You are expected to define a scenario to be used in this (as well as others) assessment. The scenario should relate to an IT operation in an organization (that could be IT or non-IT related) for which you are the manager. Do not forget to clearly describe your scenario in the report.
Alternatively, you can set your scenario as the one described below:
You are the manager of an IT Management consultancy company. All the consulting services are provided online. There is a web portal where customers can contract for (and pay online) the services they want. You can also outsource some services to your partners (freelancers). New services are being introduced periodically as well as improvements are made for the current ones.
Using your reflective journal, peer reviewed literature and other sources, write a report addressing the following “user story”:
As an IT manager, I will establish pertinent frameworks-based policies for managing the IT function in the organization of my scenario, so I can clearly demonstrate the rationale for establishing them.
Purpose of investigation and significance
The use of information technology IT has become an essential aspect of modern organizations. For an organization to provide reliable and secure strategies for access to its information technology systems, it must establish a clear frameworks-based policy for managing its operations (Oleszek, 2013). For the scenario in this particular essay, a Control, Objectives for Information and Related Technology (COBIT) will be the most appropriate for IT governance. This document shall first of all explore COBIT before it formulate the pertinent policy for managing IT functions in organization.
COBIT involves a framework for formulating, developing, implementing as well as monitoring and improving the governance and management of information technology IT (De Haes, Van Grembergen, & Debreceny, 2013). Appropriate COBIT framework-based policies and procedures for management of IT functions are of great significance in every organization that utilizes IT in managing its operations as COBIT is currently used by nearly all IT department managers to equip them with a promising model that provides value to the business. As a consequence, I will establish the appropriate COBIT framework-based policies for managing the IT functions in light of the following scenario.
I am an IT manager at King and Queen Hotel Suites located in New Zealand, which is one of the top rated five hotels in the country. I must maintain records of customer entries and their departure and the attendance records of staffs and their pay scale database, resources, tax returns, and documents. I also plan, organize and maintain all duties pertaining to camera records and staff duty schedules on a daily basis.
At the King and Queen Hotel, we need a formal IT governance that will aid in King and Queen Hotel activities, especially in user control access area. Implementing a strategic approach in governing information system in the King and Queen Hotel will complement the current information management system if the organization is to achieve its objectives. One critical issue missing in the current information system governance within the IT department is the accessibility to a comprehensive set of pertinent COBIT frame-work based policies for managing IT functions within the IT department of the organization (Al Omari, Barnes, & Pitman, 2012; Zhang, & Le, 2013). As such, the organization needs a well-defined procedure that will govern its IT staffs in their operations.
This section presents a survey of articles regarding pertinent COBIT framework-based policies for managing functionalities of an IT department in organization, these works provide a prior knowledge required to start the policy development process.
COBIT Framework for IT Governance
Information system has frequently been upgrading its software and hardware over the years to keep the pace of the technology trends. A study by Laudon, K.C. and Laudon, J.P. (2016) suggest that the technological environment of the information system in organizations has become not only sophisticated but also diversified. The information system may consist of many servers, operating system for the servers, operating system for computers, hardware platform for PCs, office automation software, software update services, and system management servers among others (Laudon, K.C., and Laudon, J.P., 2016). Considering the vast amount of system to manage, it is worth noting that a proper IT management policies are essential for the system maintenance including software updates.
The IT system security begins and ends with the individuals within an organization as well as the people interacting with the system intentionally or by coincidence (Ifinedo, 2012). The author further cite that the weakest link in the security chain could be the end users who try to access the information that is protected by security professionals. Security administrators can significantly reduce these risks level that is caused by end users and provide more security profiles that are more acceptable and supportable to the users (Ren, Wang, C., & Wang, Q., 2012; Peltier, 2013). By implementing these measures, alongside relevant policies and training, the performance of end-user can significantly improve thus ensuring security within the information system.
During the policy development, the needs of the Kings and Queens Organization will determined, on basis of this, a draft will be made after which the final policy will be available for the organization after approval.
At the King and Queen Hotel, the policy framework is formulated to govern the following major information technology general system areas:
- Data management
- IT system security
After designing the basic policy framework, a list of draft of the policy framework was formulated with the help of question: What is our responsibility as IT staffs in King and Queen’s hotel? This question will provided the base upon which the policies of the organization will lie to ensure the compliance of the control objects (Alfaraj, & Qin, 2011; Petruch, Stantchev, & Tamm, 2011). The procedures within the policy were further developed with aid of the following question: How are we supposed to carry out our responsibilities in the organization? This question will be handy when it comes to development of various procedures within the organization to ensure that pertinent functions are linked to the organization’s original control objective (Chaudhuri, 2011).
