Category: Information Technology

Introduction

Phoenix is a financial service company that has its headquarters in Arizona but operates in the national market of the United States. The active online operations of this firm mean that it cannot afford regular failures within its IT system. It must have an effective system of measurement that will help it to measure its performance in the market (Anderson and Goodman 59). The system must be easy to use and it must take into consideration the uniqueness of this firm in the market. As a consultant, the researcher will develop a plan that can be used by the management to judge the operation of the teams within the IT department in a discrete way to ensure that the functions are conducted as per the expectations of the management.

System of Measurement at Phoenixs IT Department

According to Daim and Albar, when developing a system of measurement, it is important to be very specific (43). Measurement systems or plans must focus on a given area within the department instead of looking at the broad operations of the firm. At Phoenix, the department of interest was the IT unit. It is important to note that this is a unique and very sensitive department that needs primary measurement plans.

The first plan can focus on the employees output within the department while the other will focus on the output of the structures such as the servers, networks, computers, and any other tool used in the department (Dwivedi 52). In this analysis, the plan will focus on a system of measurement for the employees within this department.

The assessment plan will try to determine how efficient the employees are in using the current system before the management can consider how to upgrade the infrastructure. It is only after using this plan that the Chief Operating Officer (COO) will be able to make informed proposals on what needs to be improved during the planned upgrade. The following model is a summary of the proposed system of measurement that will be used by the IT department to measure the performance of the employees and to identify issues that need to be addressed to improve this performance.

As shown in the figure above, there will be a systematic measurement of performance that will be done at this firm, and the chief operating officer will be able to monitor it easily at the firms headquarters. In the proposed system, there will be three subcategories of the performance assessment that will take place. To understand this system, it will be necessary to start at the lowest end. The firm currently has 17,846 investors being served in 13 branches and also at the firms headquarters. These investors are served by 113 staff at the 14 offices (13 branches and at the head office).

Each of the employees will be assigned specific clients to handle based on the geographic location of the client and the location of the offices from which they operate. Every employee has been assigned a dual PC system. In this system, the software will be installed that measures the time employees take in addressing official assignments, how the employees respond to customer needs, and any other issue relevant to their assignments (Misra and Rahman 72). The metrics of their performance may be time (in hours) spent in undertaking official duties per day. The software will also detect how often every employee uses the IT facilities assigned to them.

The information from each of the 113 employees will be collected at the office level and will be monitored by the branch manager who can act upon it if it is necessary. The information about the efficiency and performance of the team will then be reflected immediately at the headquarters in Arizona. The COO can then have a summary of the performance of each of the 113 employees and how optimally they are using the IT equipment.

If it is noted that they are using the equipment optimally but their service does not meet the demands of the investors, then this may be a sign that there is a need to upgrade the entire system and to introduce a system that has a larger capacity (Khosrowpour 27). If the review shows that the current IT equipments are underutilized, then it may be a sign that the firm does not need to upgrade its systems yet. What is necessary is to ensure that the individual employees within the department use the systems effectively (Proctor 31). The back-up system at the headquarters should also be put to test regularly to ensure that it is as efficient as the management expects.

Conclusion

The above model is specifically designed to measure the performance of the employees, specifically how optimally they are using the IT systems and structures to address various tasks within the firm. The system will make it possible to determine if it is the employees who are not making maximum use of the IT system or it is the system itself that is underperforming. This way, the chief operating officer will know the best action to take in addressing the weaknesses within the IT department.

Works Cited

Anderson, James, and Kenneth Goodman. Ethics and Information Technology: A Case-Based Approach to a Health Care System in Transition. New York: Springer, 2002. Print.

Daim, Tugrul, and Fatima Albar. Technology Assessment Forecasting Future Adoption of Emerging Technologies. Berlin: Erich Schmidt, 2011. Print.

Dwivedi, Ashish. Handbook of Research on Information Technology Management and Clinical Data Administration in Healthcare. Hershey: Medical Information Science Reference, 2009. Print.

Khosrowpour, Mehdi. Managing Information Technology Resources in Organizations in the Next Millennium. Hershey: Penn Idea Group Pub, 2009. Print.

Misra, Hosea, and Hakikur Rahman. Managing Enterprise Information Technology Acquisitions: Assessing Organizational Preparedness. Hershey: IGI Global, 2013. Print.

Proctor, Scott. Optimizing and Assessing Information Technology: Improving Business Project Execution. Hoboken: Wiley, 2011. Print.

Information Governance

COBIT is the framework for the corporate governance of information technology (Gelinas, Dull, & Wheeler 2014, p. 295). This paradigm enables companies to improve their IT operations and overall information management. COBIT provides a big picture due to the use of the holistic approach. The framework is based on five principles. The first principle is meeting stakeholders needs, which implies the balance between the organizational goals, the use of resources, and the realization of benefits through IT utilization (COBIT 5: enabling information 2013).

The second principle is covering the enterprise end-to-end (COBIT 5: enabling information 2013, p. 16). The framework sees IT-governance enablers (policies, processes, structures, culture, services, and so on) as inclusive and relevant for the entire organization. The third principle is the application of a single integrated framework, which involves the use of comprehensive practices and standards. The fourth principle is associated with the seven enablers, which includes principles and policies, processes, structures, culture, information, services and infrastructures, and skills and competencies (COBIT 5: enabling information 2013).

This principle focuses on the use of a holistic approach and a focus on the seven enablers. Finally, the fifth principle implies a clear separation of principles and activities that refer to governance and management.

It is necessary to note that these principles enable organizations to operate efficiently through the use of effective IT governance strategies. The case in question is illustrative in terms of the importance of the implementation of the principles mentioned above (Austin & Short 2009). It is possible to focus on such principles as covering the enterprise end-to-end, application of an integrated framework, and enabling the holistic approach.

iPremier focuses on profits and meeting organizational goals. IT is seen as a tool to achieve the aim rather than a companys asset. This attitude is related to the second principle mentioned above, and it is clear that the company did not follow it. The companys approach translated into inefficient equipment and the lack of resources in the IT department. The company does not have a server where the data concerning customers (such valuable information as financial data) could be stored. This information was vulnerable to attack. It is crucial to make sure that the data are safe and that there is proper equipment to ensure this data security.

It is also necessary to add that the third principle is not followed as well. The company seems to have some guidelines where procedures applicable in certain situations are described (Austin & Short 2009). However, the employees do not know where the guidelines are or what is mentioned there. This neglect of the principle of an integrated framework led to significant confusion and a waste of a lot of time. Employees did not know what exactly to do, and when the IT professional went to the company providing the IT service, she was unable to get to work. There should be specific procedures and protocols that would enable the company to identify the problem and address it properly.

Finally, the company did not comply with the fourth principle as IT governance is not integrated into the entire system. There are only some attempts to bring order to the IT sphere, but the lack of focus on this area has resulted in a lot of confusion. The companys priorities (growth and profit) were not related to IT governance. The procedures were not described or developed properly, and employees were mainly unprepared for any non-standard situations. It is unclear whether the hacker attack had any negative consequences for the customers as well as the company (its reputation, financial losses). However, the lack of compliance with the principles of COBIT often has negative implications for organizations. It is possible to consider some data breaches that took place within the past 12 months.

One of the most notorious information leaks of recent years is the breach at Mossack Fonseca, the law company located in Panama. The reasons for the information breach have not been reported properly. However, according to the available information, the data leak occurred as a result of an email attack, which was successful as the company did not utilize widely used Transport Layer Security protocols (Gross 2016). This information breach had various implications. Clearly, it had a tremendous negative effect on the companys reputation. More importantly, it affected the organizations customers, mostly politicians. Their reputations were damaged considerably. These consequences are the most undesirable as the security of customers is the priority of any company.

Another leak also involved financial information disclosure. The information breach occurred at Qatar National Bank (Murdock 2016). As a result of the data leak, 1.4GB of customers financial information was exposed (Murdock 2016). The data included customers names and addresses as well as their credit card information. The seriousness of the situation can be acknowledged when looking at the list of the banks customers.

These include the Al-Thani royal family, some people related to the states security services, and so on. The banks official note was that there was an insignificant amount of trustworthy information on customers, but the major portion of the data exposed was available from various social networks. Thus, the banks top managers stress that the target of the attack was not the customers information per se but the banks reputation. Of course, such attacks may discourage people from addressing the financial institution, which they find vulnerable. Existing clients may also want to find other places for their money. At the same time, this breach can also hurt customers whose money can be stolen in addition to their information (as well as strategies used to hack the banks security system).

Another data breach involved mobile applications and quite limited information, including customers passwords, logins, and addresses (Golden 2016). Reportedly, the CBS mobile website was attacked, and some customers data were compromised. The companys officials stress that financial information was not disclosed. However, the organizations reputation was still damaged. The customers could see that their information was not secured and that the company could not be trusted.

On balance, it is possible to note that any information leak is a serious issue for any company. In the vast majority of cases, it has a detrimental effect on the companys reputation. However, in some cases (for example, the Panama law companys case), many customers may have various issues, which could include significant damage to their reputation. At that, compliance with the principles of information governance can secure companies and their data. It is crucial to make sure that the company employs a holistic approach where information governance is one of the major priorities.

Reference List

Austin, RD & Short, JC 2009, iPremier (A): denial of service attack (graphic novel version), Harvard Business School, pp. 1-32.

COBIT 5: enabling information 2013, ISACA, Rolling Meadows, IL.

Gelinas, UJ, Dull, RB & Wheeler, P 2014, Accounting information systems, Cengage Learning, Stamford, CT.

Golden, J 2016, CBS had data leak during March Madness: security firm, CNBC. Web.

Gross, G 2016, The massive Panama papers data leak explained, Computer World. Web.

Murdock, J 2016, Qatar National Bank admits leaked financial data on customers may be accurate, International Business Times. Web.

Introduction

Whats a dream job all about? It would be a job that when you get up in the morning you enjoy the work, get along with the people, contribute to the success of the company, and doesnt place a limit to your professional growth. Also you feel happy to get out the door and go to where you can accomplish something thats fulfilling and doing a job that gives back and help the people who work with you.

We sought to find several jobs in different companies in all over the world to get employed at one of most big and important companies that require strong skills and be IT professional. Our dream as computer science and engineer students is to be a member of one of the best companies in the world, and to proof our abilities of being computer scientist and engineers to help in improving the technology of the world. Nowadays, technology is moving really fast as we all know, and what lies behind it is the most important part of it which is good IT professionals. Thats why we have searched to find IT jobs in the most important companies in all over the world.

Individual statements

• Fatima wants to work in an IT company that offer jobs for beginner programmer and help them to develop themselves and their skills on programming. She chooses to work on programmer position because its related to her major and she find herself on being a computer science student and worker. On our webquest Fatima found that working on computer science spans the range from theory through programming to cutting-edge development of computing solutions. The work of computer scientists falls into three categories: a) designing and building software; b) developing effective ways to solve computing problems, such as storing information in databases, sending data over networks or providing new approaches to security problems; and c) devising new and better ways of using computers and addressing particular challenges in areas such as robotics, computer vision, or digital forensics (although these specializations are not available in all computer science programs). Most computer science programs require some mathematical background. And she is interesting on all these categories.
• Noor sought a programmer position in IT company. She wanted to work with expert programmer to help her become an expert in programming too. She thought the programming will help her to create new technology and solve problems in existing ones. On our webquest Noor discovered that programming would let her create a sequence of instructions to enable the computer to do something and writing codes in a software program and install it into some other machine. Thats why she looked forward to this kind of job. Not just for that reason, but she thought that programming makes her feel that she is an intelligent person once she solve the given problem and achieve what she wants.
• Hana is looking to join a big worldwide organization which includes all categories of work in Information Technology. She is seeking to work as a software engineer in a big company that needs to have a qualified engineer and programmer at the same time.which means that she can work with a group of computer engineer and computer programmer because she wanted to be helped to know and learn both skills of engineering and programming. She thought that software engineering is a broad field that will help her encompassing all aspects of software development from design to software maintenance. On our webQuest Hana found that software engineer is a systematic and disciplined approach to developing software. It applies both computer science and engineering principles and practices to the creation, operation, and maintenance of software systems. Thats why she has a strong faith that is the perfect job for her which makes a combination of what she learned in the school and what she want to learn more in the future.
• Zainab is looking to join a progressive organization that has need for IT employee and offer opportunities for advancement. She is looking to work in big company as a programming. She wants to be an excellent person who can solve any problem in computer and write any programs she faced. She chose a computer science as her major because she was thought that help her to developed her skill in programming and learn more about it. On our webquest Zainab found the working as a programming is the perfect job for her, so she can write any kinds of programs for company. Programming makes Zainab work hard to think and solve to get the perfect program.

Group Findings

We used google.com with the key words, jobs in IT companies and received 399,000,000 responses. This result is more general than what we really need; it has different companies in all over the world.

Because of that it is hard to search in such a result, so we decided to create a rubric as follows:

When we followed the rubric we end up with six websites as we want, 3 inside Saudi Arabia, and the other 3 from different countries outside Saudi Arabia. We have select Aramco Company, Saudi Oger Company, Saudi Telecom Company (STC), Facebook, Google, and Microsoft.

Out of these six companies we have chosen three companies: Aramco Company, Google, and Microsoft.

We have chosen these three companies because they are very important companies. We have chosen Aramco because it is company number one in Saudi Arabia and worldwide in terms of petroleum production and exports, and a long history of successful business relationships with companies.

Also, Aramco has a strategic geographic location in the East and the West. Actually, Aramco always looking to attract new employees who are talented, motivated, and who can help them achieving the companys ambitious plans and participate in continued successes. Google, because its mission is to organize the worlds information and make it universally accessible and usable. As a first step to fulfilling that mission, Googles founders developed a new approach to online search.

Google is one of the worlds more respected brands and is recognized as the worlds largest Internet search engine. Google is one of the most innovative companies of the past decade, moving the company beyond the traditional search engine to include video, voice, wireless applications and beyond. Its a worldwide engine search and a popular company. Google is not a conventional company, and they dont intend to become one. They share attributes with the worlds most successful organizations. At Google, they know that every employee has something important to say, and that every employee is integral to their success.

They provide individually-tailored compensation packages that can be comprised of competitive salary, bonus, and equity components. Google has offices around the globe, but regardless of where they are, they nurture an invigorating, positive environment by hiring talented, local people who share their commitment to creating search perfection and want to have a great time doing it. Finally, Microsoft Company because it is the first software company to create its own computer science research organization since 1991. It is a company that let the choices yours. It gives you range of amazing opportunities, you can be an expert on a particular field or area, you can be a manager, and because it has so many places to work on, we can stay working in one building, city, or country, and we can cross borders.

Also, this company let us work and show what we have from ideas and abilities and at the same time our manager helps us to improve these ideas and to get better in doing the work. They dont listen to the manager only, but they highly value both manager and individual contributor.

The analysis for the Companies Websites

Aramco

In Aramco.com home page what attracted us are the blue color of background, the display of movement pictures, the daily news of the company, and the three links of health and safety, environment, and community on the middle of page. Also, they make the page very helpful because of the useful links on the top of the page where we can find the business, new business, e-services of the company, and abstract about the company.

When we applied for a job in Aramco we clicked on jobs and careers on the top left of page, then we chose job for Saudi or non- Saudi, and then we clicked on register and filled the application. After that, when we submit the application, the company will contact us as soon as an employment opportunity arises.

Google

When you first open Google website youll find under the popular Google search engine a three links (Mobile  Advertising Programs  Business Solutions  Privacy Policy  Help  About Google) you go ahead and press what interest you which is  about Google. Then it will appear a page with four groups each group has a different color.

(Our products, Our Company, for site owner, more Google) and under each group youll find several links in our products they show help which means this is the Help Centers to learn the ins-and-outs of Google products and solve any problems you encounter. Also, in addition to providing easy access to billions of web pages, Google has many special features to help you to find exactly what youre looking for.

Some of their most popular features are listed below. (Everyday Essentials, Reference Tools, ChoosingKeywords, Local Search, Health Search, etc), and now we are focusing in finding a job in Google when you go to Our company group youll find four main links which are (Press Center, Jobs at Google, Corporate Info, Investor Relations). Then, when you press press center it will help us to know everything about Google and the kind of employee that they have and which kind of jobs they want. When you press Jobs at Google it will appear a page that include in the left side three main links under each other which are (life at Google, office location, joining Google, students job).

We started pressing in office location and we found that they have offices all over the world even in Middle East. They have in America, Asia pacific, Europe and Africa its really a worldwide organization. After that, when you go to joining Goggle you will find all what you need for getting a job in Google. Go down and youll see the hiring process. The process begins with searching for a job opening that interests you by job department, location, or even by key word. Then, youll find how to prepare your resume and the tips for it. Also, they have a link in which you can now read more about their interview process. The last hyper link is to show you how students can get an internship and which jobs are available.

Microsoft

The first thing we can see in the homepage is the four links: Home, Meet Microsoft which has (life at Microsoft, our Businesses, and Our Office Locations) as sub links, Find Your Fit which has (Professions and Technologies) as sub links, and finally Apply Now which has (Apply Process/Overview and Advanced Search). In the website Microsoft let the search for a job so easy; they have shown a job search block where the user can easily deal with it.

It contains a box to enter a keyword for the job wanted, a box to select the job category, a box to select regions or countries that you want to work in, and finally the search button. Then, the most important thing that attracts me on the page is the picture with the companys logo; it says Come as you are. Do what you love. This logo makes the researcher feel comfortable if s/he want to apply for a job in the company.

Actually, for us when we heard about the company we thought that it is hard to work in Microsoft Company because they only need people with experiences, but when we saw this logo we changed our thought and said there is nothing impossible we can be a member of Microsoft. After that, there is a button for students and graduates. When we click this button a new window will open it contains a picture with different people for students and graduates, and this page contain a box to select where do you want to go to work. Then, the imagine section that they wrote is meaning full and it gives the self-confidence to the reader.

Also, they providing a like to the Facebook to see women in Microsoft, we like this because it let us know the latest news for Microsoft via Facebook. The last thing in the homepage, we saw two pictures: the one on the left is about what others are saying about Microsoft, and the other one is hyperlinked and it is about meeting Microsoft what they mean by this is to learn more about Microsoft, their culture, businesses, and locations. Now how do we search for a job? As we illustrate from the job search block. For the keyword we have written programmer, for the job category we selected IT, and for the region and countries we have selected all.

Then, after pressing the search button a new page will open, it is for search and saved searches. It contains the same data that we have entered and three more. Those three are product to select which product you want to work on, division to select the division you want to work in, and finally the location of the job. For the product we have selected all the products, for the division we have chosen IT, and for the location we chosen all.

On the same page we have five different tabs: my profile, search and saved searchers, job cart, resumes/CVs, jobs applied for. For the job cart tab we have to sign in first from our hotmail email and continue the procedures. For the resumes/CVs tab we can create a resume according Microsofts needs. The last tab jobs applied for is when you have been applied at any position in Microsoft they will show up the jobs for you.

Conclusion

In conclusion and after doing this assignment, we understand that finding our dream job in this life defends really on us, and who we understand the meaning of a Dream Job. And on our meetings we used a step by step guide that helps us to find our dream job. First of all, Know exactly what a dream job means. Secondly, Loosely describe our dream job. After that, ask ourselves What is my dream job? and Find my job titles. Finally Find the right industries, companies and bosses for you. And after answering these questions we found that Aramco, Google and Microsoft occurs jobs that fits with our dream as computer science and engineer students most.

Bibliography

Aramco Services Company. (n. d.). Web.

Saudi Oger LTD. (2006). Web.

Saudi Telecom Company. (2010). Web.

Facebook. (2010). Web.

Google. (2010). Web.

Microsoft Career Global. (2010). Web.

The wave of globalization has made the world a small community. Many companies have embraced the power of outsourcing to streamline their operations and complete tasks that cannot be handled by its employees. Information technology (IT) sourcing is a process whereby various activities or computerized functions are performed by third party suppliers. This paper gives a summary of two articles that describe different IT sourcing approaches. The strategies are then compared, contrasted, and analyzed. The important factors for each sourcing strategy are also described in the paper. The discussion concludes by identifying and supporting the best IT sourcing model.

Summary of Articles

Article 1

The article Cloud Sourcing  Next Generation Outsourcing? focuses on the issues surrounding the process of cloud sourcing. The authors acknowledge that this form of sourcing is appropriate for reducing costs while at the same time maximizing productivity. This approach is embraced by many companies and is believed to be the next generation of outsourcing (Muhic & Johansson, 2014, p. 553). Whenever choosing this method, the article encourages companies and individuals to consider critical issues such as compliance, data privacy, security regulations, and standards. After conducting the study, the authors conclude that cloud sourcing might become the future of IT sourcing because of its potential (Muhic & Johansson, 2014).

Article 2

The article Home or Overseas? An Analysis of Sourcing Strategies Under Competition describes two unique sourcing strategies that have become common. These include efficient and responsive sourcing. The first one refers to every sourcing practice associated overseas IT services providers. Responsive sourcing focuses on a companys home country. Efficient sourcing is known to provide adequate cost advantage. Responsive sourcing, on the other hand, makes it easier for firms to gather accurate and timely information to develop the best procurement goals or decisions. Additionally, corporations can shift from efficient to responsive IT sourcing when market sizes shrink (Wu & Zhang, 2014). This process is known as backshoring and has the potential to minimize competition based on the existing cost dimension.

Comparing and Contrasting the Sourcing Approaches

The first article discusses cloud sourcing while the second one describes efficient and responsive techniques. Cloud sourcing is a unique arrangement whereby firms pay different providers to execute various services. One unique aspect of this IT sourcing method is that a company subscribes based on the per-use utility approach (Potancok & Vorisek, 2016). On the other hand, both efficient and responsive sourcing techniques (as described in the second article) are based on monthly or annual contracts. Corporations should examine these differences carefully in order to make desirable decisions.

Cloud sourcing is an approach that reduces costs and complexities. Similarly, both responsive and efficient sourcing methods make it easier for companies to minimize operational costs. In cloud computing, subscribers might not dictate the suppliers competence. Efficient sourcing is guided by terms and conditions whereby the subscriber expects superior services. These three sourcing methods also present similar issues (Muhic & Johansson, 2014). For instance, the partners should address specific concerns such as compliance, service level agreements, security, data privacy, and standards (Antero, Hedman, & Henningsson, 2014). Such concerns are taken seriously to ensure confidential information is safeguarded.

The second article analyzes two sourcing techniques that have unique differences. For instance, efficient sourcing is an agreement between a local firm and foreign IT services providers. Responsive sourcing, on the other hand, occurs between companies operating in the same country. Efficient sourcing can provide cost advantage while responsive sourcing delivers accurate information (Wu & Zhang, 2014). The two techniques also guide companies to reduce the level of competition. Due to the changes experienced in many nations, different firms will embrace the concept of backshoring. Despite these similarities and differences, the goals of each technique include maintaining the level of performance, reducing costs, and streamlining operations.

Important Factors: Long-Term or Short-Term

The selected articles offer various factors that must be considered whenever planning to select the best IT sourcing strategy. Companies using efficient sourcing should identify factors such as the level of competition, costs of services, and efficiency of potential suppliers. The issue of cost advantage is also critical when choosing this method. Availability of information is also critical since it ensures that desirable decisions are made (Lindh & Nordman, 2017). For instance, efficient sourcing can be considered to deal with competition rather than taking advantage of reduced operational costs.

With responsive sourcing, companies should begin by examining the capability of the identified supplier. The second factor is the suppliers ability to offer confidential and secure services (Harhoff, Mueller, & Reenen, 2014). The service providers ability to communicate with the company is also critical. Before selecting the best option, companies can examine the rising logistics and labor costs in their home countries or foreign regions (Wu & Zhang, 2014). The important objective is to ensure the selected option supports business performance.

Cloud sourcing is a powerful model that can be considered for a wide range of information technology services. Some of the factors to consider include the suppliers ability to maintain privacy, compliance, and security regulations. The dealer should also be able to provide timely decisions. The payments methods should be considered since cloud sourcing is based on a per-use model (Muhic & Johansson, 2014). The nature of the targeted services and the length of contract should also be analyzed before selecting this method.

From these factors, it is evident that cloud sourcing appears to be strategic for the long-term. The effectiveness of the method empowers companies to achieve their IT needs, support their clients demands, and emerge successful. The model can also be secure and confidential. Both efficient and responsive sourcing techniques appear to be tactical for the short-term. This is true because the global marketplace is changing fast. A company associated with an efficient IT sourcing approach can cancel the contract whenever operational costs increase. This is the reason why backshoring is becoming common (Wu & Zhang, 2014). Responsive sourcing is appropriate for companies that want to meet their short-term goals.

Effective Strategy

The three IT sourcing methods discussed above are appropriate for different companies depending on their business models. However, efficient sourcing for IT solutions appears to be the most effective. The first reason why this method is appropriate is because firms can identify foreign countries whereby IT services are affordable. The second one is that the approach makes it easier for companies to minimize business costs (Wu & Zhang, 2014). Additionally, the approach empowers companies to remain competitive. Finally, the option of backshoring is available to firms using this strategy.

Conclusion

As the demand for superior IT services continue to rise, companies should make appropriate decisions in order to identify the right suppliers and sourcing strategies. The presented approaches can empower companies to offshore various IT services. Each strategy should also be analyzed carefully to ensure the best option is selected. Issues such as security, privacy, and standards, and competition should be taken into consideration whenever selecting a given IT sourcing strategy.

References

Antero, M., Hedman, J., & Henningsson, S. (2014). Sourcing strategies to keep up with competition: The case of SAP. International Journal of Information Systems and Project Management, 2(4), 61-74. Web.

Harhoff, D., Mueller, E., & Reenen, J. V. (2014). What are the channels for technology sourcing? Panel data evidence from German companies. Journal of Economics & Management Strategy, 23(1), 204-224. Web.

Lindh, C., & Nordman, E. R. (2017). Information technology and performance in industrial business relationships: The mediating effect of business development. Journal of Business & Industrial Marketing, 32 (7), 998-1008. Web.

