Adventures of an IT Leader, chapter 16&17

Posted: August 12th, 2013

Name:

Course:

Instructor:

Date:

Adventures of an IT Leader

Chapter 16

1. Is there some ideal ratio between the amount a firm spends on IT maintenance versus innovation projects?

The literature provides that there exists a link between the costs accrued for maintenance of existent information technology infrastructure and the costs associated with the establishment of new projects. It is estimated that an entity uses 80% of its expenditures in information technology, in the maintenance of systems in an entity while the remainder is used in the initiation of new projects or purchase of new products. An approach to reduce the costs of maintenance was the simplification of the existent infrastructure in an organization to enable easy use by employees in the conduct of their tasks.

2. What do you think of the “kid’s” toolkit approach to management?

I think that the toolkit approach is management is expressly appropriate for a changing and dynamic organizational setting. This is essential in that it provides management with the chance of appraisal of the techniques used in the management process. Hence, changing market or organizational settings usually determine the applicability of a specific condition of the situation within the organization. This precisely relates to the information technology department whereby the changes in terms of systems should be determined by the specific organizational needs and circumstances. Hence, a specific situation should determine the set of approaches or strategies, which could be used in identification of proper infrastructure for the overall achievement of the organizational goals and objectives.

3. What do you think of the three infrastructure standardization options?

The initial option was defined as an idle option or what was known as “do nothing” option. This was characterized by voluntary compliance with the required standards. Business units would voluntarily evaluate the infrastructure required as well as the respective standards. This would provide the entity and its staff to gain knowledge about the various types of infrastructure applicable to the organization. However, this approach is laid back in that it does not offer direction and motivation in the organization towards identification of appropriate infrastructure.

The second option was strict enforcement whereby the entity would engage in the selection and control of the infrastructure. This was done by influencing the standards through the department of information technology and enforcing such standards. Strict enforcement would result in over-control and possible loss of the goals and objects, which is the selection of appropriate infrastructure and subsequent implementation of the standards.

The third option, gradual migration, would provide the organization with the ability to classify the various technology platforms into three levels emerging, declining and standard technologies. The third classification is appropriate in that it enables the entity to identify the appropriate technologies for use within the organization in a cost effective manner. This is an appropriate approach in the identification of the applicable technology relative to the given circumstances.

Chapter 17

1. Why has Carl Williams suddenly become more receptive to Barton’s agenda for IT?

Carl Williams renewed interest in IT is driven by his understanding of the role of IT in increasing the profitability of the organization. This is attributable to specific issues such as the cots and risk tradeoffs in the organization in terms of acquisition of infrastructure in the organization. His interest in the information technology department is driven by the need to understand the risks in the organization as well as the mitigation and reduction of such possible risks. However, risks could not be eliminated as they operated on possible occurrence irrespective of measures adopted by the organization to prevent risk occurrence.

The previous incidence of infiltration into the organization’s computer systems was an indication of the need to revaluate the security and risks mitigation procedures adopted by the organization. The interest exhibited by Carl Williams is an indication of his need to ensure that the entity reduces costs associated with occurrences of risks in the organization.

2. Give some examples of threats that fall into one of the four quadrants of the matrix on p.272. 

A High risk, which can result in capitalization of risk mitigation process, is the security offered to sensitive data in the organization. Such ensures a specific focus on the sensitive issues as they have a higher possible exposure to risks. Such requires an increase in capitalization to ensure such security measures are undertaken. This may involve authentication and authorization in access to specific data to ensure minimal interference by the employees in the organization.

Other risks include the possibility of theft of information from the organization by external or internal elements to the organization. Hence, an evaluation of such possibilities would provide the organization with the possible means of ensuring achievement of safety in the organization from occurrences of such risks.

3. What do you think of the concept of “levels of safety”?

The levels of safety are essential in the classification of risks and the exposure of various assets of the organization to such risks. Hence, it aims at providing an understanding of the inherent risks in the various infrastructures in the organization. Such an understanding of the possibility of occurrences of risks is essential in that it provides the organization with the much-needed information, which would enable formulation of strategies for mitigation and risk reduction in the entity. Classification offers the need for provision of possible measures based on each level of risks identified. Hence, the development of risk mitigation approaches is based on the level of risks identified to necessitate undertaking respective actions as they relate to a given occurrence of risk.