Formulating IT Management Policies
The policy will be reviewed to ensure that it is conforming to COBIT framework and the organization’s needs. Afterwards, a subsequent refinement of the policy will be made in accordance with IT and in cooperation with COBIT control objectives. The IT management policy will be available for the King and Queen Hotel after passing through various iterations including IT management and internal audits.
As identified earlier, the user access area was determined as the crucial element in the top-node of the Kings and Queens Organization policy framework. Since COBIT framework will be used for this policy, user access management shall be used as a supplement to access control. The control objective of User Account Management makes reference to the existing cycle of client accounts regarding contracts, changes, and terminations (Ifinedo, 2012; Peltier, 2013). Making use of the Kings and Queen organization’s current existing access control policy as well as COBIT control objectives. Afterwards, a general which will be a resulting first draft of the user access control policy will be formulated as follows according to Bernroider, & Ivanov, (2011).
Information has always become an asset in every organization which utilize IT in its daily operations, including the Kings and Queens Hotel. Since information is vulnerable to attack, there is need for the organization to develop a policy framework to protect the sensitive information of the organization and make it appear at the competitive edge in the market. As such the following policy will be adopted by the Kings and Queens Organization:
- All parties shall adhere to the policies including but not limited to the organization’s policies defined in the following subsections to ensure security of the system.
Normally, the main target in every attack incidents is an organization’s information system; this is where all sensitive information of the King and Queen Hotel are stored, it therefore needs maximum protection. Following this rationale, the following policy will apply:
- The Kings and Queens organization IT staffs shall manage security of the system at the highest organizational level such that the management of security actions is coherent with the business goals of the organization.
Understanding what a security incident entails is a essential to be well conversant with the It security policy, therefore, the meaning of security incident needs to be made clear to the IT staffs in King and Queen Organization by classifying the potential security threats; without understanding security incidents, one may not be able to decide how it should be handled and what controls should get executed. To mitigate such situations the following policy will be used:
- The IT staff shall clearly define security incident and be well conversant with potential security threats so that they can be classified easily and treated by incident and problem management process on the off chance that they occur.
A strategic planning regarding information security is a worthwhile strategy that should be considered by every department in the King and Queen hotel; a well-defined plan can help the organization to mitigate, accept or avoid the information risk which is related to not only its users but also the organization’s employees. Following this rationale, the following policies will be adopted by the Kings and Queens Hotel IT staff:
- The King and Queen Organization IT professional shall translate the business, risk as well as the compliance necessities to put into place the overall information system security plan taking into account the security culture and infrastructure of the organization.
- The King and Queen Hotel IT team shall ensure that the plan is adopted in the security policy as well as procedures along with pertinent investment in services, hardware, and software and pass the system security policies and procedures to the organization’s stakeholders as well as customers.
User Access and Security Policies
The organization’s user accounts system are to be used for the business activities of the corporation and not for personal activities. As such, there is need to monitor the activities of user accounts and therefore the following policy will apply:
- The King and Queen IT professionals shall address issues related to but not limited to establishment, requesting, modifying, issuing, and closing user accounts as well as user related privileges with a predefined procedures for managing user accounts.
In many occasions, data will be transferred between internal departments and third party service providers at Kings and Queens Organization amid business activities. Considering that the data transfer always get accompanied by data breach, the following policy will mitigate the risks that may be experienced during data transfer:
- The IT department shall ensure exchange of sensitive information only over a trusted media in order to offer the authenticity of the data, non-repudiation of the source, proof of receipt, and proof of submission.
The related procedures of the policy will then be developed by asking the question like: how should we do it? Specific measures regarding the notification of separation, recording of separation and implementation of separation will be formulated and get refined in order to complete the final copy of the policy (Loorbach, 2010; Routray, Sharma, Uttamchandani, & Verma, 2012). The development of the refined draft of the user control access policy will require the use of COBIT framework after which the policy will be ready to be executed by the organization.
The primary objective of this study was to establish an appropriate framework-based policies for managing the information technology in King and Queen Hotel, in New Zealand. Fifty questionnaires were distributed to IT staffs in the organization. The response rate was 95%. This section will present the findings of the study.
Of the six control areas that were listed in the questionnaire, two major areas were identified to be having a response rate of 96%. The fields are stated as follows: IT system security 97%, and IT data management 95%. Similarly, Hu, Dinev, Hart, and Cooke (2012) expound that a system governed by a well outlined framework-based policies guarantees the confidentiality of data as well as protection of all IT resources within an organization, this improves the functionality of the organization.
It can be concluded from this study that the employees of the King and Queen Hotel have realized the importance of having a clear policies governing the organization’s IT department. Since appropriate procedures governs all operations regarding IT management team, therefore, it can be inferred that the IT staff of the King and Queen Hotel contend that COBIT framework-based policies are the most effective means by which the organization’s operations can be managed. As a result, I, as the manager of the organization’s IT department can explicitly demonstrate the rationale for establishment of the pertinent policies that are appropriate for the organization in collaboration with other IT staffs and the organization’s manager.
Al Omari, L., Barnes, P. H., & Pitman, G. (2012, December). Optimising COBIT 5 for IT governance: examples from the public sector. In Proceedings of the ATISR 2012: 2nd International Conference on Applied and Theoretical Information Systems Research (2nd. ATISR2012). Academy of Taiwan Information Systems Research.
Alfaraj, H. M., & Qin, S. (2011). Operationalising CMMI: integrating CMMI and CoBIT perspective. Journal of Engineering, Design and Technology, 9(3), 323-335.
Bernroider, E. W., & Ivanov, M. (2011). IT project management control and the Control Objectives for IT and related Technology (CobiT) framework. International Journal of Project Management, 29(3), 325-336.
Chaudhuri, A. (2011). Enabling effective IT governance: Leveraging ISO/IEC 38500: 2008 and COBIT to achieve business–IT alignment. Edpacs, 44(2), 1-18.
De Haes, S., Van Grembergen, W. and Debreceny, R.S., 2013. COBIT 5 and enterprise governance of information technology: Building blocks and research opportunities. Journal of Information Systems, 27(1), pp.307-324.
Hu, Q., Dinev, T., Hart, P., & Cooke, D. (2012). Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decision Sciences, 43(4), 615-660.
Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83-95.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education India.
Loorbach, D. (2010). Transition management for sustainable development: a prescriptive, complexity?based governance framework. Governance, 23(1), 161-183.
Oleszek, W. J. (2013). Congressional procedures and the policy process. Sage.
Peltier, T. R. (2013). Information security fundamentals. CRC Press.
Petruch, K., Stantchev, V., & Tamm, G. (2011). A survey on IT-governance aspects of cloud computing. International Journal of Web and Grid Services, 7(3), 268-303.
Ren, K., Wang, C., & Wang, Q. (2012). Security challenges for the public cloud. IEEE Internet Computing, 16(1), 69-73.
Routray, R. R., Sharma, U., Uttamchandani, S. M., & Verma, A. (2012). U.S. Patent No. 8,121,966. Washington, DC: U.S. Patent and Trademark Office.
Zhang, S., & Le, F. H. (2013). An Examination of the Practicability of COBIT Framework and the Proposal of a COBIT-BSC Model. Journal of Economics, 1, 5.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2021). Establishing A COBIT-Based IT Governance Policy For King And Queen Hotel Suites Essay.. Retrieved from https://myassignmenthelp.com/free-samples/info812-management-of-information-systems/it-operation-in-an-organization.html.
"Establishing A COBIT-Based IT Governance Policy For King And Queen Hotel Suites Essay.." My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/info812-management-of-information-systems/it-operation-in-an-organization.html.
My Assignment Help (2021) Establishing A COBIT-Based IT Governance Policy For King And Queen Hotel Suites Essay. [Online]. Available from: https://myassignmenthelp.com/free-samples/info812-management-of-information-systems/it-operation-in-an-organization.html
[Accessed 09 December 2023].
My Assignment Help. 'Establishing A COBIT-Based IT Governance Policy For King And Queen Hotel Suites Essay.' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/info812-management-of-information-systems/it-operation-in-an-organization.html> accessed 09 December 2023.
My Assignment Help. Establishing A COBIT-Based IT Governance Policy For King And Queen Hotel Suites Essay. [Internet]. My Assignment Help. 2021 [cited 09 December 2023]. Available from: https://myassignmenthelp.com/free-samples/info812-management-of-information-systems/it-operation-in-an-organization.html.