Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

"WHY INFORMATION SYSTEM FAILS IN ORGANIZATION"

56 views

Published on

Acme Consulting is one of the leading strategy consulting firms that represent a team of top class consultants. The company is observing lack of efficient solutions due to disperse important information. Various policies can be defined as a high level overall plan, emphasizing on the general goals and involves acceptable procedures". In general terms, it is accepted that in any organization the general information security policies should be the basis for its information security program (Long) Especially in financial service providing companies, the need for sensible policies are growing every day, more and more companies are going global with the new mindset and strategies. In this paper we will discuss different issues that the company is facing and what can be done to make the company more secure.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

"WHY INFORMATION SYSTEM FAILS IN ORGANIZATION"

  1. 1. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 1 WHY INFORMATION SYSTEM FAILS IN ORGANIZATION
  2. 2. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 2 Abstract Acme Consulting is one of the leading strategy consulting firms that represent a team of top class consultants. The company is observing lack of efficient solutions due to disperse important information. Various policies can be defined as a high level overall plan, emphasizing on the general goals and involves acceptable procedures". In general terms, it is accepted that in any organization the general information security policies should be the basis for its information security program (Long) Especially in financial service providing companies, the need for sensible policies are growing every day, more and more companies are going global with the new mindset and strategies. In this paper we will discuss different issues that the company is facing and what can be done to make the company more secure.
  3. 3. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 3 Contents Abstract...................................................................................................................................... 2 INTRODUCTION..................................................................................................................... 4 Issue ........................................................................................................................................ 5 RESEARCH APPROACHES................................................................................................... 6 GROUNDED THEORY........................................................................................................ 6 Methodology and Analysis ................................................................................................. 6 Acceptable Use: ................................................................................................................... 10 Violations & Penalties: ....................................................................................................... 10 Key Points: ........................................................................................................................... 11 Maintenance Policy............................................................................................................. 11 Training Policy .................................................................................................................... 11 Procedure ............................................................................................................................. 12 Tools used to identify training needs .............................................................................. 12 Obtaining Approval ........................................................................................................... 12 System Access Policies ....................................................................................................... 13 Conclusion............................................................................................................................... 14 References................................................................................................................................ 16
  4. 4. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 4 INTRODUCTION The role of Information System is very significant in today’s competitive environment for the sake of protecting the core capability of any company. Information System helps the official stakeholders of the organization by providing them reliable updates and helps the industries where immediate updates are very crucial; some of these industries are travelling services, stock exchange, banking and the like. Almost all the companies are now investing in to Information System in order to reap the core benefits that it offers. However, these investments do not always end up be reaping benefits; risk is definitely involved in this case and ‘failures’ are unfortunately a part of this very field. Researchers have tried to come up with the major causes for these failures; even academicians have put in their efforts to do so. However, none of them has been able to resolve this complex mystery. The failure of Information System that causes much trouble for the businesses may be due to either of the many reasons. Many researchers have found out that the failure is not only due to the technological issues. Some other important aspects to be considered are the human resources as well as the operations of the business. As per various examinations, the failure of an Information System occurs when the assembling is not as per the prescribed design, expenses are beyond prediction, deadlines are not met or when the Information System is unable to cope with the requirements of the customers. These are not but only a few of the reasons for the failure of Information Systems that have been observed. One of the key points here is that even of the failure of IS occurs, the system should continue operating. These are only some of the facts that correspond with the other observations. Though failure may occur, the work on the system should not stop. The real failure that occurs eventual rather irrevocably is when a company fails to maintain enough support in
