Mis Turnaround Plan Essay

Abstract

This report provides a requested turnaround plan for a firm with one thousand employees. The plan is related to the management of information systems (MIS) strategy of the firm. The plan is needed because the firm is clearly mismanaging or simply not managing the information in way that is needed, effective and required. The required turnaround time frame of six months is a bit on the short side. However, there are things that can be done immediately or in the short term that will have the desired effects.

Turnaround Plan

The issues and problems that should be assess as part of any technology-related change at this firm would include management of resources, management of information and management of people. The resources of the firm should be counted and inventoried so as to assess what needs to be present, what does not need to be present and the gap between what is needed and what is actually available. The management of information should involve making sure that information is flowing to where it is needed, when it is needed but only to who it is needed by. Sensitive information in particular should be “need to know” and should not be viewable or usable by people that do not need the information to do their job. On the other hand, such policies should not be over the top or ridiculous. For example, UCLA Hospital restricting non-involved medical professionals from viewing the medical information of celebrities makes sense and is supported by legal, ethical and procedural justifications (Terry, 2011). On the other hand, requiring people to get administrator permission to move an icon from their Start Menu in Windows to their desktop is a little silly. Information that flows through multiple programs needs to be as “real-time” as possible. At the very least, the people using the programs and the information need to understand the system’s limitations so that they do not make unfair or misguided assumptions based on what they can see. Lastly, people need to be managed as well in the form of strong passwords being required, idle timers for people that do not use their desktop long enough, encryption for hard drives in case people get their laptop lost or stolen and so forth. While some modicum of trust has to be extended to people when they are hired, that trust should not be blind and there must be contingencies in case the worst happens. Just like the data of the firm is surely backed up in case there is a flood or a fire, the same thing can and should occur when it comes to user-level data and practices (Cisco, 2015).
One technique that can be used when engaging in technology management is making things efficient. Money should be spent when it is needed because going cheap on information technology is less than wise. Going cheap on information security is insane in light of what has happened as of late with Target, Home Depot and others. However, there are ways to get workers the information solutions they need without breaking the bank. For example, buying software on a per user rather than a per license cost can save a ton of money if there are two shifts of people that work and they all have their own laptops or desktop computers. Rather than paying based on how many different units use the software, the business often pays based on concurrent users. Yet another technique that can and should be used is to keep files and information in a shared network drive rather than on local workstations. When people are sick or they have equipment issues, this can lead to temporary or even permanent data loss when it is much easier and more efficient to keep all working files in a central workspace. Employees must be made to understand that their workstations should be used for work. They should not be used for personal web-browsing. Online activities that should never be done on a workstation include both obvious and non-obvious things. They include online shopping, social media, viewing of any explicit materials (up to and including pornography) and so forth. Further, information should not be traded back and forth between personal and work computers. Any data that is moved off of a work computer should automatically be encrypted and there should be a notification related to any employee who even tries to do so. If there is a business need to move files, there should be an approved way to do that. Conventionally that would normally be email. Employees of all stripes, including both information technology staff as well as regular rank and file employees, should be trained on what is acceptable, what is required, what is non-optional and what is expected in terms of information handling. Those trainings can be done over a month or two so as to not hurt ongoing operations but they are necessary (Fisher, 2015; Cisco, 2015).

Conclusion

It would be optimal to stretch out such trainings over time and include college-level coursework but that is not an option at this point. Further, the data breaches and other negative events that could happen due to information technology mismanagement are drastic and seismic in nature. Laptops get lost and stolen all of the time. Some employees are less than wise and vigilant when it comes to managing information and their equipment. Proper training and, as needed, replacement of employees is what can and should be done to alleviate that issue in the short term.

References

Cisco. (2015, February 13). Data Leakage Worldwide: Common Risks and Mistakes
Employees Make. Retrieved February 13, 2015, from
http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/data-loss-
prevention/white_paper_c11-499060.html
Fisher, M. (2015, February 13). Saving money through software asset management.
Retrieved February 13, 2015, from
http://www.computerweekly.com/opinion/Saving-money-through-software-asset-
management
Terry, K. (2011, July 8). UCLA Health System pays $865G to settle HIPAA violation
charges. Retrieved February 13, 2015, from
http://www.fiercehealthit.com/story/ucla-health-system-pays-865g-settle-hipaa-
violation-charges/2011-07-08