Professional Documents
Culture Documents
ASSIGNMENT COVER
REGION: HARARE_______________________________________________
ASSIGNMENT TITLE:
______________________________________________________________________________
___
______________________________________________________________________________
___
______________________________________________________________________________
______________________________________________________________________________
To: Management
Causes of IT failure
Readers of this blog know IT initiatives generally fail for business, organizational, or cultural
reasons. Sure, technology screw-ups occur all the time, but that's one of the realities to be
managed. Success or failure ultimately depends on how project leadership manages the full
The following are guidelines describing critical areas of weakness in our bus projects:
This requires constant communications to all levels of people throughout the organization. A
change management. People need to know WIIFM (what's in it for me). Resistance to change
can kill any project. Your initiative must have a champion who carries a lot of clout.
Technology, Business, and People. If the leadership is missing any of the three components
4. Lack of strong executive sponsorship. For these projects to succeed you must have
Initiatives like SOA require a well thought out strategy. Many IT shops do not have the
patience for this and rush into their project head first without a clue of how to actually
7. Trying to do it cheap. Organizations want it all, but they don't want to invest the
time and money. I have seen many projects get completed using this strategy, but they almost
always run over budget, are late, are missing many features, and have many various quality or
would you have somebody with little or no knowledge of the technology at hand lead your
enterprise initiative.
9. Lack of sound business case. You can get all of the other issues right but if your
solution has no business context then you are wasting your time.
10. Poor vendor management. Somebody hires a high priced group of consultants and
lets them run wild. You should make sure that what they build meets your requirements, your
Complex projects are hard to get right, which is why IT failure remains a serious
people, process, and technology. While this perspective may appear obvious, the experience
A typical organization is divided into operational, middle, and upper level. The information
requirements for users at each level differ. Towards that end, there are number of information
The operational level is concerned with performing day to day business transactions of the
sale, bank tellers, nurses in a hospital, customer care staff, etc. Users at this level use make
structured decisions. This means that they have defined rules that guides them while making
decisions.
For example, if a store sells items on credit and they have a credit policy that has some set
limit on the borrowing. All the sales person needs to decide whether to give credit to a
customer or not is based on the current credit information from the system.
Tactical Management Level
supervisors, etc. The users at this level usually oversee the activities of the users at the
Tactical users make semi-structured decisions. The decisions are partly based on set
guidelines and judgmental calls. As an example, a tactical manager can check the credit limit
and payments history of a customer and decide to make an exception to raise the credit limit
for a particular customer. The decision is partly structured in the sense that the tactical
manager has to use existing information to identify a payments history that benefits the
This is the most senior level in an organization. The users at this level make unstructured
decisions. Senior level managers are concerned with the long-term planning of the
organization. They use information from tactical managers and external data to guide them
In different management levels there is need to take the following systems into consideration
Transaction processing systems are used to record day to day business transactions of the
organization. They are used by users at the operational management level. The main
By recording the day to day business transactions, TPS system provides answers to the above
The decisions made by operational managers are routine and highly structured.
The information produced from the transaction processing system is very detailed.
For example, banks that give out loans require that the company that a person works for
should have a memorandum of understanding (MoU) with the bank. If a person whose
employer has a MoU with the bank applies for a loan, all that the operational staff has to do is
verify the submitted documents. If they meet the requirements, then the loan application
documents are processed. If they do not meet the requirements, then the client is advised to
Examples of transaction processing systems include; Point of Sale Systems – records daily
sales
Management Information Systems (MIS) are used by tactical managers to monitor the
organization's current performance status. The output from a transaction processing system is
summarizes the results to produced reports that tactical managers use to monitor, control and
For example, input from a point of sale system can be used to analyse trends of products that
are performing well and those that are not performing well. This information can be used to
make future inventory orders i.e. increasing orders for well-performing products and reduce
Sales management systems – they get input from the point of sale system
Budgeting systems – gives an overview of how much money is spent within the
turnover, etc.
Tactical managers are responsible for the semi-structured decision. MIS systems provide the
information needed to make the structured decision and based on the experience of the
tactical managers, they make judgement calls i.e. predict how much of goods or inventory
should be ordered for the second quarter based on the sales of the first quarter.
Decision support systems are used by senior management to make non-routine decisions.
Decision support systems use input from internal systems (transaction processing systems
unique and change frequently. Decision support systems answer questions such as;
What would happen to our sales if a new competitor entered the market?
Decision support systems use sophisticated mathematical models, and statistical techniques
(probability, predictive modelling, etc.) to provide solutions, and they are very interactive.
achieving goals. The objective is to find the optimal way of achieving the goal. For
example, the net profit for a business is calculated using the formula Total Sales less
executives to ask what if questions and adjust the values for total sales, the cost of
goods, etc. to see the effect of the decision and on the net profit and find the most
optimal way.
Bank loan management systems – it is used to verify the credit of the loan applicant
When the Internet becomes part of the corporate system, the organisation information
systems are even more vulnerable to actions from outside. Taking into consideration
Zimbabwe Open University (ZOU) it is facing challenges in internet security due increase in
its clientele base. Cable modems and lines are more open to penetration by outsiders because
they use fixed Internet addresses where they can be easily identified. A fixed Internet address
Most voice over IP (VOIP) traffic over the public Internet is not encrypted, so anyone with a
network can listen in on conversations. Hackers can intercept conversations or shut down
Vulnerability has increased from widespread use of e-mail to stakeholders and other
outsiders, instant messaging (IM) and peer-to-peer file sharing programmes. E-mails may
contain attachments that serve as springboards for malicious software or unauthorised access
to internal corporate systems. Instant messaging applications can be intercepted and read by
outsiders during transmission. Sharing files over peer to-peer (P2P) networks such as those
While technology is helping ZOU to optimise their operations through various innovative
means, the number of cyber security threats that companies must tackle has grown.
It suffers from numerous network security problems without ever actually realizing it.
What’s worse, when these problems go unresolved, they can create openings for attackers to
breach a company’s security infrastructure to steal data and generally wreak havoc.
There are far too many potential problems to cover. So, this article will cover a few of
the most common network security problems and their solutions to help you cover
your bases.
There are many businesses that don’t have a complete inventory of all of the IT assets
that they have tied into their network. This is a massive problem. If you don’t know
what all of the assets are on your network, how can you be sure your network is
secure?
The easiest fix for this is to conduct a review of all the devices on your network and
identify all of the various platforms they run. By doing this, you can know what all of
the different access points are on your network and which ones are most in need of
security updates.
According to data cited by the Harvard Business Review, for the year of 2016, “60%
of all attacks were carried out by insiders.” Whether it’s because of honest mistakes
(accidentally sending info to the wrong email address or losing a work device),
intentional leaks and misuse of account privileges, or identity theft arising from a
phishing campaign or other social engineering attack that compromises their user
account data, the people inside your business represent one of the biggest security
Because these threats come from trusted users and systems, they’re also among the
hardest to identify and stop. Considering IT personnel and other insiders who can
access administration passwords they can easily temper with the system.
However, there are ways to minimize the risk in case of an insider attack. For
example, if the company uses a policy of least privilege (POLP) when it comes to user
access, you can limit the damage that a misused user account can do. In a POLP,
every user’s access to the various systems and databases on your network is restricted
Many businesses are concerned with “zero day” exploits. These exploits are those
unknown issues with security in programs and systems that have yet to be used
The easiest fix for this problem is to maintain a strict schedule for keeping up with
security patches. Also, gradually changing the programs and operating systems on
your network to make them the same can simplify this process. For example, if every
Linux, etc.), then you only have to keep track of Mac OS or Windows OS security
succeeds in breaching your network security. However, just how much damage this
The problem is that some businesses have an open network structure where once an
attacker is in a trusted system, they have unfettered access to all systems on the
network.
If the network is structured with strong segmentation to keep all of its discrete parts
separate, then it’s possible to slow down the attacker enough to keep them out of vital
systems while your security team works to identify, contain, and eliminate the breach.
Another common issue for many companies is that even when they have all of the
best cybersecurity solutions in place, they might not have enough people in place to
When this happens, critical cybersecurity alerts may get missed, and successful
However, finding a large enough internal IT security team to manage all of your
To build up IT security staff quickly, many businesses use the services of a dedicated
partner such as Comp Quip Cybersecurity. This allows these businesses to access a
full team of experienced cybersecurity professionals for a fraction of the cost of hiring
security departments in the short-term while they’re preparing their own internal
cybersecurity teams.
to troll the web for information that corporations and employees are inadvertently posting on
their social media sites. This information will likely become a new threat vector in the new
As corporations continue to harden their own perimeters and attack surfaces, criminals are
increasingly looking at the vulnerable supply chain where risks are not completely
understood. Increasingly, the vendors in that supply chain will be regarded as part of the
company’s own vulnerability and risk profile. Criminals will increasingly exploit the supply
The proliferation of cheap and insecure devices that comprise the Internet of Things (IoT),
coupled with the legacy systems that control our Infrastructure, are combining to create a
perfect storm in the New Year. Ransomware is likely to be higher as criminals hold
companies, cities and even countries hostage as they take over and compromise such systems.
Attribution will be very difficult thus providing cover to criminals and nation states.
to the cloud, mobile device authentication is likely to explode. At least initially, expect some
of this transition to be exploited, particularly where insecure approaches are used. Facial
recognition and biometrics are still undergoing rapid development and have not reached a
true trusted-state.
Malicious software programmes are referred to as malware and include threats such as
viruses, worms and Trojan horses. These are very common in institutions of Higher Learning
like ZOU as there is a lot of research work by academic giants from different cites. A virus is
a rogue software programme that attaches itself to other software programmes or data files
without user knowledge or permission. It can destroy programmes or data, clogging computer
memory, reformatting a hard drive, or causing programmes improperly. Viruses spread from
computer to computer.
Viruses
These are rogue software programme that attaches itself to other software programmes or
Worms
These are independent computer programmes that copy themselves from one computer to
other computers over a network. They destroy data and programmes, disrupt and halt
computer operations
Trojan horses
These are software programme that appears to be benign but then does something other than
expected. A Trojan horse is not a virus as it does not replicate but is often a way for viruses
Spyware
Small programs install themselves surreptitiously on computers to monitor user Web surfing
Key loggers
These are spyware programmes. They record every keystroke on computer to steal serial
Spoofing
as someone else. It redirects Web link to address different from intended one, with site
Sniffer
This is an eavesdropping programme that monitors information travelling over network. This
enables hackers to steal proprietary information such as e-mail, company files, and so on
Computer crime
crime, for example, breaching confidentiality of protected computerized data, and accessing a
computer system without authority Computer may be instrument of crime, for instance, theft
In conclusion, have explained why systems are vulnerable and how best you can protect
them. Remember employees cannot be trusted and protection of the system is vital for the
organisation. There are, however, many other security software that an organisation can use
References
Laudon, K.C. and Laudon, J.P. (2010), Management Information Systems, London Pearson
Prentice-Hall.
Turban, E., Ranier, R.K. and Potter, R.E. (2001), Introduction to Information Technology,