IT Management

Security Risk Mitigation Plan Please use Garmin as the spoken about company and use the template provided Assignment Content A Risk Management Analyst identifies and analyzes potential issues that could negatively impact a business in order to help the business avoid or mitigate those risks. Take on the role of Risk Management Analyst for the organization you chose in Week 1. Using the Security Risk Mitigation Plan Template, create a 4- to 5.5-page Security Risk Mitigation Plan for the organization you chose. Research and include the following:  Security Risk Mitigation Plan: Select and document security policies and controls. Create password policies. Document administrator roles and responsibilities. Document user roles and responsibilities. Determine an authentication strategy. Determine an intrusion detection and monitoring strategy. Determine virus detection strategies and protection. Create auditing policies and procedures. Develop education plan for employees on security protocols and appropriate use. Provide risk response. Avoidance Transference Mitigation Acceptance Address change Management/Version Control. Outline acceptable use of organizational assets and data. Present employee policies (separation of duties/training). Explain incident response. Incident types/category definitions Roles and responsibilities Reporting requirements/escalation Cyber-incident response teams Discuss the incident response process. Preparation Identification Containment Eradication Recovery Lessons learned  Note: The page assignment length requirement applies to the content of the assignment. Start the assignment with an APA formatted title page and add a reference section with at least two professional references. Use the references in the text of the assignment.

Discuss what operating system(s) you use for personal or professional activities. Based on your experience, describe some of the basic characteristics of the operating system (OS). As an IT professional: Would you recommend this OS for professional or personal use? Why or why not? Based on what you have learned in Module 3, which operating system would you prefer if you were forced to choose another operating system than the one you currently use? Explain your answer.

They say, “The early bird gets the worm, but the second mouse gets the cheese.” This quote seems rather fitting in the context of weighing the balance between being on the cutting edge of technology vs. waiting for tried-and-true technologies. This assignment will push you to consider whether information technology (IT) can ensure a sustainable competitive advantage for a business if applied appropriately.  For this assignment, you will write a summary report analyzing the main arguments of the article “IT Doesn’t Matter,” which explores some of the challenges of investing in IT. To complete this assignment, address the following critical elements in a written summary report: Summarize the article overall in the form of an abstract statement Describe the speaker’s main points (two to three paragraphs minimum) Explain whether you agree or disagree with any of the points made and why (two paragraphs minimum) Analyze the social or ethical issues involved from your vantage point Finally, list 10 nuggets of information you found interesting or did not know Submission Guidelines: Your summary report submission should be at least two to three pages in length, plus a title page. Resources outside of the assigned article are not required.

Please number question (chapter to answer question is uploaded) 1.  Imagine you have been tasked to select a scoring system to rank each project in consideration in IT portfolio management. Review each ranking option and then select the one you believe is the most efficient for ranking each proposed project. Provide a rationale for your selection. Identify other considerations that would be of value in ranking a project, and explain why you believe they are valuable.   2. Agee or Disagree and why A. This topic is probably the most debated about advantages and disadvantages. There are a few reasons I think it’s logical is because it reduces, and control cost of operations and it can strengthen international relation. When a company reduces and control cost operation it increases their company profits. One of the ways is saving money on by not having to train employees. When countries trade with other countries it builds a strong international relationship. This can lead to those governments’ relationships strengthen.   Companies are starting to onshore back to the stated. The three reason for a company to pursue onshoring are (1) International politics, (2) shipping cost and (3) supply chain management. A good example is when the president got into office, he offered incentives to companies if they would bring back manufacturing businesses. The other part is that if they continued to offshore taxes would increase. This is a good reason to bring it back to the states, just look at the US and China war over tech.(john)   B. I believe from the reading that PLANVIEW is the best ranking option for CIOS when considering projects. PLANVIEW stores projects based off of the customers, information, estimated time line, costs, and more. My reasoning for this is the best way to ensure the project still stays organized and on track for project managers  Other considerations would be to reevaluate the portfolio periodically, my logical for this is a update project that is review periodically will always stay at the top of the priority list to ensure all sections are completed. Reviewing systems, and other reports even on a weekly basis can help CIOs, and other executives find bottlenecks and situate them before they become an issue

Case Study 3?1 Uber’s Use of Technology?Mediated Control   Uber Technologies, founded in 2009, is a ride?hailing company that leverages the cars and time of millions of drivers who are independent contractors in countries around the globe. One recent estimate by Uber Group Manager, Yuhki Yamashita, is that Uber drivers globally spend 8.5 million hours on the road—daily. As independent contractors, Uber tells its drivers “you can be your own boss” and set your own hours. Yet, Uber wants to control how they behave. Uber exerts this control not through human managers, but through a “ride?hail platform on a system of algorithms that serves as a virtual ‘automated manager.’” Drivers’ work experiences are entirely mediated through a mobile app. Uber’s mobile app collects data and guides the behavior of the drivers in such a way that in reality they aren’t as much their own boss as they might like to be. For example, while they can work when they want, Uber’s surge fare structure of charging riders more during high?volume periods motivates them to work during times that they might not otherwise choose. The app even sends algorithmically derived push notifications like: “Are you sure you want to go offline? Demand is very high in your area. Make more money, don’t stop now!” Hence, Uber uses technology to exert “soft control” over its drivers. Uber employs a host of social scientists and data scientists to devise ways to encourage the drivers to work longer and harder, even when it isn’t financially beneficial for them to do so. Using its mobile app, it has experimented with video game techniques, graphics and badges and other noncash rewards of little monetary value. The mobile app employs psychologically influenced interventions to encourage various driver behaviors. For example, the mobile app will alert drivers that they are close to achieving an algorithmically generated income target when they try to log off. Like Netflix does when it automatically loads the next program in order to encourage binge?watching, Uber sends drivers their next fare opportunity before their current ride is over. New drivers are enticed with signing bonuses when they meet initial ride targets (e.g., completing 25 rides). To motivate drivers to complete enough rides to earn bonuses, the app periodically sends them words of encouragement (“You’re almost halfway there, congratulations!”). The mobile app also monitors their rides to ensure that they accept a minimum percentage of ride requests, complete a minimum number of trips, and are available for a minimum period of time in order to qualify to earn profitable hourly rates during specified periods. Uber has a blind acceptance rate policy, where drivers do not get information about the destination and pay rate for calls until after they accept them. This can mean that drivers might end up accepting rates that are unprofitable for them. On the other hand, drivers risk being “deactivated” (i.e., be suspended or removed permanently from the system) should they cancel unprofitable fares. The system keeps track of the routes taken to ensure that the driver selected the most efficient route. The mobile app also captures passenger ratings of the driver on a scale of one to five stars. Since the drivers don’t have human managers per se, the passenger satisfaction ratings serve as their most significant performance metric, along with various “excellent?service” and “great?conversation” badges. But how satisfied are the drivers themselves? Uber’s driver turnover rate is high—reportedly closing in on 50% within the first year that the drivers sign up. One senior Uber official said: “We’ve underinvested in the driver experience. We are now re?examining everything we do in order to rebuild that love.”  Answer these questions: What is the relationship between the information strategy and organization strategy? (refer to Information Systems Strategy Triangle, page 19). In the given case: What do you think are the (1) points of alignment between the IS strategy and the organization strategy;    (2) points of misalignment between the IS strategy and the organization strategy? Indicate clearly the different elements of IS strategy and organization strategy in the case which are aligned and not aligned.   This chapter introduces a simple framework for describing the alignment necessary with business systems and for understanding the impact of IS on organizations. This framework is called the Information Systems Strategy Triangle because it relates business strategy with IS strategy and organizational strategy. This chapter also presents key frameworks from organization theory that describe the context in which IS operates as well as the business imperatives that IS support. The Information Systems Strategy Triangle presented in Figure 1.1 suggests three key points about strategy.   Successful firms have an overriding business strategy that drives both organizational strategy and IS strategy. The decisions made regarding the structure, hiring practices, vendor policies, and other components of the organizational design, as well as decisions regarding applications, hardware, and other IS components, are all driven by the firm’s business objectives, strategies, and tactics. Successful firms carefully balance these three strategies—they purposely design their organizational and IS strategies to complement their business strategy. IS strategy can itself affect and is affected by changes in a firm’s business and organizational design. To perpetuate the balance needed for successful operation, changes in the IS strategy must be accompanied by changes in the organizational strategy and must accommodate the overall business strategy. If a firm designs its business strategy to use IS to gain strategic advantage, the leadership position in IS can be sustained only by constant innovation. The business, IS, and organizational strategies must constantly be adjusted. IS strategy always involves consequences—intended or not—within business and organizational strategies. Avoiding harmful unintended consequences means remembering to consider business and organizational strategies when designing IS implementation. For example, deploying tablets to employees without an accompanying set of changes to job expectations, process design, compensation plans, and business tactics will fail to achieve expected productivity improvements. Success can be achieved only by specifically designing all three components of the strategy triangle so they properly complement each other.         