With respect to the company we have interviewed, there are a lot of risks that will be faced as the company grew bigger. As technology evolve, you have to go with the level of business process or else the company will be left behind by all the technologies. Here are some risks they have encountered:
1. Compatibility with the business process
("Kinahanglan daw nimo gukdon ang business process while ga evolve ang technology". Which means, you have to be updated with "what's new" in the present with regards to technology.)
*compatibility indicates that a product can work with or is equivalent to another, better-known product.
*A business process or business method is a collection of related, structured activities or tasks that produce a specific service or product (serve a particular goal) for a particular customer or customers. It often can be visualized with a flowchart as a sequence of activities.
There are three types of business processes:
1. Management processes, the processes that govern the operation of a system. Typical management processes include "Corporate Governance" and "Strategic Management".
2. Operational processes, processes that constitute the core business and create the primary value stream. Typical operational processes are Purchasing, Manufacturing, Marketing and Sales.
3. Supporting processes, which support the core processes. Examples include Accounting, Recruitment, Technical support.
A business process begins with a customer’s need and ends with a customer’s need fulfillment. Process oriented organizations break down the barriers of structural departments and try to avoid functional silos.
A business process can be decomposed into several sub-processes, which have their own attributes, but also contribute to achieving the goal of the super-process. The analysis of business processes typically includes the mapping of processes and sub-processes down to activity level.
Business Processes are designed to add value for the customer and should not include unnecessary activities. The outcome of a well designed business process is increased effectiveness (value for the customer) and increased efficiency (less costs for the company).
Business Processes can be modeled through a large number of methods and techniques. For instance, the Business Process Modeling Notation is a Business Process Modeling technique that can be used for drawing business processes in a workflow.
2. Piracy
The unauthorized copying of software. Most retail programs are licensed for use at just one computer site or for use by only one user at any time. By buying the software, you become a licensed user rather than an owner (see EULA). You are allowed to make copies of the program for backup purposes, but it is against the law to give copies to friends and colleagues.
Software piracy is all but impossible to stop, although software companies are launching more and more lawsuits against major infractors. Originally, software companies tried to stop software piracy by copy-protecting their software. This strategy failed, however, because it was inconvenient for users and was not 100 percent foolproof. Most software now requires some sort of registration, which may discourage would-be pirates, but doesn't really stop software piracy.
Some common types of software piracy include counterfeit software, OEM unbundling, softlifting, hard disk loading, corporate software piracy, and Internet software piracy.
Software piracy can be defined as "copying and using commercial software purchased by someone else". Software piracy is illegal. Each pirated piece of software takes away from company profits, reducing funds for further software development initiatives.
The roots of software piracy may lie in the early 1960s, when computer programs were freely distributed with mainframe hardware by hardware manufacturers (e.g. AT&T, Chase Manhattan Bank, General Electric and General Motors). In the late 1960s, manufacturers began selling their software separately from the required hardware.
Current illegal software in the US accounts for 25 - 50% of the software in use (see web sites below for further detail). Other countries often have levels of piracy well beyond that of the US. For example, Carol Bartz, the president and chairman of Autodesk, Inc. (www.autodesk.com) reports that one of their flagship products, AutoCAD, has 90% of the computer-aided design (CAD) market in China, yet sales are virtually negligible due to the widespread acceptance of software piracy (Fighting Computer Crime: A New Framework for Protecting Information, Donn B. Parker, 1998). A number of annotated web sites at the end of this document contain information regarding estimates of software piracy throughout the world. Bartz also states that many software companies are reluctant to pursue the educational market due to concerns that several copies of purchased software may lead to millions of copies of illegal software, produced "in the name of educating children" (Parker, 1998).
Ways to Deal With / Minimize Software Piracy
As teachers, the easiest way to minimize piracy is to set a good example. Don't use pirated software or distribute commercial software to students or colleagues. It is important that policies go beyond individual classrooms, and that schools / districts develop software management, acquisition and implementation policies. These policies should be made clear to each teacher in the school's Acceptable Use Policy, with explicit statements regarding the unacceptability of software piracy. Technology Coordinators should determine which commonly used software packages are compatible with anticipated hardware and network upgrades, and make faculty aware of those changes prior to upgrade. Other ways to reduce the likelihood of software piracy are explicitly stated in Safeguarding Your Technology: Practical Guidelines for Electronic Education Information Security (http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=98297). Among their recommendations are:
1. Have a central location for software programs. Know which applications are being added, modified or deleted.
2. Secure master copies of software and associate documentation, while providing faculty access to those programs when needed.
3. Never lend or give commercial software to unlicensed users.
4. Permit only authorized users to install software.
5. Train and make staff aware of software use and security procedures which reduce likelihood of software piracy.
Finally, there are a number of network utilities which remove unauthorized files and programs on a preset basis. These utilities can effectively monitor and remove illegally possessed shareware and commercial software without any significant additional investment in network administrator time or effort.
3. Hacking
Hack has several related meanings in the technology and computer science fields. It may refer to a clever or quick fix to a computer program problem, or to what may be perceived to be a clumsy or inelegant (but usually relatively quick) solution to a problem. The term is also used to refer to a modification of a program or device to give the user access to features that were otherwise unavailable, such as DIY circuit bending.
acking is unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.)
Hacking is a felony in the United States and most other countries. When it is done by request and under a contract between an ethical hacker and an organization, it's OK. The key difference is that the ethical hacker has authorization to probe the target.
We work with IBM Consulting and its customers to design and execute thorough evaluations of their computer and network security. Depending on the evaluation they request (ranging from Web server probes to all-out attacks), we gather as much information as we can about the target from publicly available sources. As we learn more about the target, its subsidiaries and network connectivity, we begin to probe for weaknesses.
Examples of weaknesses include poor configuration of Web servers, old or unpatched software, disabled security controls, and poorly chosen or default passwords. As we find and exploit vulnerabilities, we document if and how we gained access, as well as if anyone at the organization noticed. (In nearly all the cases, the Information Syhstems department is not informed of these planned attacks.) Then we work with the customer to address the issues we've discovered.
The number of really gifted hackers in the world is very small, but there are lots of wannabes.... When we do an ethical hack, we could be holding the keys to that company once we gain access. It's too great a risk for our customers to be put in a compromising position. With access to so many systems and so much information, the temptation for a former hacker could be too great -- like a kid in an unattended candy store.
4. People
With regards to people, they can't deny the fact that people wants a "greener pastures". People or employees are considered their risks if they look for a greener pastures. The capability of one person especially in the MIS department is unique to every different person. In effect, it would delay the work if someone is taken from a department to look for a greener pastures. It would also affect the service of the company to the customer.
http://en.wikipedia.org/wiki/Business_process
http://www.webopedia.com/TERM/S/software_piracy.html
http://www.ed.uiuc.edu/wp/crime/piracy.htm
http://www.crime-research.org/news/05.05.2004/241/
Thursday, October 1, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment