Management Of Information Technology: Risks And Mitigation Strategies

Introduction to Management of Information Technology

Discus about the Management Issues Of Information Technology.

Information technology or IT can be defined as the utilization of various systems or computers that are utilized for the purpose of storing, retrieving, manipulating and finally transmitting the data or information for any particular organization or business (Eason 2014). This information technology is thus considered as the core subset of ICT or information and communications technology. The information technology is responsible for the encompassment of the various information distribution techniques like telephones or televisions (Schwalbe 2015). The various products as well as services within any specific economy are eventually linked with the information technology, which include e commerce, software, hardware, electronics, and equipments of telecom, internet, semiconductors and many more. The management of this information technology is known IT management or information technology management. It is the basic type of discipline where each and every resource of information technology of any particular company or organization are solely controlled and managed as per the requirements or the priorities of the business (Bilbao-Osorio, Dutta and Lanvin 2013). All these resources subsequently include the tangible investments such as networks, data, information, and computer software, facilities of data centre and computer hardware. Moreover, the employees or the personnel of the organization are also considered as the tangible investments or assets of that organization. The responsibility of the management of information technology in an organization mainly entails all the significant functionalities of the business like change management, organization, control, budgeting, network planning, software designing, support to technical and staffing (Dahlstrom, Walker and Dziuban 2013). The most important objective of the IT management is the generation of value through the utilization of proper and significant technology. 

The following report outlines a brief discussion on the management issues of information technology. One of the major and significant management issues of the IT is risk assessment. There are various types of risks present in a business and all those risks are required to be mitigated properly. This report will be focusing on the risk assessment of any organization with proper mitigation strategies.

An organization or company has various functions or processes within it. These processes or functions help to define the business properly and substantially (Holtshouse 2013). The process of managing all the resources of information technology, right from equipments like software and hardware to the personnel of the organization is known as management of information technology or IT management. These resources are properly managed or controlled as per the needs or requirements of the organization and thus involving every tangible resource are maintained with this particular management (Lloyd 2017). The resource allocation and the strategic planning also become easier with this type management of information technology. The IT manager is responsible for the proper implementation and maintenance of the infrastructure of the organizational technology. The businesses eventually rely on the system of central information processing for the purpose of supporting the efficient and effective management of data and communication of data (Laudon and Laudon 2015). With the management of information technology, the requirements of the organizational operations are monitored. Moreover, the strategies are researched and thus an extremely cost effective as well as efficient system is built for achieving all the organizational goals and objectives.

Management Issues in Information Technology: Risk Assessment

This particular management is separate from the management information system or MIS (Willcocks 2013). The management information system refers to the various methods of management that helps in decision making. However, management of information technology refers to the management of activities that are completely related to information technology or IT.

The management of information technology is a vast domain that comprises of various important theories. These theories help to understand the entire ideology of the IT management and have various applications in the business or organizations (Van Der Aalst, La Rosa and Santoro 2016). The several theories of the information technology management are as follows:

1. i) Contingency Theory: This is the first and the foremost theory of IT management. This particular theory demonstrates that the managers should take decisions that are completely based on the situation that is occurring now (Laudon and Laudon 2016). The action should be taken on the basis of the aspects or features that are vital for the situation. All the managers utilize the leadership approaches in this scenario.
2. ii) Systems Theory: The second important theory of the management of the information technology is the systems theory. The manager has the ability to identify the difference in systems affect ting the employees or vice versa (Bloom et al. 2014). Any specific system is eventually made up of the various portions or parts that are working together for achieving the goal.
3. iii) Theory X and Theory Y: The third important theory of the management of the information technology is the Theory X and Theory Y. The first theory X or the management theory that any individual chooses for utilizing is eventually influenced by the beliefs regarding attitudes of workers (Galliers and Leidner 2014). All the managers who solely believe the fact that the employees usually lack any ambition and require incentives or motivation for increasing the productivity subsequently lean towards the Theory X. however, Theory Y states that employees are driven naturally and have the thirst to take responsibility.
4. iv) Chaos Theory: The fourth important theory of the management of the information technology is the chaos theory. There is always a constant alteration in business. In spite of the fact that there are various circumstances or events that could be controlled, there are few that could not controlled and managed (Von Solms and Van Niekerk 2013). Chaos theory identifies those changes that are inevitable and are rarely managed. When the organizations grow, the possibility as well as the complexity of any type of susceptible event, increases.