FIGURE 1.1 The Information Systems Strategy Triangle.     Before the changes at Kaiser Permanente, incentives for doctors were misaligned with the goals of better health care. Its IS Strategy Triangle was out of alignment at that time. Its organizational strategy (e.g., a “fix?me” system) was not supported by the IS strategy (e.g., tracking and reporting billable procedures). Neither the organizational strategy nor the IS strategy adequately supported their purported business strategy (helping patients at lower cost). For Kaiser Permanente, success could be achieved only by specifically designing all three components of the strategy triangle to work together. Of course, once a firm is out of alignment, it does not mean that it has to stay that way. To correct the misalignment described earlier, Kaiser Permanente used online services to enable quick communications between patients, physicians, and care providers. Further, it changed its bonus structure to focus on health rather than billing amounts. The new systems realign people, process, and technology to provide better service, save time, and save money. What does alignment mean? The book Winning the 3?Legged Race defines alignment as the situation in which a company’s current and emerging business strategy is enabled and supported, yet unconstrained, by technology. The authors suggest that although alignment is good, there are higher goals, namely, synchronization and convergence, toward which companies should strive. With synchronization, technology not only enables current business strategy but also anticipates and shapes future business strategy. Convergence goes one step further by exhibiting a state in which business strategy and technology strategy are intertwined and the leadership team members operate almost interchangeably. Although we appreciate the distinction and agree that firms should strive for synchronization and convergence, alignment in this text means any of these states, and it pertains to the balance between organizational strategy, IS strategy, and business strategy.9 A word of explanation is needed here. Studying IS alone does not provide general managers with the appropriate perspective. This chapter and subsequent chapters address questions of IS strategy squarely within the context of business strategy. Although this is not a textbook of business strategy, a foundation for IS discussions is built on some basic business strategy frameworks and organizational theories presented in this and the next chapter. To be effective, managers need a solid sense of how IS are used and managed within the organization. Studying details of technologies is also outside the scope of this text. Details of the technologies are relevant, of course, and it is important that any organization maintain a sufficient knowledge base to plan for and adequately align with business priorities. However, because technologies change so rapidly, keeping a textbook current is impossible. Instead, this text takes the perspective that understanding what questions to ask and having a framework for interpreting the answers are skills more fundamental to the general manager than understanding any particular technology. That understanding must be constantly refreshed using the most current articles and information from experts. This text provides readers with an appreciation of the need to ask questions, a framework from which to derive the questions to ask, and a foundation sufficient to understand the answers received. The remaining chapters build on the foundation provided in the Information Systems Strategy Triangle.     Brief Overview of Business Strategy Frameworks A strategy is a coordinated set of actions to fulfill objectives, purposes, and goals. The essence of a strategy is setting limits on what the business will seek to accomplish. Strategy starts with a mission. A mission is a clear and compelling statement that unifies an organization’s effort and describes what the firm is all about (i.e., its purpose). Mark Zuckerberg’s reflection on the mission of Facebook provides an interesting example. Originally conceived as a product rather than a service, the CEO of Facebook commented: “after we started hiring more people and building out the team, I began to get an appreciation that a company is a great way to get a lot of people involved in a mission you’re trying to push forward. Our mission is getting people to connect.”10 In a few words, the mission statement sums up what is unique about the firm. The information in Figure 1.2 indicates that even though Zappos, Amazon, and L.L. Bean are all in the retail industry, they view their missions quite differently. For example, Zappos’ focus is on customer service, Amazon is about customer sets, and L.L. Bean is about the outdoors. It’s interesting to note that although Amazon purchased Zappos in 2009, the acquisition agreement specified that Zappos would continue to run independently of its new parent. Today, Zappos continues to remain both culturally and physically separate from Amazon. Zappos is located near Las Vegas, Nevada, and Amazon is in Seattle, Washington. A business strategy is a plan articulating where a business seeks to go and how it expects to get there. It is the means by which a business communicates its goals. Management constructs this plan in response to market forces, customer demands, and organizational capabilities. Market forces create the competitive context for the business. Some markets, such as those faced by package delivery firms, laptop computer manufacturers, and credit card issuers, face many competitors and a high level of competition, such that product differentiation becomes increasingly difficult. Other markets, such as those for airlines and  (Pearlson, 10/2019, pp. 18-21)   Pearlson, K. E., Saunders, C. S.  (2019). Managing and Using Information Systems: A Strategic Approach,  7th Edition. [[VitalSource Bookshelf version]].  Retrieved from vbk://9781119561156

