Essay Writing Information Resource Management

Essay on Information Resource Management
This Sample Work has been completed by ‘Tutors India’

Copyright © Tutors India. All rights reserved.
www.tutorsindia.com
© 2016-2017 All Rights Reserved, No part of this document should be modified/used without prior consent
Tutors India™ - Your trusted mentor since 2001
www.tutorindia.com I UK # +44-1143520021, Info@tutorsindia.com
Page 1 of 11
Executive Summary
The present study attempts to analyze and helps to understand how the use/and misuse of knowledge is
critical to the organization’s success and further the case study provides better insight on how to prevent
and manage such problem in the organization. Neo-institutional theory was used as a basis for creating
theoretical framework for the present study. The case study was based on the report provided Adapa
Srinivasa from ICFAI Centre for Management Research (Reference No 908-022-1). From the report it
showed that organizations are finding it difficult to understand the problem and they are resisting in
changing the structure of organization. Moreover, most of the organizations are not aware about the
importance of information security at all levels of the company among their employees. Organizations
react only if there is any such threat that occurs to other company and that too by changing the entire
policy and structure of organization, which will in turn affect the morale and security of employees. In
order to prevent and manage such threats, organizations, must realize the consequences of such threats
before it happens and security measures such protecting the data, secured server, password protection,
disabled USB device CPU, bringing the policy that do not affect the employee morale.
Page 2 of 11
Table of Contents
Executive Summary....................................................................................................................................... 2
Introduction .................................................................................................................................................. 4
Review of Literature...................................................................................................................................... 6
Hypothesis: ................................................................................................................................................... 6
Methodology................................................................................................................................................. 6
Discussion and Analysis................................................................................................................................. 7
Conclusion ................................................................................................................................................... 10
Bibliography ................................................................................................................................................ 11
Page 3 of 11
Introduction
The significant advancement in technologies related to networking, which are characterized by internet
growth have increased the vulnerability and the complexity of networks used by both individuals and
organizations all over the globe. However, this recent advancement in science and technology brings both
convenience and new challenges. The connectivity with high levels, sophisticated hacking tools
availability, electronic commerce growth, advancement in technological aspects that has created
opportunities for the darker side of the technology which has pose greater challenge to organizations. The
challenge in terms of warning issue to organizations with reference to use modern IT devices was first
brought in the year 2004 The Gartner Report (‘Will Sturgeon”, 2006). According to a report by Burton,
around 35 percent of the adults would own a ‘lifestyle’ IT devices such as PDAs, iPods, smart phones and
PDAs in the mid-2000s. The report, further highlighted the issues of new threats, which faced by the
companies and government in the form of ‘Pod-Slurring’, which refers to stealing of confidential
information with the help of technologies. The principle information technologies involved in such threats
are iPods, MP3 players, PDAs, digital cameras and smart phones which can hold large quantities of data
at the same time, the speed that data could be transferred would pose another important challenge. Most
of the MP3 players, till the mid-2000 do not contain any wireless system but mid 2007 more
sophisticated wireless devices like infra-red, Bluetooth, and Wi-Fi have been boasted. This has become
easier to download the data from computers and moreover data downloading doesn’t require the physical
contact. Today, files could be exchanged easily, by using Wi-Fi enabled iphones. In addition PDA also
has wireless technologies like Bluetooth and data could be stolen from bluesnarfing.
Apart from these technologies, data threat was also performed through emails and pen drives. The Gartner
report further inspired the Usher, who developed Slurp.exe, software, which can search and copy the large
corporation data, when loaded in iPod with 60GB hard drive. In addition, over 6GB files could be
downloaded from a PC using the firewall connected media players in less than two minutes time.
Utilizing USB ports and Bluetooth’s, connections, with no specialized software’s data could be easily
downloaded through company’s network. In two minutes time, latest MP3 players connected with USB
ports with a capacity of 20GB could copy huge amount of data. IBM’s ISS X-Force, report highlighted
that network and web based security events have been increased to 30 percent in the past 120 days and
worldwide, the total number increased from 1.8 million to 2.5 billion (“insiders pose new”, 2008). In
addition, pop-security messages that contains rogue anti-virus software or scareware such as Trojans or
key loggers (which records password and other sensitive data) but actually contains virus could harm the
computer (JKF, 2009).
Page 4 of 11
Further advancement and rapid proliferation in IT, such gadgets like iPods and other MP3 flash memory
music players would likely to increase in future and it was estimated that in the year 2009, this shipments
would increase to around 124 million units (“Employee theft”, 2006). Experts felt that, in the wired
environment, the security challenges posed by these devices were more difficult and serious. In the 21st
century, the biggest problem faced by number of companies and government sectors was related to data
security. In the next five years, the trend will be more pronounced due to globalization and increasingly
networked world economy. In order to protect the data from these memory sticks, in a note on Gartner
research “How to Tackle the Threat from Portable storage Devices” while Ruggero Contu pointed out for
this question is that “Unauthorized portable storage devices “ which are considered as potential carrier of
vehicles and malicious code for theft of data. “High data capacity and transfer rates, and broad platform
support mean that [these devices have] the capacity to quickly download much valuable information,
which can be easily leaded to outside world”, (John, 2004). These devices are used into companies
network to install software’s which are malicious like viruses and sometimes this would spoil entire vital
information and moreover, employees may not also be aware of the such viruses at the time of
unintentionally installing such software’s using their portable devices. In the wired technologies, it is
difficult to deal with the security challenge as said by the experts. The editor of Tim Wison says about
such technologies as “When all of your users and devices are attached to the network, you can do some
pretty amazing things with security policy. But when uses are picking up those devices and walk out of
the door, all bets are off”.
Company need to face, ‘vicarious liability’, a legal consequence due to these threats when the company’s
information which are considered as sensitive are made available the public due to copying of information
from their portable devices and this law moreover doesn’t care about the employee, but it certainly make
the company to liable condition due to improper transmission of data to the public. For example, From an
Ameriprise employee’s car in Massachusetts, USA, on December 25, 2005, a laptop was stolen which
contained the valuable and confidential information of the public such as name of the customers, and
social security number. This has been recovered, but for the recovery, enterprise needs to pay a
US$25,000 for the regulator in order to investigate this case. In order to get creditability among
stakeholders, companies kept quiet about these incidents when it happened to their company by firing the
employees, though huge amount of data has been lost. Due to technology advancement in jobs, work from
home policy, mobile jobs, all these prevented to the employers to put a law, on not to bring such devices
to the organization and moreover the concept of ‘fun at work’ which was posed by the employer itself
Page 5 of 11
will be broken. Thus, evolution of internet and World Wide Web has further exaggerated these threats
such as spyware technology, malicious software, etc.
Review of Literature
Soft system methodology has been used as a framework to analyze the critically ill structured situation,
such as in this case to assess the role of information technologies on data threat and ways to prevent and
to manage the data. It …”provides a general set of concepts and an intellectual framework for articulating
the search for images of reality which are relevant to taking purposeful action within some problem
situation” (Ledington 1992, p18.). Under soft system methodology, Checkland’s 7-stage model has been
used to critically analyze the situation from starting to finding the problem to taking further steps to
improve the situation. In order to analyze the present case study, we need to get better insight about this
model. In 1 and 2 stages of Check lands, the problem will be expressed by the participants in a picture
which is rich but it is unstructured. System thinking involves stage 3 and 4 and in these stages, conceptual
models and root definitions are developed with relevance to the system. While earlier stages are used to
develop only conceptual models and do not represent the real situations, but other coming stages are
developed based on the real world, where actual action takes place. In the stage 5, in order to perceive the
real world, the similarities and differences of conceptual model were assessed and in stage 6 is related to
culturally feasible are recommended and finally in stage 7, functional analyses and logic based stream of
inquiry of the problem identified would be undertaken. “Overall, the aim of SSM is to take seriously the
subjectivity which is the crucial characteristic of human affairs and to treat this subjectivity, if not exactly
scientifically, at least in a way characterized by intellectual rigor” [Checkland, Scholes 1990 p. 30].
Hypothesis:
The aim of the present study is to analyze on “how the use/and misuse of knowledge is critical to the
organization’s success”
Methodology
For the present study, the question being asked was about “how the use/and misuse of knowledge is
critical to the organization’s success”, when such questions like “how” or “why” are being asked, thus
researchers do not have any control over it (Yin, 2003), thus, case study research design has been
considered more appropriate. The question posted in the case study was asked in natural setting, with no
Page 6 of 11
previous experience on it (BenBasat et al., 1987; Dube and Pare, 2003). For analyzing the case study,
soft system methodology has provided a framework as it increased the awareness related to the all areas
of investigation and thus, provide holistic approach. Thus, for the present study, interview questions were
designed in semi-structured, open-ended follow questions interviewees were given enough opportunities
to answer the questions. This case study will help us to understand the how misuse of knowledge will
affect the organization success. If no prior information is available, case study will be performed and such
exploratory case studies will provide the theoretical framework.
Discussion and Analysis

Step 1: The problem identification in unstructured way as expressed by the participants: In this case, As
stated by Abe Usher, a US security expert, 2006 said that “This pod slurring is a growing area of concern
and there’s not a lot of awareness about it And yet in 2 minutes, it’s possible to extract about 100MB of
word, Excel, PDF files.. basically anything which might contain business data… and with a 60 GB ipod,
you could probably have every business document in a medium size firm” and according to Rich Mogull,
Vice president, Gartner group research (2007), further expressed “It is a real threat, but I consider it
pretty minor in the overall scheme of things….We’re a little bit worried about it because people can put
sensitive content onto these devices and move it around, but we’re more worried about accidental loss of
the devices than people using them for malicious purposes”. Here a problem is the data theft from an
organization from an internal employee through the use of principal technologies such as iPod, digital
phones, MP3 players, mobiles, pen drives, email, PDA, and digital cameras. The problem occurs in all
areas and all organization such as hospitals, labs, government data, business companies etc. Step 2: The
conceptual model and the root definition was developed based on the reason for such theft, (mission of
the identified problem) as indicated in the case study, the motives for data theft may occurs some
unintentionally such as carrying the data to perform at home in order to increase the productivity but this
sometime unintentional installing some software will affect the data security or curiosity, or monetary
gain, or malicious intent. However these threats will affect the organization creditability mainly their data
are profitable in several ways such as patents formula details, future expansion plans, financial details,
medical records, tender details and these information would certainly yield monitory benefits to the other
competitors.
Overall framework is employees stole the data or erase the data either intentional or unintentional way,
which will affect the entire organizational creditability and sometime bring the organization to face legal
problems at the same time their profit is lost significantly as the personal data of the company are shared
Page 7 of 11
to their competitors by the employees who left the organization. In order to protect the data, several
protective systems has to be developed in term of various levels, from changing the HR policy, prevention
of brining such device to an office etc. Stage 5: While the earlier stage provides only the conceptual
framework for the problem but this does not work in real life situation as protecting the employees not to
bring the mobiles, will affect their morale and further bring the sense of insecurity. Even in today’s world,
the employees are also working from home, mobile works, all these made internet a necessary problem,
thus to prevent data threat, the company can bring policies on how to handle these devices , especially the
devices which are permissible such as pen drives (portable plug and play) during working hours rather
than restricting such devices. But certain devices like Music MP3 players’ digital cameras, PDAs and
personal laptops could be prevented from brining into the organization. Even framing the policies, certain
guidelines has to be bear in mind such as bringing fear of the mind of employees or feeling of entrust,
ranks disgruntlement.
Other measures would be encryption of data in the network, secret codes has to be provided with sensitive
codes, use of digital rights management technologies, protection through intellectual property, not
connecting the data through network, disabled USB ports computers, new security solution to access
control of data, usage of new technology to protect the data such as end point security solutions which
allows the building fool proof computer network are the measures could be taken in order to prevent the
data from hacking. In the final stage, the information collected i.e the recommendation made are pulled
together and provided to an organization, at various levels, such as HR managers to create policies and
procedures, Information Technology department to create unique user id for each employees, restriction
of USP portal and secured network with no network, should be worked out to prevent and manage such
data threats. Thus, this model is useful, to evaluate and analyze the problem and also helped to identify
the roles and responsibility of each staff in a practical way. In order to protect the data, several protective
systems has to be developed in term of various levels, from changing the HR policy, prevention of brining
such device to an office etc.
Due to data theft, IT companies, big corporate are not only affected but at the same time other firms like
hospitals and laboratory are also at great risk. According to the report in 2006 by Federal Bureau of
Investigation (FBI)36, this showed that fourth highest economic effect on organization was the theft of
intellectual property37. Information security system for business managers, act as a backburner, thus it
has brought increased interest over the researchers over the last decade. In order to manage secured
information, several studies have been published which provided guidelines in terms of prescriptive and
normative, and also in addition provides baselines for designing methodologies, implementing and
Page 8 of 11
managing the information system securely ( Baskerville, 1998; Rees et al 2003; Straub and Welke, 1998).
Several theories have been framed in order to know the reason behind how the use / misuse of knowledge
are critical to the organization success. Functional paradigm which has emphasized the rules and
structures while alternative theories such as radical humanist, radical structuralism and interpretive
(Dhillon and Backhouse, 2001) are used based on the theoretical framework. This theory will bring the
socio-organizational framework and in addition for studying the IT related issues to security in an
organization, neo-institutions theories have been used widely. Moreover neo-institutional theory will help
us to know the various factors that influence the organization behavior, but institutional theory gives us
idea about the changes of the behavior. In this case, the problem is how the use/and misuse of knowledge
is critical to the organization’s success, thus, neo-institutional theory has been used in further discussion.
Traditional functionalist looks the organization with rules, structures and procedures in order to perform
efficiently the task while institutional theory considers organization as social construction, which is
adaptive to the situation. The neo-institutional theory was developed by the work of Meyer and Rowan
(1977), where this theory emphasizes the two important components which include institutionalization
process and the isomorphism process. According to the definition by Tolbert and Zucker (1983) defined
institutionalization “as the process through which components of formal structure become widely
accepted, as both appropriate and necessary, and serve to legitimate organizations”.
Through the interviews, this case study (data provided -attachment) provided two sources of influences
within the context of neo-institutional theory, the normative influences considering both internal and
external sources of threat and their effect on organizations. Internal sources identified are protection of
data, security access and external sources including the new technological devices such as ipods, MP3
players, digital cameras, digital phones etc. The data theft would pose many problems to the companies
such as loss of patents, financial information, tender data, and sometimes revealed by the companies due
to the fear about their stakeholders as they lose their creditability within their stakeholders and other
competitors. Companies also face legal consequences, when the public data are being shared publicly
such legal threat will spoil the image of the company. In the year 2004 (Burton, n.d), it was reported that
almost 94 percent of business has been lost due to IT security breach. For example, personal data of
nearly 145,000 from choice point in the year 2005 has been stolen. 24 According to the Richard Hunter,
Vice president and Research Director, Gartner Executive programs states that “Enterprise are watching
employees and employees are watching employers with increasing unease on both sides. In our global
economy with its fluid workforce, in which longstanding relationships of trust are difficult to establish
and maintain, the temptation for business is clear: monitor every employee, all the time… what top
Page 9 of 11
managers of enterprises need to find is a balance between security that can protect their business and
free communication that can stimulate growth (Richard, n.d).
Conclusion
Thus, to conclude that there are many technologies have arrived recently in order to protect the data so
did the data threat. However no major implications have been set by many organizations as the problem is
not understand by them. According to the expert from the information system, budget is not constraint for
most of the companies; it’s the problem that they could not understand, although many reports have been
published with relevance to that. Some organizations though problem have been recognized, they have
used the strategy to change the entire policy and procedures and such sudden change would affect the
morale of the employees and in addition it will also create the fear of insecurity. At Southwest Power
Pool, Tom Hofstetter, a security analyst said, “The most difficult and frustrating part is creating a sense in
users that there really is a problem, for which they are part of the solution, And that the problem is not
going go away if its ignored”.
Page 10 of 11
Bibliography
Checkland, P., Scholes, J., Soft Systems Methodology in Action. John Wiley & Sons, 1990.
Tolbert, P.S., Zucker, L.G., 1983. Institutional sources of change in the formal structure of organizations:
the diffusion of civil service reform, 1880–1935. Admin
istrative Science Quarterly 28 (1), 22–39.
Meyer, J.W., Rowan, B., 1977. Institutionalized organizations: formal structure as myth and ceremony.
American Journal of Sociology 83 (2), 340–363.
Ledington, P., “Intervention and the management process: an action-based research study”, Systems
Practice,5(1), 1992, pp. 17-35.
Baskerville, R., 1988. Designing Information Systems Security. John Wiley & Sons, New York, NY.
Benbasat, I., Goldstein, D.K., Mead, M., 1987. The case research strategy in studies of information
systems. MIS Quarterly 11 (3), 369–386.
Dube´, L., Pare´, G., 2003. Rigor in information systems positivist case research: current practices, trends,
and recommendations. MIS Quarterly 27 (4), 597–635.
Rees, J., Bandyopadhyay, S., Spafford, E.H., 2003. PFIRES: a policy framework for information security.
Communications of the ACM 46 (7), 101–106.
Straub, D.W., Welke, R.J., 1998. Coping with systems risk: security planning models for management
decision making. MIS Quarterly 22 (4), 441–469.
Dhillon, G., Backhouse, J., 2001. Current direction in IS security research: towards socio-organizational
perspectives. Information Systems Journal 11, 127–153.
Will Sturgeon, “Beware the “Pod Slurping” Employees, “www.news.com, February 15, 2006
Employee Theft – Pod Slurping, “www.centurycomputing.co.uk, November 21, 2006
John K, Waters, “ipods and Like Devices Pose Enterprise security Threat, says Gartner”,
www.adtmag.com, December 12, 2004
Wilson, T (Dec 4, 2008). Insiders pose new threats in down economy, Dark Reading. Viewed online at
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212201861
JKF (December 23, 2009). FBI: Pop-Up Security Warnings Pose Threats. Viewed online at
http://www.lockergnome.com/jfk/2009/12/23/fbi-pop-up-security-warnings-pose-threats/
Viewed online at http://www.fbi.gov/publications/strategicplan/stategicplantext.htm#intro
Yin, R.K., 2003. Case study research: design and methods, 3rd
Page 11 of 11

Essay Writing Information Resource Management

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Essay Writing Information Resource Management

Încărcat de

Drepturi de autor:

Formate disponibile

Essay on Information Resource Management

This Sample Work has been completed by ‘Tutors India’

Discussion and Analysis

istrative Science Quarterly 28 (1), 22–39.

Communications of the ACM 46 (7), 101–106.

perspectives. Information Systems Journal 11, 127–153.

Employee Theft – Pod Slurping, “www.centurycomputing.co.uk, November 21, 2006

Viewed online at http://www.fbi.gov/publications/strategicplan/stategicplantext.htm#intro

S-ar putea să vă placă și