7th Phase of growth – Security of the enterprise’s IT/IS Investment

So congratulations, you were just named Chief Information Officer of your company and now moved into your new office.  Looking through the top desk drawer you find a note with three sealed envelops attached.  The note says when you have your first major crisis, open envelop one, the second one open envelop two and the third one open envelop three.  Being the type “A” personality, the one that got you here, you decide to open all three now.  The first one says this is your first crisis blame it on me, your predecessor. The second one says this crisis is yours and you will need a plan to solve it.  The third one says “Oops”, prepare three envelops and leave them in the top draw for your successor.

At this point being a Type “A”, you decide that you are going with envelop two and throw away the other ones.  Your first step is to evaluate your staff and their capabilities.  Looking at their performance records you can learn some of the basics, but you will not be satisfied with just that limited amount of information.  You know about Maslow’s hierarchy of needs.  Although this was explained in a paper by Abraham Maslow in 1943, it still applies today.  The phases are: (1) Physiological (breathing, food, water, sleep, etc.); (2) Safety (security of body, employment, resources, morality, the family, health, property, etc.); (3) Belonging (friendship, acceptance by the group, social needs, sense of belonging); (4) Esteem (self-esteem, confidence, achievement, respect of others, respect by others); (5) Self-actualization (morality, creativity, spontaneity, problem solving, acceptance of facts).  You are aware that Self-actualization is the goal, studies show that only about 2 % are performing at this level.  As people move up the hierarchy with their needs, if suddenly there is a need below, a person will revert back to that level.  (i.e. if someone is working at a self actualization level and can’t breath he would abruptly revert to the Physiological level or if threaten to safety.

You remember about Richard Nolan’s stages-of-growth theoretical model published in the Harvard Business Review with four phases of growth plus two others added later for a total of six phases.  Because of its popularity, many papers pro and con comments were written about the phases.  Your personal conclusion is based the experiences you gone through and that the model works well for a structured point of reference.

Stage I Key points:

  • User awareness is characterized as being “hands off”.
  • IT personnel are “specialized for technological learning”.
  • IT planning and control is not extensive.
  • There is an emphasis on functional applications to reduce costs.

Stage II Key points:

  • There is a proliferation of applications.
  • Users are superficially enthusiastic about using data processing.
  • Management control is even more relaxed.
  • There is a rapid growth of budgets.
  • Treatment of the computer by management is primarily as just a machine.
  • Rapid growth of computer use occurs throughout the organization’s functional areas.
  • Computer use is plagued by crisis after crisis.

Stage III Key points:

  • There is no reduction in computer use.
  • IT division’s importance to the organization is greater.
  • Centralized controls are put in place.
  • Applications are often incompatible or inadequate.
  • There is use of database and communications, often with negative general management reaction.
  • End user frustration is often the outcome.

Stage IV Key points:

  • There is rise of control by the users.
  • A larger data processing budget growth exists.
  • There is greater demand for on-line database facilities.
  • Data processing department now operates like a computer utility.
  • There is formal planning and control within data processing.
  • Users are more accountable for their applications.
  • The use of steering committees, applications financial planning becomes important.
  • Data processing has better management controls and set standards.

Stage V Key points:

  • Data administration is introduced.
  • There is identification of data similarities, its usage, and its meanings within the whole organization.
  • The applications portfolio is integrated into the organization.
  • Data processing department now serves more as an administrator of data resources than of machines.
  • A key difference is the use of term IT/IS rather than data processing.

Stage VI Key points:

  • Systems now reflect the real information needs of the organization.
  • Greater use of data resources to develop competitive and opportunistic applications.
  • Data processing organization is viewed solely as a data resource function.
  • Data processing now emphasizes data resource strategic planning.
  • Ultimately, users and DP department jointly responsible for the use of data resources within the organization.
  • Manager of IT system takes on the same importance in the organizational hierarchy as say the director of finance      or director of HR

Security exposure

In the context of democratic societies, policing always involved a delicate task to provide security while also maintaining liberty. With the rapid expansion of computerized technologies and the Internet, this problem is posed even more acutely, for communication methods have not only expanded sharply, but the development of Internet technology has also brought about increased anonymity and freedom in communications. This situation creates a significant law enforcement problem as the same technologies that guarantee anonymity in legitimate transactions also provide new means to violate laws and to hide the identities of lawbreakers. Because of the cross-border nature of computers linked through networks, also, threats against computer security are often global in nature. By the very nature of the Internet as a border-transcending phenomenon, cybercrimes know no geographic boundaries.

From a legal and law enforcement viewpoint, measures against computer security threats pose problems of jurisdictional authority. National legal systems and their enforcement agencies are formally bound to nationally defined borders, whereas even a single transmission of computerized information over a network may pass through a dozen or more types of carriers, such as telephone companies, satellite networks, and Internet service providers, thereby crossing numerous territorial borders and legal systems

Your conclusion is there might be a seventh in the stages of growth.  It is based on Maslow’ Hierarchy of needs.  Because of threats and exposure to the large investment by the corporate for their intellectual properties, corporate networks, data and infrastructure, it is security.  The first step you plan is to contact the Pathmaker-Group, an IBM Primer Business Partner, for their security assessment and to discuss deploying IBM Tivoli Security solutions in your environment.

 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply