Issues Related to the Management of Information Technology Essay
The advancement of Information Technology has positively impacted the world in numerous ways. One of the most important issues affecting information technology in this digital era is the management of information technology systems in organizations. As a result, many issues have emerged forcing information systems project managers to come up with relevant solutions in the fast growing industry. This paper looks at some of these significant issues related to the management of information technology and their impact.
The management of information technology is a broad field encompassing issues such as project management, outsourcing, ROI (Return on Investment) as well as ethical issues such as cyber crime and hacking, spam, malware and vulnerabilities, standard and legal issues, basic security of hardware and software, copyright infringements and software piracy.(Computer World, 2008)
Information Technology management has a long history, since the invention of the computer. This invention has tremendously changed the lifestyles of the American society, with its presence witnessed in nearly every business and in majority of households in the United States.
In the recent past, project management has been featured in numerous research documents as a prerequisite to successfully exploit information technology. However, it is sad to note that in total; only 29 percent of IT projects are completed on time and on budget. The main reason why managing an IT project is an uphill task is because Information Technology is always changing, moving, adapting and challenging businesses. IT project management is different from traditional project management because traditional project management as it is used in construction or manufacturing, deals with solid, tangible elements. On the other hand, IT project management is complicated by shifting business needs and demanding stake holders. In this field, projects such as removing old servers, developing a custom e-commerce site, creating new desktop images and merging databases are constrained by three basic factors: time, cost and scope. IT project managers’ greatest task is therefore to ensure that these constraints (often called the Triple Constraints of Project Management) are in equilibrium, otherwise the project will incur unimaginable losses. Basically, all IT projects move through five phases in the project management cycle: initiating stage, planning, executing, monitoring, controlling and last but not least, closing. Although IT projects include the usual project-management challenges, such as deadlines, budget constraints, and too few people to devote to the project; they also face unique technology challenges, from hardware, operating system, network of databases woes, to security risks, and the changes manufacturers make to their hardware and software configurations. (CIO.com, 2008)
Interestingly, also, is that IT projects fail at the beginning, not the end, mainly due to a lack of sufficient planning. It is vital, hence, for an IT organization to consider the resources it needs to devote to a project, the skills required and the people who need to be involved, and realistically consider the time it will take to create, test and implement the project deliverables. Failure to follow these steps can result to disastrous results, such as failing to complete the project on time, on budget or with the required functionality, which are the three common factors for project success. A third factor which significantly contributes to the failure of IT projects is because they are rushed. Since majority of companies today rely on IT for competitive advantage, they speed through development efforts and systems implementations in order to be fist to market with new, IT based products, services and capabilities. This is facilitated by the general feel of organizations that to remain competitive, they must cut costs and maintain business operations but usually, that adds to the pressure on a big expensive project, such as an ERP implementation or a platform upgrade. It is hence important to ensure adequate planning, risk assessment and testing before implementing any project. Last but not least, IT projects fail because their scope is too unwieldy. The basic rule is that a project with a large scope can usually be better executed by breaking it down into a series of smaller, more manageable projects. A series of smaller projects is more appropriate because it allows for more manageable endeavors, such as first converting the existing records to digital and then a second project to use the digital database internally, and then a third project to bring the database to the web. These smaller projects can be completed sequentially and with more flexibility than a large, cumbersome and complicated project. For instance, supposing you had a project to convert all of an organizations’ historical records, forms and transactions from paper to an online digital database. Obviously, such a project can be incredibly complex and time consuming. (CIO.com, 2008)
After evaluating the basic principles of IT project management and getting to understand why IT projects fail so often, it is important to determine the purpose of project management offices, so as to have a clear overview o the role of the project manager. Apart from the basic roles such as managing the schedule, managing the finances, benefits and the risks, the project manager is also responsible for functions in the project management offices.
Many organizations do not find it necessary to create a Project Management Office (PMO), mainly because PMO’s can stifle project managers’ leadership and management styles by dictating the methodologies project managers must use and by making them follow specific (and often tedious) procedures for documenting work. However, PMO’s have been found critical to centralizing and coordinating all project management activities, including IT management activities, across a company. PMO’s have a variety of roles. Basically, they establish ground rules and expectations around how projects should be conducted for the project manager, the project team and the stake holders.PMO’s corral requests for changes to the scope of s project and provide training, tracking software, project plan templates and process forms to the project manager and the project team, a critical rule in ensuring that projects proceed smoothly and conclude successfully. Moreover, in some companies, PMO’s prioritize which projects are going to get done and when. To prevent departments from fighting over resources, PMO’s say which resources will work on which projects. A well versed and experienced manager, together with a staff of experienced personnel is needed for a well-rounded PMO. The project manager plays a vital role in the success of any project, and should therefore be effective and authoritative enough to be able to dictate the resources he or she needs to complete a project successfully. (CIO.com, 2008)
There are numerous security issues affecting Information technology management. Issues such as cyber crime and hacking, disaster recovery, intellectual property rights, malware and vulnerabilities, and privacy issues, among multiple others have been found to affect Information Technology.
