Many companies have begun extending employee monitoring to include off-hours or off duty activities. Mujtaba, Griffin, and Oskal (2004) attribute reduction in employee privacy rights, including employer monitoring off-hours, to recent terrorist attacks such as the Columbine shootings and the events of 9/11 (p. 35). Companies pursuing a risk management strategy that includes off duty monitoring of employees must proceed cautiously to avoid legal action from employees for privacy violations.
Both identity theft and medical identity theft have significant negative impacts for the victims. Since the victim’s identity has been stolen, the process of establishing that the victim did not actually complete the financial transactions is lengthy and difficult.
In the 2007 article, “Strategic risk management: Creating and protecting value,” Beasley describes Enterprise Risk Management (ERM) as, “an emerging business practice […] that emphasizes a top-down, holistic approach to effective risk management for the entire enterprise” (p. 26). As Beasley explains, ERM is distinguished from traditional risk management because ERM “strategically [considers] the interactive effects of various risk events with the goal of balancing an enterprise’s portfolio of risks to be within the stakeholder’s appetite for risk” (p. 26); whereas, traditional risk management is a “silo […] approach, where risks are often managed in isolation, with minimal oversight [of affects to the enterprise as a whole]” (p. 26). Beasley describes an ERM framework known as, “The Return Driven Strategy Framework,” and describes how the framework could have helped in several real cases where risks became issues.
In the 2003 book, “Leading Geeks: How to Manage and Lead People Who Deliver Technology,” author Paul Glen states, “Because technology has permeated all functional areas of organizations, every manager must now know how to lead geeks” (p. 18). Glen’s assertion begs two important questions: has technology permeated all functional areas of the modern business and do managers need specialized leadership techniques for handling knowledge workers? An evaluation of Glen’s statement in context with an example company provides a means for determining if the assertions are correct.
Outsourcing is a critical tool for business managers to control costs and maximize return on the IT investment. Service level agreements have long been a standard for managing the performance of outsourcing agreements. However, service level agreements often fail to provide satisfying results due to offsets and burdensome requirements related to penalties. Balanced scorecard provides a more attractive option for managing the outsourcer. A built-in alignment with business strategy and an orientation towards incentivizing desired behaviors make balanced scorecard a more effective and more satisfying methodology for managing outsourcers. A review of scholarly literature on the subjects of outsourcing, service level agreements, and balanced scorecard elucidates the relative benefits of balanced scorecard compared to service level agreements for managing outsourcing. Balanced scorecard is found to be a beneficial method for managing outsourcing suppliers. However, analyzing the literature identifies a research gap and determines that further research is needed in the areas of outsourcing and supplier management.
Intrusion detection systems (IDS) seek to identify malicious network traffic. Intrusion prevention systems (IPS) advance IDS technology with the ability to dynamically adjust network and systems configurations to block malicious traffic as it is detected. As Gonzalez, Paxson, and Weaver (2007) state, “stateful, in-depth, inline traffic analysis for intrusion detection and prevention is growing increasingly more difficult as the data rates of modern networks rise.” In order to better understand the technical challenges and associated innovations associated with IDS and IPS, the author proposes to conduct a review of the literature on the subject of next-generation intrusion prevention systems.
Secure information systems design theory is an area of information security that continues to need additional research. Models such as Siponen et al. provide a theoretical framework for SIS design that organizations and security practitioners can implement and utilize. However, further research and development is needed to continue to meet modern threats.
When developing information systems, data modeling represents a key aspect of the requirements analysis phase. The criticality of the data model stems from the fact that the characteristics of the data govern all other aspects of an information system.
The Hofmeister, Nord, and Soni article provides a useful overview of the Global Analysis methodology. Software architects seeking to improve the traceability of the software development lifecycle would be advised to read Hofmeister et al and implement Global Analysis as an architectural tool.
The systems development lifecycle (SDLC) is a broad term that encompasses the methods that an organization uses to design, deploy, and maintain the systems that fulfill the information technology (IT) and business strategies. Hoffer, George, and Valacich (2010) define the systems development lifecycle as, “the traditional methodology used to develop, maintain, and replace information systems” (Hoffer, George, and Valcich, 2010, p. 7). One of the key phases of the SDLC is systems analysis and design, which focuses on gathering and analysis of requirements and design of information systems to meet those requirements.
Subscribe
Search
Let’s Connect!
I am confident that I can help you with information technology and security. Let's connect and discuss the challenges facing your business.
Send me an e-mail message.
Call me at (520)762-4962
Connect via Skype:
Schedule a meeting:
@itbrian on:
