MGMT6013 Managing Information System: Threats And Vulnerabilities

Question:
Learning Outcomes:

a) Develop information security policies and controls that address potential threats and vulnerabilities and plan for business continuity, including during a process of technological change

b) Analyse IS for compliance with ethical and legal frameworks making recommendations on the use and application of data

Objectives:

• Develop innovative approaches and creative thinking;
• Clearly describe the process used to analyse strategic issues;
• Develop awareness of ethical and social considerations for strategic solutions;
• Enhance global perspectives for strategy;
• Awareness of ethical and social considerations for strategic issues;
• Assess organisational strengths and limitations.

Answer:
Introduction:
Managing information system deals with business process, people, and technology for recording, storing and processing information. This is helpful to produce regular decisions.

The following study is a policy research proposal. It is the approach towards understanding a particular problem in policy. It is developed in response to an open and targeted call for proposals.

The proposal examines the effect of information systems. Then it discusses various social and ethical considerations for strategic solutions. Next, diverse global perspectives for those strategic issues are identified. Then multiple strengths and limitations of the organizations are understood through this report.

Analyzing The Effect Of Information System And Consequent Changes To Managerial Roles And Competitive Advantage Due To Information System:
From an economic point of view, the information system is the factor of production. This is freely substituted for labor and capital. It automates the process of creation, less labor and capital to generate a particular outcome (Laudon & Laudon, 2016). For instance, transaction cost theory states that companies grow in size since one is able to retrieve specific services or products internally at less expense than through external ones in the market. Through lowering the expense of market participation or transaction costs information technology permits organizations to retrieve services and goods in a cheaper manner from eternal sources that through internal ways. Thus information technology is helpful for firms to raise revenue through shrinking in size. The agency theory sees the forms as the nexus of contracts among various self-interest individuals. They are supervising carefully to assure that organizational interests are pursued (Reason, 2016). In this way, information technology is able to help in reducing agency costs. This is a cost to coordinate various people and acts. In this way, every manager are able to oversee a massive number of staffs. Besides, behavioral researchers have theorized that information technology has facilitated flattening of hierarchies. This is widening distribution of information. This is to empower lower-level employees and raise the efficiency of management.

As far as internal organizational entrepreneurship organizations have required to be innovative, proactive and practice entrepreneurship. There is a rise in a number of new competitors and a sense of distrust in conventional management practices, leaving experts and qualified people. This is the reason organizations are needed to consider proper actions to overcome various environmental issues needed by entrepreneurs and entrepreneurship (Boonstra, 2017). Next, various submission processes and criteria are to be developed, and various selection and evaluation committees are to be organized. Then they should be launching to communicate various aims and create enthusiasm. Then various regular targeted communications are to be delivered for driving momentum.

Creating a strategic framework for innovation and learning is also an effective way. For this people need to go beyond thinking to meet the current world and business challenges. To understand an effective innovation strategy, the knowledge of the issue with open innovation, platform innovation and management innovation is to be developed along with emerging market innovation. Long-term approaches are also learnt to be met. Through using theoretical insights, through-provoking debates and cases of pioneering business with leading experts, the knowledge of innovation are to be solidified (Galliers & Leidner, 2014).

Further, a comprehensive plan is developed to create for a learning organization. For this, a learning culture can be developed by collecting organizational conventions, processes, practices and values. These conventions have organizations and employees to create competence and knowledge. This should be encouraging constant learning and believe that that the systems are influencing each other. As consistent learning elevates any distinct worker or person, it paves the way to establish to transform continually for betterment.

Changes To Business And Managerial Roles Because Of Information Systems:
First of all, there is the occurrence of cost reduction. The data as entered to the specific system permits instant assessment and supporting of decision making. This never needs extra steps related to acquiring and process. Further, there is quick access as the data can be delivered to the manager very quickly. As far as interactivity is considered, users are able to develop various reports and statements with data required to make an optimal decision. Moreover, the information system can offer probabilities of a relatively easy addition of latest analytical applications, modules and algorithms (Sahoo et al., 2016).

The managements needs to overview the complete operation. The managers get feedback about their performance. Besides, the companies must maximize the benefits from their investments. Further, the managers are able to compare outcomes to planned performances through determining benefits and drawbacks in plan and performances.

Particularly, three aspects of the organizations get affected due to this. Firstly, the amount of the market uncertainty and competition will rise. They are requirements for more diversity and greater quality of the organizational environment. These affects products and services. The legislative reform and external politics also increases complexities. These changes provokes reactions from the company in relationships and structure with customers and employees.

Analyzing Management Information Systems Through Various Analytical Approaches:
The information systems can be analyzed through various approaches. Firstly, they should come up with creative concepts towards the company’s problems. The business analysts should be examining the creativity through its own idea. Instead of implementing the business can reach where it needs to be. Next, they should be acting as change agents. The business analysts must act as the change agent as any planned change in viable is assured. Besides, business analysts can incorporate value through assuring that the projects never create much business value halted and identified such the resources are diverted to external productive ventures (Pearlson, Saunders & Galletta, 2016). Here, the business cases are helpful to identify and justify the launching of projects where the outcomes can provide advantages of innovation. Then there is supporting of deployment of solutions from ideas till initiation through providing information, managing stakeholders and engaging that in every primary business analysis tasks. This needs to be finished to be deployed in the solution. Next, the requirements are to be crafted that never curb the ability of designers for the developers for innovating. Further, they should facilitate business sessions helping stakeholders to recognize scopes for innovation. Besides, the stakeholders are to be encouraged to think “out of the box” and welcome scopes for innovation.

Various primary steps to analyze the impacts of managing information system involve assimilation of various skills needed to support the innovation process. It involves sills of negotiations, influencing, communications and creativities. Besides, another primary attribute of business analysis to make that possible to innovate in a successful manner is empathy. It is walking the same path with stakeholders for understating precisely what the issue is and how to resolve them in the best possible way (Rowley & Hartley, 2017).

This analysis is not a narrow or rigid activity to done under specific boundaries. The innovation irrespective of a size of a business is unable to make huge differences to the business. Ideas originate from discussion from stakeholders as one personal experience as the process to be improved. Ideas can be generated from any place. Here the most vital thing is to look for scopes such that one never misses out make differences irrespective of the size of business. Hence, creative thinking and innovation see essential in the analysis of business and must be utilized as the norm, instead of expectation (Yu et al., 2018).

Under the context of the information system, as the effectiveness is calculated, the ability of outputs of an information system is measured here. This is to fulfill the requirements of the organization to gain the goals. At the similar IT context, effectively is the measurement of how cheaply be can get things done. These variables are captured included customer satisfaction, income, supplier and customer links, an image of organizatip0n, job interest of staffs, confidence of stakeholders and various interoffice links (Timm et al., 2016). Furthermore, it is also seen that effect of an information system on profits and incomes of organizations are found to be putting positive effects. However, much other analysis has also shown that there can be a rise or fall in the different qualitative factors as the information system is implemented. It can also be said that IT has a rise in the company’s brand image. Employee’s job interest, confidence of stakeholders and various types of interoffice link and so on.

Ethical And Social Considerations For Strategic Solutions:
The ethical considerations include consideration of morals or principles of wrong and right of activities, previous to implement. This is done through considering whether or not this has been under the standards or rules of proper conduct and practice particularly with standards of professions (Li et al., 2014). On the other hand, social considerations refer to the meant factors concerned with individual interest, societies, communities and groups as a whole. This must be done through interventions to inherent economic mechanisms. The social problems are the issues to conflicts, situations and trends in business. Including ethical considerations indicates that through using standards of society constituting proper or improper behavior as the basis for business policies and plans (Desouza & Hensgen, 2015).

Here, the framework of utilitarianism is an effective approach to undertake ethical decisions. This is for understanding the outcomes concerning large groups of people in business. This ethical, environmental activity generates the highest good and performs the least harm for who are impacted in business.

To develop effective information security policies, certain aspects must be kept in mind.

The policy needs to be “end-to-end”.
There must be scopes of updates and revisions
Risk analysis of the company is to be included
It must be enforceable and practical.
While developing the information security policies, the objectives are to be defined at the initial stage of the document. It should be including maintaining confidentiality, assuring availability and maintaining integrity. Further, the scope of audiences for overall information security policies are applicable is to be mentored clearly. This must define what is seen as out of scope. Next, there should be asset clarification. This includes the how the assets are categorized, individual responsibilities of a security team, asset owner, IT team. It must also include a finding of authorized parties for approving asset classification. Then there is access control that provides for whether the business has followed various mandatory access controls (Peltier, 2016). Moreover, this includes who gets access to that, who grants that and reason behind the persimmon and so on. Then there is incident management and change management. The change management should assure that every change is documented and has been approved by administration. Besides, the incident management must include whom to contact during an incident, how can the staffs recognize and report any event and how that occurrence can be utilized as a lesson.

