Synopsis


During the turn of the century, the world experiences more drastic changes than before, which include changes in the environment, culture, education, knowledge, the society, and technology. The world has evolved into a massive ball of information and technology that led to the expansion and the development of the society in several aspects. However, despite the improvement of the performance of many companies, these changes also contributed to the distress of some, which are not apt for these changes. From this, it can be understood that, existing and persisting in the business industry is not as easy as it seems. Because of these, many business organizations and companies are encountering a variety of problems and issues that determine their success or failure in the business arena and in the industry. These problems and issues arise from the external and internal changes that the company encounters.


            From these, this paper discusses XYZ Company in Iran, which encountered a number of issues, in relation to the implementation of Information System Security as part of the changes that happened in its internal and external environments. The general issues and problems that the organisation faces was evaluated and discussed. Actually, the discussion covered the issues pertaining to IS security implementation, project planning, human resources, managers’ leadership, and challenge of change management. Moreover, the issues identified were tackled in relation to the scope of its change.


 


Introduction


The business danger for an organisation engaged in technologically dependent business is normally greater than for one that is not. Business operations present a unique set of danger, including an increased reliance on technology and increased vulnerability to the rapid changes in technology. To deal with such challenges, an organisation needs to develop an efficient strategy. An effective strategy requires operational efficiency; within organisation’s information systems, this means an emphasis on information security and controls.


            Apparently,  (1998) stated that computers have found their way into all areas of business, industry, education and government. Increasingly far-reaching information networks linking computers and databases provide important benefits, including greater staff productivity and a sharper competitive edge. The more that we expand the reach of our information networks, the more important network security becomes. Basically, this paper discusses the relevant issues about security particularly the Information System in XYZ Company in Iran.


 


 Information Systems Security for XYZ Company


            Basically, one of the most vital and difficult tasks is determining important information and the proper way of using it. Where business concerns and financial matters tend to identify themselves automatically, although often too late, with information this is not always simple. Data is engendered in all processes in and outside the organisation. Determining the possible information value of these processes and creating a system to effectively use it requires specialised skills. Meaning to say, we need to combine in-depth business knowledge with in-depth system/process knowledge. Eventually, when the information value is close to the procedure, e.g. obtaining direct process competence, this link can often be made by the organisation. This can be very difficult when information value is business-logically separated from the information source. Information is an asset that needs processing and care. Handling it wrong can render valuable information useless where money can be transformed and traced easily. On the other hand, information can be copied and used on different locations multiplying its value. Like money the optimal use of information requires strict procedures for handling it. As for money this depends on the specific organisation.


            From the discussion, this paper aims to conduct a project plan regarding security of information systems.  Basically, XYZ Company is planning to have a complete security of business information within the organisation. Some of the activities needed to get the security system started are:


A.          Negotiation with the IS security company


B.           Shipping the equipment


C.           Recruitment of IT and Security Staff


D.          Installation of the security system


E.           Pilot operation


Making computer and information systems more secure is both a technological challenge and a managerial problem. The technology exists to incorporate adequate security safeguards within these systems, but the managerial demand for secure systems is virtually nonexistent outside of the defence and financial industries. That so many of our commercial systems provide marginal security at best is a reflection of the lack of managerial awareness and understanding of the need to protect the information stored in, and transmitted between, computers.


From this, it is essential to determine the technical and non-technical concerns of the possible information systems requirements of the company. Basically, the technical problems that may arise in this project include the suitability of the software and hardware to the type of information to be protected. In addition, employees of XYZ Company should be aware on how this security systems works. Apparently, issues such as system design, system capacity, system control, system maintenance, and system response to requests for information should also be considered. The security systems to be used by the by XYZ must be appropriate, to capably meet the needs of both employees and customers.


            In regards to non-technical issues of information systems security implementation, the inclusion of project constraints, such as money, time and staff must be analysed. The company must be able to evaluate the financial aspect needing to accomplish the project. As part of non-technical issues in the project, time in accomplishing the project should also be observed. This is important since time and the amount of money the company will be spending to accomplish its projects are intercorrelated. Every organisation wishes to lessen expenditures, so identifying the project’s specific time frame would enable the company to allocate enough resources for the project. Lastly, staff participation is also essential in the project since they are responsible for making the project move forward.


Apparently, the function of an Information System Security in this organisation is to optimise decision-making by delivering the right information in the right format at the right time. According to the experts in XYZ Company in Iran, the information needs changes continuously. They explained that to be useful the supplied information must keep matching the evolving information need of the individual users.


            Conversely, the current Information System understands the organisation’s need to deliver the right information. Interaction with users is critical to determine the best content and format for new information. Furthermore, to be able to continuously deliver necessary information the Information System in XYZ Company anticipated the future information needed and gathered data beforehand. Actually, the relationships with the data sources are necessary to maintain a reliable source for information. The relationships with business and sources together with organisation wide information value awareness are the base of an Information System.


            Lamentably, organisation is not immune to information system failures precipitated by inadequate management capacities. Many systems failed to perform up to specifications and, hence, had to be scrapped. The report attributes the difficulties squarely to poor management, ineffective planning, and lack of user involvement in implementation.


            In addition, the organisation created a data bank that enhances the production function of an Information System. It is a tool supporting the Information System since it consists of a centralised historical database with data management and reporting functions. Normally, the data bank maintains data integrity and consistency and supports the administration of business rules and information definitions. Currently most Information Systems in other organisations are built as Data Storages, i.e. a significant database with reporting effectivity.


 


Project Plan


From the list of activities presented in Task 1, this part of the paper will show the critical path analysis as part of Task Management Plan.  As previously discussed, this project contains of five separate activities. A, B, C, D and E.  The time required and precedence relations among them are listed in the following table:


 


 


 


 


 


 


Table 1. Precedence Relation


Activity


Activity Time


Preceding Activity


A. Negotiation with the IS security company


7 weeks


none


B. Shipping the equipment


8 weeks


none


C. Recruitment of IT and Security Staff


6 weeks


A


D. Installation of the security system


5 weeks


A


E. Pilot operation


4 weeks


B, C


 


            These activities and their precedence relation are presented by the following network:


Figure 1. Activity Network



            Actually, the notation (A, 7), indicates that the arc in question represents activity A, whose completion moths is 7 weeks. A path is a sequence of arcs connecting two nodes as a path.


 


For example:



is a path between 1 and 3



is a path between 1 and 4


            An observation of the network diagram will show that the seventeen weeks represent the longest path between nodes 1 and 4, which is called the critical path.  Because it is wanted to expedite some of the activities in order to lessen the total completion in seventeen weeks.  Thus, reduction of the completion time of some of the activities lying on the critical path; say activity C for two weeks must be done.  Then the chances of reducing the completion time of the whole project by two weeks are possible.


            Unforeseen delays in the activities not on the critical path may affect the completion time of the entire project.  Any delay in the activities on the critical path will lengthen the completion time of the entire project.


            From this network analysis, finding the earliest event times, earliest finish times, latest event times and slack may contribute in determining the critical path for these activities. The complete event including the critical path of activities that should be observed in this project is presented in the following table.


 


 


 


 


Start Time


Finish Time


 


 


Event


Activity


Activity Time


Earliest


Latest


Earliest


Latest


Slack


Critical Path


1, 2


A. Negotiation with the IS security company


7 weeks


0


0


7


7


0



1, 3


B. Shipping the equipment


8 weeks


0


5


8


13


5


 


2, 3


C. Recruitment of IT and Security Staff


6 weeks


7


7


13


13


0



2, 4


D. Installation of the security system


5 weeks


7


12


12


17


5


 


3, 4


E. Pilot operation


4 weeks


13


13


17


17


0



 


            If XYZ Company wanted to reduce the completion time of the entire project, then they must reduce the completion times for some of the constituent activities.  Such an action is called crashing of activities.  If activity is to be crashed, it should be on critical path.


While every organisation seems to invest in technology, there are other aspects that should be considered in attaining a holistic performance of their respective organisation. One aspect that needs as much, if not more attention and investment than technology is human capital management. An organisation’s human capital management philosophy must value the workforce as a key asset that will define an organisation’s character and performance capacity (, 2001). 


Furthermore, organisations must realise that in order for them to recruit, develop, and retain skill employees for future missions, they need to unleash their human resource employee relation’s imagination to create capability and flexibility to institutionalise a well-defined system to expedite the handling of disputes and grievances. Therefore, it is imperative that human resource departments adopt a modern day progressive employee relation’s paradigm that embraces and enhances the recruitment, development, and retention of employees in concert with human capital strategic management planning initiatives.


 


Potential Problems


From the previous analysis, several factors can be determined, which need changes. Primarily, the management or style of leadership in the company must be changed, which suits the style and preferences of its employees. The management style of the company’s managers must then be given enough attention to ensure the organisation and control of the company’s employees. The scope of this change must be rooted to all of the functions of the company’s manager or its chief executive officer, whom includes planning that, involves defining goals, establishing strategy, and developing sub-plans to coordinate activities (, 2005). Function also includes organising, which determines what needs to be done, how will it be done and who will do it, leading to directing and motivating all parties and resolving conflicts, controlling, and making sure that the organisation has achieved its stated purpose (, 2005). In short, the scope in the change of management entails the refreshing and reinforcing of the tasks and responsibilities of the manager of chief executive officer of the company.


            Another factor that needs changes is the company’s strategies of taking care of their employees or workers. Workers are the company’s valuable assets, for they are able to hasten the production and operation of the company. Without the company’s workforce, its functions and goals in the industry will never be attained. The scope of the change needed in this aspect must include the development of employees as a whole, to be able to contribute to the operations of the company. Changes are needed in the managing staffs or employees for based on the problems encountered by the company some of the members of the workforce of the company lack the capacity to perform well and take the pressure of the responsibilities assigned to them. For this reason, some of them were laid off. In addition, laying off employees is not always an answer to reduction of costs, for sometimes, the debt of the company can be repaid through the efficiency of the operation and the increase in production.  


Due to the problems and the target project plan that have been distinguished by XYZ Company, this company decided to create a plan in relation to IS security measures. As mentioned earlier, the top management of the company wanted to employ IS security as part of change management in the organisation that concern to facilities, maintenance unit, information processes and resource management. Primarily, the major objective is to utilise IS security measures as change management process in order to enhance services of XYZ Company.  Actually the drive of IS security measures, therefore, came from the demands of its customers. Management at the XYZ Company have been faced with the task of integrating what had previously been disparate plants, serving customers in their own country and operating in a largely decentralised way. A key part of forging greater integration IS security was to create management structures in order to bring security of information, particularly in the exchange of information between the organisation and other parties.


            However, the manager of XYZ Company should be aware of the culture of the company. He/She should have respect to the company’s history. With regards to ethical issues, the manager should be able to take considerations of what would be the reaction of their employees to the changes that would be imposed.  Furthermore, the manager should have seen to it that her employees have undergone critical explanations about the reasons why the change of management system and strategy is needed for a certain aspects within the company.  In addition, the company should also give the employees enough time to master the skills and proficiency of their employees from maintenance, communication services and human resource management in utilising the changes made by the organisation. This is done by providing them enough trainings and orientation to explain the changes made.


            In addition, the leadership skills of managers in XYZ Company are also important. The title of being manager can be utilised by any individual however possessing the title does not automatically makes a person a leader in a true sense. According to  (1995) being a true leader must be obtained through inspiring and motivating people to give their best and a successful leader commits herself to her organisation or group and nurtures the same kind of commitment to its members. In addition, according to Haddock and Manning, a successful leader has the following traits:




  • Knows the job and field thoroughly.




  • Stays on top of existing development, trends, and theories.




  • Knows the people, including their strengths, weaknesses, hopes, and goals.




  • Shares a vision of service, ethics, excellence, and accomplishment with others.




  • Exhibits by words and behaviour strengths of personality and honour.




From these traits presented by  (1995), the manager of XYZ Company should carefully evaluate his/herself and made the possible changes to become successful.


 


Conclusion and Recommendations


            Based on the discussions above, it is found out that information is a key resource of the organisation, together with people, finances and material assets. Thus, it is accepted to state that information is a business issue. The discussion above revealed that through effective information management of the organisation’s resources and systems, organisation administrators can add value to the services delivered to customers, reduce risks in the organisation’s business, reduce the costs of business development and service delivery and encourage improvement in internal business processes and external service implementation. On the other had, it is recommended that when developing an information system just commence to make sure it produces important information and not data. It is better to build a report that is ideal for a specific need then to make a report based on a predefined concession between several users. The shaped information will have value and increases insight into information needs and the way the business is looked at. Adding more and more information to the system and solving the problems as they occur will eventually lead to a system as mentioned. In fact, that is the way any functional Information System Security is developed. Having an experienced team helping you take the first steps and educating your staff in the first period can make all the difference.


            To completely evaluate the information management of the organisation, it is advisable to adopt the devised decision making model. The model consists of the following steps:


v     identify and define the problem;


v     identify the desired goal or condition;


v     consider obstacles to the goal or condition;


v     identify alternatives;


v     examine alternatives;


v     rank alternatives;


v     choose the best alternative ;


v     evaluate the actions.


           


            Finally, the use of the quantities in decision-making model helps us to minimise mistakes.  Aside from the steps above, it is also recognised to list all the alternatives, identify future events that may occur, and construct a pay-off table in making effective decisions.


 


References:



Credit:ivythesis.typepad.com


0 comments:

Post a Comment

 
Top