Muhic, M., & Johansson, B. (2014). Cloud sourcing  Next generation outsourcing? Procedia Technology, 16, 553-561. Web.

Potancok, M., & Vorisek, J. (2016). Specific factors influencing information system/information and communication technology sourcing strategies in healthcare facilities. Health Informatics Journal, 22(3), 536-547. Web.

Wu, X., & Zhang, F. (2014). Home of overseas? An analysis of sourcing strategies under competition. Management Science, 60(5), 1223-1240. Web.

Introduction

Certification and Accreditation (C&A) refer to a federally permitted standard procedure to make sure that Information technology systems meet security prerequisites and uphold the accredited security status all through the system life span (Harris, 2002). Because certification and accreditation is a requirement for all information technology systems, frequently it is considered as just an essential step in an attempt to maintain an IT system, and no longer taken once the information technology system implementation is complete (Ross & Swanson, 2003). However, certification and accreditation, if considered in its basic function, can be a valuable mechanism for managing the security of information technology systems all through their life span. Much of the procedure of official certification and accreditation could simply be utilized in the financial sector to better appreciate and control the security status of all widely used IT systems.

To comprehend certification and accreditation, it is vital to differentiate between the two terms. Certification refers to the procedural assessment of the security system and its conformity to be accredited (Feringa, 2002). Certifiers, typically autonomous third parties, check an information technology system for conformity with a documented set of security prerequisites. On the other hand, accreditation refers to the official approval of the competence of the information technology systems general security by the organization (Casar, 2001).

Frequently, important components of the security system are ignored, or security procedures are documented but ignored. The certification and accreditation procedure compels the documentation of security settings, guidelines, and processes, and confirms their proper execution. The purpose of this paper is that of examining the certification and accreditation procedure, the regulation that assists describe the security needs, and the answerable stakeholders and their functions, in providing an indispensable understanding of certification and accreditation.

Certification and accreditation

Both the Department of Defense Information Technology Security Certification and Accreditation Process (DISTCAP) and National Security Telecommunications and Information System Security Instruction (NSTISSI) describe the certification and accreditation procedure by use of a three-step method: description, authentication, and justification. Each policy material defines the different operations carried out in each step. For instance, the description is aimed at understanding the task situation, and design to determine the security needs and degree of effort required to attain certification (Swanson, 1998). Unluckily, the definition of such a step lacks the aspects of how the needs are established. Therefore, rather than utilizing the three-step approach, this paper will describe the steps essential to attain a certification position.

Certification and accreditation tasks

• The capacity of the information technology structure being accredited is identified.
• A System Security Authorization Agreement (SSAA) manuscript is developed including all required data regarding the system.
• A certifier performs System Test and Evaluation (ST&E), and reports on the appropriate findings.
• Recommendations are drafted by the certifier to the Designated Approving Authority (DAA).

Several such tasks can be carried out in a dissimilar sequence, and further tasks can be included or eliminated based on the technical specifications of the information technology system. However, the tasks presented in this paper represent the fundamental list of steps essential to attain a certification position. In the following section, each task will be defined to demonstrate the efficiency of the certification and accreditation procedure (Ross & Swanson, 2003).

The capacity of the system

Once the list of tasks has been developed, the major stakeholders meet to determine the scope of the certification and accreditation process. In case a key fraction of the system is not controlled by Designated Approving Authority, a further Designated Approving Authority would be essential, and the ultimate certification would be established through the endorsement of the two authorities (Harris, 2002).

Establishment of the SSAA

The creation of the System Security Authorization Agreement (SSAA) is an action that can start at any time throughout the certification and accreditation process. Preferably, the System Security Authorization Agreement would begin to be created at the early stages of the system, because some of the security concerns can influence the design of the information technology platform. The NIACAP recommends having three stages of the creation of systems, and documents processes linked to each of the three basic tasks during each stage. Such a three-stage method is the perfect situation but is optional (Harris, 2002). Indeed, the System Security Authorization Agreement can be established at any time during the certification and accreditation procedure, but evidently, the earlier the System Security Authorization Agreement is developed, the more the system gains from the SSAA (Ross & Swanson, 2003). If the System Security Authorization Agreement is started too late during the project, some adjustments to the design may be required to meet the technical specifications of the System Security Authorization Agreement.

It is important to maintain the System Security Authorization Agreement updated since adjustments occur in the system even after it has been certified so that the System Security Authorization Agreement remains an absolute security scenario of the information technology system (Swanson, 1998).

System test and evaluation (ST&E)

Once the security process has been established, system assessment and evaluation can start. The Certification Team carries out the evaluation process and performs each test in partnership with an individual from the organization (Swanson, 1998). To test that the proper setting of the system has been attained, an Information Technology System Manager that is answerable for that specific aspect will carry out the evaluation, and the certifiers will authenticate the findings.

Results and approval by DAA

Once all the certification and accreditation components have been completed, they are presented to the Designated Approval Authority. They can be presented to the authority for re-evaluation, but in most cases, the approving authority is notified by the Accreditation Group. The approving authority can endorse the certification and accreditation package by giving the system complete Approval to Operate (ATO) or by giving an Interim Authority to Operate (IATO). Denial is very uncommon, as the Designated Approving Authority is regularly updated on the development and challenges of the certification and accreditation process (Ross & Swanson, 2003). Thus, the Accreditation Group and program coordinators are well aware of the perspective of the approving authority and can carry out necessary actions to the system to reduce the risk of denial. In case the system is given a certification, the certification and accreditation remain legitimate for the next 36 months.

Conclusion

Carrying out the official procedure of certification and accreditation may appear tiresome, but the outcome is rewarding. It would be an uncommon scenario that a System Test and Evaluation process has been carried out without detecting faults in the design of compulsory system components. Authenticating such components renders the certification and accreditation process important.

References

Casar, T. (2001). Federal information processing standards. Information Systems, 14(1), 19-22.

Feringa, A. (2002). Risk management guidelines for information technology systems. Information Systems, 15(1), 23-26.

Harris, S. (2002). All in one CISSP certification exam guide. Columbus, Ohio: McGraw Hill.

Ross, R. & Swanson, M. (2003). Guidelines for the security certification and accreditation of federal information technology systems. Information Systems, 10(1), 20-27.

Swanson, M. (1998). Guide for developing security plans for information systems. Information Systems, 34(1), 37-56.

ERP systems

ERP systems may not be the most appropriate solution for all types of organizations. For which of the following do you believe that ERP systems would be suitable:

Enterprise Resource Planning (ERP) is a business management program that helps organizations to use a system of integrated systems to manage the enterprise. EPR programs are specialized to be used in various areas. For example, some EPR programs are tailored to be used for product development, material purchasing, marketing, accounting, inventory as well as Human Resource. For example, an EPR system can be used by an aircraft manufacturer such as the Boeing Company to purchase materials, for inventory, marketing, and accounting purposes. An EPR system can also be used in a government department of transport for inventory purposes.

It can also be used for managing human resources in the government department. Similarly, an EPR program is very instrumental when installed in a National Health Services to electronically manage patients records as well as manage records of the employees. The use of the EPR system in NHS can make it possible for patients information to be shared by all the departments in the hospital. Similarly, an EPR system can still be used in a retail organization. For example, McDonald can use an EPR system for accounting, inventory, marketing as well as sales management.

The computing company should adopt an EPR solution. This is because the EPR system will help the company to facilitate the purchasing of components from the Asian suppliers that are required for assembly of the netbook-like table machines. Implementation of an ERP system in the computing company will help in the inventory, accounting, and marketing of the netbook-like table machines. Also, the ERP solution will help the various departments in the computing company to share various data that is required to enhance efficiency in the production as well as marketing purposes.

Small and medium businesses are adopting ERP to differentiate themselves. A medium-sized company that adopts an ERP solution is in a position to establish a competitive edge over its rival businesses that do not have the system. This is because an ERP system will make the training of employees easier. Another advantage of implementing an ERP system that requires employees to master only one single system that they use to accomplish multiple tasks.

Moreover, an ERP program helps a business to save a lot of time because of its efficiency as well as accuracy. Also, an ERP program helps businesses to access relevant data more easily which it can use to analyze current conditions and adjust accordingly. In summary, an ERP program helps businesses to use shared management reporting tools, use a common database as well as coordinating information across company-wide business processes.

Thus, ERP systems support efficient operations of business processes by integrating business tasks that relate to marketing, sales, manufacturing, logistics, accounting, and financing. However, implementing an ERP system in an older business can be very difficult. It is difficult because it requires training all the workers on how to use an ERP system which results in a major downtime as the organization switches all its functions to the new system. In such a case, the ERP system may lower the competitive advantage of the enterprise as it will result in reduced performance.

