The reject will evaluate the suitability and potential of outsourcing human capital, Information Technology (IT), and the company’s equipment. Risk Analysis Matrix Risk Probability (1-5) Severity (1-5) Score (P x S) Action to Prevent/Manage Risk Slippage due to using outsourced IT 3 4 12 Ensure good communication between all parties and robust project plan for all development Failure to integrate outsourced Staff, IT, or contracted equipment 2 8 Compile recommendation report as project output External technical issues 2 5 10 Ensure full support from KGB+ and Serials Solutions Provide workarounds Internal technical issues
Include appropriate staff in project team Provide workarounds Outsourcing IT services allows business managers to concentrate on core goals and objectives. Some managers may have to split their energies between activities that engage prospective customers and concerns with operations outside of the core business objectives (Lung, et al, 2013). Outsourcing alleviates this necessity, and the business managers can focus their energies where their competencies lie. Businesses that must rely on an outside service run the risk of downtime during critical system failures, leading to potential loss of productivity.
It may take days before a busy IT contractor can devote attention on the business problem and resolve the issues. This may leave workers idle and cause hundreds to thousands of dollars in lost revenue. An in-house network administrator becomes intimately familiar with the eccentricities and unique characteristics of the network he manages (Manchester & Jewell, 2012). Because of this, he or she is able to deliver results more efficiently, quickly and personally. IT outsourcing can never provide a personal touch that comes close to that of an in-house IT specialist.
Many companies reject the thought of giving his up, even though they can save money by outsourcing. Businesses that outsource IT services must investigate whether or not the vendor that will be used employs security measures protecting them (Lung, et al, 2013). This is especially important when dealing with offshore companies that run out from a foreign country. While these often have strong security protocols, a risk of one of the outsourcing company employees breaching security always exists. Since foreign countries may not have laws protecting intellectual property or other private data, businesses may find it difficult to prosecute.
If a business or organization does not choose the right partner for outsourcing, the common issues of stretched delivery time frames, sub-standard quality output and unmet needs will occur. It is easier to regulate these factors inside one’s own business or organization rather than with an outsourced partner. Even though outsourcing most of the times is cost-effective, there are those hidden costs involved in signing a contract while signing a contract with a foreign organization that may pose a serious threat. Therefore, outsourcing must be from local vendors Overbearing chooses.
Also, an outsourced vendor may be catering to the expertise-needs of multiple organizations at a time. In such situations vendors may lack complete focus on your organization’s tasks and equipment needs. Conclusion Through risk mitigation and analysis, organizations can benefit of outsourcing to become a strategic management practice that can help hold down costs, improve customer satisfaction, and ensure the smooth operation of facilities. Through risk assessment, risk response and mitigation strategies can be expressed.
The business can take advantage or risk assessment by making better informed decisions based on supporting data. However, we must remember that to be able to use the risk assessment matrix, it is essential to ensure that risk is accurately measured as risk is assessed on severity and probability or occurrence. To receive the full benefits that outsourcing can provide, firms must be prepared for the risks and potential downfalls involved when creating the outsourcing relationship. References Generics, T. PM. (2009). Identifying and Managing Project Risk deed.
New York, NY: AMOCO. Lung, H. , Opposes, E. , cacao, Y. , Luau, R. W. & Engel, W. (2011, December). Advances in Loosen, P. (2013). Simple Steps to Data Encryption: A Practical Guide to Secure Computing. Newness. Manchester, J. & Jewell, S. (2012). Professional Mobile Application Development. New York, NY: John Wiley & Sons. The bug in GE Energy’s XA/21 system was discovered in an intensive code audit conducted by GE and a contractor in the weeks following the blackout, according to Frighteners Corp.. , the Ohio utility where investigators say the blackout began. It had never evidenced itself until that day,” said spokesman Ralph Dominical. “This fault was so deeply embedded, it took them weeks of poring wrought millions of lines of code and data to find it. ” The flaw was responsible for the alarm system failure at Fierceness’s Akron, Ohio control center that was noted in a November report from the U. S. -Canadian task force investigating the blackout. The report blamed the then-unexplained computer failure for retarding Fierceness’s ability to respond to events that led to the outage, when quick action might have limited the blackout’s spread. Power system operators rely heavily on audible and on-screen alarms, plus alarm logs, to reveal any significant changes in their system’s conditions,” the report noted. Fierceness’s operators “were working under a significant handicap without these tools. However, they were in further jeopardy because they did not know that they were operating without alarms, so that they did not realize that system conditions were changing. ” The cascading blackout eventually cut off electricity to 50 million people in eight states and Canada. The blackout occurred at a time when the Blaster computer worm was wreaking havoc across the Internet.
The timing triggered some speculation that the virus may have played a role in the outage a theory that gained credence after Security’s reported that two yester at a nuclear power plant operated by Frighteners had been impacted by the Slammer worm earlier in the year. Instead, the XA/21 bug was triggered by a unique combination of events and alarm conditions on the equipment it was monitoring, Dominical said. When a backup server kicked-in, it also failed, unable to handle the accumulation of unprocessed events that had queued up since the main system’s failure.
Because the system failed silently, Fierceness’s operators were unaware for over an hour that they were looking at outdated information on the status of their portion of the power grid, according to the November report. The root cause of the outage was linked to a variety of factors, including Fierceness’s failure to trim back trees encroaching on high-voltage power lines. Frighteners says its problems were some of many issues destabilize power flow in the northeast that day, and that its role in the outage is overstated in the interim report.
On Tuesday, the North American Electric Reliability Council (NEAR), the industry group responsible for preventing blackouts in the U. S. And Canada, approved a raft of directives to utility companies aimed at preventing a recurrence of the outage. One of them gives Frighteners a June 30th deadline o install any known patches for its XA/21 system. Frighteners says it already patched the blackout bug last fall, when GE made a fix available, and is in the process of replacing the XA/21 with a competing system a changeover that was planned before the blackout.
NEAR spokesperson Ellen Vance said the organization would release a more comprehensive list of recommendations next month that would likely instruct all U. S. And Canadian electric companies using Gee’s XA/21 system to install the patch. “That blackout report will go into much greater detail and will more broadly address the entire industry, whereas this reticular report addressed the specific actors involved in the blackout, as well as some specific actions NEAR had to take,” Vance said. GE Energy declined repeated requests for comment on the bug. 1 : Back up early and often The single most important step in protecting your data from loss is to back it up regularly. How often should you back up? That depends?how much data can you afford to lose if your system crashes completely? A week’s work? A day’s work? An hour’s work? You can use the backup utility built into Windows (untactful. Exe) to perform basic backups. You can use Wizard Mode to simplify he process of creating and restoring backups or you can configure the backup settings manually and you can schedule backup jobs to be performed automatically.
There are also numerous third-party backup programs that can offer more sophisticated options. Whatever program you use, it’s important to store a copy of your backup offset in case of fire, tornado, or other natural disaster that can destroy your backup tapes or discs along with the original data. #2: Use file-level and share-level security To keep others out of your data, the first step is to set permissions on the data files and folders. If you have data in network shares, you can set share permissions to control what user accounts can and cannot access the files across the network.
With Windows 2000/XP, this is done by clicking the Permissions button on the Sharing tab of the file’s or folder’s properties sheet. However, these share-level permissions won’t apply to someone who is using the local computer on which the data is stored. If you share the computer with someone else, you’ll have to use file-level permissions (also called NUTS permissions, because they’re available only for files/folders stored on NUTS-formatted partitions). File-level permissions are set using the Security tab on the properties sheet and are much more granular than share-level permissions.
In both cases, you can set permissions for either user accounts or groups, and you can allow or deny various levels of access from read-only to full control. #3: Password-protect documents Many productivity applications, such as Microsoft Office applications and Adobe Acrobat, will allow you to set passwords on individual documents. To open the document, you must enter the password. To password-protect a document in Microsoft Word 2003, go to Tools I Options and click the Security ABA.
You can require a password to open the file and/or to make changes to it. You can also set the type of encryption to be used. Unfortunately, Microsoft’s password protection is relatively easy to crack. There are programs on the market designed to recover Office passwords, such as Leucotomy’s Advanced Office Password Recovery (VAPOR). This type of password protection, like a standard (non-deadbolt) lock on a door, will deter casual would-be intruders but can be fairly easily circumvented by a determined intruder with the right tools.
You can also use zipping software such as WinZip or PKZip to compress and encrypt comments. #4: Use FEES encryption Windows 2000, XP Pro, and Server 2003 support the Encrypting File System (FEES). You can use this built-in certificate-based encryption method to protect individual files and folders stored on NUTS-formatted partitions. Encrypting a file or folder is as easy as selecting a check box; just click the Advanced button on the General tab of its properties sheet. Note that you can’t use FEES encryption and NUTS compression at the same time.
FEES uses a combination of asymmetric and symmetric encryption, for both security and performance. To encrypt files tit FEES, a user must have an PEPS certificate, which can be issued by a Windows certification authority or self-signed if there is no CA on the network. FEES files can be opened by the user whose account encrypted them or by a designated recovery agent. With Windows XP/2003, but not Windows 2000, you can also designate other user accounts that are authorized to access your FEES-encrypted files.
Note that PEPS is for protecting data on the disk. If you send an FEES file across the network and someone uses a sniffed to capture the data packets, they’ll be able to read the data in the files. 5: Use disk encryption There are many third-party products available that will allow you to encrypt an entire disk. Whole disk encryption locks down the entire contents of a disk drive/ partition and is transparent to the user. Data is automatically encrypted when it’s written to the hard disk and automatically decrypted before being loaded into memory.
Some of these programs can create invisible containers inside a partition that act like a hidden disk within a disk. Other users see only the data in the “outer” disk. Disk encryption products can be used to encrypt removable USB drives, flash drives, etc. Some allow creation of a master password along with secondary passwords with lower rights you can give to other users. Examples include BGP Whole Disk Encryption and Directly, among many others. #6: Make use of a public key infrastructure A public key infrastructure (PKZIP) is a system for managing public/private key pairs and digital certificates.
Because keys and certificates are issued by a trusted third party (a certification authority, either an internal one installed on a certificate server on your network or a public one, such as Version), certificate-based security is stronger. You can protect data you want to share with someone else by encrypting it with the public key of its intended recipient, which is available to anyone. The only person who will be able to decrypt it is the holder of the private key that corresponds to that public key. 7: Hide data with stenography You can use a stenography program to hide data inside other data. For example, you could hide a text message within a . JPG graphics file or an MPH music file, or even inside another text file (although the latter is difficult because text files don’t contain much redundant data that can be replaced with the denied message). Stenography does not encrypt the message, so it’s often used in conjunction with encryption software. The data is encrypted first and then hidden inside another file with the stenography software.
Some stenographic techniques require the exchange of a secret key and others use public/private key cryptography. A popular example of stenography software is Astigmatic, a freeware download that will encrypt messages and hide them in . TXT, WAVE, or . BUMP files. #8: Protect data in transit with IP security Your data can be captured while it’s traveling over the network by a hacker with unifier software (also called network monitoring or protocol analysis software). To protect your data when it’s in transit, you can use Internet Protocol Security both the sending and receiving systems have to support it.
Windows 2000 and later Microsoft operating systems have built-in support for Pipes. Applications don’t have to be aware of Pipes because it operates at a lower level of the networking model. Encapsulating Security Payload (ESP.) is the protocol Pipes uses to encrypt data for confidentiality. It can operate in tunnel mode, for gateway-to-gateway protection, or in transport mode, for end-to-end protection. To use Pipes in Windows, you have to create an Pipes policy and choose the authentication method and IP filters it will use.
Pipes settings are configured through the properties sheet for the TCP/IP protocol, on the Options tab of Advanced TCP/IP Settings. #9: Secure wireless transmissions Data that you send over a wireless network is even more subject to interception than that sent over an Ethernet network. Hackers don’t need physical access to the network or its devices; anyone with a wireless-enabled portable computer and a high gain antenna can capture data and/or get into the network and access data stored there if the wireless access point isn’t configured securely.
You should send or store data only on wireless networks that use encryption, preferably Wi-If Protected Access (WAP), which is stronger than Wired Equivalent Protocol (WEEP). #10: Use rights management to retain control If you need to send data to others but are worried about protecting it once it leaves your own system, you can use Windows Rights Management Services (ARMS) to control what the recipients are able to do with it. For instance, you can set rights so that the recipient can read the Word document you sent but can’t hanged, copy, or save it.
You can prevent recipients from forwarding e-mail messages you send them and you can even set documents or messages to expire on a certain date/time so that the recipient can no longer access them after that time. To use ARMS, you need a Windows Server 2003 server configured as an ARMS server. Users need client software or an Internet Explorer add-in to access the ARMS-protected documents. Users who are assigned rights also need to download a certificate from the ARMS server. Purpose The purpose of this Guideline is to instruct users on appropriate use of
Administrator Access to Carnegie Mellon University (“University’) computing and information resources and to aid in the interpretation of requirements set forth in the University Computing Policy. Applies To This Guideline applies to all University system and application administrators and any other personnel who are provided with Administrator Access to University computing and information resources. Definitions Administrator Access is defined as a level of access above that of a normal user.
This definition is intentionally vague to allow the flexibility to accommodate raying systems and authentication mechanisms. In a traditional Microsoft Windows environment, members of the Power Users, Local Administrators, Domain Administrators and Enterprise Administrators groups would all be considered to have Administrator Access. In a traditional UNIX or Linux environment, users with root level access or the ability to suds would be considered to have Administrator Access.
In an application environment, users with ‘super-user’ or system administrator roles and responsibilities would be considered to have Administrator Access. In theory, this guidance applies to any seer account in that utilization of access rights is reserved solely for the intended business purpose. Non-public Information is defined as any information that is classified as Restricted Information (both Moderately Sensitive and Highly Sensitive) according to the University Guidelines for Data Classification.
Access to Restricted Data must be approved by the designated Data Owner (Data Steward) as defined in the University Information Security Policy under Roles and Responsibilities. Guidelines The University Computing Policy provides a framework for appropriate and inappropriate use of University computing and information resources. More specifically, the University Computing Policy prohibits, “Using a computer system without proper authorization granted through the University, college or department management structure. ” It further prohibits attempts to “… Recruitment system security without the explicit permission of the owner of that system. ” System administrators and other University personnel with Administrator Access to computing and information resources are entrusted to use such access in an appropriate manner. The following provides high- level guidance on what constitutes appropriate and inappropriate use of Administrator Access. Appropriate Use of Administrator Access Administrator Access to University computing resources should only be used for official University business.
While the University Computing Policy permits reasonable personal use of computing resources, this is restricted to non- administrative activities. Use of Administrator Access should be consistent with an individual’s role or job responsibilities as prescribed by management. When an individual’s role or job responsibilities change, Administrator Access should be appropriately updated or removed. In situations where it is unclear whether a particular action is appropriate, and within the scope of current job responsibilities, the situation should be discussed with management.
Inappropriate Use of Administrator Access In addition to those activities deemed inappropriate in the University Computing Policy, the following constitute inappropriate use of Administrator Access to University computing resources unless documented and approved by management: Circumventing user access controls or any other formal University security controls Circumventing bandwidth limits or any other formal University computing controls Circumventing formal account activation/suspension reoccurred Circumventing formal account access change request procedures Circumventing any other University procedures that are in written form and/or approved by some level of management The following constitutes inappropriate use of Administrator Access to University computing resources under any circumstances, regardless of whether there is management approval: Accessing Non-public Information that is outside the scope of specific job responsibilities Exposing or otherwise disclosing Non-public Information to unauthorized persons Using access to satisfy personal curiosity about an individual, system, practice, or other type of entity.