The information security should include clean desk policies. This must determine whether the employees can leave the assets that are unsecured during office time and doe the assets require physical locks. It also helps in deciding whether the organizations have issued the documents as per their wish. Then there is information or data classification. Similar to asset classification, the information also requires to be classified into various groups (Safa, Von Solms & Furnell, 2016). They are public, confidential, secret and top secret. It is to be done to assure that the data and objects have large clearance level that is not accessed by different subjects from levels of lower security. Next, acceptable internal usage policy is to be deployed. This should define how the Internet is restricted and what elements are needed to be regulated. Lastly, there should be antivirus management and patch management included in the internet security policy.

Global Perspectives For Strategy:
Foreign investments flows are driven through host capitals and attempts to possess know-how and technology to access to at least markets. At present following financial integration policies the governments have continued to deploy policies, strategies and actions of investments. This is to assure that engine of actual economic development in the industry keeps working (Fatehian et al., 2018). Further, technology transfer from different direct investments has been an undeniable role for various developing countries. Besides, transfer of technology also develops developments of local technical capacities. This also facilitates modernization.

Regional economic integration is another strategy from global perspectives. This indicates cooperating between different countries of the specific region to create a specific sector. This also consists of economic integration of different trading sectors of various nations. This is also known as regional trade block, regional grouping and regional financial forces.

The international monetary system is another strategy that indicates various standards and rules to facilitate global trades among various countries. This is helpful to reallocate the investment and capital from nation to nation (Sayles, 2017). This is the international network for financial and government institutions determining the rate of exchange of various currencies for international trade. This is a governing body setting regulations and rules through which various countries exchange currencies with others.

As far as international business is concerned, the competitive benefits happen as an organization develops or acquires combination or attributes allowing that to outperform their competitors. Here, the attributes are able to involve various accesses to natural resources like huge grade ores and inexpensive powers to access to largely trained and skilled personnel human resources. Various technologies like information technology and robotics have been included as the part of the product to assist the making of that. Information technology is a prominent part of current day business word (Carnall, 2018). This has also been contributing to competitive benefit by outperforming various competitors regarding the presence of the Internet. In order to gain competitive benefits, revenue and costs are to be controlled at the same time. Here, innovation and efficiency are also vital. The reason is that innovations occur in various parts of the business. The selective decisions are made here apart from various centralizing and decentralizing resources.

Ethical And Social Considerations For Strategic Issues:
Various risks are to be considered in this organizational context. Firstly, there us reputational damage. Then there is communication failure. Besides, there is compliance with new legislation, generation of malware, Ransomware and cyberattacks. The legal issues consists of disgruntled employees, harassment or discrimination cases, immigration audits, patent and copyright issues and dissatisfied customers. The cultural problems includes maintaining organizational culture, reinforcing them every time and including all team members. Then there is privacy and technology concerns, travel ethics, employee favoritism and poor behavior of leadership.

The business has trustworthiness and promise keeping strategies. The ethical executives must be candid and forthcoming to supply important information and then to correct misapprehensions of facts. Thus various reasonable efforts can be made to fulfill the spirit of their commitments and promises. This never interpret agreements in unreasonably legalistic and technical ways to rationalize non-compliance and create justifications to escape their commitments. Again the ethical executives must be loyalty and demonstrate fidelity and loyalty to institutions and persons through friendships in devotion, support and adversity towards duty (Skilton, Wiseman & Glick, 2018). Moreover, it should be securing the ability to make independent professional judgments. This must be done through scrupulously avoiding various undue effects and different conflicts of interests. Further, this should be loyal to colleagues and companies as it is decided to accept various employment and provide different reasonable notices. Also, it should be respecting proprietary data of former employees and refuse to engage activities taking undue benefits of the prior positions (Baskerville, Spagnoletti & Kim, 2014).

The cultural issues consists of lack of providing unspoken guidelines to get along in the organization. This helps in decrease in stability of social system in the company. At many times, internal integration and external adaptation is not properly dealt. Hence at many times there can be differentiation between in-group and out-group individuals.

