Labels

Example of project/change management

 Example of project/change management

Scenario

    You have had a permanent position at the ITS department at NMIT for around a year, within firewall configuration and maintenance. You are therefore already familiar with the procedures and the structure of the department. You are now approached by your team leader because the ITS department is planning to implement a new firewall product, and he knows that you know something about governance and management frameworks. Therefore, you would be a potential manager candidate for the project. As you already know your team leader, and he knows that you master the tasks you are doing presently, the interview is not a job interview, and you don’t have to worry about losing your present position. But you would obviously like to advance your career and convince him about your capabilities.
 

  1.  Initiating the project

                What would your initial approach be to get an overview of the scenario?
 
 
    First of all the  I should  have good knowledge about the existing firewall and what are the befits what are the drawbacks. The next step would be to do a market research about the firewalls what are the firewalls that are in market can i update the existing firewall with new features what are the new option that I can get form purchasing a new firewall are they providing Training (Some firewall give few certification if you perches  the firewall ). Moreover According to the governance and management frameworks I have to check the The five domains of IT governance

Value of Delivery 

     Integrating this systems that organizations use to provide value for their stakeholders. Organizations exist to provide value and benefits to stakeholders. I have to think that which stake holders will benefits from this for Instance Some projects serve external stakeholders, and some serve internal stakeholders. And it's the same with programs and portfolios. In fact, I could say that operations, projects, programs, and portfolios all exist to deliver value, and that together, they provide a value delivery system.
 

Strategic alignment  

    Alignment is the process of linking together the organization's strategic goals with the goals of each individual in the organization. I should have and  understand which of the strategic goals that I’m supporting and how my own activities help the organization to be successful by implementing this Firewall.
 

Performance management 

    Performance management is a systematic and ongoing process, and it should be tied to organizational goals. Consider to organization's strategy. For instance  What are the issues in Existing Firewall? Does the finance  department have a budget for the firewall? Is it going to compatible with the existing systems? After installing this fire the performance will increases? I have work in partnership with discussing these things with  leaders and managers to get  answers for these types of questions. Other thing is  the first step is to understand how this is going to affect for job competencies fit into the organizational vision and strategic goals. I will do that by conducting a job analysis. Once I spend time understanding each job, I can understand its value and how it plays a part in organizational goals.


Resource management 

    Plan resource management falls under the planning process group, and tells how to estimate, acquire, develop, manage, and control the resources that I received. It provides the per-approved financial resources that are available for the project. This might influence the resources that are acquired for the project such as Racks Cables etc.. One other key input is the quality management plan. It details the resources needed to maintain the defined level of quality set for the project. For example Which brand cables I’m going to use what kind of connection ADSL Fibre or ILL. 
 
     Next are the project schedule and requirements documentation. These show the different types of resources required for the project and when they're needed. The risk and stakeholder registers should also be reviewed since they might impact resources.  The other inputs are the Enterprise Environment Factor EEFs and the  Organization Process Assets OPAs. The first main tool and technique for this process is data representation or hierarchical charts, which are generally done in a top-down format. Such as resource breakdown structure or RBS, like this one that shows resources needed for the project. In this case, it's internal resources.
 

Risk management

     Risk management is the process of systematically analysing potential responses to each risk and implementing strategies to control those risks appropriately. No matter what type of risk that are managing, there are five basic options for addressing the situation. Can perform  
 
  • Risk avoidance.
  • Risk transference.
  • Risk mitigation.
  • Risk acceptance.
  • Risk deterrence. 
 
When you avoid a risk, you change your organization's business practices so that you are no longer in a position where that risk can affect your business.
 

Risk avoidance strategy 

For that risk, we might close some port (3389) avoid controlling machine remotely

 

Risk Transference

    A  attempts to shift the impact of a risk from your organization to another organization. Such as an insurance policy. NMIT can considering the purchase of cyber liability insurance to protect against the financial damage caused by hackers and identity theft. 


Risk mitigation

     Risk mitigation takes actions designed to reduce the likelihood and/or impact of a risk. Mitigate the risk of machines I can suggest the enable Windows firewall as well apart from the firewall that is protecting the whole Network.
 
 

Risk acceptance

    Risk acceptance must include explicitly accepting the risk to organizational operations and assets, individuals, other organizations, and based upon the implementation of an agreed-upon set of security controls. 
For Example there are Two Option that we can do One is we can update the Existing Firewall license and get some new features for the same firewall. Other Option is Purchasing the whole new System with lot of new feature cost vice it is expensive.
 
 

Risk deterrence 

     Risk deterrence  Think about the risk of physical intrusion however, there are many ways that it can deter an effect. Control the access for the Server Room. Add security camera ,Add fingerprint for door, Add locks to server racks etc..
 
 
 
 
By using these methods I will get an initial approach to get an overview task that I have been allocated. 




REFERENCES
 
 
Board Involvement With IT Governance. (n.d.). ISACA. Retrieved November 15, 2020, from https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2016/board-involvement-with-it-governance
Five Steps for Effective Auditing of IT Risk Management. (n.d.). ISACA. Retrieved November 15, 2020, from https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2019/volume-15/five-steps-for-effective-auditing-of-it-risk-management
How Boards Realise IT Governance Transparency: A Study Into Current Practice of the COBIT EDM05 Process. (n.d.). ISACA. Retrieved November 15, 2020, from https://www.isaca.org/resources/isaca-journal/issues/2016/volume-3/how-boards-realise-it-governance-transparency-a-study-into-current-practice-of-the-cobit-edm05-proce
The Sheer Gravity of Underestimating Culture as an IT Governance Risk. (n.d.). ISACA. Retrieved November 15, 2020, from https://www.isaca.org/resources/isaca-journal/issues/2019/volume-3/the-sheer-gravity-of-underestimating-culture-as-an-it-governance-risk
What is IT Governance? Definition & Best Practices. (n.d.). Retrieved November 15, 2020, from https://itgovernance.co.uk/it_governance
 
 
 
 
 



Labels:

Comments

Post a Comment

Popular Posts