of the critical elements of IT security. It identifies the rules and procedures that all persons who have an access to computer resources must adhere to ensure the confidentiality, integrity, and availability of data and resources of the organization. Moreover, security policy puts into writing an organization’s security posture, describes and assigns functions and responsibilities, grants authority to security professionals, and identifies the incident response processes and procedures.

The security-related decision’s the company makes, or fails to make largely determine how secure or insecure the company's network is, how much functionality it offers, and how easy it is to use. However, the company can't make good decisions about security without first determining what the company's security objectives are. The company therefore can make effective use of any collection of security tools.

Tools and Best Practices

A toolkit for IT Policy is Information Security Policy written by DISP (2007). It consists of a series of documentation in order for the organization to achieve compliance based on required standards. Mainly the issues was concerned over information security policy. The documentation that is most useful for IT Policy is an outline for developing a comprehensive security policy. A breakdown of relevant security standards are described and can be easily adapted to create a new security policy.

Major areas are as the following: 

• Organization of security
• Asset management
• Human resources
• Physical/Environmental security
• Communications
• Access control
• Compliance
• Business continuity planning
• Incident management
• Systems acquisition 
• Development 
• Maintenance 

Moreover, each of the areas has its own documentation further breaking it down. Information Security Policy is efficient at integrating and reworking changes to policy without having to change the entire security policy unless it is required.

My Approach

IT Policy creates the groundwork to ensure a company is not unnecessarily wasting time with the company's assets. It seeks to establish proven methods and best practices to carry specific business processes in a company. In my approach to creating a value through IT Policy, it is important that policy is dictated from the top down. If a company has tier-1 security personnel dictating policy, how can they be sure that it is in the best benefit of the company. The tier-1 security employees have limited knowledge and experience with overall organizational direction and policy. They therefore should not be determining policy.

In addition, InstantSecuirtyPolicy.com (2013) described the idea that “no single policy or security strategy will work for every organization.” It is necessary to specify policy to how an organization operates. Moreover, this doesn't necessitate a long policy, more so an efficient one. This brings me to another approach in terms of IT Policy, which is the importance of developing clear, concise and understandable policy. To use this approach, it should reduce mistakes and improve employee’s ability to perform business processes due to less ambiguity in how things should be done. When something goes wrong, the problem can be identified and quickly solved. To use these steps, it should have an impact on business value in order to increase work productivity and less time spent correcting mistakes since there should be a quantifiably noticeable reduction in these mistakes. Finally, to create effective policy, it should ensure compliance regarding standards that are required by the company (HIPAA, 2011).

Read More

IT Strategy

Definition

IT Strategy is a set of objectives that an organization tries to achieve with their IT programs. IT Strategy can cover angles of technology management such as cost, human resources, hardware and software, vendors, and risk management.

Concepts and Methods

Concept: Return on Investment (ROI) - is one of IT strategies that measures and evaluate the efficiency of an investment. Any IT investment projects are embedded in an organization's technology infrastructure, relevant business processes, organizational environment, and external relationships (Investopedia, 2013). Technology infrastructure - has direct costs associated with the technology and services where the company invests as well as costs of the impact on other technology systems already in place. Business processes - ROI isn't only account for the improvements to relevant business processes, but also for the costs  associated with training staff involved in using the technology system.Organizational environment - has other costs and returns that are linked to the organization, such as resource flows, performance changes, and internal relationships. External relationships - is linkages with the external environment. Resources are committed from this environment to support the project, and additional costs may be imposed on outsourcing.

Method: The Economics of Information -studies the value of information and information systems that affect to the organization, strategy, and economy (Wikipedia, 2013). Two concepts of economics of information are referred to the economic activity course and social meaning (Zhengjie, 2010). The economic activity course is to secure the greatest economic benefit through a certain kind of economic activity under the condition of uncertain or incomplete information. The other concept is the social meaning of the economics of information that focuses on the macro economic characteristic.

Tools and Best Practices

Strategic Security Architecture Principles Worksheet written by Scholtz (2008) is a toolkit for IT Strategy. In situations where security and risk are important factors, the tool provides a great visual breakdown of security architecture called the enterprise information security architecture (EISA). The EISA framework consists of a hierarchy of evolving documentation containing models, requirements and templates (Scholtz, 2008). The documentation at the high level tends to focus on concepts and is less detail and more stable. The lower level is more detail and dynamic. In essence, while more-frequent changes in the technology and tactical business process landscapes affect low-level artifacts, changes in the strategic business requirements (less frequent) affect high-level artifacts. This dynamism alludes to the fact that the security architecture is a continuous process, rather than a single event or periodic activity.

My Approach

According to my knowledge I have learned from this course, I feel that IT strategy and the functions of the business should not be discussed separately. I think to align IT with the business strategy seems outdated. It is important to establish the fact that IT is business and business is IT. The strategy and implementation of IT in business should be a cohesive, mutually involving process from the first step. IT doesn't come into play at a certain step in business processes. On the other hand, it is always there because of the nature of how integrated technology with business is. This is the approach I will use when I think about IT and Business strategies and how to meet the needs and create value. 

Along with the idea, Schiller and Miller (2012) stated that “a data strategy must start with business drivers, priorities and needs. Every project within the strategy roadmap must show a direct link to these business initiatives.” This is another aspect of IT Strategy that I will use as the approach. This roadmap delivers the architectural discipline to provide a design that addresses business goals, initiatives or pain points. This also will outline what specific business objectives are, how to achieve them, their ROI, and the risks involved. Roadmaps, along with tools like the balanced scorecard, are crucial aspects of strategy to ensure organizational success.

Read More

My IT Perspective

Definition of an IT Professional

IT professionals are people that create a programs, develop use cases, and train and develop policies on technology systems. IT professionals should have at least characteristics below:

• Knowledgeable
• Continually learning
• Effective and Efficient Communications
• Making Informed Decisions
• Dedicated
• Improving and Influencing People Around Them
• Using Skills to Best Benefit the Organization

I think learning IT professional practices are also able to increase an individual skill and ability of an IT professional. Not only it helps to become familiar with the variety of roles available in IT professionals, it also helps to improve effective communication and interpersonal communication skills. Through those practices, IT professionals is able to select and use strategies for effective and efficient productive and receptive communications. From all above, practices as an IT professional are obviously useful in terms of meeting business needs and other requirements.

My Personal IT Perspective

It7833 it professional_perspective_kanujhun from Kornchai Anujhun

It7833 it professional_perspective_kanujhun from Kornchai Anujhun

Read More

About Me

I’m a professional web developer. I've efficient programming inASP.NET, PHP, jQuery, and etc. I also have knowledge on other IT related fields, including Oracle, SQL Server, PostgreSQL, and MySQL Database Architecture, Information Security, and Procurement Strategy. I'm currently studying for a graduate degree in Information Technology (IT) at Southern Polytechnic State University (SPSU). As my career transition several years ago, the change in my career desires has made it necessary for me to an IT field. With the IT-based knowledge, I hope to use my unique strengths to fulfill my future career.

Read More