IT Governance & Strategies
ANSWERS
TASK-A
- List of the elements:
- Title
- Explanation
- The goal
- The most important steps
- Triggers
- The final product
- Dependency
- Role
- Critical Success Factor
- Key Performance Indicators
Title: Each process should be given a distinct and meaningful name so that it may be readily identified and communicated to others.
Explanation: In a brief sentence, you should be able to explain the procedure and its objective. If you require a section to achieve this, you probably don’t comprehend the procedure completely.
The goal: What do you do for a living? There should be a definition of what has to be accomplished in this section.
The most important steps: Provide sequential or complimentary steps that should be followed to reach the goal in the workflow. You must contain activities, tasks, and ratings, among other things.
Triggers: What is the trigger for the procedure to begin? Individual acts or processes must be described in depth.
The final Product: What will be produced? Details of the result produced by the process and the complete result of the process.
Dependency: is at stake in this procedure? Connect the process to a related process.
Role: Who plays what role? Details about expected rights, obligations, and other responsibilities associated with a certain job or position in charge of the process.
CSF: The component (s) necessary to fulfil the process’s goal is referred to as a Critical Success Factor (CSF). The flip side of the coin is to identify the critical failure areas – what may go wrong and why.
KPI: It is a measured metric that shows how well a firm accomplishes important business objectives.
2.
a) A literature review is a written document that makes a rationally reasoned thesis based on a thorough comprehension of the current state of knowledge on a particular subject. The most difficult aspect of creating an article, book, thesis, or dissertation is documenting a literature review. “The Literature” appears to be immense, and I’ve discovered that being as methodical as possible has helped me complete this massive assignment.
The step to make Literature review:
Step 1 Choose your study topics.
Step 2 Conduct a literature search.
Step 3 Look through your books and publications for relevant passages.
Step 4Sort through the material and code it.
Step 5 Develop a Conceptual Schema
Step 6 start writing your literature review.
Flow chart for the simple literature review:
Flow chart for the complex literature review:
b) Inputs: Time, course information, computer (online search and review), and so on are all possible entries. A list of documents, as well as summaries, plans, and draughts, will be the product of one activity but the input of another.
Outputs: A list of articles, Google Scholar results, Library and ACM digital library searches, paper summaries, essay programme, draught essay draught, final copy, and so on will be included in the results.
c)
Academic search engines(for finding papers), student (studying, researching, writing) Librarian (to solve research problems) lecturer/tutor (to answer questions, for example).
d)
Task-B
1.
a) Control Objectives for Information and Related Technologies
b) Principle 1: Meeting stakeholder needs is the Project.
Principle 2: Enabling a comprehensive approach
Principle 3: Covering the enterprise from start to finish.
Principle 4: Using a single integrated framework.
Principle 5: Governance and management must be kept separate.
Advantages:
- To assist business choices, improve and preserve high-quality data.
- Use technology to help you reach your company objectives.
- Make use of technology to help you achieve operational excellence.
- Ascertain that IT risk is adequately controlled.
- Ensure that businesses get the most out of their IT investments; and
- Ensure that all laws, rules, and contractual obligations are followed.
c)
Each Manufacturer requires inputs to other Services in order to be completely functioning, therefore enablers must be addressed in terms of internal satisfaction. Processes, for example, necessitate knowledge, whereas organizational structures necessitate skills and ethics. They also provide output for the benefit of other resources, such as processes that use individuals’ knowledge, skills, and behaviors to improve the efficiency of processes.
- Frameworks, Policies, and Principles
- Processes
- Structures of Organization
- Information
- Services, Infrastructure, and Applications
- Culture, Ethics, and Behavior
- People, Competencies, and Skills
Advantages:
- Principles, policies, and frameworks that turn the desired behavior into a practical day-to-day management guide.
- Procedures that outline a collection of procedures and actions that must be followed in order to attain a given goal. This also yields a set of outputs that aid in the attainment of IT-related objectives.
- Organizational structures that play a significant role in corporate decision-making
- Individual and corporate cultures, ethics, and ethics are sometimes overlooked as factors in governance and operational performance.
- The data is comprehensive across the enterprise and contains all of the company’s information produced and utilized. Although information is required to keep the organization functioning smoothly and successfully, knowledge is frequently the major product of the firm itself at the operational level.
- Processing and technical information support are provided through services, infrastructure, and applications to the company.
- Finally, people, talents, and abilities are intertwined with people, and it is critical to effectively perform all duties as well as make the appropriate judgments to take corrective action.
d) Plan, design, construct, operate, monitor, and update are all part of the COBIT life cycle.
Purposes:
– Assess, direct, and track
– Alignment, Planning, and Organization
– Construction, Acquisition, and Implementation
– Delivery, Service, and Support
– Monitoring, Evaluation, and Assessment
2.
Portfolio plan, distribution requirement, application completion, and acquisition are the four major processes. Finance and Assets, Procurement, Intelligence and Reporting, Resources and Project and Governance, Risk and Compliance are the five support functions.
Task-C
1.
| Hacker | Cracker |
| Hackers are decent people who have good intentions when they loot gadgets and systems. They might use the system to obtain extra information or hack it for a specific purpose. | Crackers are those who use evil intent to hijack a software by hacking and breaking it. They might remotely hijack the machine and take data or irreparably damage it. |
| They are proficient in programming languages and computer operating systems. Hackers are extremely clever and intellectual individuals. | These folks could be capable. But, for the most part, they don’t even require advanced talents. Some crackers are only aware of a few illicit methods for stealing data. |
| Hackers assist certain corporations in protecting their information and vital data. It provides firms with experience in cyber security and security, in particular. | The organisation is harmed by crackers. These hackers are defending them against sensitive data as well as shielding whole enterprises. |
| These are examples of professional conduct. | These are the types of criminals and immoral people that commit robberies for personal gain. |
| They never steal or hurt information. Their main function is to gather data and information from relevant sources. | Data obtained through system flaws is frequently stolen, deleted, corrupted, or compromised. In the hands of a cracker, your data is constantly at danger. |
| They aid in the expansion of network capacity. | They harm and diminish the network’s power. |
| Official robbery documents, such as XCEH certificates, are usually present. The hackers have nothing to conceal and are just interested in doing legitimate job. As a result, they require work credentials. | They frequently lack certifications because they lack the necessary abilities. Some of them, though, may have certifications. Crackers frequently evade certification in order to maintain their anonymity. |
b)
Here’s a quick rundown on how to figure out ALE. Each concept is defined in further depth below.
Enter the data of your assets and calculate their worth (AV).
Determine whether there are any dangers to certain assets.
Do the following for each threat:
1. Calculate the exposure factor (EF) for each information asset danger.
2. The formula for calculating one-time loss (SLE) is AV x EF = SLE.
3. Determine the yearly probability ratio (ARO).
4. Use the formula SLE x ARO = ALE to calculate annual loss years (ALE).
Get expert help for IT Governance & Strategies Solution and many more. 24X7 help, plag free solution. Order online now!