The ethical issues consists of privacy. For instance, there is a need of determining what things the people has been keeping to themselves and never forced to others. Then, there is problem with accuracy that determined the finding of who is liable for accuracy, fidelity and authenticity. Next, there is problem with accessibility. For example, what information does people or organizations have the right or privilege to obtain.

Assumptions Underpinning The Analysis:
The assumptions are highlighted below.

Irrationality of the practices
Existence of knowledge of the effective design practice.
Ability of changing the rationality of practitioners dealing with the issues.
The above assumptions has positive implications for organizations. However, the results must turn into costly mistakes and result in unnecessary accountabilities. At international context, it is helpful in interrelating, integrating and coordinating various sub-systems. This is also helpful to facilitate and develop the working of sub-systems and achieving synergistic impacts.

First of all, it is transformative. The strategic application of information technology transforms different non-profit organizations and enhances the effects. Next, the connections raise the outcomes. The information technology professionals are most effective and efficient while organziations can learn and exchange experience and knowledge comfortably with various networks of peers as one has more connections and have better chances to solve issues and lead that sector. Besides, a relationship is another key (Belussi, Migliorini & Grossi, 2015).

To manage information systems the organizations’ strengths and weaknesses can be understood by SWOT analysis. For example, the strengths can include strong brand names, good reputations and cost advantages of various proprietary know-how. The weaknesses can include weak brand name, poor reputations and ineffective and high-cost structures (Mozaffar et al., 2018). Besides, the scopes can consist of the arrival of new technologies, unfulfilled customer requirements and many more and threats can involve changes in trends, new substitute products and new regulations.

Apart from this, PESTLE analysis is also an effective strategy to examine the strength and weakness of organizations in managing information systems. The factors of this analysis include political, economic, social, technological, legal and environmental factors (Thomas et al., 2015).

Developing Security Policies To Address Threats, Vulnerabilities For Enhancing Organizational Strengths And Limits:
First, the strategy to handle and control risk in information security is to be developed. Here, technology management department is liable to assess risks of information security. This is from business objectives and risk management policy. It should be get approved from the committee of information security.

Further, different standards in policy to handle and manage risk in information security is to be established. This should be regularly done for considering changes in security requirements and risk situations (Peltier, 2016). Furthermore, it includes impacts, vulnerabilities, threats and assets. The decision is made on whether a risk is acceptable and either because of expensive costs and objectives. Various probable methods of treating the risks identified include avoiding risks, decreasing the possibility of occurrence, decreasing effects, transferring risks and retaining risks. The multiple security policies and controls are demonstrated hereafter.

First of all the various standards in staff security policy is to be developed. The multiple measures are as follows. Here for every people joining the organization, administrative and human resource managers must assure the security liabilities before making any contract. Here, the activity must be reflected insufficient job description and as per terms and conditions of employment. Next, controls must be developed for securities during contracts. Here a regular and effective information protection awareness program for every staff are to be formed. People with particular responsibilities of protection also need appropriate training to manage technological risk and primary ideas that must be followed by every employee (Sommestad, Karlzén & Hallberg, 2015).

Moreover, every employee is liable for and must be attending awareness of information security courses as scheduled by the company. It must apply to security as pet procedures and policies as deployed by the organization. Another policy to be included here is the termination or making changes in position. Here, it must be assured that all the employees, contractors, third parties and consultants must leave the company and change positions that have signed an agreement of confidentiality.

Various policies undertaken to mitigate the further risks. First of all, there should be HR policies and deployments, reward systems, retention and hiring, evaluation and performance management and promotion decision. In order to analysis the underpinning risks, for policy implementation, the following assumptions are to be made. Firstly, the challenges common to work and workplace are to be assumed. Then the greater sectors of risk are to be determined. Next, the value that are vital to business and its employees are to be determined. Lastly, the compliance and ethics resources beneficial for the employees are to be determined.

Conclusion:
The report is helpful to create information security policies and controls. This must determine potential threats and vulnerabilities. Further, they must plan for business continuity that includes the process of technological changes. Besides, the study is helpful to analyze information for compliance with various types of legal and ethical frameworks. Thus recommendations are made of the use and using data. Here, the proposal report is helpful to understand how to use information systems for assuring efficient and smooth running of organizations. The various lessons learnt from the study is useful to management reporting systems, finance and accounting systems, enterprise planning systems, marketing and sales systems, human resource systems and process control systems.

