html5-img
1 / 11

Essay Writing for information resource management - Tutors India

Our essay writers have experience in research methodology, specific domain experience, and educational degrees from international and top-ranked universities from India, the US, and the UK. You can have one-on-one coaching with a writer, statistician, research methodologist and editor.

tutorsindia
Download Presentation

Essay Writing for information resource management - Tutors India

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Essay on Information Resource Management This Sample Work has been completed by ‘Tutors India’ Copyright © Tutors India. All rights reserved. www.tutorsindia.com © 2016-2017 All Rights Reserved, No part of this document should be modified/used without prior consent Tutors India™ - Your trusted mentor since 2001 www.tutorindia.com I UK # +44-1143520021, Info@tutorsindia.com Page 1 of 11

  2. Executive Summary The present study attempts to analyze and helps to understand how the use/and misuse of knowledge is critical to the organization’s success and further the case study provides better insight on how to prevent and manage such problem in the organization. Neo-institutional theory was used as a basis for creating theoretical framework for the present study. The case study was based on the report provided Adapa Srinivasa from ICFAI Centre for Management Research (Reference No 908-022-1). From the report it showed that organizations are finding it difficult to understand the problem and they are resisting in changing the structure of organization. Moreover, most of the organizations are not aware about the importance of information security at all levels of the company among their employees. Organizations react only if there is any such threat that occurs to other company and that too by changing the entire policy and structure of organization, which will in turn affect the morale and security of employees. In order to prevent and manage such threats, organizations, must realize the consequences of such threats before it happens and security measures such protecting the data, secured server, password protection, disabled USB device CPU, bringing the policy that do not affect the employee morale. © 2016-2017 All Rights Reserved, No part of this document should be modified/used without prior consent Tutors India™ - Your trusted mentor since 2001 www.tutorindia.com I UK # +44-1143520021, Info@tutorsindia.com Page 2 of 11

  3. Table of Contents Executive Summary ....................................................................................................................................... 2 Introduction .................................................................................................................................................. 4 Review of Literature ...................................................................................................................................... 6 Hypothesis: ................................................................................................................................................... 6 Methodology ................................................................................................................................................. 6 Discussion and Analysis................................................................................................................................. 7 Conclusion ................................................................................................................................................... 10 Bibliography ................................................................................................................................................ 11 © 2016-2017 All Rights Reserved, No part of this document should be modified/used without prior consent Tutors India™ - Your trusted mentor since 2001 www.tutorindia.com I UK # +44-1143520021, Info@tutorsindia.com Page 3 of 11

  4. Introduction The significant advancement in technologies related to networking, which are characterized by internet growth have increased the vulnerability and the complexity of networks used by both individuals and organizations all over the globe. However, this recent advancement in science and technology brings both convenience and new challenges. The connectivity with high levels, sophisticated hacking tools availability, electronic commerce growth, advancement in technological aspects that has created opportunities for the darker side of the technology which has pose greater challenge to organizations. The challenge in terms of warning issue to organizations with reference to use modern IT devices was first brought in the year 2004 The Gartner Report (‘Will Sturgeon”, 2006). According to a report by Burton, around 35 percent of the adults would own a ‘lifestyle’ IT devices such as PDAs, iPods, smart phones and PDAs in the mid-2000s. The report, further highlighted the issues of new threats, which faced by the companies and government in the form of ‘Pod-Slurring’, which refers to stealing of confidential information with the help of technologies. The principle information technologies involved in such threats are iPods, MP3 players, PDAs, digital cameras and smart phones which can hold large quantities of data at the same time, the speed that data could be transferred would pose another important challenge. Most of the MP3 players, till the mid-2000 do not contain any wireless system but mid 2007 more sophisticated wireless devices like infra-red, Bluetooth, and Wi-Fi have been boasted. This has become easier to download the data from computers and moreover data downloading doesn’t require the physical contact. Today, files could be exchanged easily, by using Wi-Fi enabled iphones. In addition PDA also has wireless technologies like Bluetooth and data could be stolen from bluesnarfing. Apart from these technologies, data threat was also performed through emails and pen drives. The Gartner report further inspired the Usher, who developed Slurp.exe, software, which can search and copy the large corporation data, when loaded in iPod with 60GB hard drive. In addition, over 6GB files could be downloaded from a PC using the firewall connected media players in less than two minutes time. Utilizing USB ports and Bluetooth’s, connections, with no specialized software’s data could be easily downloaded through company’s network. In two minutes time, latest MP3 players connected with USB ports with a capacity of 20GB could copy huge amount of data. IBM’s ISS X-Force, report highlighted that network and web based security events have been increased to 30 percent in the past 120 days and worldwide, the total number increased from 1.8 million to 2.5 billion (“insiders pose new”, 2008). In addition, pop-security messages that contains rogue anti-virus software or scareware such as Trojans or key loggers (which records password and other sensitive data) but actually contains virus could harm the computer (JKF, 2009). © 2016-2017 All Rights Reserved, No part of this document should be modified/used without prior consent Tutors India™ - Your trusted mentor since 2001 www.tutorindia.com I UK # +44-1143520021, Info@tutorsindia.com Page 4 of 11

  5. Further advancement and rapid proliferation in IT, such gadgets like iPods and other MP3 flash memory music players would likely to increase in future and it was estimated that in the year 2009, this shipments would increase to around 124 million units (“Employee theft”, 2006). Experts felt that, in the wired environment, the security challenges posed by these devices were more difficult and serious. In the 21st century, the biggest problem faced by number of companies and government sectors was related to data security. In the next five years, the trend will be more pronounced due to globalization and increasingly networked world economy. In order to protect the data from these memory sticks, in a note on Gartner research “How to Tackle the Threat from Portable storage Devices” while Ruggero Contu pointed out for this question is that “Unauthorized portable storage devices “ which are considered as potential carrier of vehicles and malicious code for theft of data. “High data capacity and transfer rates, and broad platform support mean that [these devices have] the capacity to quickly download much valuable information, which can be easily leaded to outside world”, (John, 2004). These devices are used into companies network to install software’s which are malicious like viruses and sometimes this would spoil entire vital information and moreover, employees may not also be aware of the such viruses at the time of unintentionally installing such software’s using their portable devices. In the wired technologies, it is difficult to deal with the security challenge as said by the experts. The editor of Tim Wison says about such technologies as “When all of your users and devices are attached to the network, you can do some pretty amazing things with security policy. But when uses are picking up those devices and walk out of the door, all bets are off”. Company need to face, ‘vicarious liability’, a legal consequence due to these threats when the company’s information which are considered as sensitive are made available the public due to copying of information from their portable devices and this law moreover doesn’t care about the employee, but it certainly make the company to liable condition due to improper transmission of data to the public. For example, From an Ameriprise employee’s car in Massachusetts, USA, on December 25, 2005, a laptop was stolen which contained the valuable and confidential information of the public such as name of the customers, and social security number. This has been recovered, but for the recovery, enterprise needs to pay a US$25,000 for the regulator in order to investigate this case. In order to get creditability among stakeholders, companies kept quiet about these incidents when it happened to their company by firing the employees, though huge amount of data has been lost. Due to technology advancement in jobs, work from home policy, mobile jobs, all these prevented to the employers to put a law, on not to bring such devices to the organization and moreover the concept of ‘fun at work’ which was posed by the employer itself © 2016-2017 All Rights Reserved, No part of this document should be modified/used without prior consent Tutors India™ - Your trusted mentor since 2001 www.tutorindia.com I UK # +44-1143520021, Info@tutorsindia.com Page 5 of 11

  6. will be broken. Thus, evolution of internet and World Wide Web has further exaggerated these threats such as spyware technology, malicious software, etc. Review of Literature Soft system methodology has been used as a framework to analyze the critically ill structured situation, such as in this case to assess the role of information technologies on data threat and ways to prevent and to manage the data. It …”provides a general set of concepts and an intellectual framework for articulating the search for images of reality which are relevant to taking purposeful action within some problem situation” (Ledington 1992, p18.). Under soft system methodology, Checkland’s 7-stage model has been used to critically analyze the situation from starting to finding the problem to taking further steps to improve the situation. In order to analyze the present case study, we need to get better insight about this model. In 1 and 2 stages of Check lands, the problem will be expressed by the participants in a picture which is rich but it is unstructured. System thinking involves stage 3 and 4 and in these stages, conceptual models and root definitions are developed with relevance to the system. While earlier stages are used to develop only conceptual models and do not represent the real situations, but other coming stages are developed based on the real world, where actual action takes place. In the stage 5, in order to perceive the real world, the similarities and differences of conceptual model were assessed and in stage 6 is related to culturally feasible are recommended and finally in stage 7, functional analyses and logic based stream of inquiry of the problem identified would be undertaken. “Overall, the aim of SSM is to take seriously the subjectivity which is the crucial characteristic of human affairs and to treat this subjectivity, if not exactly scientifically, at least in a way characterized by intellectual rigor” [Checkland, Scholes 1990 p. 30]. Hypothesis: The aim of the present study is to analyze on “how the use/and misuse of knowledge is critical to the organization’s success” Methodology For the present study, the question being asked was about “how the use/and misuse of knowledge is critical to the organization’s success”, when such questions like “how” or “why” are being asked, thus researchers do not have any control over it (Yin, 2003), thus, case study research design has been considered more appropriate. The question posted in the case study was asked in natural setting, with no © 2016-2017 All Rights Reserved, No part of this document should be modified/used without prior consent Tutors India™ - Your trusted mentor since 2001 www.tutorindia.com I UK # +44-1143520021, Info@tutorsindia.com Page 6 of 11

  7. previous experience on it (BenBasat et al., 1987; Dube and Pare, 2003). For analyzing the case study, soft system methodology has provided a framework as it increased the awareness related to the all areas of investigation and thus, provide holistic approach. Thus, for the present study, interview questions were designed in semi-structured, open-ended follow questions interviewees were given enough opportunities to answer the questions. This case study will help us to understand the how misuse of knowledge will affect the organization success. If no prior information is available, case study will be performed and such exploratory case studies will provide the theoretical framework. Discussion and Analysis Step 1: The problem identification in unstructured way as expressed by the participants: In this case, As stated by Abe Usher, a US security expert, 2006 said that “This pod slurring is a growing area of concern and there’s not a lot of awareness about it And yet in 2 minutes, it’s possible to extract about 100MB of word, Excel, PDF files.. basically anything which might contain business data… and with a 60 GB ipod, you could probably have every business document in a medium size firm” and according to Rich Mogull, Vice president, Gartner group research (2007), further expressed “It is a real threat, but I consider it pretty minor in the overall scheme of things….We’re a little bit worried about it because people can put sensitive content onto these devices and move it around, but we’re more worried about accidental loss of the devices than people using them for malicious purposes”. Here a problem is the data theft from an organization from an internal employee through the use of principal technologies such as iPod, digital phones, MP3 players, mobiles, pen drives, email, PDA, and digital cameras. The problem occurs in all areas and all organization such as hospitals, labs, government data, business companies etc. Step 2: The conceptual model and the root definition was developed based on the reason for such theft, (mission of the identified problem) as indicated in the case study, the motives for data theft may occurs some unintentionally such as carrying the data to perform at home in order to increase the productivity but this sometime unintentional installing some software will affect the data security or curiosity, or monetary gain, or malicious intent. However these threats will affect the organization creditability mainly their data are profitable in several ways such as patents formula details, future expansion plans, financial details, medical records, tender details and these information would certainly yield monitory benefits to the other competitors. Overall framework is employees stole the data or erase the data either intentional or unintentional way, which will affect the entire organizational creditability and sometime bring the organization to face legal problems at the same time their profit is lost significantly as the personal data of the company are shared © 2016-2017 All Rights Reserved, No part of this document should be modified/used without prior consent Tutors India™ - Your trusted mentor since 2001 www.tutorindia.com I UK # +44-1143520021, Info@tutorsindia.com Page 7 of 11

  8. to their competitors by the employees who left the organization. In order to protect the data, several protective systems has to be developed in term of various levels, from changing the HR policy, prevention of brining such device to an office etc. Stage 5: While the earlier stage provides only the conceptual framework for the problem but this does not work in real life situation as protecting the employees not to bring the mobiles, will affect their morale and further bring the sense of insecurity. Even in today’s world, the employees are also working from home, mobile works, all these made internet a necessary problem, thus to prevent data threat, the company can bring policies on how to handle these devices , especially the devices which are permissible such as pen drives (portable plug and play) during working hours rather than restricting such devices. But certain devices like Music MP3 players’ digital cameras, PDAs and personal laptops could be prevented from brining into the organization. Even framing the policies, certain guidelines has to be bear in mind such as bringing fear of the mind of employees or feeling of entrust, ranks disgruntlement. Other measures would be encryption of data in the network, secret codes has to be provided with sensitive codes, use of digital rights management technologies, protection through intellectual property, not connecting the data through network, disabled USB ports computers, new security solution to access control of data, usage of new technology to protect the data such as end point security solutions which allows the building fool proof computer network are the measures could be taken in order to prevent the data from hacking. In the final stage, the information collected i.e the recommendation made are pulled together and provided to an organization, at various levels, such as HR managers to create policies and procedures, Information Technology department to create unique user id for each employees, restriction of USP portal and secured network with no network, should be worked out to prevent and manage such data threats. Thus, this model is useful, to evaluate and analyze the problem and also helped to identify the roles and responsibility of each staff in a practical way. In order to protect the data, several protective systems has to be developed in term of various levels, from changing the HR policy, prevention of brining such device to an office etc. Due to data theft, IT companies, big corporate are not only affected but at the same time other firms like hospitals and laboratory are also at great risk. According to the report in 2006 by Federal Bureau of Investigation (FBI)36, this showed that fourth highest economic effect on organization was the theft of intellectual property37. Information security system for business managers, act as a backburner, thus it has brought increased interest over the researchers over the last decade. In order to manage secured information, several studies have been published which provided guidelines in terms of prescriptive and normative, and also in addition provides baselines for designing methodologies, implementing and © 2016-2017 All Rights Reserved, No part of this document should be modified/used without prior consent Tutors India™ - Your trusted mentor since 2001 www.tutorindia.com I UK # +44-1143520021, Info@tutorsindia.com Page 8 of 11

  9. managing the information system securely ( Baskerville, 1998; Rees et al 2003; Straub and Welke, 1998). Several theories have been framed in order to know the reason behind how the use / misuse of knowledge are critical to the organization success. Functional paradigm which has emphasized the rules and structures while alternative theories such as radical humanist, radical structuralism and interpretive (Dhillon and Backhouse, 2001) are used based on the theoretical framework. This theory will bring the socio-organizational framework and in addition for studying the IT related issues to security in an organization, neo-institutions theories have been used widely. Moreover neo-institutional theory will help us to know the various factors that influence the organization behavior, but institutional theory gives us idea about the changes of the behavior. In this case, the problem is how the use/and misuse of knowledge is critical to the organization’s success, thus, neo-institutional theory has been used in further discussion. Traditional functionalist looks the organization with rules, structures and procedures in order to perform efficiently the task while institutional theory considers organization as social construction, which is adaptive to the situation. The neo-institutional theory was developed by the work of Meyer and Rowan (1977), where this theory emphasizes the two important components which include institutionalization process and the isomorphism process. According to the definition by Tolbert and Zucker (1983) defined institutionalization “as the process through which components of formal structure become widely accepted, as both appropriate and necessary, and serve to legitimate organizations”. Through the interviews, this case study (data provided -attachment) provided two sources of influences within the context of neo-institutional theory, the normative influences considering both internal and external sources of threat and their effect on organizations. Internal sources identified are protection of data, security access and external sources including the new technological devices such as ipods, MP3 players, digital cameras, digital phones etc. The data theft would pose many problems to the companies such as loss of patents, financial information, tender data, and sometimes revealed by the companies due to the fear about their stakeholders as they lose their creditability within their stakeholders and other competitors. Companies also face legal consequences, when the public data are being shared publicly such legal threat will spoil the image of the company. In the year 2004 (Burton, n.d), it was reported that almost 94 percent of business has been lost due to IT security breach. For example, personal data of nearly 145,000 from choice point in the year 2005 has been stolen. 24 According to the Richard Hunter, Vice president and Research Director, Gartner Executive programs states that “Enterprise are watching employees and employees are watching employers with increasing unease on both sides. In our global economy with its fluid workforce, in which longstanding relationships of trust are difficult to establish and maintain, the temptation for business is clear: monitor every employee, all the time… what top © 2016-2017 All Rights Reserved, No part of this document should be modified/used without prior consent Tutors India™ - Your trusted mentor since 2001 www.tutorindia.com I UK # +44-1143520021, Info@tutorsindia.com Page 9 of 11

  10. managers of enterprises need to find is a balance between security that can protect their business and free communication that can stimulate growth (Richard, n.d). Conclusion Thus, to conclude that there are many technologies have arrived recently in order to protect the data so did the data threat. However no major implications have been set by many organizations as the problem is not understand by them. According to the expert from the information system, budget is not constraint for most of the companies; it’s the problem that they could not understand, although many reports have been published with relevance to that. Some organizations though problem have been recognized, they have used the strategy to change the entire policy and procedures and such sudden change would affect the morale of the employees and in addition it will also create the fear of insecurity. At Southwest Power Pool, Tom Hofstetter, a security analyst said, “The most difficult and frustrating part is creating a sense in users that there really is a problem, for which they are part of the solution, And that the problem is not going go away if its ignored”. © 2016-2017 All Rights Reserved, No part of this document should be modified/used without prior consent Tutors India™ - Your trusted mentor since 2001 www.tutorindia.com I UK # +44-1143520021, Info@tutorsindia.com Page 10 of 11

  11. Bibliography Checkland, P., Scholes, J., Soft Systems Methodology in Action. John Wiley & Sons, 1990. Tolbert, P.S., Zucker, L.G., 1983. Institutional sources of change in the formal structure of organizations: the diffusion of civil service reform, 1880–1935. Admin istrative Science Quarterly 28 (1), 22–39. Meyer, J.W., Rowan, B., 1977. Institutionalized organizations: formal structure as myth and ceremony. American Journal of Sociology 83 (2), 340–363. Ledington, P., “Intervention and the management process: an action-based research study”, Systems Practice,5(1), 1992, pp. 17-35. Baskerville, R., 1988. Designing Information Systems Security. John Wiley & Sons, New York, NY. Benbasat, I., Goldstein, D.K., Mead, M., 1987. The case research strategy in studies of information systems. MIS Quarterly 11 (3), 369–386. Dube´, L., Pare´, G., 2003. Rigor in information systems positivist case research: current practices, trends, and recommendations. MIS Quarterly 27 (4), 597–635. Rees, J., Bandyopadhyay, S., Spafford, E.H., 2003. PFIRES: a policy framework for information security. Communications of the ACM 46 (7), 101–106. Straub, D.W., Welke, R.J., 1998. Coping with systems risk: security planning models for management decision making. MIS Quarterly 22 (4), 441–469. Dhillon, G., Backhouse, J., 2001. Current direction in IS security research: towards socio-organizational perspectives. Information Systems Journal 11, 127–153. Will Sturgeon, “Beware the “Pod Slurping” Employees, “www.news.com, February 15, 2006 Employee Theft –Pod Slurping, “www.centurycomputing.co.uk, November 21, 2006 John K, Waters, “ipods and Like Devices Pose Enterprise security Threat, says Gartner”, www.adtmag.com, December 12, 2004 Wilson, T (Dec 4, 2008). Insiders pose new threats in down economy, Dark Reading. Viewed online at http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212201861 JKF (December 23, 2009). FBI: Pop-Up Security Warnings Pose Threats. Viewed online at http://www.lockergnome.com/jfk/2009/12/23/fbi-pop-up-security-warnings-pose-threats/ Viewed online at http://www.fbi.gov/publications/strategicplan/stategicplantext.htm#intro Yin, R.K., 2003. Case study research: design and methods, 3rd © 2016-2017 All Rights Reserved, No part of this document should be modified/used without prior consent Tutors India™ - Your trusted mentor since 2001 www.tutorindia.com I UK # +44-1143520021, Info@tutorsindia.com Page 11 of 11

More Related