There is no single indicator that suggests that a business requires implementing an ERP. However, any business that is taking a long time to reconcile its financials at the end of the month or a business whose sales forecasts depend on guesswork requires implementing an ERP. Also, a business that has a problem in keeping up with the volume of orders as well as satisfying its customers should install an ERP system. Moreover, a company that is not conversant with the amount of inventory that it has in the warehouse should adopt an ERP solution.

Data store

A data warehouse is a centralized repository containing comprehensive detail and summary data that provides a complete view of customers, suppliers, business processes, and transactions, from a historical perspective with little vitality. The DesignerTopFashion should consider developing a Data Warehouse that it can use to manage its data. A data Warehouse will help the DesignerTopFashion to improve its data quality as well as minimizing inconsistent reports.

The data warehouse will help the retailer organization to have a centralized location where historical data as well as current data that entails all-important entities for DesignerTopFashion are found. The data warehouse developed will enable appropriate entries to be entered from all the 10,000 stores. Some important aspects that are associated with the data warehouse are the static nature of data inputted that makes it impossible to alter the data once it is added and the data can be inputted from inside as well as outside the enterprise.

Storing data in a centralized location is advantageous for DesignerTopFashion as it will be easier for the users to analyze it and derive different solutions that could have been difficult if the data were analyzed separately. Analyzing data from multiple sources will make it possible for DesignerTopFashion to get patterns and connections that cannot be derived in any other manner.

Some challenges that DesignerTopFashion will experience by having a data warehouse is the difficulty that is associated with cleaning, loading, and extracting the data before being inputted into the data warehouse. Another problem that DesignerTopFashion will experience is the problem of compatibility. For instance, a new application system may not compatible with old programs that are being used. The data warehouse is not easy to use and it requires training of those users who will be using it.

If the data warehouse is being accessed online, then it must be well secured to avoid being hacked. Otherwise, the security of the information stored can be jeopardized. It is very complicated to maintain a data warehouse and those firms which plan to implement it must find out if the benefit associated with a data warehouse outweighs its shortcomings. This is because after paying for the data warehouse, the DesignerTopFashion will require to pay extra money for maintenance purposes.

DesignerTopFashion should consider all factors before implementing the data warehouse. The management of DesignerTopFashion should establish the benefits that the retainer will derive from implementing the data warehouse. The benefits should be weighed against the costs that are involved in its implementations as well as its maintenance. It is after this analyzes that the management at DesignerTopFashion should decide if DesignerTopFashion should go ahead and develop a data warehouse. This will be decided if the management establishes that its benefits are worth the huge costs and time that accompany its development and maintenance.

DesignerTopFashion should implement an ERP system that will assist the firm to coordinate the company information across all its wide business processes. The ERP will assist it to use a common database as well as share management reporting tools. By implementing an ERP, DesignerTopFashion will enhance its efficiency by integrating business tasks that relate to marketing, sales, accounting as well as logistics to maximize its performance and profits generated.

Introduction

Modern Technology from the Information Technology fields has really evolved the work-place configuration and operational cycle. Technology is the enhancement made in applying new design, layout and function. Beside the work-based computer operations, technology also determines the configuration of the office equipments. It involves using equipments that are more upgradable, fast and those that offer better competition or an aggressive periphery.

Common Work-Based Scenarios

According to Griscom, every organization needs to meet its working standards such as workplace configurations in order to suite other factors (2009). Due to the work-related challenges, current scenarios in the workplace indicate that various organizations have changed their working styles from the situation of working individually, to group-works that are often under shared fast and effective telecommunication equipments (Lagace, 2003).

Many organizations are therefore using IT as a tool for enhancing and retaining a productive working environment, which must appeal to the customers. Before changing the layout of the organization for maximum functionality or benefits, implementing a work philosophy is arguably a more important but remains as an underplayed aspect in most firms. Majority of these organizations hold annual meetings to enhance its work-based philosophies, which are for informing or guiding the employees on what to do and when to do it.

Virtual Offices Case Reference

Considering the discussion of two virtual offices by Tom Peters in Liberation Management, Oticon was the only producer of the hearing aid devices, a project propelled by the then president, Ronald Reagan (Wallace, 2000). A time came when there grew a lot of competition as Oticon embraced the new technology and introduced a highly engineered hearing device, which made the firm to rise in the market shares.

Later on, a new CEO named Lars Kolind was introduced to the company and he raised the company to higher performance levels by first cutting 15% of the work force and consolidating budget approval authority promptly, as he signed the checks in person (Wallace, 2000).

Kolind committed himself to a new process in which cross-functional teams would meet and come up with new ideas to develop a new product into the market. He was committed to the company as he prompted everyone who does not commit to the cause to step down or walk out. This boosted the morale of the company as everyone believed in his administrative plans. He therefore prevented Oticon from bankruptcy as shareholders were back on the sales market.

There have been many attempts over years to establish the paperless office. Some of the attempts nearly made it through, while major transformations relating to Information Technology became office disasters. Considering Denmarks Oticon as a good example, few organizations have a mailroom where employees receive, read and shred the mail after scanning them through a computer database for further reference (Wallace, 2000).

Role of IT in Organization

In order to improve on information and communication technology skills, organizations opt to centre their work base on three philosophical entities. First there is need to state that the importance of a task, which must be reflected on performance of the employees.

Secondly, job ranking should depend on both individual and collective performances. Lastly, organizations should be effective and flexible enough to enhance future changes. Information technology has played a major role of seeing many offices advance to alternative ways of managing and storing data as well as processing information. Todays offices enjoy reduced paperwork due to the ability to store files in various workstations or centralized and shared computer systems. Computers, scanners, printers and photocopying machines have replaced many outdated office equipments like the typewriter (Griscom, 2009).

Offices Transformation

The transformation of office information systems has also lead to changes of many office designs. Today, most offices are relatively small, tightly arranged, less private and more efficient in delivery. Contrary the lack of privacy also leads to distractions. The restructuring of offices to enhance levelled platforms that accommodate many workstations has also been seen to work in many countries such as the United States of American where public offices such as police centres are made of shared rooms that are partitioned with transparent glass. This advocates for transparency as cases of bribery and corruption are on the minimal in such scenarios (Griscom, 2009).

Effects of IT in Organizations

Restructuring not only support electrical, phone, lighting, heating and cooling systems in the offices, organizations now consider network and communication cables for each office. In such cases, people would not enjoy the small private workspaces that are prone to noise through attenuation and distraction. The modern effect of Information Technology to Organizations has resulted to employment of talented and educated employees, who are reliable and convenient to cater for the organization needs and be inline with the growing computer world. In order for these skilled employees to work in accordance to their duties, the office layout is clearly dictated to influence their moral ability (Lagace, 2003).

Conclusion

The current growth in computer technology and influence on IT is a clear indication that office layouts and designs will change in the future. Future conferences will be held through three-dimensional virtual systems and other real-time procedures. It will be possible for someone to be at their premises, but respond to a call from the office and perform various office requests through the network systems. Today it is possible to be in United Kingdom but enjoying a live NBA match being played in Los Angeles. This is a concept that is transferring to various organizations in future.

References

Griscom, J. (2009). How communications technology is creating a new, results-based model of work. CompuMentor. Web.

Lagace, M. (2003). Stuck in Gear: Why Managers Dont Act. Harvard Business School. Working Knowledge. 

Wallace, M. C. (2000). Complexity of New Office Designs: Thinking Through Your Future Workplace. Associate AIA, Wallace Research Group, 8 (10). 

Database development

1. Position titleà Database developer
2. Title of industryà Software industry with an emphasis on direct marketing solutions. This industry is not similar to my organization because I work in a firm where IT is a non-core function.
3. Position descriptionà To design and work with or change stored procedures within web-based applications. To use ETL requirements to change or work with MSSQL or TSQL. To work with other database developers during change management. To identify issues in current programming, and resolve them.
4. Primary responsibilitiesà To work with other members of a cross-functional team to solve data-related problems. Cope with change control; Develop business solutions for the organization. Work with SSIS and SSRS to understand user needs or respond to them.
5. Qualificationà Must possess a Bachelor of Science in Information Technology (BSIT? degree and a minimum of two years experience in a relevant field. Proficiency in SQL server administration as well as TSQL. One must have worked for three years in these areas. Experience in SSRS and SSIS is imperative. The concerned individual must understand data-related concepts. It is beneficial to have experience with Greenplum, change control, communication skills, and cross-functional team correspondence.
6. Positionà Full-time employee.
7. Benefitsà The successful candidate is eligible for an enumeration package of between $ 75,000 and $ 110,000. One can discuss the salary package with the employer.
8. Glossary of IT terms usedà MSSQLà this stands for Microsoft SQL Server. It is a relational database controller that aims at facilitating the development of web serving applications. SSRS stands for SQL Server Reporting Services. This is a system that allows the preparation and completion of reports through a software system. Greenplumà A cloud computing solution that dwells on data analytics or warehousing (Greenplum, 2010?. ETLà Stands for Extract, transform, and load. It is a procedure that IT personnel use to move data between databases.
9. Critical questionsà My organization should have this position because it will allow it to better manage its website, email data, or mobile data as well as personalize display information. Furthermore, the position ensures that the respective organization can synchronize its data processes adequately.