The information technology management is the most important requirement in any business. The entire management of the organizational structure becomes explicitly easier with this particular management (Wang and Lu 2013). There above mentioned various theories of the management of information technology comprise of various conceptual applications in the real life situations. Hence, the conceptual applications of all the above mentioned IT management theories within real life situations are as follows:

1. i) Contingency Theory: The contingency theory comprises of various significant applications within the information technological world (Hahn et al. 2013). The first and the foremost utilization is that it could be utilized for assessing the effectiveness of any specific individual for any particular role and check the reasons for the ineffectiveness or effectiveness of the individual (Elmaghraby and Losavio 2014). The next significant application of the contingency theory mainly includes helping in the implementation of changes or alterations in the roles and responsibilities that the management might need to make to bring effectiveness to the role of the person leading the same.
2. ii) Systems Theory: This particular theory also comprises of various applications in real life scenarios (Buczak and Guven 2016). Systems theory is utilized as the tool to understand different characteristics of the functionality of a business. For an instance, the different parts of any business cannot operate alone from one another. Rather, all the departments are interrelated with each other (Wells et al. 2014). Each and every part of a system should work together. The Systems theory hence refers to this particular kind of interaction for the enabling process as the entire separate sub systems allow each other in performing effectively (Sou, Sandberg and Johansson 2013).
3. iii) Theory X and Theory Y: Theory X usually proves to be the most efficient or effective for work consistency (Cavelty 2014). Theory X completes any IT work properly and perfectly. The followers of Theory Y might comprise of a better relation with the higher authorities, and thus potentially comprising of a healthy environment within the workplace (Gupta, Agrawal and Yamaguchi 2016).
4. iv) Chaos Theory: The applications of chaos theory is much different from the rest of the management theories (Laudon and Laudon 2016). Within the technological world, this theory is applicable in domains like cryptography, robotics and many more. In cryptography, the chaos or the non linear dynamics are being utilized for the design of various primitives of cryptography. These algorithms solely include the algorithms of encryptions, hashing functions, streaming ciphers, steganography, secured pseudo random number generator, watermarking and many more (Sou, Sandberg and Johansson 2013). Most of these algorithms are eventually based on the uni modal chaotic maps and hence a large portion of all these algorithms utilize the controlling parameters as well as initial condition of all those chaotic maps as the keys. The similarity within the cryptographic system and the chaotic maps is the most important motivation for designing the chaos of cryptographic algorithms. Robotics is yet another area, which gets advantages from the chaos theory (Van Der Aalst, La Rosa and Santoro 2016). Apart of using robots in any trial and error type refinement for interacting with environment, the chaos theory is utilized for building a specific predictive model. The chaotic dynamics are exhibited by the robots having passive walking bipeds.

The system of information technology like the networks or the computers always comprise of various confidential information or data (Hong, Liu and Govindarasu 2014). This information technology thus plays the most significant role in all the organizations. The most significant activities of the business have the high chance to be vulnerable to several risks or threats. The IT management is responsible for mitigating all these risks eventually (Abawajy 2014). The various risks for the information technology are as follows:

1. i) Hardware Failure: The first and the foremost security issue in any information system is the failure of their hardware (Ben-Asher and Gonzalez 2015). This type of problem mainly arises when any type of malfunction in observed within the electromechanical components like tapes or disks or even any type of electronic circuits that are integrated within any particular computer system (Knowles et al. 2015). The electronics circuits are the most important and significant parts of the computer system and hence any type of discrepancy within these circuits leads to the failure of the hardware completely. It is evident to mention that if the hardware will be a failure, the entire computer system or information technology will be a major failure and the organization could be in grave danger (McNeil, Frey and Embrechts 2015). The proper recovery from this type of hardware failure needs either complete replacement or repairing of that offending or erroneous part. 
2. ii) Software Failure: The second significant security issue with the information system of any information technology organization is the software failure (Bessis 2015). The failure of software eventually means that the entire work of the system would be stopped. The software could be anything, i.e. it can either be the operating system or the working principles of the system. It can be simply defined as the inability of any particular program for continuing with the processes for the cause of logic that is completely erroneous logic (Lam 2014). The other types of software failures are server crashing or software crashing. Moreover, some software is extremely expensive and thus the organization could be suffering from significant financial losses due to this type of failure.
3. iii) Viruses: The third important and significant risk or issue in an information technology structure of a company is virus (Ben-Asher and Gonzalez 2015). The virus can be defined as the particular kind of malicious software program, which when executed, subsequently replicates itself by means of modification of all other vital programs of computer and finally inserting the code that it is comprised of. As soon as the replication is succeeded, all the affected regions are termed as infected with any specific computer virus or similar malicious codes.
4. v) Malware: The fourth important and significant risk or issue in an information technology structure of a company is malware (Abawajy 2014). As the name suggests, malware, or simply malicious software, is the particular file or program, which is extremely harmful for the user of an information system. This malware could be anything like Trojan horses, computer viruses, spyware and worms. All of these malicious codes or programs could be performing various functions, which include deletion of confidential data, stealing, encrypting of sensitive information, hijacking or altering the core functions of computing and finally monitoring the computer activities of a user without proper permission and authentication (Sou, Sandberg and Johansson 2013).
5. v) Human Error: This is yet another significant problem in any information system or information technology of a company. The employees or the staffs of the organization are responsible for this type of problems (Cavelty 2014). These types of attacks occur due to the wrong steps of the users either accidentally or deliberately.
6. vi) Spams: The sixth important and significant risk or issue in an information technology structure of a company is spamming (Wells et al. 2014). The electronic spammingcan be defined as the utilization of an electronic messaging system for sending any spam or unsolicited message, especially like advertising, and also sending various messages again and again on the same website.
7. vii) Phishing: The next significant security issue in the IT structure of an organization is phishing (Hong, Liu and Govindarasu 2014). It is the core attempt to obtain or gain any kind of sensitive or confidential information such as passwords or usernames by means of malicious activities and also by disguising as an entity that is trustworthy.
8. viii) Sniffing: This is the eight significant security risks in the information technology of any organization. The hackers or the attackers utilize this type of cyber attack for the purpose of capturing the data or information (Gupta, Agrawal and Yamaguchi 2016). Packet sniffing is utilized by hackers for capturing the data the moment it is being transmitted on any network. 
9. ix) Spoofing: When the network security is taken into account, an attack of spoofing is extremely common and vulnerable for any organization (Buczak and Guven 2016). It is the situation where any one program or person successfully pretends as the next by simply falsifying the data, and hence gaining an illegal benefit.
10. x) Denial of Service Attacks: It is again one of the most common cyber threats or risks in the information technology structure of any specific company or organization (Galliers and Leidner 2014). A DoS attack or simply a denial of service attack is the distinct cyber attack, in which the attacker seeks into the network resource or machine for making it completely unavailable for the authorized users. The services or the network of the host is disrupted due to this. Denial of service attacks has become explicitly dangerous for the organizations and these should be mitigated at every circumstance (Von Solms and Van Niekerk 2013). The next version of security risk of the IT structure in any organization is the DDoS attacks or distributed denial of service attacks. Here, a series of various computers are added and thus the entire IT structure of the company is at stake.
11. xi) Security Breaches: A security breach can be defined as the particular activity that is occurred from outside of an organization that contravenes or bypasses the various policies, procedures and practices of security (Laudon and Laudon 2016). Security violation occurs when similar internal activity is occurred. This is extremely dangerous for any organization.
12. xii) Hacking: The next important risk or problem in the IT structure of an organization is hacking. It is the process of identification of weaknesses within a computer system or network with the purpose of exploiting the weaknesses in gaining the access (Bloom et al. 2014). The most significant example of this hacking is utilizing algorithm for cracking passwords and thus gaining access into the system. The person, who does hacking, is known as a hacker. He is even termed as an attacker.
13. xiii) Passwords Theft: The next type of security risk in the organization is passwords theft. It is way of unauthorized or unauthenticated interception or taking of any information that is completed based on computer (Van Der Aalst, La Rosa and Santoro 2016). Password theft is the core act for stealing the confidential or sensitive credentials or information from the unknowing victims with an intention to compromise security or privacy and hence obtaining the confidential information.
14. xiv) Dishonesty of Staffs: Another significant problem with the security of information technology is the dishonesty of staffs or employees. This is also termed as insider attacks (Bilbao-Osorio, Dutta and Lanvin 2013). The insider attacks should be reduced for solving all types of staff dishonesty.
15. xv) Natural Disasters: The next significant problem with the information technology or information systems of any organization is the natural disasters (Dahlstrom, Walker and Dziuban 2013). Earthquakes, floods are the most important and significant problems of the structure.

