Wednesday, November 30, 2011

Governance Factors Related to the Outsourcing Organization


Attention to IT within Business Units


The outsourcing objectives are not always equally clear to everyone involved within the outsourcing organization (KPMG Impact, 1995). This doesn't enable achieving governance in IT outsourcing partnerships. It is therefore the task of the CIO, as well as senior management, to communicate these internally. The outsourcing objectives of outsourcing organizations are often focused on cost savings (Morgan & Chambers, 2001; Outsourcingproject, 2002). This is not necessarily in line with the information needs of the business units of the outsourcing organization.

 

Expert 5: "there needs to be awareness within the organization <the outsourcing organization>, of what the objectives are, and probably not only by the CIO, but also by corporate management."

 

Building on this, business units should no longer judge IT on the basis of costs, but on the basis of its added value. A shift must take place from the minimization of costs to the maximization of business impact (Kotwica & Field, 1999). Lacity and Willcocks (2001) support this transformation, albeit with a somewhat different nuance. This transformation is related to the changing role of IT. The role of IT is shifting from the support of non-primary processes to IT that forms part of the products or services that are provided by the outsourcing organization, such as in-product software. Another example is provided by Willcocks and Plant (2001): UPS has a track and trace Internet application which allows clients to track their shipments during transport. When business management pays proper attention to IT, the organization is able to anticipate needs in a timely fashion. In view of the ever-decreasing time-to-market, it is not an excessive luxury to involve IT proactively in the development of new products and services. This line of thought fits into the observations made by Gerrity and Rockart, who already in the mid-80s concluded that line managers feel themselves to be increasingly responsible for IT (Gerrity & Rockart, 1986). It also fits in with the suggestion made by Earl that IT can be used "to develop new business" (Earl, 1987).

Business Manager, Firm 5: "We specifically involve our information managers in our product creation process. This helps us to prevent IT from becoming a bottleneck when we are ready to introduce new products."

 

The management of the outsourcing relationship is the responsibility of the CIO and IM. This concept is further developed. However, it is important for business management to devote proper attention to the outsourcing relationship (Willcocks & Fitzgerald, 1994; Klepper & Jones, 1998). Attention to the outsourcing relationship on the part of business management has a positive influence on the management of outsourcing relationships (Quinn & Hilmer, 1995). Gartner supports this position and adds: [business management] "must actively manage their side of the partnership" (Terdiman, 1991). To retain business management's attention, the type of reporting about the IT services delivered is very important and must be consistent with the type of reporting units that business management is familiar with (Katz & Katz, 1966; Feeny, Willcocks, & Core, 1998).

 

A Clear IT Strategy


IT strategy is defined as the strategy of the outsourcing organization in relation to its information technology and IT services, and the role these play, or will play, within the outsourcing organization. This is consistent with the definitions put forth by Zani (1970), McLean and Soden (1977) and King (1978). The development and implementation of the IT strategy is the responsibility of the Chief Information Officer (CIO). An IT strategy is essential because organizations are able to implement new technologies within their organization on the basis of this strategy, and will subsequently be able to derive strategic benefits from this (Porter & Millar, 1985; Earl, 1987). From a governance perspective it is important to create alignment between the business and IT. The IT strategy can be a facilitating factor in accomplishing this (Henderson & Venkatraman, 1993). Furthermore, organizations are well advised to incorporate their sourcing strategy into the IT strategy: how does the organization intend to deliver the required IT services in support of business operations (Currie & Willcocks, 1998)? This issue requires continuous attention from the CIO (Grigg & Block, 2002).

 

The development and implementation of an IT strategy is not easy. Through the development of different scenarios it is possible to reduce uncertainty (Emery & Trist, 1965; van der Heijden, 1996). Scenarios can also be used for the development of an IT strategy (Rosser, 1998; van der Zee & van Wijngaarden, 1999). Among others, Gartner and IDC also work with scenarios.

It is important to emphasize that responsibility for the development of the IT strategy lies with the outsourcing organization itself (KPMG Impact, 1995). The capacity for executing this responsibility is denoted as IT/IS leadership by Feeny and Willcocks (1997c). Gartner also views the transfer of responsibility for developing an IT strategy to someone else as a high risk: "retain control of, or be able to influence, strategic technology issues and directions" (Terdiman, 1991). It is possible, however, to involve external consultants in the formulation of an IT strategy. The use of external consultants may be considered as a means of supplementing a shortage in required capacity and for hiring specific knowledge that the organization is not able to develop and/or maintain itself.

Business Director, Firm 1: "You do the following <when developing an IT strategy>, you throw out some ad hoc questions and you ask for some research to be conducted. In some instances a project manager from the consultancy firm may be involved. You use this person to test your ideas. However, the situation must not be such that the external consultant jointly determines your IT strategy."

 

Information Management as the Link between Business Units and IT Suppliers


The information manager is responsible for the alignment of the demand for IT services by the outsourcing organization's business units with the services provided by the IT suppliers (Quinn, Doorley, & Paquette, 1990). The information manager is furthermore responsible for the IT outsourcing partnership and supports the Chief Information Office (CIO) in the implementation of the IT strategy (Corbett, 1994; McFarland & Nolan, 1995). The effort required on the part of outsourcing organizations to manage the IT outsourcing partnership is substantial. The cost of the effort expended by the information management function is between 2% and 10% of the contract value (Aylott, 2002).

 

In order to be able to properly carry out these tasks, information managers require knowledge of the business operations, as well as IT (Willcocks & Fitzgerald, 1994; Kitzis, 1998). Many outsourcing organizations have difficulty finding qualified candidates to carry out these functions (Heckmann, 1999).

Expert 3: Three months ago <2000> I was doinga presentation at a conferenceand resourcing the information management office was one of the major discussions that took place. There were a lot of vendors <IT suppliers> and major user organizations <outsourcing organizations>. What most of the user organizations came up with, they were saying it's so hard. To find people who have experience or expertise with this supplier management model, that are able to manage multiple suppliers in particular."

 

It is important to ensure there exists a strong information management function that can provide a counterbalance to business unit management. Lacity and Hirschheim (1995a) refer to this as "senior management must empower IS <meaning information management> to implement changes."

 

A Properly Functioning Chief Information Officer


The Chief Information Officer (CIO) is responsible for the development and implementation of the IT strategy and carries final responsibility for the IT outsourcing partnership relationships (Earl & Feeny, 1997a; Kotwica & Fields, 1999; Lacity & Willcocks, 2001).

 

In order to be able to provide proper direction to their responsibilities, which includes safeguarding the governance of the IT outsourcing partnership, it is important that in addition to their knowledge of information technologies, both the CIO and the information managers also understand the business operations and developments in the markets in which the outsourcing organization is active or intends to become active (Willcocks & Fitzgerald, 1994; de Looff, 1996; Kitzis, 1998). A CIO could also play an important role in the alignment of business operations with IT. Many organizations set up an IT Board for this purpose. Gartner refers to these boards as coordinating committees: the business-IT strategy committee (Dreyfuss, 2002). This is an organization-wide steering committee in which all business units and information management is represented and which is chaired by the CIO. The IT Board is able to explore the political field of influence and decisions concerning the IT services to be provided can be prepared and discussed here. All case studies analyzed included the use of some kind of IT Board.

Account Manager IT Supplier, Firm 2: "My customer has an IT Board that functions as kind of an awareness club for different business functions, including purchasing, sales and transportation. Due to the fact that all divisions are represented, there exists strong support for preparing decisions about the IT services to be provided."

 

To ensure that the CIO is able to function properly, it is also essential that the CIO function be positioned at the proper level within the organization. Outsourcing organizations are ill advised to place the CIO on the Board of Directors. Responsibility for providing IT services is an integral responsibility of the entire Board of Directors. The CIO should therefore report to one of the members of the Board of Directors (Earl & Feeny, 2000). A trend is being observed in this regard which shows that an increasing number of CIOs are directly reporting to the Chief Executive Officer instead of to the Chief Financial Officer or to the Chief Operating Officer (Kotwica & Fields, 1998).

Expert 1: "Anyone who'd like to play the role of an entrepreneur, and this should include all members of the Board of Directors, must simply possess understanding and knowledge <about the IT function> and maybe then you can simply turn over the service aspects to the CIO. But the understanding of technology, what that <technology> can do for the business, I think that this will become an integral part of entrepreneurship."

Security Control: Maintenance - Class: Operational

MA-1 SYSTEM MAINTENANCE POLICY AND PROCEDURES


Control

 

The organization develops, disseminates, and periodically reviews/updates: (i) a formal, documented, information system maintenance policy that addresses purpose, scope, roles, responsibilities, and compliance; and (ii) formal, documented procedures to facilitate the implementation of the information system maintenance policy and associated system maintenance controls.

Supplemental Guidance

The information system maintenance policy and procedures are consistent with applicable federal laws, directives, policies, regulations, standards, and guidance. The information system maintenance policy can be included as part of the general information security policy for the organization. System maintenance procedures can be developed for the security program in general, and for a particular information system, when required. NIST Special Publication 800-12 provides guidance on security policies and procedures.

Control Enhancements

None.

LOW

MA-1

MOD

MA-1

HIGH

MA-1

 

MA-2 PERIODIC MAINTENANCE


Control

 

The organization schedules, performs, and documents routine preventative and regular maintenance on the components of the information system in accordance with manufacturer or vendor specifications and/or organizational requirements.

Supplemental Guidance

Appropriate organizational officials approve the removal of the information system or information system components from the facility when repairs are necessary. If the information system or component of the system requires off-site repair, the organization removes all information from associated media using approved procedures. After maintenance is performed on the information system, the organization checks the security features to ensure that they are still functioning properly.

Control Enhancements

(1) The organization maintains a maintenance log for the information system that includes: (i) the date and time of maintenance; (ii) name of the individual performing the maintenance; (iii) name of escort, if necessary; (iv) a description of the maintenance performed; and (v) a list of equipment removed or replaced (including identification numbers, if applicable).

(2) The organization employs automated mechanisms to ensure that periodic maintenance is scheduled and conducted as required, and that a log of maintenance actions, both needed and completed, is up to date, accurate, complete, and available.

LOW

MA-2

MOD

MA-2 (1)

HIGH

MA-2 (1) (2)

 

MA-3 MAINTENANCE TOOLS


Control

 

The organization approves, controls, and monitors the use of information system maintenance tools and maintains the tools on an ongoing basis.

Supplemental Guidance

None.

Control Enhancements

(1) The organization inspects all maintenance tools (e.g., diagnostic and test equipment) carried into a facility by maintenance personnel for obvious improper modifications.

(2) The organization checks all media containing diagnostic test programs (e.g., software or firmware used for system maintenance or diagnostics) for malicious code before the media are used in the information system.

(3) The organization checks all maintenance equipment with the capability of retaining information to ensure that no organizational information is written on the equipment or the equipment is appropriately sanitized before release; if the equipment cannot be sanitized, the equipment remains within the facility or is destroyed, unless an appropriate organization official explicitly authorizes an exception.

(4) The organization employs automated mechanisms to ensure only authorized personnel use maintenance tools.

LOW

Not Selected

MOD

MA-3

HIGH

MA-3 (1) (2) (3)

 

MA-4 REMOTE MAINTENANCE


Control

 

The organization approves, controls, and monitors remotely executed maintenance and diagnostic activities.

Supplemental Guidance

The organization describes the use of remote diagnostic tools in the security plan for the information system. The organization maintains maintenance logs for all remote maintenance, diagnostic, and service activities. Appropriate organization officials periodically review maintenance logs. Other techniques to consider for improving the security of remote maintenance include: (i) encryption and decryption of diagnostic communications; (ii) strong identification and authentication techniques, such as Level 3 or 4 tokens as described in NIST Special Publication 800-63; and (iii) remote disconnect verification. When remote maintenance is completed, the organization (or information system in certain cases) terminates all sessions and remote connections. If password-based authentication is used during remote maintenance, the organization changes the passwords following each remote maintenance service. For high-impact information systems, if remote diagnostic or maintenance services are required from a service or organization that does not implement for its own information system the same level of security as that implemented on the system being serviced, the system being serviced is sanitized and physically separated from other information systems before the connection of the remote access line. If the information system cannot be sanitized (e.g., due to a system failure), remote maintenance is not allowed.

Control Enhancements

(1) The organization audits all remote maintenance sessions, and appropriate organizational personnel review the audit logs of the remote sessions.

(2) The organization addresses the installation and use of remote diagnostic links in the security plan for the information system.

(3) Remote diagnostic or maintenance services are acceptable if performed by a service or organization that implements for its own information system the same level of security as that implemented on the information system being serviced.

LOW

MA-4

MOD

MA-4

HIGH

MA-4 (1) (2) (3)

 

MA-5 MAINTENANCE PERSONNEL


Control

 

The organization maintains a list of personnel authorized to perform maintenance on the information system. Only authorized personnel perform maintenance on the information system.

Supplemental Guidance

Maintenance personnel have appropriate access authorizations to the information system when maintenance activities allow access to organizational information. When maintenance personnel do not have needed access authorizations, organizational personnel with appropriate access authorizations supervise maintenance personnel during the performance of maintenance activities on the information system.

Control Enhancements

None.

LOW

MA-5

MOD

MA-5

HIGH

MA-5

 

MA-6 TIMELY MAINTENANCE


Control

 

The organization obtains maintenance support and spare parts for [Assignment: organization-defined list of key information system components] within [Assignment: organization-defined time period] of failure.

Supplemental Guidance

None.

Control Enhancements

None.

LOW

Not Selected

MOD

MA-6

HIGH

MA-6

'Abd al-Hamid Ibn Badis

 

'Abd al-Hamid Ibn Badis was the leader of the Islamic reformist movement in Algeria and founder of the Association des Ulema Musulmanes Algeriens (AUMA). He was born in 1889 in Constantine, where he also died in 1940. After receiving a traditional education in his hometown, Ibn Badis (locally referred to as Ben Badis) studied at the Islamic University of Zaytuna, in Tunis, from 1908 to 1912. In the following years he journeyed through the Middle East, par­ticularly in Egypt and Saudi Arabia, where he came into contact with modernist and reformist currents of thought spreading within orthodox Sunni Islam.

Ibn Badis became the most prominent promoter of the Islamic reformist movement in Algeria, first through his preaching at the mosque of Sidi Lahdar in his hometown, and, after 1925, through his intensive journalistic activity. He founded a newspaper, Al-Muntaqid (The critic), which closed after a few months. Immediately afterwards, however, he began a new and successful newspaper, Al-Shihab (The me­teor), which soon became the platform of the reformist thinking in Algeria, until its closure in 1939. Through the pages of Al-Shihab, Ibn Badis spread the Salafiyya movement in Algeria, presented his Qur'anic exegesis, and argued the need for Islamic reform and a rebirth of religion and religious values within a society that, in his view, had been too influ­enced by French colonial rule. He further argued that the Algerian nation had to be founded on its Muslim culture and its Arab identity, and for this reason he is also considered a precursor of Algerian nationalism. He promoted the free teaching of Arabic language, which had been marginalized during the years of French rule, and the establishment of free schools for adults, where traditional Qur'anic studies could be taught.

In May 1931 he founded the AUMA (also Association of Algerian Muslim Ulema), which gathered the country's lead­ing Muslim thinkers, initially both reformist and conserva­tive, and subsequently only reformist, and served as its president until his death. Whereas the reformist programs promoted through Al-Shihab had managed to reach an audience limited to the elite educated class of the country, the AUMA became the tool for a nationwide campaign to revive Islam, Arabic, and religious studies, as well as a center for direct social and political action. Throughout the country he founded a net­work of Islamic cultural centers that provided the means for the educational initiatives he advocated and the establish­ment of Islamic youth groups. He also spearheaded a cam­paign against Sufi brotherhoods, accusing them of introducing blameworthy innovations to religious practice, and also of cooperating with the colonial administration. He played an important political role in the formation of the Algerian Muslim Congress in 1936, which arose in reaction to the victory of the Popular Front in France, and was active politically in the country until his premature death in 1940. Thanks to his activities as leader of the AUMA and to his writing in Al-Shihab, Ibn Badis is considered by some to be the most important figure of the Arab-Islamic cultural revival in Algeria during the 1930s.

ABD AL-JABBAR (935-1025)

 

'Abd al-Jabbar was a Mu'tazilite theologian and Shafi'ite jurist, known as Qadi 'Abd al-Jabbar b. Ahmad al-Hamadani. He was born in Asadabad in Iran about 935, studied kalam with Abu Ishaq al-'Ayyash in Basra, and associated with the prominent Mu'tazilite scholar Abu 'Abdullah al-Basri in Baghdad. 'Abd al-Jabbar was appointed as chiefjudge of Rayy with a great authority over other regions in northern Iran by the Buyid wazir Sahib b. 'Abbad in 977. Following his dismissal from the post after the death of Ibn 'Abbad, he devoted his life to teaching. In 999 he made a pilgrimage to Mecca through Baghdad, where he spent some time. He taught briefly in Kazvin (1018-1019) and died in 1025 in Ray.

As the teacher of the well-known Mu'tazilites of the eleventh century, such as Abu Rashid al-Nisaburi, Ibn Mattawayh, Abu 'l-Husayn al-Basri, and as the master of Mu'tazilism in its late period, 'Abd al-Jabbar elaborated and expanded the teachings of Bahshamiyya, the subgroup named after Abu Hashim al-Jubba'i. He synthesized some of the Mu'tazilite views with Sunni doctrine on the relation of reason and revelation, and came close to the Shi'ite position on the question of leadership (imama). He is also a significant source of information on ancient Iranian and other monothe­istic religions.

'Abd al-Jabbar wrote many works on kalam, especially on the defense of the Qur'an, and on the Prophet of Islam. Some of his books, including most of his twenty-volume work al-Mughni, have been published. Commentaries on two of his lost books, Sharh al-usul al-khamsa by Qiwam al-Din Mankdim and al-Muhit bi'l-taklif by Ibn Mattawayh, are also available.

Tuesday, November 29, 2011

Hard disk Problem Troubleshooting


Problem hard drives often announce their displeasure in the form of on-screen errors and warnings or through error codes you find when running your manufacturer’s drive diagnostic utility. Let’s look at the major drive-related error messages and learn how to use them to figure out what’s wrong.








On-Screen Errors Related to Hard disk problem


Hard drive error messages and warnings usually appear when you first try to start the PC and after a brief wait (while the system tries in vain to access the drive), an error appears on the screen before Windows would load normally. Sometimes such messages appear as you work in Windows itself and usually, when you’re trying to read from or write to the affected drive.

Errors Indicating a Problem with the Data or Drive


The following messages often indicate either physical damage to the drive or corruption of the data or file system on the drive:
Data Error Reading Drive <drive-letter>

Error Reading Drive <drive-letter>

I/O Error

Seek Error/Sector Not Found

Serious Disk Error Writing Drive <drive-letter>

With these errors, try to check the disk for errors if you can keep the PC working. For this, use ScanDisk or CHKDSK. If either ScanDisk or CHKDSK reports errors they can’t fix or mentions possible physical damage to the drive, immediately make your best attempt to back up the data on the drive. Then contact your hard drive manufacturer, try data-recovery software, or consult a data-recovery specialist. In any event, replacement of the hard drive will probably be necessary.

You should be aware that it’s possible to see some or most of these errors and warnings without actual damage to the drive or its data. Certain temporary or easily fixed situations like a loose or failing data cable or short-term overheating can generate errors. For example, if I’m operating a hot-running PC in a very warm room without good PC cooling practices, I might see a seek or reading drive error message. If I’m smart, I’ll shut down my PC properly and let it cool down before I attempt to do more work; this temporary problem could turn to drive or data damage if I don’t.

Overclocking, a practice where you modify BIOS settings past their recommended operating levels to achieve better speed and performance, can produce these errors, too. Errors can be the direct result of excessive settings and the overheating that accompanies pushing hardware to its limits. If you overclock and then begin to see drive errors, consider this a distinct possibility and reverse the changes you made to see if the errors stop.

You may hear the term head crash referred to in relation to hard drive failures. A head crash is a specific type of hardware failure where the read/write heads of the drive, normally positioned carefully to move over but not touch the drive’s platters, instead come into contact with the surface, damaging the platter and the data it contains. The result may leave you temporarily able to open files (or not), but you’ll notice a great deal of noise coming from the drive (clicking, grinding, or strain). This is something you cannot repair








Working with a Drive Stuck in MS-DOS Compatibility Mode


In pre-Windows XP versions (95/98/Me), you’ll sometimes see hard drives running in what is called MS-DOS Compatibility Mode. This means that the drives have failed to clear the Windows’ startup evaluation for whether such drives can load and run properly.

Unfortunately, you won’t always see an on-screen error message about this, and you may not even discover it until you go looking. Instead, what you may notice is a deadly slow system, particularly with any operation that involves the hard drive.

However, when you choose Start Ø Settings Ø Control Panel Ø System Ø Performance tab, you’ll find the message
Compatibility Mode Paging reduces overall system performance

This problem may occur due to

  • Failure of the hard drive’s on-board controller. This requires drive replacement because today’s hard disk controllers are typically built into IDE/ATA hard drives.

  • A virus. Use anti-virus software to perform a full scan.

  • A hardware conflict between the hard drive controller and another piece of hardware, for example, both devices trying to use the same IRQ. Check Device Manager for a yellow exclamation mark (!) indicating a conflict, find what else it’s conflicting with, and rearrange them.

  • Something (you or software) has disabled the hard drive controller in Device Manager, where it appears as a red x. Click the x, try to enable the controller again, and investigate what you may have installed that caused this problem.


I’ve seen Compatibility Mode crop up frequently with older laptops where you have to swap in and out different drives such as a CD-ROM and floppy drive. In this case, shutting the laptop down and restarting it often makes Compatibility Mode disappear.

Manufacturer-Specific Error Codes


In addition to the kinds of error messages your BIOS at bootup and Windows during your session produce related to hard drive problems, you may find that your drive manufacturer has a list of error codes their drives might report. Such messages are either generated by or only seen within the drive-management software that comes with some hard drives.

For example, Western Digital hard drives typically come with Data Lifeguard software that can report various errors, many of which mean “replace the drive if you get this error.” There is even an online version of the Data Lifeguard software to test your drive through your Internet connection and browser while connected to their site (http://support.wdc.com/dlg/onlinedlg.asp).

Many hard drive manufacturers do not accept a hard drive for a return or repair without first running their diagnostics. Call the manufacturer first and ask for a return authorization. At this point, they usually ask for the error code. If they ask for the error code, they expect you to run the diagnostics. If you send in a drive without the error code, they’ll simply return the drive to you without testing.

Monday, November 28, 2011

Application Tutorial: Don't Throw the PDA

The average user of a mobile item is one who is hurried and is rushing off to work.
Of course, mobile items are just the right thing for them and they could really pose improvements on their user's life.


Apart from making everything simpler, lighter and faster, mobile items like PDA's and mobile phones speak of convenience with just the power of touch. It is so easy to use that even a one-handed hold can be enough to use it, and this is something that's more effective with both hands.


Mobile items are good for multi-tasking scenarios, but one should always keep in mind that no matter how convenient or simple an item is, it is still difficult for a beginner. In this occasion, the prime thing to remember is that these items and their applications are not made to confuse their users into frustration.


They are not to be thrown out of the window in frustration and with this, it is best to keep the mind clear of obstructions when using these items for the first time. Of course there are tutorial lessons to take for the applications, but this is for the items that are very hard to understand, but these lessons are free and are found in videos made by their manufacturers.


Now, some tutorial lessons are even found in the item itself like in some PDA's, where there's a step-by-step process as provided by the applications.
Other than these, the first-time users can rely on the pamphlets or guide-letters for instructions, and this can be likened to an old-style tutorial.

Measuring the Governance Factors for IT Outsourcing Partnership


















































































Governance Indicators by Governance Factor for the Outsourcing Organization

Governance Factors for the Outsourcing Organization



Governance Indicators



1.1 Attention to IT within business units



1.1.1.



Responsibility for IT has been assigned to the management team of the business function



1.1.2.



IT service delivery is evaluated in terms of its added value and its cost



1.1.3.



The business functions proactively involve the IT supplier's IT specialists in the development of new products or services



1.1.4.



Business function play particular attention to the strategic management of the IT outsourcing relationship



1.2 A clear IT strategy



1.2.1



The outsourcing organization's IT strategy is linked to and interacts with outsourcing organization's overall strategy



1.2.2



The outsourcing organization's supplier strategy is an explicit part of the IT strategy and focused on continuity



1.2.3



The IT strategy anticipates new developments in the market in which the outsourcing organization operates or is going to operate and which offers opportunities for developing new technologies



1.2.4



The role of external IT suppliers and consultancy firms in the development and implementation of the IT strategy is limited to a facilitating or supporting role. The outsourcing company is accountable for developing and implementing the IT strategy



1.2.5



Alignment of the IT strategy with the parent company's IT strategy



1.2.6



An adequate IT board



1.3 Information management as the link between business units and IT suppliers



1.3.1



The information management comprises the following tasks: development & implementation of IT strategy, contract management, points of contact of the IT supplier and points of contact for the business functions



1.3.2



Information management possesses both business knowledge and IT knowledge



1.3.3



Information management has a facilitating role in implementing the IT strategy on behalf of the business functions



1.4 A properly functioning Chief Information Officer



1.4.1



Within the board of management of the outsourcing organization there is attention for IT



1.4.2



The role of the CIO comprises the following tasks: alignment of business and IT, development & implementation of the IT strategy, managing of IT outsourcing relationships and governance of IT



1.4.3



The CIO is accountable for the IT outsourcing relationship



1.4.4



The CIO possesses both business knowledge and IT knowledge












































































Table 9: Governance Indicators by Governance Factor for the Maintenance of the Relationship

Governance Factors for the Maintenance of the Relationship



Governance Indicators



2.1 Mutual trust between the outsourcing organization and the IT supplier



2.1.1



Overall strategies are enhanced between the outsourcing organization and the IT suppliers and the objectives of the outsourcing company and the IT suppliers are aligned



2.1.2



The cultures of the outsourcing organization and the IT suppliers do not clash



2.1.3



Mutual trust between the staff members of the outsourcing organization and the external IT suppliers



2.2 Experience in establishing and maintaining IT outsourcing relationships



2.2.1



The IT suppliers have an experienced-based methodology for defining IT outsourcing relationships and the outsourcing organization has an experienced-based process description for defining IT outsourcing relationships



2.2.2



The outsourcing organization's strategy focuses on establishing alliances with suppliers and the strategy of the IT suppliers is focusing on establishing long-term relationships with outsourcing organizations



2.2.3



The outsourcing organization and the external IT suppliers do not only judge the performance of the outsourcing relationship on the basis of short-term results



2.2.4



After the IT outsourcing contract has been signed, a planned and successful transition was carried out



2.3 Efficient and effective IT outsourcing contracts



2.3.1



The IT outsourcing contracts between the outsourcing organization and the IT suppliers are flexible



2.3.2



The descriptions in the outsourcing contracts as well as any other mutual obligations are in line with the spirit of the relationship between the outsourcing organization and the IT suppliers: completeness is not an issue



2.3.3



The IT outsourcing contracts clearly specify the reporting frequency and the content of the reporting



2.3.4



The outsourcing contracts explicitly specify the consequences of not or not fully meeting the terms of the contract and the maximum amount of damages to be paid for not or not fully meeting the terms of the contract



2.3.5



IT outsourcing contract have a satisfactory profit margin



2.4 An audit & benchmark process in place



2.4.1



The accountable officers of the outsourcing organization and the IT suppliers periodically evaluate the cooperation and content of the IT outsourcing contract at predefined points in time and, if necessary, at any other point in time



2.4.2



The IT outsourcing contracts clearly specify which process is to be followed should there be deviation from the agreements reached



2.4.3



The audit process should be based on a general accepted standard











































































Table 10: Governance factor by Governance Factor for the IT Suppliers

Governance Factors for the IT Suppliers



Governance Indicators



3.1 Adequate Contract and Account Management



3.1.1



Contract and account management tasks include: management of IT resources, overseeing the IT service provision, maintaining and increasing turnover, business development, optimization of the cooperation with other IT suppliers and ensuring internal priority for the IT outsourcing contract



3.1.2



The responsibility of the contract and the account management for the outsourcing relationship is separated from the responsibility for the IT service provision and the IT business function



3.1.3



The IT supplier's organization pays specific attention to IT outsourcing relationships and the IT outsourcing contracts are managed by a separate organizational unit: this unit is also responsible for the ongoing delivery of the IT services



3.1.4



Contract and account management of the external IT supplier and the management of the IT business function posses business knowledge in addition to IT expertise



3.2 Adequate service delivery processes



3.2.1



The cost component required to deliver the IT services are well understood



3.2.2



The available manpower capacity of an IT business function is used optimally



3.2.3



The IT business functions include sufficient overhead costs to manage the IT business function



3.2.4



IT employees spend an adequate number of training hours each year as part of an improvement-focused and concrete training plan to train themselves in new technologies and interpersonal and business skills



3.2.5



Process govern service delivery



3.2.6



Working with a limited group of dedicated resources to execute the IT service provision tasks



3.2.7



The external IT supplier has alliances with specialized business organizations



3.3 The availability of human resources to the IT suppliers



3.3.1



IT employees are given the opportunity to gain experience with new technologies



3.3.2



The IT supplier is able to attract a sufficient number of qualified new employees from the labor market



3.3.3



The IT supplier has a high training budget and individual employees have a say in how their training budget is spend within the framework of an overall concrete and development-focused training plan



3.3.4



The IT supplier has a low turnover percentage among the employees assigned to a specific IT outsourcing contract


The Historic View of Corporate Governance

 

Traditionally organisations held the view that capital markets were only interested in the share price. Corporate governance was therefore considered a necessary evil at the cost of developing business. As it concerns financial reporting, achieving compliance was deemed the responsibility of the finance function, which in turn adopted the view that governance could best be achieved through internal audits.

According to research by consultants McKinsey, good corporate governance practice is now strongly tied to investment decisions the world over. The group's 2002 Global Investor Opinion Survey showed that an overwhelming number of investors were prepared to pay a premium for companies with high governance standards. In North America and Western Europe purchase premiums averaged 12-14 per cent, in Asia and Latin America 20-25 per cent, and 30 per cent in Eastern Europe and Africa. Institutional investors have also begun to look closely at the corporate governance records ofcompanies they invest in.

 

 

Case Study: What Good Corporate Governance Means to a Company like Shell

Upholding the Shell reputation is paramount. We are judged by how we act. Our reputation will be upheld if we act with honesty and integrity in all our dealings and we do what we think is right at all times within the legitimate role of our business.

(Extract from Shell's Statement of General Business Principles, 1997)

NGOs (non-governmental organisations) and ethical share­holders have in the past taken a poor view over the business operations of oil companies like Shell. Since 1976, however, the petrochemical giant has gone to great lengths to achieve high levels of corporate governance, corporate social responsibility and socially responsible investment (SRI).

The company, which is spending considerable time and effort into developing its alternative fuel operations, now tops CG and CSR ethical investment indices, including the FTSE4Good Index. It works closely with the UN Development Programme and NGOs on proposed projects. Extensive environmental and social impact studies are always carried out prior to any project start.

 

Shell is also addressing the HIV/AIDS pandemic by working in partnership with other organisations to help reduce the spread of the disease. Throughout sub-Saharan Africa, the company runs AIDS prevention and care programmes for employees and their families. Free treat­ment is also offered to employees infected with the disease.

Its high level ofcorporate transparency and 'honesty' has been achieved through its Statement of General Business Principles (SGBP) — a guiding framework based on the core values of honesty, integrity, and respect for people, as well as openness, trust, professionalism and teamwork. Included in those principles is a clear and unequivocal stance on the non-acceptance of bribes or facilitation payments, or the support of political parties in any way.

The SGBP, which was the first statement of its kind made by a quoted organisation, has been revised five times since its first publication in 1976, with the most recent revision in 1997. In that year, further focus was placed on human rights issues and sustainable development, transpar­ency and implementation. Successes and failures of KPIs (key performance indicators) set within those principles are printed in the annual Shell Report. The report, which Shell plans to include as part of its financial results, highlights environmental, social and economic performance. Readers are encouraged to make comments on the company's progress by using the 'Tell Shell' facility on the corporate website.

The company uses a combination of 'soft' and 'hard' implementation tools to create an integrated approach. Measurement of set Assurance Policies is achieved by a combination of internal audit, an assurance questionnaire (Assurance Collection Tool), and a free-format assurance letter, which is written by the chairman of each country operation each year. Responses are evaluated by Shell's Committee of Managing Directors and local KPIs are mutually set. The company has also introduced an employee Reputation Tracker survey, which judges the level of compliance within each individual operation. This not only maintains a high level of internal control, but also gives a good picture of the overall health of the company. Additionally, Shell uses the Global Reporting Initiative guidelines to measure the success of CSR policies and materiality.

The company also strongly believes in training, both for senior and middle management positions. A web-based self-teaching program is used for training on issues ranging from human rights to health and safety. Managers take an exam once they have completed the program and are then expected to impart their knowledge to their fellow employees. Access to information and clear communication are of key importance to Shell. For example, the company is planning to create a website detailing successful risk manage­ment solutions implemented by the company over its corporate history to help managers deal with 'unplanned' events. Shell is also looking at making a number ofits internal learning resources available to an external audience.

'These are the ''heart and mind'' systems of corporate governance,' says Albert Wong, Shell global policy advisor. 'Upholding our reputation and protecting our brand is of great importance to Shell. We have a duty to our shareholders, many of whom have pensions linked to their investment, to our employees, customers, business partners and to society as a whole.

'We know that wherever we operate we will have an impact. From day one we want to balance any issues in order to minimise negativity and maximise positive impact. This is all part of the decision-making process.'

Mr Wong adds that good corporate governance also acts as reassurance to the governments of developing nations. This in turn allows Shell to pursue opportunities with the co-operation of all parties involved.

'You can have the best business plan in the world, but if you do not have co-operation on the ground level, it will be useless,' says Mr Wong. 'We are increasingly being pushed to help develop developing nations, which often have weak levels of corporate governance. Our experience and track record has led a number of governments to approach us for advice on this subject.'

He adds that Shell's existing corporate governance measures mean that it is already Sarbanes—Oxley compliant. In fact, the company welcomes the Act, which it claims will help level the energy industry playing field.

'Bidding for a contract is a very stressful time. In the past we could not be sure of the ''honesty'' of a rival bid. With Sarbox, the assurances are in place.'

Note: Issues that emerged in 2004 surrounding the over-reporting of oil reserves by Shell caused considerable damage to the company's reputation, led to the dismissal of senior executives and the company was forced to pay substantial fines. This serves to highlight that despite the best intentions, processes and systems in the world, corporate governance must be adhered to at every level in order to maintain and not destroy stakeholder value.

Sunday, November 27, 2011

Windows 7 and Vista Different looks

 

Since Windows 7 has been available for download, many reviews have already been issued all over the internet. The interest in every new operating system really is there especially that Microsoft has been the leading operating system in many individual computers.

Well, Windows 7 has made some new features available. But it has taken away some bundle applications available in Vista though. One thing is for sure, Windows 7 is compatible with all Vista applications so there should not any worry about it accord­ing to Microsoft.

Start with the obvious change in the interface. One thing one will notice immediately is the taskbar. There won't be test descriptions of the applications anymore. What people would see instead are large icons of the applications. Right clicking on the icons also gives one a "jump list" which enables users to do more in fewer clicks. Even the start button provides a jump list with frequently used and recently used files and applications.

Navigation of windows has been made easier as well. For instance, a window can be dragged to the top of the screen and it automatically maximizes. The opposite happens when it is dragged from the top going down. The window will then restore. If the user drags the window to the right or to the left, the win­dow will resize into 50% of the screen. This makes it easier for people to view two windows at the same time.

So the changes made in Windows 7 are things like these. Although there are some changes in its workings underneath,

these are what users would mainly feel. These are the changes that would make users excited about it.

Information Security Governance - Threats, Targets, and Trends

Many types of attacks have been discussed in the previous chapters, and while new ones might be appearing on a regular basis, older ones are not necessarily dying offthey are being reused and reinvented in ever-destructive ways. Table below lists some of the attacks that have been addressed in earlier chapters and states whether their frequency is on the rise, declining, or holding steady.






































Threats, Targets, and Trends According to CSI/FBI

Well-Known ThreatPrimary TargetTrend
DoSServersDeclining
Unauthorized accessServersDeclining
System penetration (usually preceded by a network reconnaissance attack, which can include password attacks)NetworkSteady
SabotageAllDeclining
VirusServers and workstationsDeclining

[*] "CSI/FBI Computer Crime and Security Survey 2004." Computer Security Institute and Federal Bureau of Investigation (CSI/FBI). http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2004.pdf.

It is relevant to note that certain statistical data regarding attack activity can be somewhat contradictorydifferent sources reveal differing attack trends. For example, the 2004 E-Crime Watch Survey, conducted by CSO Magazine in cooperation with the United States Secret Service and the CERT Coordination Center, reports that attacks are up 46%, whereas other organizations report downward trending.

At first glance, the data appears to be conflicting. But delving further, the data reveals a landscape that is being better protected by tools and equipment such as antivirus (AV) software, IDS, IPS, and so on. If organizations were to scour their logs for all attacks that were attempted against their networks, most would likely discover that while the numbers of attacks were on the rise, the damage that had been inflicted had been substantively decreased because of the equipment that had been put in place.

Organizations that have invested in IT security prevention equipment over the last number of years will have experienced the positive trending that has recently been reported. Sustaining an environment that is focused on preventive measures continues to pose a challenge, as attacks, and attackers, will forever attempt to find vulnerable points that can be penetrated.

There might not always be agreement on attack trends, but following them ensures that an organization is always aware of existing threats. An appropriate infrastructure, aligned with an organization's tolerance for risk, can be effectively developed to address the bevy of ever-present threats.

Saturday, November 26, 2011

Information Security Governance - Remote Configuration Policies

System administrators require a secure environment whenever the need arises to configure or manage remote devices. They typically have the following two options:

  • Secure Sockets Layer (SSL)

  • Secure Shell (SSH)



Secure Sockets Layer

SSL provides point-to-point security  is commonly used in financially based web transactions. SSL encrypts a session. As an example, if a financial transaction is being conducted, everything that is resident on that page is encrypted, regardless of whether it requires encrypting intensive graphics or music. A system administrator can use SSL whenever the need arises to configure devices remotely. While SSL is prudent for many applications, it does inject a certain amount of latency, or slowness, into a transmission.


Secure Shell

SSH also provides encryption, but rather than securing an entire session, it offers greater specificity by operating at the command line, narrowing its focus to specific applications.

In general, communication performed at the command line is typically done in a clear-text session, usually on port 23. SSH allows a particular Telnet stream to be encrypted; Telnet is a protocol that issues instructions at the command-line interface of a system. A secure Telnet done on port 22 allows exchanges to be encrypted, reducing the need to encrypt an entire session.

List of Business Disaster Recovery Service Company


  • SunGard
    Specializes in integrated software and processing solutions for financial services.
    www.sungard.com

  • Disaster Recovery Journal
    Magazine dedicated to business continuity. Site includes articles, vendor links, a chat forum, and a lot more.
    www.drj.com

  • Continuity Central
    Resource for business continuity and disaster recovery news, jobs, and information.
    www.continuitycentral.com

  • XOsoft
    Provides continuous application availability solutions for business continuity, disaster recovery, and continuous backup ensuring uninterrupted server access.
    www.xosoft.com

  • Disaster Recovery World
    Business continuity planning and disaster recovery planning directory.
    www.disasterrecoveryworld.com

  • Strohl Systems Group, Inc.
    Business continuity software and services. Authors of LDRPS disaster recovery planning system and BIA Professional business impact analysis software.
    www.strohlsystems.com

  • VeriCenter
    Offers a range of enterprise hosting and infrastructure outsourcing including management for servers, storage, network management, data backup and recovery, and security.
    www.vericenter.com

  • RAID, Inc.
    Manufacturer of high performance RAID arrays backed by 24-hour service and support.
    www.raidinc.com

  • Disaster Recovery Shop
    Offers easy to use disaster recovery plans and audit resources.
    www.disaster-recovery-plan.com

  • BRProactive Business Recovery
    Provides recovery detail for primary business functions, information systems, corporate support functions and voice and data communications.
    www.brproactive.com

  • AlarmTILT
    Provides solutions for alarm handling and emergency communication adapted to most implementation scenarios in IT, production, and emergency environments using SMS, voice alert, and email support.
    www.alarmtilt.com

  • Disaster Recovery System (DRS)
    Plan development software product containing a methodology and the tools to document comprehensive business continuity and recovery plans.
    www.drsbytamp.com

  • Business Protection Systems
    Offers disaster recovery and business continuity planning software and services.
    www.businessprotection.com

  • Iron Mountain Data Protection
    Provides IT solutions including an offsite data storage, disaster recovery plan management, and consultancy services.
    www.digiguard.com.au

  • IBM Business Recovery Services
    Describes IBM's disaster recovery offerings and activities
    www.brs.ibm.com

  • ContingenZ
    Provides consulting and training to recognize, react, and respond to incidents ranging from terrorism to hackers or natural disasters.
    www.contingenz.com

  • Adam Associates
    www.adam.co.uk

  • Davis Bancorp
    Offers disaster recovery services including item processing, inclearings, and imaging capabilities.
    www.davishotsite.com

  • Syntax Integration
    Provides flexible IT solutions such as IT support and outsourcing, infrastructure consulting, as well as business continuity, and disaster recovery.
    www.syntax.co.uk

  • Guardian iT
    Provider of business continuity and data management services.
    www.guardianit.com

  • William Travis Group, Inc. (WTG)
    Offers multi-vendor, technology based business continuity and recovery solutions.
    www.williamtravisgroup.com

  • Memory Deposit, The
    Provides a range of disaster recovery services for individuals. The Memory Deposit offers virtual safety deposit boxes for electronic documents and an emergency contact system.
    www.thememorydeposit.com

  • Radiant Resources Data Protection Solutions
    Find data backup and storage solutions and data archiving solutions for business continuity and disaster recovery. Plan and prepare your enterprise backup solution.
    www.radiantstoragesolutions.com

  • Hogan Financial Systems
    Provides disaster recovery services for bank check image systems.
    www.hoganfin.com

  • Fortune Communications
    Specialists in information, network, and equipment security, firewall and risk management, as well as voice and data communications technology. Experts in telecommunications planning and design.
    www.fciusa.com

  • Wavehill IT Solutions
    Wavehill IT Solutions offers IT support, server upgrades and installation, backup and recovery services, CRM, and network security products. Based in the U.K.
    www.wavehill.co.uk

  • Safetynet plc
    Business continuity (disaster recovery) services and consultancy.
    www.safetynet.co.uk

  • Recovery Specialties
    Storage, business continuity, and disaster recovery consulting for z/OS environments. Recovery Specialties provides for the design and implementation of advanced recovery services.
    www.recoveryspecialties.com

  • Gilligan Consulting
    Disaster recovery, hard drive, file, and database recovery, and source code retrieval.
    www.gilliganconsulting.com

  • Business Continuity & Disaster Recovery Planning World
    Provides a directory of background information and resources.
    www.businesscontinuityplan.co.uk/disasterrecoveryworld

  • HP Business Continuity & Availability Services
    Provides business continuity services to protect against service interruptions.
    h20219.www2.hp.com/services/cache/9270-0-0-225-121.aspx

  • Agility Recovery Solutions
    Provider of on-site disaster recovery and business continuity solutions. Also provides consulting services for creating contingency and emergency preparedness plans.
    www.agilityrecovery.com

Friday, November 25, 2011

Governance in IT Outsourcing Partnerships

The literature first devoted attention to IT outsourcing partnerships in 1990 (Gantz, 1990; Rochester & Douglas, 1990). An IT outsourcing partnership consists of an outsourcing organization and one or more external IT suppliers and the relationship between them. This definition is based on the work of Lacity and Hirschheim (1993), Willcocks and Chio (1995a) and Currie (1998). The IT services outsourcing market is still growing every year. Trend analysts such as Morgan Chambers, IDC and Gartner predict annual growth figures of approximately 10% (Morgan & Chambers, 2001; Lamy, 2001; Cox, 2002a). This growth is also confirmed by publications such as the OutsourcingProject (2002). In addition, market analyses carried out by Gartner indicate that more and more organizations are outsourcing IT services related to their primary business processes. Furthermore, outsourcing organizations are outsourcing complete business processes (Brown & Scholl, 2002). This increases the impact of the IT outsourcing partnership for outsourcing organizations and is further discussed. All of these factors make it essential that sufficient attention be devoted to the governance of IT outsourcing partnerships. Governance will be defined.

 

To position the governance of IT outsourcing partnerships, it is essential to properly understand the advantages and disadvantages of outsourcing and to further develop the elements of an IT outsourcing partnership.

Governance


Governance of IT outsourcing partnerships is, amongst others, defined by Lacity and Hirschheim (1993), Willcocks and Fitzgerald (1994), Corbett (1994) and Klepper (1995, 1998). Based on their definitions the governance of IT outsourcing partnership results in realizing the mutually set goals of the IT outsourcing relationship. These goals may be contrary, such as the cost saving goal of the outsourcing organisation versus the return on investment goals of the IT supplier. The alignment of the goals is a precondition for governance (Beulen, 2000). To achieve alignment governance the contract between the outsourcing organisation and the IT supplier is essential. In order to achieve governance the management of IT outsourcing partnerships is also essential. Management of IT outsourcing is defined as the activities that the outsourcing organisation and the IT supplier take to achieve governance. This definition is based on the work of McFarlan and Nolan (1995), Cox (1999), Heckmann (1999) and Kern and Willcocks (2002). Managing an IT outsourcing requires substantial effort from both the outsourcing organisation and the IT supplier. The management attention for the outsourcing organisation will be detailed. The management attention for the IT supplier will also be detailed.

 

Outsourcing Benefits and Disadvantages


Outsourcing decisions are strongly situation-dependent (Lacity & Hirschheim, 1993; Beulen, Ribbers, & Roos, 1994; de Looff, 1996) and this section consequently summarizes the general advantages and disadvantages of outsourcing. Much was published on this subject during the nineties. This resulted in the perception that outsourcing is only cheaper due to the fact that IT suppliers are able to generate economies of scale and that outsourcing creates a large dependency on the IT supplier. The following summary illustrates this perception.

 

Outsourcing Benefits:

·         Access to expertise and the deployment of new technologies (KPMG Impact, 1995; International Data Corporation, 1998): rapid technological developments require a significant portion of the human resources capacity of internal IT divisions and require high investments in the training of IT professionals. An IT supplier whose core business consists of the delivery of IT services is able to keep the level of knowledge of its IT professionals up to date more effectively and efficiently.

 

·         Increase in the level of flexibility (Lacity & Hirschheim, 1993; Klepper, 1995): due to the fact that an IT supplier has several customers, the IT supplier is better able to absorb the peaks and valleys in the demand for IT services than the internal IT division, which generally only provides services to its parent organization.

 

·         Decrease in costs (Apte, 1990; Willcocks & Fitzgerald, 1994): due to their scale and ability to share production resources, IT suppliers are able to provide more efficient and effective IT services.

 

·         Increase the predictability of costs (Lacity, Willcocks, & Feeny, 1995b; Currie & Willcocks, 1998): outsourcing contracts are generally multi-year contracts. This increases the predictability of costs for the outsourcing organization. This is an important advantage, particularly for investors.

 

·         The generation of cash flows (Earl, 1996; Willcocks & Lester, 1997): through the sale of assets — hardware and immovable property — the outsourcing organization is able to generate a one-time cash flow by outsourcing its IT services.

 

Outsourcing Disadvantages:


·         Management of IT supplier(s) (KPMG Impact, 1995; Feeny, 1997a): the management of IT suppliers requires the attention of the management of the outsourcing organization and this carries its own costs. Furthermore, many organizations have difficulty finding qualified managers to assume this role.

 

·         Confidentiality (Willcocks & Fitzgerald, 1994; Klepper & Jones, 1998): outsourcing arrangements cause the outsourcing organization's confidential data to be accessible to the IT supplier's employees. This constitutes a risk that must be considered when the decision to outsource is taken.

 

·         Dependency on the IT supplier(s) (Terdiman, 1993; Lacity & Hirschheim, 1993): by entering into a multi-year contract, outsourcing organizations become dependent on their IT suppliers, particularly when there are changes in IT services required by the outsourcing organization.

 

Outsourcing Organization


Outsourcing organizations use one of three organization structures [2] (Duncan, 1979; Daft, 1998): the functional organization structure — denoted by Burns and Stalker as mechanistic organizations (1961); the divisional organization structure — the organization structure here follows the organization's business strategy, which leads to the creation of autonomous business units within the enterprise (Chandler, 1962; Lawrence & Lorsch, 1967; Mintzberg, 1979); and the matrix organization structure (David & Laurance, 1977).

 

The position of the Chief Information Officer (CIO) and the information managers within the organization structure of the outsourcing organization are related to the organization structure of the outsourcing organization (Dickson, Leitheiser, & Wetherbe, 1984; Niederman, Brancheau, & Wetherbe, 1991), see Table 1, and influences the manner in which the governance of the IT outsourcing partnership is set up (Earl & Feeny, 1997a; Beulen, 2000). It is essential for outsourcing organizations to staff the CIO and information manager positions in order to be able to implement proper governance of the IT outsourcing partnership (Earl, 1996; Lacity, Willcocks, & Feeny, 1996). The roles of the CIO and the information managers are further described.















Table 1: The Position of the Chief Information Officer (CIO) and the Information Managers Within the Organization Structure of the Outsourcing Organization (Earl, Edwards, & Feeny, 1997b)


·         Functional Organization Structure: The CIO and the information managers occupy a centralized position within the organization. The information managers functionally report to the business unit managers of the outsourcing organization and, hierarchically, to the CIO. Earl refers to this as the Corporate Service IS function (Earl, Edwards, & Feeny, 1997b). 
·         Divisional Organization Structure: The CIO occupies a centralized position within the organization, and the information managers have a decentralized position and are part of the business units. The information managers therefore report hierarchically to the business unit managers and functionally to the CIO. Earl refers to this as the Decentralized IS function (Earl, Edwards, & Feeny, 1997b). 
·         Matrix Organization Structure: The CIO occupies a centralized position within the organization and a number of the information managers occupy a centralized position within the organization. These information managers functionally report to the business unit managers of the outsourcing organization and hierarchically to the CIO. The remaining information managers occupy a decentralized position within the organization. They report hierarchically to the business unit managers and functionally to the CIO. Earl refers to this as the Federal IS function (Earl, Edwards, & Feeny, 1997b). 

The IT Supplier


The IT supplier is responsible for the delivery of the IT services on the basis of a contractual agreement. A distinction is made here between the internal IT supplier — the internal IT division — and external IT suppliers. Cases where the internal IT division provides the IT services are not considered outsourcing arrangements: these are referred to as insourcing.

 

External IT suppliers may be subdivided into specialized companies and full-service suppliers (Pinnington & Woolcock, 1997; Dataquest, 1998). Full service suppliers are further subdivided into first and second tier suppliers. Second tier suppliers provide more limited geographic coverage than first tier suppliers, which are able to provide a consistent worldwide portfolio of IT services (Dataquest, 1998). Specialized companies may be further subdivided into companies that provide specific IT services and companies that operate in vertical markets.

In selecting an IT supplier, the outsourcing organization must choose an IT supplier with a profile that fits the requested IT services (Willcocks & Fitzgerald, 1994; KPMG Impact, 1995; Lacity & Willcocks, 2001). It is important here to select an IT supplier that is comparable to the outsourcing organization in relation to its relative size. If the IT supplier is relatively far larger than the outsourcing organization the attention may not be as appropriate as necessary over the contract period. In the case that the IT supplier is relatively smaller than the outsourcing organization there might be a chance that the outsourcing company cannot benefit from economies of scale. Furthermore, IT suppliers may find difficulties in implementing innovations and flexibility.

There are four variants that may be used by an outsourcing organization to have its external IT suppliers provide the required IT services. A choice must be made in this regard between outsourcing the entire IT service and partial outsourcing. Currie and Willcocks (1998) refer to this as "total outsourcing" and "selective outsourcing" respectively. If an organization opts for selective sourcing, a portion of the IT services will be provided by the internal IT division. The IT literature raises many questions in relation to total outsourcing due to its large dependency on IT suppliers. This includes Lacity, Willcocks and Feeny (1995b) and Huber (1993). In addition, the outsourcing organization must make a choice between outsourcing to a single vendor or to multiple vendors. Currie and Willcocks (1998) refer to this as "single sourcing" and "multiple outsourcing" respectively. "Multiple outsourcing" requires the outsourcing organization to provide greater coordination between IT suppliers and consequently generally leads to higher quality IT services at more competitive prices (Cox, 2002b).

The choice of "single sourcing" or "multiple sourcing" in combination with the choice of "total outsourcing" and "selective outsourcing" yields the following four variations:

1.      Selective Single Outsourcing: the outsourcing organization only outsources a single component to a single external IT supplier. The other components are provided by the internal IT division.

 

2.      Selective Multiple Outsourcing: the outsourcing organization outsources a portion of its IT services to multiple external IT suppliers in combination with portions that are insourced to the internal IT division.

 

3.      Total Single Outsourcing: the outsourcing organization has outsourced all of its IT services to a single external IT supplier.

 

4.      Total Multiple Outsourcing: the outsourcing organization has outsourced all of its IT services to multiple external IT suppliers.

 

The Relationship


The relationship consists of the contractual link between the outsourcing organization and the IT suppliers for the delivery of the IT services.

 

The contracts in all cases include a framework agreement (Willcocks & Fitzgerald, 1994; KMPG Impact, 1995). The framework agreement includes the Service Level Agreements. The contractual relationship can essentially be set up in one of two ways. By linking the method of grouping the SLAs to the geographical location and the business units of the outsourcing organization it is possible to attain a much higher degree of contract effectiveness. This is due to the fact that this approach makes it possible to align the IT services included in the contract with the local information needs of the business units of the outsourcing organization (Beulen, 2000). The grouping of SLAs by the type of IT service makes it possible to build greater efficiency into the contracts. This is so because this approach makes it possible for the IT supplier to standardize its IT services, which in turn enables the IT supplier to realize economies of scale, including the inherent cost savings (Lacity & Hirschheim, 1993).

There are three types of IT outsourcing: Information Systems Outsourcing, Processing Outsourcing and Business Process Outsourcing (International Data Corporation, 1998) [3] — see Table 2. Information Systems Outsourcing is the most commonly occurring form of outsourcing (Cox, 2002b). This chapter will briefly delve into the subject of Business Process Outsourcing.















Table 2: Types of IT Services (International Data Corporation, 1998)


·         Information Systems Outsourcing: A long-term contract, including facilities management, in which the IT supplier assumes responsibility, or part of the responsibility, for providing the IT services and where there is a possibility that the IT supplier takes over the property, or parts of the property, of the internal IT division, and also takes over its personnel. 
·         Processing Outsourcing: IT services for specific processing functions that include a high degree of standardization. The IT supplier carries responsibility here for executing a process that includes IT and non-IT related elements. There is no transfer of personnel or transfer of property to the IT supplier. 
·         Business Process Outsourcing: A specific set of activities and knowledge that is required by an IT supplier for carrying out the activities of a division, process or function of the outsourcing organization. The execution of these activities in support of an IT system or application forms part of the services provided whereby the IT supplier also carries responsibility for non-IT related activities. 

The most important difference here in relation to Information Systems Outsourcing and Processing Outsourcing is that in the case of Business Process Outsourcing the primary emphasis is on the performance of the outsourced process rather than on the performance of the information systems. 

The most important difference here in relation to Information Systems Outsourcing and Processing Outsourcing is that in the case of Business Process Outsourcing the primary emphasis is on the performance of the outsourced process, rather than on the performance of the information systems.

 

[2]In addition, organizations could also adopt a hybrid organization structure in which portions of the organization are structured on the basis of the functional organization structure and portions on the basis of the divisional organization structure. This hybrid organizational structure is not addressed in this chapter.

Using 3G Mobile Applications for Entertainment and Business Purposes

3G mobile applications integrate the functions of modern consumer electronics with mobile phones. This can be clearly seen on the increasing trend of using 3G phones as an all in one entertainment system.


Most 3G enabled mobile phones today support applications for standalone or interactive online gaming. These applications are very appealing to 3G users belonging to younger demographics.


As an entertainment device, it is not surprising to see 3G applications that enable users to use their phones to watch streaming videos. The capability of a 3G phone to produce DVD quality videos makes it an ideal platform for viewing recorded shows or downloadable movies.


3G devices are also capable of streaming live TV broad-casting. With broadband connectivity, 3G applications for TV viewing are becoming very popular among mobile users.


However, 3G devices are not exclusively used as enter-tainment systems. These modern phones are also being used for business purposes. That is why there are lots of 3G applications today that enable business users to conduct real time video conferencing.


This specific feature can be very useful for corporate ex-ecutives. They will be able to conduct important meetings and business consultations via 3G devices. That is why interactive

video conferencing application is always pre-installed on any 3G mobile phone.


3G mobile applications are getting more sophisticated nowadays. These applications virtually convert mobile devices into complete entertainment system as well as important business tool. As more powerful 3G phones are introduced in the market, more 3G compliant applications will be developed to improve user experience and productivity.

Thursday, November 24, 2011

Tips and How to Fix Windows XP Without Reformatting



Before you reinstall or reformat Computer, I will tell you errors contained in the Windows Xp OS, In The article below, there are tips to improve if the OS of Windows XP on your PC without re Installation
;



Correcting Windows XP re-installation




If Windows XP damaged (corrupted) where you do not have another operating system to boot,
You can do the repair installation (Repair Install) who works as setting at
the beginning.

Then:

* Make sure you have the key (key) Windows XP is valid.
* The entire process will take less than 1 / 2 or 1 hour, depending on your computer spec.
* If you are asked for an administrator password, you should select the the second repair option,
not the first one.
* Insert your Windows XP CD and then boot from the CD.
* When it appears the second repair option R = Repair, press the R, This will start the repair.
* Press the F8 key to agree the next process "I Agree at the Licensing Agreement"
* Press the R button when the directory where you installed Windows XP. Usually C: \ WINDOWS
Next will be checked drive C: and start copying files. And automatically restart if needed. Let your CD in the drive.
* Next you will see a picture of "progress bar" which is part of the improvement,
he looks like a normal XP installation normally, including "Collecting Information, Dynamic Update,

Preparing Installation, Installing Windows, Finalizing Installation

* When asked, click the Next button
* When asked to enter a keyword, enter the key (key) Windows XP valid.
* Normally you want to remain in the Domain or Workgroup name the same.
* The computer will restart.
* Then you will have the same screen as the activation of the system as a normal installation.
* Register if you want it (usually not necessary).
* Done;)

Now you can log in with your account that already exists.



NTOSKRNL Damaged or Missing



If you find an error message that "NTOSKRNL not found" / NTOSKRNL not found, do this steps:

* Insert the Windows XP CD and booting from the CD.
* At the time appeared R = Repair option first, press the R.
* Press the number according to the location of the Windows installation you want repaired as appropriate.
* Usually, # 1
* Change to your CD Drive you are.
* Write: CD i386
* Write: ntkrnlmp.ex_ expand C: \ Windows \ System32 \ Ntoskrnl.exe
* If you installed Windows XP on the somewhere else, change it to proper location.
* Remove your CD and type EXIT
* Finish

HAL.DLL Damaged or Missing




If you get errors related to corrupted or missing hal.dll file, it is possible
BOOT.INI file had the wrong configuration (mis-configured.)

* Insert the Windows XP CD and booting from the CD.
* At the time appeared R = Repair option first, press the R.
* Press the number according to the location of the Windows installation you want repaired as appropriate.
* Usually, # 1
* Write: bootcfg / list

How to show content / input of the current BOOT.INI file



* Write: bootcfg / rebuild

* Change the configuration of the BOOT.INI file

* Remove your CD and type EXIT




Directory \Windows\SYSTEM32\CONFIG damaged or lost




If you get an error with the words:

"Windows could not start because the following files is missing or corrupted
\ WINDOWS \ SYSTEM32 \ CONFIG \ SYSTEM or \ WINDOWS \ SYSTEM32 \ CONFIG \ SOFTWARE "

* Insert the Windows XP CD and booting from the CD.
* At the time appeared R = Repair option first, press the R.
* Press the number according to the location of the Windows installation you want repaired as appropriate.
* Usually, # 1
* Enter the administrator password if necessary.
* Write: cd \ windows \ system32 \ config
* Next depending on the location of the damage:
* Write: software system fail software OR fail system
* Next again also depends on the location of the damage:
* Write: copy \ windows \ repair \ system
* Write: copy \ windows \ repair \ software
* Remove your CD and type EXIT


NTLDR or NTDETECT.COM not found




If you find an error that NTLDR not found when booting:

1. For the type of FAT partition

Feel free to boot from your Win98 floppy and copy the files NTLDR or NTDETECT.COM
from the i386 directory to the drive stem / root (root) C: \

2. For the type of NTFS partition

* Insert the Windows XP CD and booting from the CD.
* At the time appeared R = Repair option first, press the R.
* Press the number according to the location of the Windows installation you want repaired as appropriate.
* Usually, # 1
* Enter the administrator password if necessary.
* Enter the following command, where X: is the address of the CD ROM drive you (Customize!).
* Write: COPY X: \ i386 \ NTLDR C \:
* Write: COPY X: \ i386 \ NTDETECT.COM C: \
* Remove your CD and type EXIT

You Done IT :-)

Hasleo Data Recovery FreeV3.2 - Free as in Freeware - Permanently from Hasleo Software

https://www.hasleo.com/win-data-recovery/free-data-recovery.html "Hasleo Data Recovery FreeV3.2 100% Free Data Recovery Software...