Telecommunications

1. Position titleà Communications Technician
2. Industry typeà Energy and Utilities-Brazos Electric Cooperative is an electricity generating and transmission organization based in Texas. It is different from my organization because it deals with a non-retail sector.
3. Position descriptionà To work in telecommunications and energy-related systems to ensure that they remain reliable and efficient. SCADA system reliability analysis is also a crucial part of the role.
4. Primary responsibilitiesà The responsibilities involve routine maintenance, testing, and repairs of telecommunications and electric systems.
5. Qualificationà Less than one year of experience in a relevant field. One must have a degree in electrical power or electronics. The person needs to have at least a certificate or high school diploma. He or she must possess a CET license. One must also have a drivers license. It is beneficial to have a flexible timetable as night visits may be necessary.
6. Positionà Full-time employee
7. Benefitsà The candidate will negotiate salary packages with the employer. The successful candidate will enjoy 401 k as well as health insurance.
8. Glossary of IT terms usedà SCADA-stands for supervisory, control, and data acquisition. This is an IT system in which one collects and analyses data in real-time. The system is especially useful in the transport and energy industries.
9. Critical questionsà My organization should not have such a position because it is unique to utility-based industries, yet my firm is not one. Nonetheless, if the job description had been more general, then a telecommunications technician would be essential in the company.

IT project management

1. Position titleà project manager
2. Title of industryà Gaming  The Company is a gaming services provider that uses various platforms (such as the internet, streaming technologies, and android applications? to provide games to clients.
3. Position descriptionà To generate, coordinate, and finish projects, the concerned individual, will work with his or her supervisor to handle various project aspects such as scheduling, scope, and need identification. The person will work with appropriate software such as MS Project.
4. Primary responsibilities  The employee carries out project management, project planning, resource estimation, solves project related problems, tracks project milestones, works with other departments to get additional staff, and makes recommendations on completed projects.
5. Qualificationà One must possess a High School Diploma, and it is beneficial to possess an IT-related degree. The person must have a minimum of three to five years of experience in IT project management. It is beneficial to have Certification in project management, although this is not mandatory.
6. Positionà Full-time employee.
7. Benefitsà Employees will negotiate salaries with the employer. On top of that, employees are eligible for paid vacation, medical insurance including PPO, a 401k plan, and tuition reimbursement.
8. Glossary of IT terms usedà MS project  a software application in which one manages a project efficiently.
9. Critical questionsà My organization should have such a position. IT project management allows firms to have effective control over their projects through proper goal setting, time scheduling, and many more aspects (Cederholm, 2006?. My firm deals with a lot of projects and IT will optimize many of them. Therefore, it should consider such a position.

System administrator

1. Position titleà System administrator for Java-Oracle
2. Title of industryà NRG Energy Inc is an electricity-producing company in Texas and thus falls in the energy industry~ it is different from my organization.
3. Position descriptionà To provide enterprise application maintenance, implementation, or migration through custom tools. The person will work with business communities to customize applications and grow their partners.
4. Primary responsibilitiesà Offering support for enterprise software in various energy-related functions such as plant operations or energy trading. Recommending growth strategies or moves for the user groups, customizing applications, and integrating as well as maintaining operating systems or data networks.
5. Qualificationà One must have a Bachelor of Science degree in Information Systems or CSE. Alternatively, one may possess a training or equivalent programs. One must have worked in power trading, generation, or marketing for a minimum of two years. A minimum of five years of experience in application development is a must; the candidate should have experience in GUI, ERCOT Nodal market, Java and Oracle SQL, relational database management. It is beneficial to have an understanding of reporting outage requirements in the area.
6. Positionà Full-time employee.
7. Benefitsà Employees have health insurance and can negotiate salaries.
8. Glossary of IT terms usedà GUI-Stands for Graphical User Interface, in which humans interact easily with computers through icons rather than text-based commands only. ERCOT Nodal market-ERCOT is an acronym for Energy Reliability Council of Texas. The Nodal market is a cost estimation system in which one analyzes electricity generation or transmission through the delivery points. Oracle SQL  a Database technology that facilitates enterprise-related functions (Oracle, 2012?. Java  a programming language that facilitates internet use.
9. Critical questionsà This position should not be included in my organization because it is most relevant to energy or transport-related enterprises.

System analyst

1. Position titleà Systems analyst
2. Title of industryà Oil industry. This is different from my organization
3. Position descriptionà To ensure that the business systems and projects meet their technical requirements~ To work on projects by analyzing needs and software programs needed~ To cooperate with other users in development efforts.
4. Primary responsibilitiesà Planning developing and managing business processes.
5. Qualificationà Candidates must have a bachelors degree in MIS, CIS, or IT. One must have a minimum of five years of experience in systems development. It is beneficial to have experience in Oracle EBS (3 years?.
6. Positionà Full-time employee.
7. Benefitsà $95000-105000
8. Glossary of IT terms used  Oracle EBS-Stands for Oracle EBusiness Suite, which is a series of software applications that use relational database management from Oracle.
9. Critical questionsà This position should be included because it entails project management, which is an essential part of my company.

Web development and design

1. Position titleà Web and Graphic designer
2. Title of industryà Software company. CPanel is a software company that facilitates the transformation of standalone servers to automated hosting platforms. My organization does not belong here.
3. Position descriptionà Creation of stimulating graphics, integration of the same with CSS or blogs, and other similar websites.
4. Primary responsibilities  Designing and controlling online properties for CPanel, building printable graphics such as business cards, brochures, and logos. Updating the company website, or identifying problems, Creating CSS and HTML web projects, and engaging in branding efforts for the company.
5. Qualificationà 3 years of minimum experience in Graphic design and CSS HTML coding. It requires a minimum of a high school diploma.
6. Positionà Full-time employee.
7. Benefitsà 401 k matching, paid leave, comprehensive health coverage, and reimbursement on tuition.
8. Glossary of IT terms usedà CSS-Stands for cascading style sheets which is a language that people use to style or create web pages that are available in HTML (Holzschlag, 2005?.
9. Critical questionsà This position should be included as it is essential in companies with an internet presence. My organization is one such example.

References

Cederholm, D. (2006?. Web standards solutions, markup, and style handbook. NYÃ Friends of Ed.

Greenplum (2010?. Greenplum brings the power of self-service to data warehousing with its enterprise data cloud initiative. Web.

Holzschlag, M. (2005?. Spring into HTML and CSS. NYÃ Pearson Education.

Oracle (2012?. Oracle E-business Suite. Web.

Definition

In order to discuss different types of information systems, it is first necessary to define the discipline. Depending on the area of implementation, information systems can be defined differently. The most typical approach is to identify a range of hardware and software components used to collect, store, process, and transfer data (Pearlson, Saunders & Galletta 2016). However, this definition does not account for areas where the systems in question rely significantly on a managerial component.

Therefore, a more accurate way of describing them is an interconnection of components intended to handle information on different aspects of organizations operations and enhance decision-making, coordination, and virtualization (Wang et al. 2016). This definition addresses two principal elements of information systems, namely the contents of the system and their role in the organization.

Areas of Application

Information systems can serve a variety of purposes. The most widely recognized aspect in the category of transaction processing. On this level, the systems are used by operational managers to optimize daily activities through better scheduling, inventory organization, and resource management, among other things. The monitoring capabilities of the technology are also utilized at this stage. At the tactical level, the systems can be used by middle management to measure the consistency of the operations with the goals and objectives formulated in the plan. These aspects include long-term schedules, possible budgetary restrictions, and variables indicative of the performance of the organization.

Finally, senior management can use information systems to obtain a strategic perspective of the current direction of the organization, including the feasibility of the overall goal, consistency with the companys vision, and the adjustment of the long-term decisions on company operations (Kavanagh & Johnson 2018).

Technology

The first key aspect of an organizations information system is the technology used to store and manage the content. This umbrella term usually covers the physical equipment necessary for the process, protocols and algorithms responsible for safe and effective transfer and analysis, and the format in which the information is converted and stored. The first element, known as hardware, includes servers, personal computers, devices responsible for network connectivity, and various peripherals.

The second element of the technology, known as software, includes operating systems for running complex equipment, and application software, or dedicated algorithms designed to fulfil specific tasks. Finally, the third element, known as data, can be described as a collection of facts systematized in a way that allows for a meaningful analysis. Digital data can be arranged in a number of ways depending on the tasks set by the management and suitable for specific purposes.

