Concerning on the Assignment 2 that talks about the risks on IS/IT change, we considered the Sky Cable as our adopted organization.
Every organization has a mission. In this digital era, as organizations use automated information technology (IT) systems1 to process their information for better support of their missions, risk management plays a critical role in protecting an organization’s information assets, and therefore its mission, from IT-related risk. An effective risk management process is an important component of a successful IT security program. The principal goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.
SkyCable is a direct-to-home cable TV and subscription service, established by the Lopez Group of Companies and Central CATV Group Of Companies. It is one of several sister companies of ABS-CBN. SkyCable offers a range of analog and digital Cable Television services, and also offers high-speed Internet services and VOiP services.
SkyCable was established in January 1990. Commercial cable operations commenced on January 6, 1992. By the end of the year, 8,500 strand miles of cable were laid out, bringing in 20,000 subscribers by 1995.
Today, over 500,000 subscribers have made SkyCable the number one cable TV service provider in the Philippines. It has grown to feature the best and most varied cable programs for the whole family.
The success of SkyCable throughout the years enabled the business to expand and go beyond just providing postpaid cable TV service. In 2006, the first ever prepaid cable TV service inh the country was introduced, SkyCable Silver Prepaid. In 2008, SKYBROADBAND, the fastest residential broadband internet service in the land, and SKYVOICE, the lowest-prepaid IDD calling service, were launched.
This foray into innovative information and communication services created the need for the company to evolve its name into something much bigger.
The IT personnel of SkyCable pointed-out some of the risk on associated on IS/IT change and the following are:
New technology, less employees
- Technological advancements brought many advantages, one of which is that it can minimize manpower. This means that as the new trends technology arises, manual works are shortened. Therefore, as we embrace the latest trend in technology it can decrease the number of employees in the company because all the transactions are computerized, it will lessen the paper works and hustle free.
Security of data
- this is associated with the susceptibility of data in the system. Threats of intrusions and other risk associated with the evolution of credible threats
Migrating of Operating System
- These days the most common OS that we have encountered in the Windows Operating System. Since most of the OS in SkyCable are exercising Linux which is a full-fledged operating system, many of the employees find a hard time in manipulating the computer. So, a thorough trainings and seminars must be conducted to fully aware the end-users to manipulate their system.
Reliability and efficiency of the system
- Certainly, when a new system is implemented, the reliability of the system is not well tested. Some bugs might occur that will make an obstacle in the midst of their business transactions. In connection with this, the efficiency of the system is not excellent. It will affect the business flows of the organization since it controls the information.
Competition
- In a business regime, we cannot hide the fact that competition is present. According to the IT personnel of SkyCable, when there is new system installed in the company the employees try there best to adopt immediately the last trend. Since, it is mandatory to have awareness on their system. The administration gives incentives to those whose can assimilate the system and it also might lead to the promotion of his/her position. On the other hand, the employees who cannot comprehend easily will be assigned to different manual works.
Rejection to the staff
- Apparently, not all the employees have the edge on technology. When a new-fangled technology will crop up some of the employees must be fired and the company will hire a new one which has the knowledge of the existing technology. So, it is a threat to the employees especially to the IT personnel’s of the company. They must be updated with the latest trend and they must know how to use it.
Cost
- As a new technology will come in our way, we cannot rebuff that financial factor must be considered. The organization must understand what they really need and not what they want.
System Failure
- A system failure can occur because of a hardware failure or a severe software issue. Commonly, a system failure will cause the system to freeze, reboot, and/or stop functioning altogether.
“Nothing is constant except change”
In most organizations, the network itself will continually be expanded and updated, its components changed, and its software applications replaced or updated with newer versions. In addition, personnel changes will occur and security policies are likely to change over time. These changes mean that new risks will surface and risks previously mitigated may again become a concern. Thus, the risk management process is ongoing and evolving.
Shifting the information system of a particular organization should undertake a profound and systematic analysis on how will it be beneficial to the success of their organization.
Change is inevitable; the organization must have to undergo several changes in the Information System as a whole. As new technology arises there is a need to embrace and cope-up with it. There is a need to upgrade programs and systems and the organization must take the risk in order to be victorious. an appropriate decision-making must be done to give solutions to the existing problem of the organization.
KEYS FOR SUCCESS
A successful risk management program will rely on (1) senior management’s commitment; (2) the full support and participation of the IT team (see Section 2.3); (3) the competence of the risk assessment team, which must have the expertise to apply the risk assessment methodology to a specific site and system, identify mission risks, and provide cost-effective safeguards that meet the needs of the organization; (4) the awareness and cooperation of members of the user community, who must follow procedures and comply with the implemented controls to safeguard the mission of their organization; and (5) an ongoing evaluation and assessment of the IT-related mission risks.
References: http://en.wikipedia.org/wiki/SkyCable
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
http://www.computerhope.com/jargon/s/systemfa.htm
Every organization has a mission. In this digital era, as organizations use automated information technology (IT) systems1 to process their information for better support of their missions, risk management plays a critical role in protecting an organization’s information assets, and therefore its mission, from IT-related risk. An effective risk management process is an important component of a successful IT security program. The principal goal of an organization’s risk management process should be to protect the organization and its ability to perform their mission, not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.
SkyCable is a direct-to-home cable TV and subscription service, established by the Lopez Group of Companies and Central CATV Group Of Companies. It is one of several sister companies of ABS-CBN. SkyCable offers a range of analog and digital Cable Television services, and also offers high-speed Internet services and VOiP services.
SkyCable was established in January 1990. Commercial cable operations commenced on January 6, 1992. By the end of the year, 8,500 strand miles of cable were laid out, bringing in 20,000 subscribers by 1995.
Today, over 500,000 subscribers have made SkyCable the number one cable TV service provider in the Philippines. It has grown to feature the best and most varied cable programs for the whole family.
The success of SkyCable throughout the years enabled the business to expand and go beyond just providing postpaid cable TV service. In 2006, the first ever prepaid cable TV service inh the country was introduced, SkyCable Silver Prepaid. In 2008, SKYBROADBAND, the fastest residential broadband internet service in the land, and SKYVOICE, the lowest-prepaid IDD calling service, were launched.
This foray into innovative information and communication services created the need for the company to evolve its name into something much bigger.
The IT personnel of SkyCable pointed-out some of the risk on associated on IS/IT change and the following are:
New technology, less employees
- Technological advancements brought many advantages, one of which is that it can minimize manpower. This means that as the new trends technology arises, manual works are shortened. Therefore, as we embrace the latest trend in technology it can decrease the number of employees in the company because all the transactions are computerized, it will lessen the paper works and hustle free.
Security of data
- this is associated with the susceptibility of data in the system. Threats of intrusions and other risk associated with the evolution of credible threats
Migrating of Operating System
- These days the most common OS that we have encountered in the Windows Operating System. Since most of the OS in SkyCable are exercising Linux which is a full-fledged operating system, many of the employees find a hard time in manipulating the computer. So, a thorough trainings and seminars must be conducted to fully aware the end-users to manipulate their system.
Reliability and efficiency of the system
- Certainly, when a new system is implemented, the reliability of the system is not well tested. Some bugs might occur that will make an obstacle in the midst of their business transactions. In connection with this, the efficiency of the system is not excellent. It will affect the business flows of the organization since it controls the information.
Competition
- In a business regime, we cannot hide the fact that competition is present. According to the IT personnel of SkyCable, when there is new system installed in the company the employees try there best to adopt immediately the last trend. Since, it is mandatory to have awareness on their system. The administration gives incentives to those whose can assimilate the system and it also might lead to the promotion of his/her position. On the other hand, the employees who cannot comprehend easily will be assigned to different manual works.
Rejection to the staff
- Apparently, not all the employees have the edge on technology. When a new-fangled technology will crop up some of the employees must be fired and the company will hire a new one which has the knowledge of the existing technology. So, it is a threat to the employees especially to the IT personnel’s of the company. They must be updated with the latest trend and they must know how to use it.
Cost
- As a new technology will come in our way, we cannot rebuff that financial factor must be considered. The organization must understand what they really need and not what they want.
System Failure
- A system failure can occur because of a hardware failure or a severe software issue. Commonly, a system failure will cause the system to freeze, reboot, and/or stop functioning altogether.
“Nothing is constant except change”
In most organizations, the network itself will continually be expanded and updated, its components changed, and its software applications replaced or updated with newer versions. In addition, personnel changes will occur and security policies are likely to change over time. These changes mean that new risks will surface and risks previously mitigated may again become a concern. Thus, the risk management process is ongoing and evolving.
Shifting the information system of a particular organization should undertake a profound and systematic analysis on how will it be beneficial to the success of their organization.
Change is inevitable; the organization must have to undergo several changes in the Information System as a whole. As new technology arises there is a need to embrace and cope-up with it. There is a need to upgrade programs and systems and the organization must take the risk in order to be victorious. an appropriate decision-making must be done to give solutions to the existing problem of the organization.
KEYS FOR SUCCESS
A successful risk management program will rely on (1) senior management’s commitment; (2) the full support and participation of the IT team (see Section 2.3); (3) the competence of the risk assessment team, which must have the expertise to apply the risk assessment methodology to a specific site and system, identify mission risks, and provide cost-effective safeguards that meet the needs of the organization; (4) the awareness and cooperation of members of the user community, who must follow procedures and comply with the implemented controls to safeguard the mission of their organization; and (5) an ongoing evaluation and assessment of the IT-related mission risks.
References: http://en.wikipedia.org/wiki/SkyCable
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
http://www.computerhope.com/jargon/s/systemfa.htm