2.Describe a situation in your Internship, or previous work, where you have taken account of an Australian Standard in fulfilling your ICT task, and why.
3.Describe a situation in your Internship, or previous work, where you have taken account of compliance (legislation) in fulfilling your ICT task, and why.
1.IT Governance Framework
IT Governance is defined as a framework that allows a particular organization to ensure that the IT infrastructure of the organization is capable to achieve the business goals and strategies. It provides a mechanism to align the IT strategy of the organization with its business strategies.
The host company, XYZ Corporations, does have an IT Governance framework in place. ITIL, Information Technology Infrastructure Library, is the framework that is followed in the company. This framework makes sure that the IT services and methods support the core business goals of the company. There are training sessions organized for the employees at regular intervals. However, there are compliance issues that are observed at the lower and middle levels. There are also issues with the decision making activities as the higher authorities are provided with all such abilities (Itinfo, 2017).
When compared with the IT Governance framework with other classmates, there were differences in the structure and compliance that were observed. In this first comparison, the IT Governance Framework being followed came out to be COBIT. Risk management and mitigation were the two prime focus areas in this case (Isaca, 2017). In the second comparison, the framework being followed in the company came out to be Capability Maturity Model Integration (CMMI). The basic aim of this framework implemented in the company was to ensure performance improvement at each level. The compliance ratio was found to be highest in the company following COBIT IT Governance framework followed by the host company using ITIL and then came the company making use of CMMI method.
2.Australian Standard in the Fulfilment of the ICT Task
Ethics play an extremely important role in all the business tasks and activities. It goes valid for all the ICT tasks as well. IT Ethics and professional code of conduct is required to be followed and reflected in all the IT process being carried out in the organization.
In case of XYZ Corporations, there were a number of increased insider threats that were observed. These threats led to the exposure of the confidential information of the organization to the unauthorized entities. In most of such cases, the employees of the organization were held responsible. In order to overcome such issues, it was decided to implement Australian Computer Society (ACS) Code of Conduct in the organization. As per this standard, there are six elements that must be followed by all the employees. These six elements include honest, competence, primacy of public interest, professional development, enhancement of quality of life and professionalism (Acs, 2014).
The step was taken to make sure that the frequency of the insider threats was reduced and the employees followed ethical and professional practices in their business activities. There were ethical and professional trainings that were organized to explain the employees about the ACS code of conduct. This initiative was done to achieve higher compliance rates to the ethical and professional practices (Uwa, 2017).
There was a review that was carried out after a period of four months and the compliance levels were found to be high. The frequency of the insider threats and other information security attacks also came down as a result.
3.Compliance (Legislation) in the Fulfilment of the ICT Task
There were a large number of computer systems, networks and databases that were installed and used in the previous organization, ABC Corporations. The company provided web services and solutions to its clients.
With the increase in the use of computing tools and equipment along with enhanced use of web-based applications, there were numerous security risks and attacks that began to take place. Majority of such issues were a result of cybercrimes and cyber-attacks. The business continuity and availability was also getting adversely impacted because of the same.
In order to efficiently execute the ICT tasks and activities, it became essential to put a check on such cybercrimes. Cybercrime Convention, 2001, was used for this purpose so that the information could be protected and safeguarded from the cyber criminals (Bcs, 2005). It provided the legal permission to search the computer networks and systems of the third parties as well. The procedure resulted in identification of the primary threat agents and carriers. As a result, the frequency of such attacks could be reduced.
The compliance to this act was included in all of the third-party contracts and negotiations thereafter. Due to this step, the third-party providers and suppliers also made sure that they used secure IT practices in all of their IT-related tasks and activities. The properties of the information and data sets that were being used by the organization could be protected and the availability of the business was also ensured. It led to the enhancement of the market reputation along with the customer satisfaction levels as well (Michalsons, 2017).
Acs (2014). ACS Code of Professional Conduct Professional Standards Board Australian Computer Society. [online] Acs.org.au. Available at: https://www.acs.org.au/content/dam/acs/rules-and-regulations/Code-of-Professional-Conduct_v2.1.pdf [Accessed 9 Nov. 2017].
Bcs (2005). Legal Guidelines - IT Law for IT Professionals. [online] Bcs.org. Available at: https://www.bcs.org/upload/pdf/compliance_ict.pdf [Accessed 9 Nov. 2017].
Isaca (2017). COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. [online] Isaca.org. Available at: https://www.isaca.org/cobit/pages/default.aspx [Accessed 9 Nov. 2017].
Itinfo (2017). Information Technology Infrastructure Library (ITIL) Guide. [online] Itinfo.am. Available at: https://www.itinfo.am/eng/information-technology-infrastructure-library-guide/ [Accessed 9 Nov. 2017].
Michalsons (2017). IT Compliance â€“ Practical and Effective. [online] Michalsons. Available at: https://www.michalsons.com/focus-areas/information-technology-law/it-law-practical-and-effective-compliance [Accessed 9 Nov. 2017].
Uwa (2017). ACS Code of Ethics. [online] Teaching.csse.uwa.edu.au. Available at: https://teaching.csse.uwa.edu.au/units/CITS3200/ethics/acs-ethics.htm [Accessed 9 Nov. 2017].