top of page

 

 

 

Rouse, M. (2012). IT strategy (information technology strategy. Retrieved from,                    

http://searchcio.techtarget.com/definition/IT-strategy-information- technology-           strategy

 

       The author has focused his IT successes on IT strategy. The article shows that IT strategy is a comprehensive plan that information technology management professionals use them to guide their organizations. IT strategy should cover all feature of technology management such as cost management, software/ hardware management, and risk management. A written document or balanced scorecard strategy map can be a good practice to formalize the IT strategy plan. An IT strategy plan should be flexible enough to change in response to new organizational circumstance and other business priorities.

 

 

 

Kosutic, D.(2011). Seven Steps for Implementing Policies and Procedures. Retrieved from      

http://www.infosecisland.com/blogview/12595-Seven-Steps-for- Implementing-             Policies-and-Procedures.html

 

       In this article, the author portray seven steps for implementing policies and procedures based on his experience that can apply for large scale / small scale, government / private, and profit / non-profit company. This seven steps start with study the requirement, take into account the result of your risk assessment, optimize and align your document, structure your document, write your document, get your document approved, and training and awareness of your employees. We are also needed to maintain the policy and procedure after implementing it. 

 

 

 

Heller, M. (2012). Five Best Practices for IT Governance. Retrieved from http://ww2.cfo.com/it-

value/2012/08/five-best-practices-for-it-governance/

 

        The author portray five basic best practices for IT governance to make the IT return on investment because IT is a huge part of most companies' budgets. IT governance will allows a company's senior management to direct measure their IT investment to get maximize return. The five basic best practices for IT governance are get your business priorities straight, use the rear view mirror, keep it small and elite, don't mistake good governance for project success, and right-size your approach and stick with it.

 

 

 

Weil, S. (2010). How ITIL Can Improve Information Security. Retrieved from http://www.          

symantec.com/connect/articles/how-itil-can-improve-information- security

 

        The author provide basic overview of ITIL and focuses on how IT services can be efficiently and cost-effectively provided and supported. ITIL defines the objectives, activities, inputs, and outputs of many of the processes found in an IT organization. It primarily focuses on what processes are needed to ensure high quality IT services. Moreover, ITIL also helps to ensure that effective information security measures are taken at strategic, tactical, and operational levels. Information security process of ITIL must be controlled, planned, implemented, evaluated, and maintained.

 

 

 

Broadbent, M., and Kitzis, E., S.(2005). LINKING BUSINESS AND IT STRATEGIES TOGETHER: FOUR

FACTORS FOR SUCCESS. Retrieved from http://iveybusinessjournal.com/topics/               strategy/linking-business-and-it-strategies- together-four-factors-for-success#.         U0DlRvldV8E

 

       In this article, the authors have portrayed four necessary factors for building blocks for business and IT linkages. The first factor, the authors focus on CIO because the right CIO in the right place at the right time greatly enhances a business and a great CIO should provides leadership on both the demand and supply sides. The CIO needs to create a vision for how IT will both stimulate and support better business strategy for their company. Second factor the authors focus on executive team. Effective integration of business and IT is always underpinned by an executive team that takes the time to develop informed expectations for an IT enabled enterprise. Third factor they focus on decision making. Executives want to be able to make better decisions faster, and then know they are being adequately executed and tracked. This is especially the case for decisions about information technology investments and IT-enabled business initiatives. Last factor the authors point on taking an IT portfolio management approach because it is the key to an effective IT strategy for many enterprises is to take a portfolio approach.

 

 

 

Strassmann, P., A. (1998). What is Alignment? Alignment is The Delivery of the Required        

Results. Retrieved from http://www.strassmann.com/pubs/alignment/

 

       In this article, the author share his ideas on lining up information technology with business plans. The author pointed that we should focus on Evaluation first because all of management need to know what evaluation methods are already in place for alignment. There are many requirements that a business must meet to ensure a successful alignments and these alignment must survive changes in organization, redirection the business goals, and adapt to changes in top leadership personalities. The successful alignment should show enhancements to business plan, remain updated as the business evolves, overcome obstacles to its purposes, well planned, and related to benefits. After implementing the it- business alignment we also need to evaluate the success of alignment.

 

 

 

Kleyman, B. (2013). Going to the Cloud? Time to Make Security and Policy Decisions. Retrived  

from http://www.datacenterknowledge.com/archives/2013/02/22/going-to-the-cloud-] time-to-make-security-and-policy-decisions/

 

        This article share ideas on creating cloud computing policy since cloud computing has been a concept of “anytime, anywhere, and any device.” The cloud computing is very new for many organizations. So, the companies looking to enter cloud must be careful and avoid jumping in with both feet. The cloud computing heavily revolves around allowing users to access their own devices, while pulling data from a corporate location(s). Although this can be a powerful solution, there are some key points to remember when working with cloud computing policy creation such as train the user, create a new cloud ready usage policy, start a stipend program, provide a listing of an approved devices, provide a listing of approved devices and update the general computer usage policy.

 

                                         

 

Vanhegan, S. (2013). How HR can manage the risk of cloud computing. Retrieved from        

http://www.hrmagazine.co.uk/hr/features/1077164/how-hr-manage-risk-cloud-             computing

 

           This article display the risk of company information security and it is very important to company to update their IT policies to adequately protect business interests. Cloud systems are totally different from the traditional IT infrastructure because they are normally provided by a third party supplier and businesses do not have as much control over the cloud system. It can be difficult to trace the web browsing history of an employee who views the internet inside the cloud, and it is often possible with cloud environments for documents to be copied within the cloud and then pasted outside it onto a personal desktop. So the HR team should make sure that IT team have a clear understand about cloud technology and what is involved with the particular cloud system which the company uses or may use and what are potential information-security risks that may influence the company’s choice of cloud-service provider or its choice of additional services.

 

 

 

   

Slater, D. (2010).Enterprise risk management: Get started in six steps. Retrieved from            

http://www.csoonline.com/article2125916/strategic-planning-erm/enterprise-risk-       management--get-started-in-six-steps.html

 

           In this article, the author describes a process of strategy setting by implementation enterprise risk management. These six exercise steps included: create a working group, brainstorm, rank the risk, list existing control and solution, select appropriate responsible person, and establish a way to measure the effect.

 

 

 

Chandra, D. (2014). What is Risk Management - Different Types of Risk Management. Retrieved

from http://dilipchandra12.hubpages.com/hub/Risk-Management-and-Various-Types-

f-Risk-Management

 

          In this article, the authorgive a good explanation about risk management. He stated that risk management is an important concept mainly aims at identification, assessment, and prioritization of events that may have an adverse impact on the organization. The author also describes several of types of risk management: financial risk, operation risk, human risk and physical risks.

 

 

 

Bowman, D. (2009). Information Management IT Policy. Retrieved from http://www.information 

management-architect.com/it-policy.html

 

        In this article, the author portray his view on information management IT policy and issued a key of good information management it policy included: Purpose, Effective date, who is expected to follow the policy, context provides more information as to why the policy is needed, definitions provides clearer definitions, related policies, policy objectives, policy statements, accountability, consequences, and review cycle.

Annotated Bibliography

© 2014 by Ditsakarn Punyapab

FOLLOW US:

  • w-facebook
  • Twitter Clean
bottom of page