  5. 5. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 5 order to continue working on the system, which includes improvement, repairs and the operations; moreover, any pause in the work dissatisfies the users from the system. Other reasons why IS fails can be due to the fact that it was less planned, was executed without studying it thoroughly, objectives were not defined, and last but not the least that there was lack of consideration in regards to the involvement of the employees’ spirit, relatively less synchronization, lack of information and execution in the presence of which they could have done much better. Issue The basic purpose of intranet is to locate and use information faster and enhance the collaboration in order to achieve optimum results. But, the situation is quite devastating in Acme. The use of intranet has become quite complicated in Acme, and it really needs up-gradation. Current intranet lacks uniformity of knowledge badly. Knowledge management is something really important in this sector, and it should be placed at a single platform. The nature of the work is different and consultants face a number of issues in accessing the intranet. Having a properly planned strategy allows integration of the current systems and better efficiency. The most popular benefits of Intranet are knowledge management, task completion, collaboration and communication. The core element of strategy is not to focus any one of these points; in fact, you should focus on all three models, because they have primary concentration. The new strategy contains continuous improvements and redevelopment of the whole infrastructure. There should be a certain roadmap, ranging from 6-12 months that contains step-by-step improvement and redevelopment. The strategy must be strong enough to be implemented effectively. Let us divide the strategy into 4 distinct phases since whole structure needs to be reorganized in Acme. These phases include Assessment, Planning, Implementation, Objectives’ Setting and Delivery.
  6. 6. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 6 RESEARCH APPROACHES 1. Grounded Theory 2. DesignScience GROUNDED THEORY A study method functions approximately in turn round manner from traditional research, and initially, may perhaps emerge to be in disagreement of the systematic method. Instead of building a hypothesis with the help of research; the primary action must be gathering data with the use of different methods. The major points are jotted down out of the assembled data and codes are assigned that are taken up out of the transcript. These codes are then assembled into related concepts, so as to make them more practicable. Groups are formulated with the help of these concepts that actually provide grounds for developing a theory or reverse engineered theory. It disagrees with the conventional model of research, where researcher decides hypothetical frame, and after that he apply this model to the examined fact. Methodology and Analysis Grounded Theory (GT) method provides guidelines for data collection, analysis and inductive theory building. Data collection and analysis is performed in successive steps Carlsson, S. (2005). The way the data is analyzed in the prior round helps to highlight the data collected in the later round. Grounded Theory (GT) method is a general methodology for building theories that are grounded in data systematically gathered and analyzed (Glaser and Strauss 1967). This methodology was initially presented by Glaser and Strauss (Glaser and Strauss, 1967) in their book “The Discovery of Grounded Theory”.
  7. 7. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 7 Building a theoretically detailed content about a certain situation is the major aim of GT method. Baker, C. (1992) describes the GT approach to be a logical consequence of the study of the incident that it signifies. It means that the incident or the phenomenon is revealed, extended and confirmed by collecting the data systematically and by thoroughly examining it. Hence instead of starting off by describing a theory and then verifying it, the study is held about an area and then whatever is appropriate according to it starts to materialize. The researchers’ purpose in using the GT method is to explain a given social situation by identifying the core and subsidiary processes operating in it (Baker et al., 1992). The essential procedure is the primary strategy happening in those particular circumstances and examining it as it connects many other procedures delayed in an expressive network. With a sketch of gathering impartial facts, the GT technique suggests a lay down of technical methods. It has to be recorded that the GT technique advocates that there is a possibility of a number of observations of realism, which need to be represented as much precisely as feasible. Henver, A et al 2004, suggests two criteria for the assessment of the theory produced from GT method: (1) if the hypothetical accounts relate to the social prospect that it is all about; (2) if they are precise, informative and comprehensible for those who are aware of the social phenomenon that is being studies, be it those who have participated in it or those who have not. There are 3 basic measures of methodology, which are as follows: Open coding: These are the tagging concepts that symbolize different incidences and other illustrations of the phenomena.
