Skip to main content

Technology delivering technology

It has been every organization's goal, the industry where they operate included, to have a technology and help run and facilitate every, if not particularly the high-value, area of business.  Sounds just what technology is for almost everything that humans do, including their businesses. Right? It's what the technology team must do and they did.  However, some of the actions they are emulating doesn't seem to be true at all. It's still about technology for the sake of technology. This is not only wrong, it is breaking the very notion that technology is helping people and it is always there whatever they do. When technology arrives and they use it, what happens is the usual messy experience that they already had from the past, and to think they are now on the new ones and still encountering the same problem. Imagine why some organizations can do it better and had been always ahead. Meaning, problems are contained that people didn't even notice there was any, no matte

Organization's stakeholder on the same page with ISO/IEC 38500

The key stakeholder in a publicly traded organization is board of directors. They are charge, on behalf of the company and shareowners, to deliver and achieve corporate value. On top of anything, is to take care of their money (see on CG of MS, NASDAQ, WB), it takes into account the overall resources; it also facilitates direction and oversees organizations' capability to achieve goals and comply on regulations. Management down the ranks does the rest, working on every details from reporting to supporting business operations and future plans. The capability of any organization to attain expected outcome depends on how both board and management ascertain the need in, for the purpose of the subject take IT. Business people, unless former or current ICT practitioner, rarely knows about the field including the detailed part of it. Management have lots of experts though (from being an specialist of certain IT task, analyst up to managerial level) to rely on when necessary. Many high-level documents primarily ISO/IEC 38500 imply that board and management's active working relationship on, particularly, IT matters would save their organization from investing towards a failed effort.

Besides, investment has a pretty much clear definition, so-called investment does not seem to fit in failure. According to Security Analysis, 1934, an investment operation is one which, upon thorough analysis promises safety of principal and adequate return. Operations not meeting these requirement is speculative. That means any failed IT efforts are called a business speculation, not investment, in IT.

Many big and small organizations, according to many sources including the Web, have failed on their strive to improve their business operations with the help of IT due to lack of many factors including primarily a governance framework. On one hand, IT nowadays is easier e.g. enabling a particular network service. Vendors have completely documented the process to make it easier for somebody to get it work unlike the old days. On the other hand, it becomes even more complex that IT now reflects on a need to underpin business goals. It apparently adds up the many standards and practices out there, where organizations have to choose the correct pattern to help them improve their IT and to create value for the business. Sometime decisions goes to say, we need this and we need it now, without going through careful evaluation by other concerned stakeholders, if it is really a necessity or would be good to the organization. Documents stated that, IT is no longer just an IT professional job. It now requires collaboration from among the stakeholders and even external providers.

Having IT in a corporate governance system would make directors realized, especially in countries with stringent laws, their accountability with their organization's strive on IT is irreplaceable. Directors are not being asked to do much on IT as this may disrupt their other, or existing, governance chores. Majority of the provisions in ISO/IEC 38500 can be delegated to the management and it is up to the directors to direct and monitor certain part of IT to make sure any investment being proposed or made is going to meet an organization's particular objective. How do stakeholders know whether business is performing well as to their use of IT? If IT is continuously providing the mechanism required by the business, not only maintaining its competitive advantage but also providing value to the whole organization and other parties including external stakeholders. Like for instance and maybe the most popular issues for a few organizations, minimizing if not getting rid of waste and unpredictable and prolonged disruption of service, could be a good indication that business is maximizing the value being undertaken with IT.

Comments

Popular posts from this blog

Philippine telcos blocking entire SMS text with internet addresses in it

If you are sending SMS texts to your friends, family or colleagues and they contain internet or web address including IP and email addresses, and even a period or dot separating, regardless of, your words and numbers, they are automatically blocked and not going to be received by your waiting recipient. Cooler heads must prevail here especially if an important message is urgently being expected. IP version 6 address is fine. However, an IPv4 including localhost address (given automatically to every computers and network interfaces as their own alone designed for troubleshooting purposes), and your money in the billion figure using dot as separators would be blocked.  If you send "local.business, naman.naman etcetera" or any words that made you use dot in between them, as part of the text, they will be blocked. There are some, that isn't blocked in this category. Like check.iclassed, some.ent, whatever.local etcetera, that is because they do not form any domain name at all

Philippine cyber campaign

Are Philippine institutions being targeted or simply being probed? We don't know for certain. It could be either or both. Whichever comes first? What we can understand, with the success of such attacks, is that they have found their way. Really.   How hard or easy? The attacker knows, but probably, also, those being attacked. Inclination should be there no matter how sophisticated our security systems are. In cybersecurity, we do a very focused job. Making sure we disappoint whoever is trying to gain access to any resource without permission and authority regardless of the environment we are in. What happened is that every asset deemed to have every variant of resource built-in, operating, that makes up the entire system working whatever it is trying to employ, in that case the primary purpose. Meaning, we have to know if we are running our system in a manner that is really secure, provisioned properly during design stage and managed continuously afterwards, post-implementation. No

iclassed privacy policy, unbelievable at first sight

Those who, before engaging us and was reading our business conduct, alerts and notices , could not restrain themselves asking, "can you really do your job without keeping any data at all? At the end of the day, you should still be looking at those information and make sure you did, and will, do well. I am expecting a lot from you here, you said so yourself!" Now, that last sentence is so loud. We keep them, not in our premises, but yours. If you've been our clients, you'll know how persistent we are when it comes to the reliability and security of your systems, data and credentials. That's our responsibility, as is made popular by cloud computing, and we don't need to be in a cloud.