All the above mentioned risks are extremely dangerous for the organization and hence they should be mitigated with utmost security and cautiousness. The following paragraphs will describe the mitigation of assessing of the risks within an IT structure.

There are five ways to mitigate all the above mentioned risks in an Information Technology structure of an organization (Schwalbe 2015). They are as follows:

1. i) Identification of all associated credentials, remote users and accounts: The first way to mitigate the risks is the proper identification of all the important credentials, accounts or remote users (Willcocks 2013). The keys of SSH, passwords as well as hard coded credentials must be kept for getting proper visibility to the fact that who are accessing the critical systems of an organization.
2. ii) Locking down of credentials: The second step is to lock down all the credentials. The moment each and every account, remote user and credential are identified, it is the time for centrally storing all the credentials within a safe and locked environment where these could be more efficiently and effectively managed and controlled (Bilbao-Osorio, Dutta and Lanvin 2013). All the users could then securely and safely retrieve the SSH key or password, or even request for the direct connectivity to only those accounts, which are authorized for accessing.
3. iii) Minimizing direct connectivity to the critical assets: The third important mitigation way is the minimization of direct connectivity to all the critical assets I(Elmaghraby and Losavio 2014). The isolation to each and every session that is eventually originating outside the domain of ICS from all the unmanaged or uncontrolled devices significantly minimizes or reduces the direct connectivity to all critical assets and thus keeping these credentials guarded from the unauthorized users.
4. iv) Trusting after verifying: This is another important method for mitigating security risk in IT structure. The proper implementation of the session recording or live monitoring could eventually facilitate the recognition of any unauthorized activity (Hahn et al. 2013). This could even help in confirming that the remote users can access only those specific systems, which they are authenticated or authorized in seeing. Trusting the employees is okay; however, verification is highly needed.
5. v) Deploying analytics tools: The fifth way to mitigate or reduce all the security risks in an IT structure is deploying of analytical tools. These analytical tools can easily recognize the application patterns and user that in turn could be utilized for creating the privileged users and also the account profiles having normal behaviour (Gupta, Agrawal and Yamaguchi 2016). If any type of abnormal activity is alerted or detected, the incident response teams could easily address as well as disrupt the attacks of in progress.

Conclusion

Therefore, from the above discussion, it can be concluded that information technology or IT is the proper use of all kinds of storage, physical devices, procedures, computers and networking for the purpose of creation, processing, securing, storing as well as exchanging each and every form of electronic data or information. Usually, the information technology is utilized within the context of operations of an organization that are opposed to the technologies related to personal or entertainment. The commercial utilization of the information technology eventually encompasses the telephony and the computer technologies. The involvement of information technology is mainly with various layers of operating systems, applications or software, hardware or physical equipments, automation tools, virtualization as well as management tools and many more for performing the various important functions. The peripherals, software like smart phones, tablets, laptops or any recording equipments and the user devices are included within the domain of information technology. This information technology is also referred to as the regulations, methodologies and architectures that govern the storage and utilization of data. The various applications of business involve database such as SQL servers, email server such as Exchange, transactional system like the real time order entries, web server such as Apache, systems of enterprise resource planning and also customer relationship management. All these applications are used for executing the programmed instructions for the purpose of manipulation, consolidation and dispersal of data and information. IT management is the procedure to oversee each and every matter that related to the resources and operations of information technology within any specific IT organization. This type of IT management helps to ensure the fact that every resource of technology should be used by the employees or personnel of the organization for providing competitive advantages to the company. The business processes are thus improved and the resources and staffs are optimized. Strategic planning is also induced with this type of management. The above report has properly outlined the entire concept of management of information technology with relevant details. There are various issues to this management and one of them is risk assessment. Organizational risks are properly explained here.

Mitigation Strategies for Information Technology Risks

References

Abawajy, J., 2014. User preference of cyber security awareness delivery methods. Behaviour & Information Technology, 33(3), pp.237-248.

Ben-Asher, N. and Gonzalez, C., 2015. Effects of cyber security knowledge on attack detection. Computers in Human Behavior, 48, pp.51-61.

Bessis, J., 2015. Risk management in banking. John Wiley & Sons.

Bilbao-Osorio, B., Dutta, S. and Lanvin, B., 2013, April. The global information technology report 2013. In World Economic Forum (pp. 1-383).

Bloom, N., Garicano, L., Sadun, R. and Van Reenen, J., 2014. The distinct effects of information technology and communication technology on firm organization. Management Science, 60(12), pp.2859-2885.

Buczak, A.L. and Guven, E., 2016. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), pp.1153-1176.

Cavelty, M.D., 2014. Breaking the cyber-security dilemma: Aligning security needs and removing vulnerabilities. Science and Engineering Ethics, 20(3), pp.701-715.

Dahlstrom, E., Walker, J.D. and Dziuban, C., 2013. ECAR study of undergraduate students and information technology. 2013.

Eason, K.D., 2014. Information technology and organisational change. CRC Press.

Elmaghraby, A.S. and Losavio, M.M., 2014. Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of advanced research, 5(4), pp.491-497.

Galliers, R.D. and Leidner, D.E. eds., 2014. Strategic information management: challenges and strategies in managing information systems. Routledge.

Gupta, B., Agrawal, D.P. and Yamaguchi, S. eds., 2016. Handbook of research on modern cryptographic solutions for computer and cyber security. IGI Global.

Hahn, A., Ashok, A., Sridhar, S. and Govindarasu, M., 2013. Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions on Smart Grid, 4(2), pp.847-855.

Holtshouse, D.K., 2013. Information technology for knowledge management. Springer Science & Business Media.

Hong, J., Liu, C.C. and Govindarasu, M., 2014. Integrated anomaly detection for cyber security of the substations. IEEE Transactions on Smart Grid, 5(4), pp.1643-1653.

Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P. and Jones, K., 2015. A survey of cyber security management in industrial control systems. International journal of critical infrastructure protection, 9, pp.52-80.

Lam, J., 2014. Enterprise risk management: from incentives to controls. John Wiley & Sons.

Laudon, K.C. and Laudon, J.P., 2015. Management Information Systems: Managing the Digital Firm Plus MyMISLab with Pearson eText–Access Card Package. Prentice Hall Press.

Laudon, K.C. and Laudon, J.P., 2016. Management information system. Pearson Education India.

Lloyd, I., 2017. Information technology law. Oxford University Press.

McNeil, A.J., Frey, R. and Embrechts, P., 2015. Quantitative risk management: Concepts, techniques and tools. Princeton university press.

Schwalbe, K., 2015. Information technology project management. Cengage Learning.

Sou, K.C., Sandberg, H. and Johansson, K.H., 2013. On the exact solution to a smart grid cyber-security analysis problem. IEEE Transactions on Smart Grid, 4(2), pp.856-865.

Van Der Aalst, W.M., La Rosa, M. and Santoro, F.M., 2016. Business process management.

Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security. computers & security, 38, pp.97-102.

Wang, W. and Lu, Z., 2013. Cyber security in the smart grid: Survey and challenges. Computer Networks, 57(5), pp.1344-1371.

Wells, L.J., Camelio, J.A., Williams, C.B. and White, J., 2014. Cyber-physical security challenges in manufacturing systems. Manufacturing Letters, 2(2), pp.74-77.

Willcocks, L., 2013. Information management: the evaluation of information systems investments. Springer.