  8. 8. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 8 Axial coding: It is the method of setting the data back collectively, after open coding, using novel ways, with the help of connecting these categories. Selective coding: In Selective Coding, the core category is chosen and is connected to other categories methodically by authenticating the associations. Many Information Systems studies involve GT method, some of which are Walls, J., Widmeyer, G. R., & El Sawy, O. A. (2001). The first job is to look at the current situation of the whole system; it will surely help to identify areas where restrictions are needed. Planning is based on brainstorming, where consultants’ involvement and their opinions are extremely vital. They are facing a number of issues like weak signals, no remote access, data unavailability, limited search and navigations features etc. All of these issues would be identified in first phase. We may also see the dynamics of other intranets operating successfully. The third stage is to rationalize the activities and finally the delivery, according to the plan. Tracking the progress on a continuous basis is extremely important here, so that we can resolve any upcoming issues right away. In this way, knowledge can be shared collectively and the efficiency can be enhanced. Besides, the organization could also practice in enabling IT compliance by using 5 set of practices. There are (1) organize for compliance (2) use standard and frameworks (3) emphasize training and awareness (4) ensure appropriate business resource (5) caveat emptor regarding compliance technology.
  9. 9. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 9 Strategy Should Solve These Problems Below: 1) Usage of intranet had fallen to a rate of 30 hits. All information the consultants needed reports requests for proposal, TS, and background information on customer not call of it on the intranet. Because consultants not perceive value in it. 2) Information depend on someone who worked for the client before, that person Knowledge, once this person left the company, this kind of knowledge will lost. 3) Internet separate login, most consultants unaware of the full set of knowledge resource. Info misfiled on the wrong web site. 4) Search and navigation features were limited. 5) Up-to-date technology 6) Partner don’t like spending money on IT 7) Culture every man for himself, doesn’t share knowledge 8) Change the head of the department first, combine top down and bottom strategy. For a financial company it is important to have effective storage management technology, so then it will let administrators do more, will save more money by it, anticipate any or all needs that may arise in the future and also eliminates the risk of unexpectedly running out of space which in turn might harm everyone's productivity Lees, D. (1987) By having a good storage management company will be able to implement storage limits on users and groups of users, limits on the size of shared objects. The company can also have control over what can be written to servers and or other desktop machines that will be used mainly to store the data for their clients and other financial institutions.
  10. 10. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 10 By implementing such storage system, Acme will be able to do real time monitoring and alerts for their clients and partners Lees, D. (1987) For acme, storage hardware and software management tools are only a part of the solution. If the company needs to cleanup some data then it may affect their clients. In storage management the clients of the company will play an important role by deciding whether to leave information on-line, delete it, or archive it. If the clients and partners of the company will have proper access to the storage then it will be up to them to decide, as it will be their data and only they know what is important for them and what is not Hevner, A. (2010) For the company it can be a sensitive issue, because it may be asking its clients and other partners to place limits on what they might perceive as something free of infinite. Acceptable Use: The company should and must make it clear that no representative of the company shall access or store organization data of any kind in any format by any means. The company should implement specific systems and should manage carefully to protect all kinds of data that might be accessed or stored on unauthorized organizations computers and devices Hevner, A. (2010) All the files should only be accessed from the company’s server, if required under any circumstances. Violations & Penalties: All the representative of organization should and must notify the IT department if any illegal move is made and a proper legal action will be taken against them Lees, D. (1987) that might result in the loss of their job or any penalties that may apply on them under the state or corporate law.
  11. 11. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 11 Key Points: For Acme there are various points that it needs to keep in mind but three key points to keep in mind going forward: The first one would be to recognize the need that the company needs a clear storage management policy and not just storage hardware. The company should understand that they need data to be stored from all parts of the company and it should use proven technologies and techniques to set up their storage management policy. Maintenance Policy For Acme, another vital issue for its web based transaction service that it just started for its clients and partners is the maintenance of its system. Acme needs to emphasize more on the maintenance of its PC/workstation and other technology that it will be using and the main reason for that purpose is that it is mainly involve in the financial services which needs regular updates. Poon, P. and Wagner, C. (2001) Workstations of users in company can be a significant threat to company security that may be targeted by the so called insiders, as they might get involve in the un necessary use of their systems. For this particular reason the management of the company needs to educate its staff mainly with respect to the physical security as well, and this can also be achieved by running the system through the possible scenarios, while providing tips for the better protection of the overall system. Training Policy Training policy for Acme, come under the responsibility of Human resources. The need for training is the process of reviewing job performance standards under different situations and circumstances and the company should be able to identify whether the individual has the skills, expertise or the competency that is needed for their job role.
  12. 12. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 12 Procedure Under the training policy of the company, each and every individual should be made responsible for the identification of their own current development needs, career plans and development needs, with regard to the web based transaction system that the company has just started. Under this policy the manager of the HR department will work closely with other departments and will assess the needs of their employees by providing them with coaching and proper guidelines that they might need in the future. Tools used to identify training needs 1. Acme, will use various tools to identify the training needs for their employees so that they will be able to use the new web based transaction system. The tools company will use might be on annual basis, employees meets with their managers and trainers so that they will be able to discuss training and development needs to properly use the new system. It will be the responsibility of both the manager and the employees to ensure that proper training is carried out. 2. In certain situations, if the employees identify other training needs which might help them indirectly with the new web based transaction system, they should be able to discuss it with their manager and other people who might be responsible for it. Obtaining Approval In Acme, for any kind of training to be proceed for their employees, so that they can get to know the new web based transaction system for their clients and partners, the company need to have approval from certain authorities Poon, P. and Wagner, C. (2001)
  13. 13. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 13 So every thing goes according to the plan and training will only be provided to certain employees and not all of them, as it will be costly for them. Training policies for any company varies from their industry and requirements but in general view it has the same structure and layout. In all cases final approval is also required from Human Resources. System Access Policies For Acme, this policy covers the main and most important aspects of their information system policy. Since Acme is a financial service provider and its main clients and partners are large financial and insurance companies so it posses more responsibility on itself rather than on others. The staff of Acme, should be aware of their responsibility, by keeping their user ID and passwords as secret as possible and it’s not only the matter of security for them but for the data that might be under their possession. Acme, should explain everything to its users that they are strictly under no circumstances are allowed to share their ID or password with anyone until and unless the other person has the right to access their system and anyone might range from the representative of the information security office (ISO), to their family members. Specially when Acme, plays such a vital role and supports the web based transaction system so it system access policy should also restrict any user to provide his Id or password even to the managers or other executives. For Acme, under their system access policy, no staff is required to write anything on their accounting or financial data, or their ID/password on loose papers, or sticky notes or on anything which might result in potential break-in, due to the improper handling of sensitive data. When the situation is so critical, the staff should not be allowed to
  14. 14. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 14 store their ID or password no matter how safe the staff might think their password is Poon, P. and Wagner, C. (2001) Acme should educate its staff in a way that strong passwords can be created. The proper maintenance of sensitive data such as the User ID and password for Acme are the responsibility of every staff member. Conclusion Nowadays the overall role of information system is generally considered as significant in today’s competitive environment for the sake of protecting the basic capability of any company. Systems like IS helps the official stakeholders of the organization in order to be able to provide them reliable updates so that the company within a particular industry can make much needed decisions as early as possible. Acme consulting is one of the leading strategy consulting firms that represent the team of top class consultants, because the company is observing lack of efficient solutions due to the informal arrangement of the information. The failure could be because of various reasons, but mainly because of Human resource, poor management and lack of knowledge. The nature of the work is different and consultants face a number of issues in accessing the intranet. Having a properly planned strategy allows integration of the current systems and better efficiency; this is where the company needs to focus on. To be able to face the issue properly, Acme has to redesign their policies of their information system. All the staff members of Acme must be aware of their
  15. 15. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 15 responsibility, by keeping their user ID and passwords as secret as possible and it’s not only the matter of security for them but for the data that might be under their possession.
  16. 16. CIS 8018 Strategic Information Security ID: 0061036605 Assignment 2 Page 16 References 1. Baker, C., Wuest, J., and Stern, P. (1992), Method Slurring: The Grounded Theory- Phenomology Example, Journal of Advanced Nursing, 17(11), pp 1355- 1366. 2. Carlsson, S. (2005). Developing Information Systems Design Knowledge: A Critical Realist Perspective. The Electronic Journal of Business Research Methodology, 3(2), 93-102. 3. Glaser, B. and Strauss, A. (1967) The discovery of Grounded Theory, Aldine Press. 4. Henver, A. R., Ram, S., March, S. T., & Park, J. (2004). Design Science In Info System Research. MIS Quarterly , 28, 75-105. 5. Hevner, A. (2010). Focus Groups for Artifact Refinement and Evaluation in Design Research. Communications of the Association for Information Systems , 26, 599-618. 6. Lees, D. and Lees, D. (1987) "Realities of Small Business Information System Implementation", Journal of Systems Management, 38, 1, pp 6-13. 7. Poon, P. and Wagner, C. (2001) "Critical Success Factors Revisited: Success and Failure Cases of Information Systems for Senior Executives", Decision Support Systems, 30, 4, pp 393-418. 8. Walls, J., Widmeyer, G. R., & El Sawy, O. A. (2001). Building An Info System Design TheoryFor Vigilant EIS. Los Angeles: The Institute of Management Sciences.

×