Article for qsn 1

Establishing a Security Culture

The predominant exposure to a cyber attack often comes from care- less behaviors of the organization’s employees. The first step to avoid poor employee cyber behaviors is to have regular communication with staff and establish a set of best practices that will clearly protect the business. However, mandating conformance is difficult and research has consistently supported that evolutionary culture change is best accomplished through relationship building, leadership by influence (as opposed to power-centralized management), and ultimately, a presence at most staff meetings. Individual leadership remains the most important variable when transforming the behaviors and prac- tices of any organization.

Understanding What It Means to Be Compromised

Every organization should have a plan of what to do when security is breached. The first step in the plan is to develop a “risk” culture. What this simply means is that an organization cannot maximize protection of all parts of its systems equally. Therefore, some parts of a company’s system might be more protected against cyber attacks than others. For example, organizations should maximize the protection of key company scientific and technical data first. Control of network access will likely vary depending on the type of exposure that might result from a breach. Another approach is to develop consistent best practices among all contractors and suppliers and to track the move- ment of these third parties (e.g., if they are merged/sold, disrupted in service, or even breached indirectly). Finally, technology execu- tives should pay close attention to Cloud computing alternatives and develop ongoing reviews of possible threat exposures in these third- party service architectures.

Cyber Security Dynamism and Responsive Organizational Dynamism

The new events and interactions brought about by cyber security threats can be related to the symptoms of the dynamism that has been the basis of ROD discussed earlier in this book. Here, however, the digital world manifests itself in a similar dynamism that I will call cyber dynamism.

Managing cyber dynamism, therefore, is a way of managing the negative effects of a particular technology threat. As in ROD, cyber strategic integration and cyber cultural assimilation remain as distinct categories, that present themselves in response to cyber dynamism. Figure 9.2 shows the components of cyber ROD.

Article for Qsn-2

The IT Leader in the Digital Transformation Era

When we discuss the digital world and its multitude of effects on how business is conducted, one must ask how this impacts the profession of IT Leader. This section attempts to address the perceived evolution of the role.

1. The IT leader must become more innovative. While the business has the problem of keeping up with changes in their markets, IT needs to provide more solutions. Many of these solutions will not be absolute and likely will have short shelf lives. Risk is fundamental. As a result, IT lead- ers must truly become “business” leaders by exploring new ideas from the outside and continually considering how to implement the needs of the company’s consumers. As a result, the business analyst will emerge as an idea bro- ker (Robertson & Robertson, 2012) by constantly pursuing external ideas and transforming them into automated and competitive solutions. These ideas will have a failure rate, which means that companies will need to produce more applications than they will inevitably implement. This will certainly require organizations to spend more on software development.

2. Quality requirements will be even more complex. In order to keep in equilibrium with the S-curve the balance between quality and production will be a constant negotiation. Because applications will have shorter life cycles and there is pressure to provide competitive solutions, products will need to sense market needs and respond to them quicker. As a result, fixes and enhancements to applications will become more inherent in the development cycle after products go live in the market. Thus, the object paradigm will become even more fundamental to better software development because it provides more readily tested reusable applications and routines.

3. Dynamic interaction among users and business teams will require the creation of multiple layers of communities of prac- tice. Organizations involved in this dynamic process must have autonomy and purpose (Narayan, 2015).

4. Application analysis, design, and development must be treated and managed as a living process; that is, it never ends until the product is obsolete (supporter end). So, products must con- tinually develop to maturity.

5. Organizations should never outsource a driver technology until it reaches supporter status.