Cyber crime, for instance, has a tremendous impact in the industry, with cyber crime tools getting into a business of their own. Names such as Mpack, Shark 2,Nuclear, Web Attacker and Icepack are reportedly some of the names that are selling hot in the hacking tools market place. The disturbing revelation is that cyber crime market is maturing, with the most recent interesting news revealing that the tools that get sold come with annual updates and service agreements. While a virus costs approximately $35 dollars, a whole development kit like the MPack could fetch up to $1000 for a seller, according to reports from DigitalTrends. Crimes such as online harassment, cyber stalking, financial frauds, identity thefts, and PC hacking are a big roadblock in the path towards achieving a full-aware knowledge society. Mobile devices in the hands of mobile workers are exposed to a variety of threats. For instance, hotel wired networks are often wide open to eavesdropping by cyber criminals or other guests, where all packets for a set of rooms, a floor, several floors, or even the entire hotel are prime targets for capture, analysis and data extraction. Another well-known problem is connecting to unencrypted hotel or other public wireless networks, sending sensitive information out into the ether. Improper configuration of firewalls is another common threat. This or the total lack of end-user device private information on laptops, smart phones, or PDAs. (TechRepublic.com,2008)
To prevent information or system compromise, it is important to take certain measures. For instance, to protect data leakage, it is important for one to remember to store only what one absolutely needs. Although encryption is limited to only traffic between the end-user device and a traffic encryption service provider on the Internet, the best way to prevent casual or directed packet snooping on public networks is packet or session encryption. It is also invaluable to remember to backup critical information, to protect against data loss. Online solutions such as Symantec’s backup.com can offer invaluable assistance. (TechRepublic.com, 2008)
It is also vital for information technology managers to arm themselves with an exclusive understanding of intellectual property rights and their impact on management of information technology. The rapid advancement of Information Technology has resulted to a similar mushrooming of new ideas which have led to a tremendous growth in intellectual property and cyber laws.
Numerous intellectual property and information technology issues have emerged in the recent past. Issues such as patents, copyrights, trade secrets, trade marks, industrial design, confidential information, technology licensing, source-code escrow, electronic commerce and E-business, all have a significant impact on management of information technology.Contrally to common belief, intellectual property protection is not complicated. Intellectual property protection entails basic, easy to do activities such as keeping documents and records of when you created work and any material, such as draft copies, that demonstrate that you created the work without reference to any pre-existing work, so as to be secure while defending a claim of copyright infringement. To ensure continued protection for registered trademarks, it is important to remember to renew the registration term every ten years. Other rights such as confidential information rights can be used to protect, for example, ideas, trade secrets and know-how. It is always advisable to try and limit the disclosure of confidential information as much as possible. Patents, which protect inventions of products or processes, have a significant impact in information technology as well. (White Computer Law, 2005)
Another issue with a tremendous impact on IT management is outsourcing. Outsourcing’s impact in IT management is especially due to the effect it has on especially infrastructure management.
The media has treated outsourcing with a lot of hype in the recent past. A lot of mud has been thrown at it. However, outsourcing, just like any other business relationship, is more nuanced than that. Companies engaging in outsourcing relationships frequently make mistakes. They document processes poorly, ignore training, rush to implementation or focus only on savings. Fortunately, there is a better way. It is important to understand that an outsourcer, just like the company it is doing outsourcing for, is in business to make money. Therefore, its priority is the same as the company’s. This is not a bad thing; on the contrary, it is good. A profitable outsourcer is a healthy partner, and as a customer, you want a solid company to work with. Moreover, outsourcing can work out well or badly, depending on how well it is managed. So as to have a successful outsourcing experience, it is important that, most importantly, to remember to maintain your control, applications or both to an outsourcer. Companies that make the mistake of ceding complete control of their infrastructure do this mistakenly, by assuming that the outsourcer knows more than they do and therefore should be able to serve all of their needs better, faster and cheaper. Instead, it is more appropriate to keep or hire key people in each area to maintain control and guide and govern the outsourcer. Thirdly, it is vital to take responsibility for requirements. Incomplete or misunderstood requirements can send outsourcing over budget or completely over the edge. Since the owner of the business knows the business more than the outsourcer ever will, so it s up to him or her to gather requirements from the business perspective and explain them to the outsourcer. This will help ensure that his or needs are well understood and documented, and it will help to educate the outsourcer about the business. Last but not least, it is important to review the status of both the operational infrastructure and the application development on a regular basis. It is important to remember that all an outsourcing deal needs is good management, after which good results are guaranteed. (Computer World, 2008)
In any business venture, the Return on Investment (ROI) ratio is considered to have extremely important indications on the general trend of the business, whether it is positive, which is a good indicator, or negative, implying the venture is not worth undertaking. Just like any business venture, ROI has become a big deal in IT management.
Many corporate customers are demanding ROI models to demonstrate that a particular security investment pays off. And in response, vendors are providing ROI models that demonstrate how their particular security system provides the best return on investment. Although this might seem to be a good idea, it is mostly bunk in practice. It is vital to note that ROI as used in a security context is inaccurate. Security is not an investment that provides a return, like a new factory or a financial instrument. It is an expense that pays for itself in cost savings. Security is about loss prevention, not about earnings. Hence, the term just does not make sense in the investment context. But as anyone who has lived through a company’s vicious end-of-year budget-slashing exercises knows, when you are trying to make your numbers, cutting costs is the same as increasing revenues. So while security can not produce ROI, loss prevention most certainly affects a company’s bottom line. And a company should implement only security countermeasures that affect its bottom line positively. It should not spend more on a security problem than the problem is worth. Conversely, it should not ignore problems that are costing it money when there are cheaper mitigation alternatives. A smart company needs to approach security as it would any other business decision: costs versus benefits. The classic methodology is called annualized loss expectancy (ALE), and it is straightforward. Good data is necessary to obtaining good results. Supposing, for instance, that you are doing an ALE analysis of a security camera at a convenience store, you need to know the crime rate in the store’s neighborhood and have some idea of how much cameras improve the odds of persuading criminals to rob another store instead. Moreover, you need to know how much a robbery costs: in merchandise, in time and annoyance, in lost sales due to spooked patrons, in employee morale. With all that data, you can figure out if the cost of the camera is cheaper than the loss of revenue if you close the store at night. In cyber security, however, things are not as easy, because there just isn’t enough good data. With the rapid advancement of IT, it is almost impossible to accumulate data fast enough. Hence creating ALE models would not be a wise idea. (ComputerWorld.com, 2008)
Another problem, though, arises in the math involved when it comes to rare and expensive events. Supposing, for instance, that you calculate the cost, cost such as reputation cost or the loss of customers, of having your company’s name in the newspaper after an embarrassing cyber security event to be $20 million. Also assume that the odds are 1 in 10,000 of that happening in any one year. ALE says you should spend no more than $2,000 mitigating that risk. So far, so good. But maybe your CFO thinks an incident would cost only $10 million. It would be unwise to argue, since it is just estimation. But he just cut your security budget in half. A vendor trying to sell you a product finds a Web analysis claiming that the odds of this happening are actually 1 in 1,000. Accept this new number, and suddenly a product costing 10 times as much is still a good investment.It gets worse when you deal with even more rare and expensive events. Another typical illustration would be being in charge of terrorism mitigation at a chlorine plant. What is the cost to your company, in money and reputation, of a large and very deadly explosion? $100 million? $1 billion? $10 billion? And the odds: 1 in a hundred thousand? 1 in a million? 1 in 10 million? Depending on how you answer those two questions (and any answer is really just a guess) you can justify spending anywhere from $10 to $100,000 annually to mitigate that risk. Most ROI models gotten from security vendors are not acceptable due to caveat emptor. The most important rule to remember any time anyone receives an ROI model from a vendor is to take its framework and plug in your own number. Positive results should be used only as a guideline, together with risk management and compliance analyses when deciding what security products to buy. (ComputerWorld.com, 2008)
Therefore, so as to ensure good management of Information technology, it is important for a project manager to make use of project management skills afore mentioned, and have a good understanding of outsourcing and ROI, as well as ethical and security issues.
CIO.com, (2008) Business Technology Leadership, ABC: An Introduction to IT
Project Management Retrieved 22 November, 2008 from:
Computer World, (2008) Security ROI: Fact or fiction? Retrieved 22 November, 2008
From: http://www.computerworld.com/action/article.do?command=viewArticleBasi &arty lied=9114021
TechRepublic.com (2008) IT security .Retrieved 22 November, 2008 from:
White SW Computer Law (2005) Intellectual Property, Information Technology &
Telecommunications Lawyers Retrieved 22 November, 2008 from: