Imagine that you are an IT manager in a medium-size organization with 200 IT professionals. The CIO has asked you to develop a presentation covering the “top 10 things the IT professional needs to know about IT risk.”

IT4683 Management of IT and HCI
Exercise 3- Managing IT Risks, HCI and Human Factors
Developed by Richard Halstead-Nussloch Version 11Aug20

Your name:

Policies:
Submissions made through a means other than the D2L A3 Assignment Folder will be ignored and earn a 0.
Submissions without your name stated above earn a 0.
Submissions with the original questions and/or formatting removed from the file earn a 0.
Submissions without adequate references or acknowledgements will earn a discounted grade, potentially a 0.
Submissions that I cannot open or require a password will earn a 0.
Second chances might be requested at any time through D2L email, and are awarded at the sole discretion of the instructor.

Managing IT Risks, HCI and Human Factors (Ergonomics)

Being successful in this course requires you to review, evaluate, and manage IT risks. Also, mastering and using fundamentals of human computer interaction (HCI) and human factors are key capabilities in successfully managing IT. This exercise intends to aid you in doing so.

Readings for this assignment:
Selected readings on the web covered in the Readings Read Me

Actions/Deliverables for this assignment:
Read as per above
Research what you read
Respond to this assignment within the file (leaving all questions and formatting intact) and save as pdf, please completing:
Required: Q1, Q2 Q3 (25 Points each) and Q4 (20 Points) and Q5 (5 Points) for a total 100 Points
Deliverable: Upload your response using the A3 Assignment Folder in D2L
Deliverable: Make entries on the Module 3 Discussion
Deliverable: Cite all references and indicate which method used at the end of the file.

Q1 Required- 25 Points) We all know IT risk informally, but it not easy to explicitly define IT risk. Wikipedia (http://en.wikipedia.org/wiki/IT_risk) [1] has an article devoted to IT Risk, which clarifies many of the new facets of risk that have been introduced by IT.

Imagine that you are an IT manager in a medium-size organization with 200 IT professionals. The CIO has asked you to develop a presentation covering the “top 10 things the IT professional needs to know about IT risk.”

Utilizing our course materials and other, solid sources from the web and library, and other course materials you have studied, develop a set of notated presentation slides that cover what your CIO wants. Hint: Start by defining risk and distinguishing it from (the definition of) IT risk. Cite your sources.

Please submit a power point slide set in the assignment folder with this is submission

Q2 Required- 25 Points) Imagine that you have just been promoted to IT manager within a 500-seat call center [2], which falls in the category of managing the delivery of an IT service. You got the promotion because the manager before you was fired because of overly restrictive password policies that led to many passwords being written on easily findable notes. The cleaning staff sold the passwords on the web and the consequent “clean-up” is at $250,000 and mounting. The manager, cleaning staff, and 37 call center reps were fired. The best rep for the past 5 years was one of the fired and had written on a note underneath the keyboard the unique system-generated passwords to the five most important systems in order to provide the best and quickest service possible. The CIO was most unhappy that rep had to be let go and blamed the former manager for causing it.

You have just met with the CIO. She has asked you to spend the next week investigating the situation and make some recommendations for passwords and password policies in the call center. She insists that you incorporate “good human factors” in them. She also asks you to specifically address four questions for delivery of IT as being critical to success:
Are adequate confidentiality, integrity and availability in place for information security?
Does IT support business priorities, and business/IT strategy to create value for the business?
Do the IT systems operate with good quality at minimal cost and provide support for a great “customer experience?”
Is the organization’s workforce able to use the IT systems productively and safely to provide callers with a great “customer experience?”

