Brian Zaugg Information Technology Consultant

Many industries are reporting increasing numbers of whistle blowing incidents. The medical industry in particular faces increased risk of whistle blowing due to the extent of medical fraud and the facts that medical abuse victims are often targeted when they are particularly vulnerable and that medical fraud may result in serious harm and loss of life. Businesses and professionals within the medical industry must understand the laws governing medical fraud and abuse and the protections available to whistleblowers. In particular, the federal False Claims Act protections for whistleblowers are particularly strong and those wishing to expose fraudulent activity may do so under the umbrella of these extra protections.

Continue Reading

Unfortunately, many businesses fail to properly understand and plan for the risks associated with outsourcing. Federal and state laws governing financial accountability and the handling of privacy data do not, in general, allow the outsourcing of liability. As a result, businesses may find that controls have been outsourced, but not liability for the failure of controls.

Continue Reading

Finance plays a crucial role in the development and operation of an effective and efficient information security (IS) program. On one hand, the role of finance in security relates to expenditures and business priorities.

Continue Reading

In the 2007 article, “Strategic risk management: Creating and protecting value,” Beasley describes Enterprise Risk Management (ERM) as, “an emerging business practice […] that emphasizes a top-down, holistic approach to effective risk management for the entire enterprise” (p. 26). As Beasley explains, ERM is distinguished from traditional risk management because ERM “strategically [considers] the interactive effects of various risk events with the goal of balancing an enterprise’s portfolio of risks to be within the stakeholder’s appetite for risk” (p. 26); whereas, traditional risk management is a “silo […] approach, where risks are often managed in isolation, with minimal oversight [of affects to the enterprise as a whole]” (p. 26). Beasley describes an ERM framework known as, “The Return Driven Strategy Framework,” and describes how the framework could have helped in several real cases where risks became issues.

Continue Reading

In the 2003 book, “Leading Geeks: How to Manage and Lead People Who Deliver Technology,” author Paul Glen states, “Because technology has permeated all functional areas of organizations, every manager must now know how to lead geeks” (p. 18). Glen’s assertion begs two important questions: has technology permeated all functional areas of the modern business and do managers need specialized leadership techniques for handling knowledge workers? An evaluation of Glen’s statement in context with an example company provides a means for determining if the assertions are correct.

Continue Reading

Outsourcing is a critical tool for business managers to control costs and maximize return on the IT investment. Service level agreements have long been a standard for managing the performance of outsourcing agreements. However, service level agreements often fail to provide satisfying results due to offsets and burdensome requirements related to penalties. Balanced scorecard provides a more attractive option for managing the outsourcer. A built-in alignment with business strategy and an orientation towards incentivizing desired behaviors make balanced scorecard a more effective and more satisfying methodology for managing outsourcers. A review of scholarly literature on the subjects of outsourcing, service level agreements, and balanced scorecard elucidates the relative benefits of balanced scorecard compared to service level agreements for managing outsourcing. Balanced scorecard is found to be a beneficial method for managing outsourcing suppliers. However, analyzing the literature identifies a research gap and determines that further research is needed in the areas of outsourcing and supplier management.

Continue Reading

Intrusion detection systems (IDS) seek to identify malicious network traffic. Intrusion prevention systems (IPS) advance IDS technology with the ability to dynamically adjust network and systems configurations to block malicious traffic as it is detected. As Gonzalez, Paxson, and Weaver (2007) state, “stateful, in-depth, inline traffic analysis for intrusion detection and prevention is growing increasingly more difficult as the data rates of modern networks rise.” In order to better understand the technical challenges and associated innovations associated with IDS and IPS, the author proposes to conduct a review of the literature on the subject of next-generation intrusion prevention systems.

Continue Reading

Service or cloud computing offers significant cost and scalability benefits for businesses. Businesses leveraging service based information technologies must mitigate privacy, security, and portability risks. The risks are manageable and, in light of the benefits, businesses should pursue a cloud computing strategy where feasible.

Continue Reading

When using company assets, employees generally do not have a reasonable expectation of privacy. As shown by the case of Smyth v. Pillsbury, even in cases where a private e-mail account interfaces with a monitored business e-mail system, the employee should not have an expectation of privacy.

Continue Reading

Management of the information technology (IT) applications portfolio is an important undertaking for businesses that seek to optimize the IT investment. As Ward and Peppard (2002) state, “The applications portfolio concept, […] is a means of bringing together existing, planned and potential information systems and assessing their business contribution” (Ward & Peppard, 2002). Managing the [...]

Continue Reading