STRATEGIES 
FOR Endpoints are vulnerable because humans are
AN EFFECTIVE INFORMATION TECHNOLOGY
1. Aligning IT Objectives with
Company Objectives
Example: If you want to earn more by reaching
out more customers from remote locations,
then you may want to try online selling and
hiring third-party food couriers .
Company - More profit, more customers
IT - Online selling, third-party food couriers  hack and access our personal and browsing
Or if you want to speed up
cashier transactions, then you might want to
try acquiring a Point-of-Sale (POS) System.
Company - Speed up cashier transactions
IT - Point-of-Sale System
Do not fix something that is not broken 
2. Establishing IT Governance
Okay now you have lots of IT projects to satisfy
your company objectives.
But is your fund and manpower enough to
finish all your projects in time?
IT governance is the practice of capturing, publishing,
and regularly reviewing all the IT department’s
project requests with key company managers.
It is about prioritizing which IT projects should come
first.
3. Managing Electronic Risk
One high-risk issue that often surfaces is
endpoint security. An “endpoint” is a
computer system on your network used by
an individual to interact with computer servers
or applications.
Endpoints can include:
PCs, laptops, smartphones, tablets, and specialized
components such as POS terminals.
vulnerable:
a. They will blindly click on a link in an email.
Beware of whatever they are sending us such
as links. Those links might lead us to a fake
bank website than can phish our confidential
information such as usernames and
passwords. There are already reports about
bank accounts and even Facebook accounts
that are hacked.
b. People will connect a laptop to an unfamiliar
Wi-Fi network.
-Free Wi-Fi is great right? But be careful when
connecting to public Wi-Fis. These networks can
information on our gadgets.
Follow these tips:
 Stick with HTTPS when browsing. Chrome will
usually prompt you when the site you are visiting
uses an unencrypted HTTP connection rather
than an encrypted HTTPS encryption by labeling
HTTP "Not Secure."
 Do not give too much info such as e-mail
address and phone number. Stores and
restaurants that do this want to be able
to recognize you across multiple Wi-Fi
hotspots and tailor their marketing accordingly
 Limit AirDrop and File Sharing
 Read the attached terms and conditions
 Use a VPN
All these innocent mistakes can lead to a loss or
compromise of sensitive data for an organization, and,
therefore, might require a public acknowledgment of
breach by the company. As a part of your security
program, ensure your endpoint devices are
well protected.
Anti-virus is a must for most desktop and
laptop systems. Security patches are released
monthly, or more frequently, and should be
applied quickly and in accordance with
your organization’s established framework and
procedures.
Cloud Storage
1
 Another high-risk security issue that should be -employee performance
evaluated is the security of third parties 3. Financial Metrics
responsible for storing, processing, -cost control performance
or transmitting data on your behalf such Operational Metrics
as Onedrive and Google Drive. (Our MS Teams 1. Online application performance - The
is using OneDrive) average time it takes to load a screen or page. 
2. Online application availability -
These services offer convenience by The percentage of time the application
integrating with endpoint devices to is functioning properly.
seamlessly copy data from the computer’s 3. Batch SLAs (Service Level
hard drive to a server somewhere on the Agreement) met - The percentage of key
Internet. In this way, the data is now easily batch jobs that finish on time.
4. Production incidents - The number
accessible by other devices such as a
of production problems by severity.
smartphone or tablet.

These free services do not provide any Organizational metrics

guarantee of security over the data stored on 1. Attrition - The percentage
the service, and your organization cannot of employees who move to other jobs. Exclude
be sure sensitive data pushed to one of these involuntary separations so that managers will
“cloud-based” services won’t be seen by not retain poor performers. Differentiate
between employees who leave the
unauthorized individuals.
company versus those that leave to
take another position within the company.
Therefore, your company should have a clearly 2. Performance reviews - The percentage
defined policy regarding how file-sharing of employees with current written reviews.
services should be used and employees should
be trained accordingly.
Financial metrics
Also, you should establish a vendor 1. Budget variance - Actual
costs compared to budgeted costs. This should
management process to ensure all third parties
be done for both direct expenses and inter-
who store, process or transmit data on behalf
company expenses since direct expenses
of your organization have a contractual are more controllable.
obligation to apply an appropriate degree of 2. Resource cost - The average cost of
security to your data and that they periodically a technology resource. This provides a good
provide evidence (such as a Service view of how well managers are controlling costs
Organization Control report) confirming their by using cheaper outsourcing labor or
controls are in place and functioning. higher priced temporary labor and managing
an organization that is not top heavy with
4. Measuring IT Performance expensive employees.

Metrics can play an important role in achieving

excellence as they force the organization
to pay attention to their performance and
prompt management to make adjustments
when goals are not being achieved.

Critical Metrics for IT Success

1. Operational Metrics
-system performance
2. Organizational Metrics