You first do a search on “human factors passwords” and discover some good and trustable sources from, e.g., the FAA [3] and Human Factors International [4]. You then investigate the security breach incident and discover the call center personnel use 57 different systems and the IT manager had initiated a new policy that each month each user would be given a new 9-random-character password generated by the system unique to each of the systems. That it was “only” 9 characters (instead of 16 or 20) was a concession made by the former IT manager to allow “easy” memorization. By policy, the reps were required to summon a manager to get any password, if they could not remember it, that is, they could not write any passwords down. They were paid for quicker and accurate performance (to support a great “customer experience”); but, summoning the manager often added over 5 minutes to the call. Your last discussion on the matter is with the call center’s business process owner who tells you the top business priority is the customer’s call “experience” as the call center handles sales and service calls for top-end online merchants and they want to have every customer have noticeably “better” buying experiences.

Within 1 or 2 pages, develop a set of recommendations for passwords that will lead the call center to have positive answers to the CIO’s questions:

Q3 Required- 20 Points) Do a web search to locate risk management tools appropriate for the IT manager. To get you started, the NIST has a rich set of free tools available on the web, e.g., http://csrc.nist.gov/index.html and many of these have general IT management applicability. Here is a list of NIST resources applicable to managing IT risk of government systems:

Home page:

https://csrc.nist.gov/projects/risk-management/risk-management-framework-(rmf)-overview

Framework slides:

https://csrc.nist.gov/csrc/media/projects/risk-management/documents/ppt/risk-management-framework-2009.pdf

Federal Information Processing Standards (FIPS):

https://www.nist.gov/itl/publications-0/federal-information-processing-standards-fips

Online Course- Applying the Risk Management Framework to (Federal Information) Systems:

https://csrc.nist.gov/projects/risk-management/rmf-training

Risk Management Framework- FAQs, Quick Start Guides, etc.

https://csrc.nist.gov/projects/risk-management/risk-management-framework-quick-start-guides

Add these tools to your IT Manager Toolkit and as appropriate share tools on the D2L Toolkit discussion topic. Answer these questions for each tool you want to include:

How is the tool accessed?
How is the tool used?
What is the value of the tool for the IT manager?
General comments on the tool:

Please submit your answers here and in the Discussion Toolkit area. Please reply to one peer

Q4 Required- 20 Points) Two years have passed since you successfully solved the problem described in questions 2 through 4. The organization is considering building a new call center. The CIO remembers the good job you did on the human factors of passwords. She now has asked you to investigate the ergonomic layout of the call center reps new workspaces. Of course you agree and do a web search on ergonomic workspace design. Of the trustable sources, you find a web tool for workspace design and ergonomics from OSHA [5] useful, http://www.osha.gov/SLTC/etools/computerworkstations/. You also realize that the call center director will be retiring right after the completion of the new call center and that the CIO is hinting you are on the list as a possible replacement (a big promotion for you). Do so in 1 to 2 pages.

Q5 Required- 10 Points): Complete D2L Discussion Posting:
Using your answers to the questions above, review and summarize your ideas about IT risk management and the role of human factors in doing so.
Record your answers here.
Also, enter your answers on the Module 3 Discussion and reply to one peer.

Sources and works used in completing this exercise:
http://en.wikipedia.org/wiki/IT_risk provided the definition of IT risk and was retrieved on 28 April 2013.
http://en.wikipedia.org/wiki/Call_centre does a good job of describing what a call center is all about and was retrieved on 28 April 2013.
FAA http://hf.tc.faa.gov/publications/2006-human-factors-considerations-for-passwords/full_text.pdf provided the definition of management of information technology and was retrieved on 19 December 2018.
http://www.osha.gov/SLTC/etools/computerworkstations/ presents design advice on workspaces suitable for call centers. It was retrieved on 27 April 2013.
Required: Please add your list of sources.
Required: Please complete the following:
___ I did not use any method of citation (maximum B on the assignment).
___ I used the ACM approach and have cited my references as I went in the text and also listed them at the end.
___ I used the APA approach and have cited my references as I went in the text and also listed them at the end.
___ I used the MLA approach and have cited my references as I went in the text and also listed them at the end.

Required: Acknowledgements of people and discussions used in completing this exercise: