chapter 15 managing information. agenda chief information officer is department and end users...

Chapter 15

Managing Information

Agenda

• Chief Information Officer

• IS Department and End Users

• Control & Security

• Contingency Management

Chief Information Officer

• Align technology with business strategy

• Implement state-of-art solutions

• Provide and improve information access

Agenda

• Chief Information Officer

• IS Department and End Users

• Control & Security

• Contingency Management

IS Department and End Users

• Let them sink or swim (do nothing or educating)

• Use the stick (policies and procedures)– Steering committee

• Use carrot ( incentives)• Offer support

– Information center– Help desk

Agenda

• Chief Information Officer

• IS Department and End Users

• Control & Security

• Contingency Management

Control and Security

• Logical control

• Physical control

• Data control

• Communication control

• Administration control

• Application control

Physical Control

• Location (traffic)

• Security (lock)

• Environmental (air)

• Fire

• Power

Logical Control

• Photo

• Fingerprints

• Voice

• Eye

• Signature

• Password

Data Control

• Minimal privilege

• Minimal exposure

Communication Control

• Firewall

• Decryption

• Encryption

• Private & public key

Administrative Control

• Policy

• Procedure

• Hardware

• Software

• Employee

• Data

Application Control

• Input control

• Processing control

• Output control

Agenda

• Chief Information Officer

• IS Department and End Users

• Control & Security

• Contingency Management

Contingency Mgmt

• NOT disaster recovery– Reactive, not proactive

• Worst case scenario– All our eggs in one basket– Natural disaster– Human error / sabotage

Contingency Mgmt. Methods

• Disaster Recovery firm– Outsource strategic function?

• Off-line storage

• Data redundancy– Replicated databases– Fragmented databases

Contingency Methods

• Back-up power generators

• “What if” scenarios– Military war games

• Scaled-down manual system

• Back-up / recovery procedures

Contingency Methods

• Parallel systems

• Processing backup facility– Cold, warm, hot site

Cardinal Health• Redundant systems for critical order

processing

• Redundant WAN trunks

• System data backed up daily– Backup media kept off-site

• Backup replica site– Different part of country– Switched on within 30 minutes

Points to Remember

• Chief Information Officer

• IS Department and End Users

• Control & Security

• Contingency Management

Discussion Questions

• What types of control do you have implemented in your organization?

• Tell us a Contingency Management war story– What happened?– How did the firm recover?– How could the situation have been

• Averted?• Mitigated?

Assignment

• Review chapters 8-14

• Exam 2

• Group assignment

• Research paper & presentation