Thursday, May 17, 2012

Management of Information Systems Research Paper

Management of Information Systems Research Paper

Information security is a headache for many organizations. Rapid development and deep penetration of information technologies in our everyday life makes people and organizations dependant from computers, wired and wireless networks, office and network equipment etc. We never know where, when and how another bug in IT system or hackers’ attack will affect us. It can happen that hackers steal thousands bank account details from unsafe online-shop or another failure in IT system causes full stop in railway/air transport. Organizations of any size may have sensible information which must not fall into the hands of criminals. Therefore, firms have huge expenditures of time, human resources and finance for keeping IT security risks at acceptable level. But they know that there are no “uncrackable” systems.

IT security is a complex system, which may include, but is not limited with the following:

logical and physical infrastructure of IT systems;
software/hardware for detecting, preventing and monitoring intrusions or network traffic;
anti-spyware, anti-spam and antivirus software;
encryption and access control to sensitive information;
system of internal controls (both automated and manual), etc.

We can write a custom research paper on Management of Information Systems for you!

This list is crowned by expensive periodic audit of information systems security, aimed at the assessment of adequacy.

Obviously, not every organization can find or afford a team of well-qualified, experienced team of internal experts in IT security. Demand causes supply. There are many organizations ready to offer services related to outsourcing of IT security of the whole enterprise or its specific areas, or to provide consultancy services. So firms may decide which option is better for them – either to manage IT security using internal resources or to outsource this function. Our goal is to discus the key pros and cons of outsourcing corporate IT security.

Pros of IT security outsourcing
Access to qualified human resources. By outsourcing IT security function, companies are often serviced by highly professional and qualified staff, employed by service providers. These people keep their knowledge up to date and are aware about best practices applied in the industry and most recent security bugs/problems and solutions.

Access to large knowledge/information base and state-of-the-art technology. Companies which specialize on IT security issues have their own knowledge bases which are permanently updated from different resources such as researches, experiments, experience of staff etc. It is very unlikely, that knowledge base of an ordinary company can be compared to the one owned by specialized company. By outsourcing IT security, companies get access to invaluable information assets and technologies. All researches and studies of endless manuals, standards, best practices, frameworks etc are done by service provider.

Ability to choose/switch between different service providers. If company is not satisfied with the quality of its IT security service provider it can switch to a different one. It is much more difficult to change a whole team of internal IT security experts in case they fail to perform their tasks.

Responsibility/risks are shared or transferred to service provider. By outsourcing IT security companies transfer certain risks and responsibilities to service provider and free resources which can be used to focus on core activities of the organization. While service provider has responsibility to monitor and manage security issues.

Standardization and systems approach. As the one may assume, firms do not practice systems approach to security and may overlook some things or do not pay attention to some issues. IT security experts can give valuable piece of advice in respect to comprehensive IT security approach so nothing will be missed. They also may advice on how to standardize certain operations and hardware in order to minimize overheads of security management and risks. Security consultants may also build/optimize computer systems and make them compliant to industry standards (e.g. SOX).

Savings. Probably, outsourcing IT security will give a noticeable expenditures decrease in the long run. The savings may arise from the following: - savings on numerous trainings for in-house IT staff; - potential savings on IT infrastructure (if infrastructure is planned in advance with assistance of security consultants); - savings of internal time/finance resources for modeling/building/managing IT security system; - savings on finding, hiring and retaining qualified staff (including salaries and overtime costs, taxes and taxable benefits) etc.

Companies do not disclose information about security breaches, especially, when their IT security function is outsourced. As example of significant accidents we may site hacker’s attack on Wal-Mart i, which managed IT security in-house. As result sensitive information about thousands of credit cards was stolen.

Cons of outsourcing IT security
Loss of control and difficulties (or inability) to switch to different service provider or internal resources. Firms may find them completely dependent from service providers by transferring more and more functions to them. In such case it will be extremely difficult and costly to switch to a different service provider or switch to the use of internal resources in case of low quality services or any other problems. Moreover, total dependency causes other risks, which are difficult to be managed/mitigated (e.g. if organization can not pay for outsourcing it may get in trouble). It should be noticed, that service providers are interested in such dependency.

High initial costs. In short terms, outsourcing security functions is very costly. It takes a lot of funds for analysis and audit of existing security model and business processes of a firm; it takes resources to develop and implement a new model and build respective infrastructure; it takes fund to train internal staff to work in new conditions … next, changes are unwelcome by personnel in most cases.

Quality problems. It may happen that external service provider makes a mistake and it causes high business losses, and it is too late to make improvements when security model is implemented and infrastructure is built around.

Standardization/compatibility. Standardized software and hardware recommended by consultants can be incompatible with existing software/hardware and may lack of customization and flexibility. In particular, small companies can benefit from developing and implementing their own security model which will be flexible enough and easier to be managed.

Responsibility for accidents and legal issues. In case of significant failures in security system it is likely that service provider will try to void any responsibility.

In most cases, serious security issues are not exposed to public and it is difficult to provide a good detailed example of unsuccessful IT security outsourcing. However, some examples are available to the public. For instance, CardSystems data breach caseii reported in 2005. In this case, CardSystems did not disclose the info about IT security service provider, but is known that security system used by CardSystems was certified by external consulting firm, Savvis. Savvis certified that audited security system was compliant with Visa and MasterCard's card transaction security standardsiii, when indeed this was questionable. In any case, we should know that even external consultants can miss something and their security solutions can not guarantee 100% safety.

Summary & recommendations
In order to make a well thought-out decision in respect to IT security outsourcing it is necessary to consider a lot of factors. Key factors in favor of outsourcing may include the following:

Access to qualified human resources
Access to large knowledge/information base and state-of-the-art technology
Ability to choose/switch between different service providers
Responsibility/risks are shared or transferred to service provider
Standardization and systems approach
Key cons of IT outsourcing are concerned with
Loss of control and difficulties (or inability) to switch to different service provider or internal resources
High initial costs
Quality problems
Responsibility for accidents and legal issues

The question of savings is not straight-forward and outsourcing is not always cheaper. However, in many cases it’s advantageous in long-term, but this is not rule. The costs of managing IT security by internal/external resources should be compared case by case.

As it happens, the optimal decision can be found in the “golden middle”. It is possible to manage security in-house but use external consulting services for periodic audits and developing strategic approach to IT security.
  • CAUTION! Free research paper samples & examples of research papers on Management of Information Systems are 100% plagiarized!!!
At - professional research writing service - you can buy custom research papers on Management of Information Systems topics, 100% written from scratch. employs top-rated Ph.D. and Master's experts only to write superior-quality custom essays, term papers, research papers, thesis & dissertations at affordable rates. knows HOW effectively to help high school, college & university students with writing the highest grade custom papers online.
Custom Research Paper on Management of Information Systems
Enjoy our Professional Research Paper Writing Service!

1 comment:

  1. I'm using Kaspersky security for a couple of years now, and I would recommend this Anti-virus to all of you.