References:
Baskerville, R., Spagnoletti, P., & Kim, J. (2014). Incident-centered information security: Managing a strategic balance between prevention and response. Information & management, 51(1), 138-151.

Belussi, A., Migliorini, S., & Grossi, P. (2015). Managing time dimension in the archaeological urban information system of the historical heritage of Rome and Verona. In Proceedings of the 42nd Annual Conference on Computer Applications and Quantitative Methods in Archaeology (pp. 235-244).

Boonstra, A. (2017). Understanding and managing information system conflicts (Doctoral dissertation, Loughborough University, UK).

Carnall, C. (2018). Managing change. Routledge.

Desouza, K. C., & Hensgen, T. (2015). Managing information in complex organizations: semiotics and signals, complexity and chaos. Routledge.

Eriksson, J. (2017). Threat Politics: New Perspectives on Security, Risk and Crisis Management: New Perspectives on Security, Risk and Crisis Management. Routledge.

Fatehian, S., Jelokhani-Niaraki, M., Kakroodi, A. A., Dero, Q. Y., & Samany, N. N. (2018). A volunteered geographic information system for managing environmental pollution of coastal zones: A case study in Nowshahr, Iran. Ocean & Coastal Management, 163, 54-65.

Galliers, R. D., & Leidner, D. E. (2014). Strategic information management: challenges and strategies in managing information systems. Routledge.

Hong, X., Zhao, D., & Wang, Z. (2016). Managing technology licensing for stochastic R&D: from the perspective of an enterprise information system. Enterprise Information Systems, 10(8), 845-862.

Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education India.

Li, J., Li, Q., Liu, C., Khan, S. U., & Ghani, N. (2014). Community-based collaborative information system for emergency management. Computers & operations research, 42, 116-124.

Martin, W. J. (2017). The global information society. Routledge.

Pearlson, K. E., Saunders, C. S., & Galletta, D. F. (2016). Managing and Using Information Systems, Binder Ready Version: A Strategic Approach. John Wiley & Sons.

Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.

Reason, J. (2016). Managing the risks of organizational accidents. Routledge.

Rowley, J., & Hartley, R. (2017). Organizing knowledge: an introduction to managing access to information. Routledge.

Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70-82.

Sahoo, S. S., Zhang, G. Q., Bamps, Y., Fraser, R., Stoll, S., Lhatoo, S. D., … & Sajatovic, M. (2016). Managing information well: Toward an ontology-driven informatics platform for data sharing and secondary use in epilepsy self-management research centers. Health informatics journal, 22(3), 548-561.

Sayles, L. R. (2017). Managing large systems: Organizations for the future. Routledge.

Skilton, P. F., Wiseman, R. M., & Glick, W. H. (2018). MANAGING FOR IMPACT IN BUSINESS RESEARCH PROGRAMS: SCOPE AND COLLABORATION. Current Topics in Management: Volume 13, Global Perspectives on Strategy, Behavior, and Performance, 179.

Sommestad, T., Karlzén, H., & Hallberg, J. (2015). The sufficiency of the theory of planned behavior for explaining information security policy compliance. Information & Computer Security, 23(2), 200-217.

Thomas, V. I., Yu, E., Acharya, P., Jaramillo, J., & Chowdhury, F. (2015, December). The ANSS Station Information System: A Centralized Station Metadata Repository for Populating, Managing and Distributing Seismic Station Metadata. In AGU Fall Meeting Abstracts.

Timm, I. J., Woelk, P. O., Knirsch, P., Tönshoff, H. K., & Herzog, O. (2016). Flexible mass customisation: managing its information logistics using adaptive cooperative multi-agent systems. In Developments in Logistics and Supply Chain Management (pp. 203-211). Palgrave Macmillan, London.

Xu, Z., & Wang, H. (2016). Managing multi-granularity linguistic information in qualitative group decision making: an overview. Granular computing, 1(1), 21-35.

Yu, E., Acharya, P., Jaramillo, J., Kientz, S., Thomas, V., & Hauksson, E. (2018). The Station Information System (SIS): A Centralized Repository for Populating, Managing, and Distributing Metadata of the Advanced National Seismic System Stations. Seismological Research Letters.a

 
"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"
Looking for a Similar Assignment? Our Experts can help. Use the coupon code SAVE30 to get your first order at 30% off!

Hi there! Click one of our representatives below and we will get back to you as soon as possible.

Chat with us on WhatsApp