Cloud computing provides several services such as Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS). Answer the following questions.1. Discuss how “Dropbox” application can represent an example of SaaS. (30 points)2. Explain how “Google App Engine” application can represent an example of PaaS. (30 points)3. Explain how “Microsoft Azure” services can represent an example of IaaS. (40 points)

Q1. Securing information systems is a common and ongoing process. However, business priorities often compete against limited resources, which can result in a data breach. At what point does the decision to not implement best practices based on business priorities become an ethical question? Examine this ethical decision from the Christian worldview perspective. (~200 words)   Q2. There are many concepts, methods, and technologies such as firewalls (pfSense, snort, etc), NIST frameworks in the cybersecurity space. How does these tools and technologies used to secure an organization’s intellectual property, or how these tools are selected and implemented? Explain your reasoning. (~200 words)

Your CISO has asked you to lead a Brown Bag lunch discussion about the costs and benefits of investments in security technologies. The reading assignment for this discussion is: Introduction to Return on Security Investment: Helping CERTs assessing the cost of (lack of) security.  You have been asked to prepare a short discussion paper to be used to spark discussion amongst the attendees. Your paper must address the following: What is the ROSI calculation? How is it used to evaluate cybersecurity technologies? What are the limitations of this metric? How can this metric be used to evaluate one or more of the technologies selected for study? (refer back to Week 6) Post your three to five paragraph short paper as a response to this discussion topic. Include APA format citations and references as appropriate to the information used and the sources from which you obtained that information.

Prepare a 5- to 7-paragraph briefing statement that explains why wealthy nations and developing nations should work together to improve cybersecurity for the globally connected networks referred to as “the Internet.” Your statement should address the following. The 3 most important reasons why developing nations should have their own cybersecurity workforce. The 3 largest risks to wealthy nations if they do not help smaller nations train & educate a cybersecurity workforce. The role(s) that organizations such as the European Union’s Network Security Agency (ENISA) and the Commonwealth of Nation’s Chief Technology Officer (Commonwealth CTO) play in helping their member nations develop effective cybersecurity strategies. The role(s) that non-governmental organizations can play in helping develop global capacity for cybersecurity incident response. Your audience is a group of diplomats (technical and non-technical backgrounds) who are participating in a conference on reducing global economic risks associated cybercrime and cyberwarfare. Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.

You will be submitting a one- to two-page executive summary to the owner of Don & Associates. It should briefly explain the major cloud service providers, cloud computing service models, and the potential benefits and risks of migrating Don & Associates’ technical infrastructure to the cloud. Use this executive summary template. In the template, you will see specific instructions in the document. Delete the instruction text before you submit your project. Your summary should include:  the types of cloud computing (private, public, hybrid) three major cloud service providers three cloud computing service models  potential benefits and risks of migrating the company’s technical infrastructure to the cloud Be sure to cite any sources you use.  How Will My Work Be Evaluated? For this assignment, you are asked to provide your supervisor with a summary of cloud computing and the potential benefits and risks of migrating to the cloud. By summarizing your findings in a brief executive summary, you are showing how you use your technical knowledge to convey your ideas to others in a professional setting. Your ability to express your findings using the right mix of technical detail in a business context is an important workplace skill. The following evaluation criteria aligned to the competencies will be used to grade your assignment: 1.1.1: Articulate the main idea and purpose of a communication. 1.1.2: Support the main idea and purpose of a communication. 1.1.3: Present ideas in a clear, logical order appropriate to the task. 1.2.1: Identify the target audience, the context, and the goal of the communication. 1.2.2: Employ a format, style, and tone appropriate to the audience, context, and goal. 1.3.1: Identify potential sources of information that can be used to develop and support ideas. 1.4.1: Produce grammatically correct material in standard academic English that supports the communication. 1.4.2: Use vocabulary appropriate for the discipline, genre, and intended audience. 10.1.1: Identify the problem to be solved. 10.1.2: Gather project requirements to meet stakeholder needs.