People

The second key aspect of information systems in the organization is people. Despite the high degree of automation, principal decisions and respective actions are still conducted by human operators. Understandably, the repetitive and easily replicated actions can be automated with a reasonable degree of efficiency, whereas the ones involving many variables can be addressed only partially with technology (Jeston & Nelis 2014). In addition, consistent integration with the managerial practices requires the involvement of senior managers, such as chief information officers (CIOs) in the system. Finally, the development, maintenance, and adjustment of software solutions is performed by people and is an intrinsic part of a reliable system.

Process

The third key aspect of the process. This is arguably the least recognized aspect, likely due to its intangible nature. In the basic terms, the process is a collection of interconnected actions required for the system to produce a desired result in the most cost-efficient way. This aspect also covers the issue of integration of the information systems into the totality of the companys operations. In the case where the system is capable of handling the processes in a more efficient way, this aspect is considered a successful example of enterprise resource planning or business process management.

High-Level Example

A good example of applying information systems to real-world setting is the retail industry. Historically, the segment has been associated with the existence of numerous highly complex systems, such as logistics, sales, distribution, and documentation. All of the systems rely heavily on precision and operate large volumes of items. Finally, the financial activities within the industry are under the close supervision of controlling bodies, creating strict requirements for the quality and transparency of reporting practices. All of the identified factors can be successfully addressed by implementing information systems throughout the organization.

A typical information system used in retail consists of a number of software solutions capable of inventory control, logistics, sales, and financial management. Usually, each component within the system is dedicated to a separate area of activity, with the possibility to convert the data into a universal format compatible with other applications in the system (Taino Systems n.d.). For instance, employees who work in a warehouse use inventory management software to input data on the arrival of the goods, after which the information appears in the database available to other departments.

The sales department can then create requests on their side for the desired volume of goods to be transported to the sales area. The entire process is documented in the database, with digital confirmations from the responsible parties confirming a successful transaction (Duggan 2017). Importantly, the system in question also permits making the operations compliant with the preferred accounting method. For instance, it is possible to adjust the system to allocate goods based on either FIFO or LIFO approach, which will be done seamlessly and without delay. In addition, the warehouse management system would allow for a more efficient allocation of storage space.

The integration of different components allows for additional transparency across the organization. For instance, the sales department application provides the employees with the opportunity to see the surplus of goods in the warehouse and send notifications on the risk of shortages to the responsible party. In addition, some components of the information system may have a built-in analytical module which will monitor processes, process data, and send similar alerts in the automated mode. The same analytical mechanisms can be applied to performance indicators of the organization on the strategic scale and used by senior management to determine compliance with schedules and objectives.

Reference List

Duggan, T 2017, Retail management information systems. Web.

Jeston, J & Nelis, J 2014, Business process management, 3rd edn, Routledge, New York, NY.

Kavanagh, MJ & Johnson, RD (eds) 2018, Human resource information systems: basics, applications, and future directions. Sage Publications, Thousand Oaks, CA.

Pearlson, KE, Saunders, CS & Galletta, DF 2016, Managing and using information systems: a strategic approach, 6th edn, John Wiley & Sons, Danvers: MA.

Taino Systems n.d., What are retail management information systems?. Web.

Wang, S, Wan, J, Zhang, D, Li, D & Zhang, C 2016, Towards smart factory for industry 4.0: a self-organized multi-agent system with big data based feedback and coordination, Computer Networks, vol. 101, pp. 158-168.

Executive Summary

This report discusses cloud computing and information security in the area of information management and control. Information management is introduced and its risk to an enterprise is assessed and additionally, to provide more elaboration the ePrescribing system is provided as a case study.

This report concludes that in an enterprise, the information environment and information assets have to ensure that the confidentiality, integrity and availability of the enterprises information are safeguarded.

Introduction

In enterprises, risk management is an activity that is undertaken to lessen to acceptable levels the effects of risks. Three processes constitute risk management in an enterprise. The first process is known as risk assessment in which risk and risk impacts are identified and evaluated and also measures for reducing risks are recommended (Stoneburner, 2002, 8). The second process in enterprise risk management is risk mitigation in which the measures for reducing risks, recommended in the risk assessment process, are prioritized, implemented and maintained (Stoneburner, 2002, 8).

The third process in enterprise risk management is evaluation and assessment in which an enterprises risk management program is evaluated and assessed continually because changes in the enterprise are inevitable and that these changes can compromise the effectiveness of the enterprises risk management program (Stoneburner, 2002, 8). In enterprises, one risk that is of concern is the information technology risk (or information risk), which is associated with information systems that are the means of managing information in them.

The article Why do organizations need information systems? describes information as the lifeblood of an enterprise (Answers Corporation, 2011, 2). The article additionally points out that an enterprise that poorly manages its information attracts financial losses and liabilities such as lawsuits (Answers Corporation, 2011, 2). An enterprises information can be either physical or electronic and in most cases, it is both of these. In an enterprise, information management concerns itself with how to collect and manage information at its source and how to distribute it to the relevant audience.

Information management in enterprises is implemented using systems known as information systems whose main objective is to monitor as well as log the operations of other fundamental systems in these enterprises (Answers Corporation, 2011, 2). Typically, the main components of an information system are a central data repository e.g. a database and allied infrastructure. An example of information stored in an information system is detailed on an enterprises clients. The design of an information system has to take into account certain ethical issues; otherwise, the information system becomes a risk to an enterprise.

Cloud computing is another form of technology that is picking up in enterprises which is such that the enterprises information is posted on the web. In as much as it is a benefit e.g., it adds more flexibility to the information operations of an organization it is associated with risks that are discussed in the later sections of this paper. Cloud computing is computing technology that is developed to function on the internet or intranet of an enterprise and it can thus, therefore, be termed as an internet or intranet resource.

Discussion

Research

Sajjad et al (2010, 3080). in the article Risk perception and adoption of technology: An empirical study of personal computer use for Pakistani managers identifies information risk as an enterprise problem as it adversely affects the performance of enterprise members. In the article Perceived risk of information security and privacy in online shopping: A study of environmentally sustainable products  Tsai and Yeh (2010, 4057) identify information risk as a problem noting that it compromises the integrity of an enterprises information a situation which leads to poor turnover due to low sales. In the article The challenge of risk management in Nigerian banks in the post-consolidation era Owojori et al (2011, 24) identifies information risk as an enterprise problem (2011, 24). Owojori et al (2011, 24) points out that the risk is most likely to occur in any enterprise that adopts information technology and that it is controllable.

Moorthy et al (2011, 3526) identifies information risk as a problem in the article The impact of information technology on internal auditing. Moorthy et al (2011, 3526) points out that in as much as information systems have increased productivity in enterprises they have among other things been associated with data losses, which have a detrimental effect on enterprise earnings. In the article Framework to identify and manage risks in Web 2.0 applications Rudman identifies information risk as a problem in enterprises (Rudman, 2010, 3251).

Rudman points out that innovations in IT bring with them newer threats and newer ways to effect the threats that compromise the confidentiality, integrity, and availability of the enterprises information (2010 3251). Elky (2009, 1) in the article An introduction to information system risk management and Stoneburner et al (2002, 4) in the article Risk Management Guide for Information Technology Systems also identify information risk as an enterprise problem.

Alanazi et al (2010, 2065) in the article Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance identifies information risk as an enterprise problem noting that enterprise information systems should guarantee information disclosure and privacy. In the article Sustainable economic development: A perspective from ICT loops in developing nations Low et al identifies cybersecurity as an enterprise problem noting that it has the potential to paralyze the cyber-based operations of an enterprise. In the article The genetic algorithm to management measures of information security systems Wang and Wan not only identify information security as a problem but propose a novel genetic algorithm that is effective in managing information security (2011, 2934).

Risk Assessment

In enterprises, information risk management is a risk management activity that is undertaken to manage the risk associated with its information assets and information environment. Information security in an enterprise is a key issue in information risk management this is because the information environment and information assets of an enterprise have to ensure that the confidentiality, integrity, and availability of the enterprises information are safeguarded. In the risk assessment stage of information risk management, certain elements of information security have to be taken into account.

One element is identifying the vulnerabilities of a given information asset. A vulnerability concerning information security is a weakness present in an information asset which if exploited causes harm to it with the resultant effect of compromising the confidentiality, integrity, and availability of the enterprises information (ISACA, 2006, 85). Another element of information security that is taken into account in the risk assessment stage of information risk management is identifying the threats to the information assets. A threat can be artificial or not and can be situated inside or outside an enterprises information environment. A threat to an enterprises information asset is an object that has the potential to damage an information resource (ISACA, 2006, 85).

Another element of information security that is taken into account in the risk assessment stage of information risk management is identifying the threat-sources concerning the information assets. A threat-source as the name suggests is in information risk management is the source of a threat and this according to Elky (2007, 2) can take the form of a situation, intent or method. It is worth noting that a threat without a threat source is dormant and therefore is not harmful to an enterprises information asset (Elky, 2007, 2). To elaborate further on these information security key elements we introduce an e-health system case study and from it deduce its vulnerabilities, threats, and threat-sources.

Case study

The case study is the Swedish ePrescribing system that is a joint effort between the countrys county councils and Apoteket, which is the countrys national pharmacy (European Commission Information Society and Media, 2006, 2). The beneficiaries of the ePrescribing system are Swedes and the countrys health provider organizations. The system operates in two modes. In the first mode, a prescription is effected using Sjunet, an extranet, which is the countrys ICT healthcare network (European Commission Information Society and Media, 2006, 1). The second mode and which is not as frequently used, a prescription is effected using a secure web-based application (European Commission Information Society and Media, 2006, 1).

The benefits provided by the ePrescribing system to Swedes are increased awareness and knowledge of prescriptions, increased patient safety and greater flexibility in the acquisition of medicine (European Commission Information Society and Media, 2006, 2). The benefits provided by the ePrescribing system to Swedish health provider organizations are reduced illegible and duplicate prescriptions, improved knowledge on patient prescriptions, time-saving and lessened risk of fraud and falsification of prescriptions. According to the European Commission Information Society and Media (2006, 1), 42% of all prescriptions in Sweden are done using the ePrescribing system.

Case study discussion

From this case study, the information assets include Sjunet, the secure web-based application and the systems allied infrastructure. The information environment is the country, Sweden. Possible vulnerabilities to this system include poor choice of cryptography keys and message encryption algorithms and poor layout of the systems allied infrastructure. A possible threat and threat-source to this system are acts of Nature such as earthquakes, floods, hurricanes, infernos and tornadoes that can damage the infrastructure of the system. Another possible threat and threat-source is an alteration of the systems software through malicious codes such as Trojan horses, viruses, worms, logic bombs, etc. Targeted software in this thread is either the operating system or application programs that make up the ePrescribing system. The alteration involves modification, insertion, and deletion of this software.

Cloud computing

Using the ePrescribing system as an example and in particular, the fact that one of its modes of operations is web-based it is clear that health enterprises are adopting cloud computing as a future investment. In cloud computing these enterprises post their sensitive information on the web and as such are exposed to three main risks, namely, information security, e-discovery and computer forensics (techtarget.com, 2009, 1). By having this information on the web it becomes a challenge to monitor who is accessing information, what information is accessed and what alterations, if any, have been made to it and thus, the information security risk (techtarget.com, 2009, 2).

E-discovery exposes such enterprises to risk as it assumes that such enterprises have visible storage and backup processes but this is not the case and hence comprehension of the enterprise data becomes an issue at certain times a, state which can lead to leakage of the enterprises sensitive information (techtarget.com, 2009, 3). Computer forensics is useful in giving certain needed information on a computer resource e.g. when it was accessed and by who. With cloud computing, this is almost impossible as when the resource is uploaded to the cloud its trace is lost and thus no examination is possible hence the computer forensic risk (techtarget.com, 2009, 4).

Enhancing security in cloud computing is enhancing an enterprises internet or intranet security since, as mentioned above, cloud computing is an internet or intranet resource. In the face of attackers, cryptography boosts cloud computing security by ensuring the secrecy and integrity of information through encryption and decryption of messages by authorized principals who themselves are not a security threat (Coulouris et al, 2005, 276).

Another security defense against cloud-based attacks is credentials, which is a collection of evidence presented by one principle to another when the former is requesting for an internet resource (Coulouris et al, 2005, 284). Another security defense against cloud-based attacks is firewalls, which monitor and regulate communication in and out of a computer on the internet or an intranet (Coulouris et al, 2005, 109)certificates. The credentials of a given principle regulate or dictate the allocation of internet resources to the principle and thus in this way, credentials boost internet security.

Risk Assessment Methodology

In enterprise risk management the first process is risk assessment in which risk and risk impacts are identified and evaluated and also measures for reducing risks are recommended. A risk in enterprise risk management is the likelihood that an event will actuate that will hurt an organizational information asset (Elky, 2007, 1). Risk impact, on the other hand, refers to the magnitude of damage a risk can cause (Stoneburner et al, 2002, 8). Risk Assessment Methodology is the methodology applied in enterprise risk management and constitutes of nine activities (steps). These activities (steps) are shown in the risk methodology flow chart in figure 1 in appendix A. The inputs and resulting outputs of the activities are shown in table 1 in appendix A.

From the eHealth case study above, potential risks to the system have been identified as information security, e-discovery, and computer forensics. The risk impact, in extreme cases, can result in a shutdown of the system since it is no longer able to safeguard the confidentiality, integrity, and availability of its information, which is a basic requirement for it. Of the above-mentioned risks, information security is a high-level risk because its impact is costly to deal with and its threats and vulnerabilities (e.g. alteration of software) are difficult to deal with and are more likely to occur frequently compared to e-discovery and computer forensics risks, which are relatively low-level risks. Information security threats are costly and difficult to deal with because as technology advances the landscape of information security changes in tandem and these changes bring with them newer threats and vulnerabilities prompting enterprises to continually invest more and more on risk mitigation measures.

Communication of the risk

Communication of the risk is done through the risk assessment report, which is the output of the last activity in the risk assessment methodology (result documentation). A content of the risk assessment report is a description of the threats and vulnerabilities associated with an enterprises information asset or information environment (Stoneburner et al, 2002, 26). Other contents of the risk assessment report are a measurement of the enterprises information risk and recommendations on how to implement controls. The risk assessment report is presented to the senior management of an enterprise as a tool to aid in better decision-making on enterprise policy, budget, procedures and system changes concerning management and operations (Stoneburner et al, 2002, 26).

Recommendations

This report recommends that, as the business environment keeps changing enterprises should regularly do an information risk assessment owing to the fact the changes bring with them newer vulnerabilities and threats, which might compromise the effectiveness of their current risk management plan. Also, this report is of the recommendation that the findings and recommendations captured in the risk assessment report should be treated with the importance they deserve and enterprises should hasten to implement the recommendations made therein to avoid any financial losses or liabilities such as lawsuits. Another recommendation is that health enterprises and other enterprises that are using cloud computing technology need to invest more in information security measures targeted on monitoring and regulating access to information and communication channels.

Conclusion

In an enterprise, the information environment and information assets have to ensure that the confidentiality, integrity, and availability of the enterprises information are safeguarded. Naturally, in an enterprise information security cannot be fully guaranteed because an enterprises business environment is ever-changing and the enterprises have to change in tandem. Thus, an enterprise as to review its risk management plan as often as possible to ensure that it is not obsolete and useless in the face of new vulnerabilities, threats, and threat-sources.

References

Alanazi1, O. H., Jalab, H. A., Alam, G. M., Zaidan, B. B., & Zaidan, A. A. (2010). Securing electronic medical records transmissions over unsecured communications: An overview for better medical governance. Journal of Medicinal Plants Research Vol. 4(19). Web.

Answers Corporation. ( 2011). Why do organizations need information systems?.

Coulouris, G. Dollimore, J. And Kindberg, T. ( 2005). Distributed systems concepts and design. (4^th ed.). Pearson Education Limited: England.

Elky , S. (2007). An introduction to information system risk management.

European Commission Information Society and Media. (2006). Apoteket and Stockholm County Council, Sweden  eRecept, an ePrescribing application. Web.

ISACA (2006) CISA review manual (2006). Information systems audit and control association.

Low, K. L., Lim, C. S. & Samudhram, A. (2011). Sustainable economic development: A perspective from ICT loops in developing nations. African Journal of Business Management, 5(15). Web.

Moorthy M. K., Seetharaman, Mohamed, A. Z., Gopalan, M., & Sans, L. H.(2011). The impact of information technology on internal auditing. African Journal of Business Management, 5(9). Web.

Owojori, A. A., Akintoye I. R. & Adidu F. A. (2011). The challenge of risk management in Nigerian banks in the post consolidation era. Journal of Accounting and Taxation, 3(2). Web.

Rudman, J.R. (2010). Framework to identify and manage risks in Web 2.0 applications. African Journal of Business Management, 4(13). Web.

Sajjad, M., Humayoun, A. A. & Khan, Z. (2010). Risk perception and adoption of technology: An empirical study of personal computer use for Pakistani managers. African Journal of Business Management, 4(14). Web.

Stoneburner, G., Goguen, A. & Feringa A. (2002). Risk Management Guide for Information Technology Systems.

Techtarget.com. (2009). Three cloud computing risks to consider. Web.

Tsai, Y. C. & Yeh, C. J.(2010). Perceived risk of information security and privacy in online shopping: A study of environmentally sustainable products. African Journal of Business Management, 4(18). Web.

Wang, P. & Wan, P. (2011). The genetic algorithm to management measures of information security systems. International Journal of the Physical Sciences, 6(12). Web.

Appendix

Appendix A

Table 1: Inputs and outputs of risk methodology steps