Need Assessment

Need Assessment

A needs assessment is a process that is used to determine if and what type of training is necessary. Before a training content is developed, a need assessment is required in “analyzing the organization’s needs; the knowledge, skills, and abilities needed to perform the job; and the person or jobholder’s needs." Ivancevich, J., & Konopaske, R., (2012).

A need assessment is conducted for the following rational according to the research done by Brown Judith, in her research titled Training Needs and Assessment. She lists the following:

            1 To identify specific problem areas in the organization

            2 To obtain management support

            3 To develop data for evaluation

            4. To determine the costs and benefits of training.

1. To specific problem areas in the organization; Identifying a specific problem in an organization gives the management team an insight into the best type of training to counter that problem. " Any gap between what is expected and actual results suggest a need for training (Ivancevich, 2012).

We must also take into account the Knowledge, Skills, and Abilities (K, S, A ) needed to perform the job (Ivancevich,2012). The employee's need also must also be put into consideration when a need assessment is being drafted (Ivancevich, 2012).

2. To obtain management support; Most management is in support of training, top management "usually thinks training is a “nice thing to do” Brown, J., (n.d). "The way to obtain management support is to make certain that the training directly affects what happens in that manager’s department"(Brown pa.03, para.03). Management is more willing to go along with training if HR can show that training will lead to an improvement in job performance.

3. To develop data for evaluation; Need assessment data can be used by management to evaluate the effectiveness of the training program. Also, the evaluation can serve as a reference point for future training programs.

4. To Determine the cost and benefits of training; A cost and benefit analysis can be developed from training conducted.  "A thorough needs assessment that identifies the problems and performance deficiencies, allows management to put a cost factor on the training needs". This ensures that resources are properly allocated based on the priority of the need.

Comparing recommended practices outlined in the NIST documents and drawbacks

Whitman, in his book, (Management of Information Security), sees Security best practice as "efforts that seek to provide a superior level of performance in the protection of information”. The Federal agency best security practices recommend a high-level procedure for Audit trails to track user activity  also, the Sample Generic Policy. The NIST further recommended controls to protect against viruses (Data Integrity) and how the incidents are responded to using for instance the Agency Computer Incident Response Guide or Computer Virus Incident Response form.

In real life application of these Best Security Practice (BSP), an article on Znet by Ken Hess recommended these Best Security practice which full in line with the NIST BSP. In the article, he listed 10 security best practices, which includes: Data Encryption, Data certification, Data Auditing, Removable Media Policy, Malware Security, Spam filter, end point security solution, Security patches maintenance and User Education. When compared to the NIST BSP, there are a lot of similarities. The NIST Best Security Practice can be seen as a "Rule of Thumb" to an information security expert looking to setup a good security policy for his/her firm.

 Five drawbacks to adopting the recommended practices for a typical business.

Some of the disadvantages of FASPs include

1. Data loss occasioned by frequent editing of data during Audit trail

2. Most analysis and data on Data security in the Data integrity section of the FASPs are old and needs update as new viruses are popping up.

3. The FASPs documents are too complex for a layman to understand.

4. Under the Logical Access control, unauthorized access can cause a devastating effects as the systems can become subjected to malicious activities.

5. There’s potential for conflict of interest occasioned with the signing on of a risk analysis to perform a risk assessment and lastly, Security Awareness, Training and Education is less effective when the organization is less security aware.

References

NIST Web Archive, (2015). FASP archive. Retrieved from: http://csrc.nist.gov/groups/SMA/fasp/archive.html

Responsible use of Wireless/LAN Technology Policy

This document is intended for internal use only.

OMA Technology is an ISP provider with the mission of providing high quality and affordable internet service to its constituents.

Scope

The policy stated in this document is intended for the safe use of OMA Wireless Technologies. The policy addresses the safe use of the company's hardware, software, and protocols associated with WLANs. This document is intended for authorized users within OMA Technologies only. This document is not meant for external consumption. Authorized users are defined as anyone with granted access to OMA Technologies infrastructures.

Policy

The use of devices including laptops, Smartphones, Flash drive are permitted, are allowed with prior approval from management to use such device within the facility of OMA Technologies. Internet access is restricted to job use only; any personal use is not permitted. First trade retains the right to access any data transmitted within its network. Any private use of OMA internet service must be approved before such use. Use of non-standard devices including hardware, software and protocols are strictly forbidden by OMA Technologies. Accessing unauthorized websites, emails, downloading, copying or pirating software and electronic files that are copyrighted or without authorization is extremely prohibited.  In the event of inappropriate use of OMA wireless technologies, OMA reserves the right to take whatever steps necessary for the particular situation including, but not limited to, termination of employment and legal action.

Disclaimer

OMA assumes no liability for unauthorized acts that violate legal local, states or federal laws. In the event of such laws being violated, OMA holds the right to terminate its relationship with such employee or violator and will provide no legal assistance in such instances.

EMPLOYEE ACKNOWLEDGEMENT FORM

I have received, read and understand the Information Security Policy. I understand that it is my responsibility to comply with it.

Printed name: ___________________________________________

Signature:  _____________________________________________

Date: __________________________________________________

References

GFI Software, (2016). Sample of internet usage policy. Retrieved from: http://www.gfi.com/pages/sample-internet-usage-policy

Whitman, E., & Mattord, J., (2010). Management of Information Security (Page 183). Cengage Textbook. Kindle Edition.

IT contingency Planning

The Special publication on IT contingency Planning mainly focuses on the methodology of creating a good contingency plan in the eventuality of a Risk. IT contingency plan in term of Risk Management has two vital functions, which are identifying the threats and vulnerability of the system so as a proper control of the Risk will be in place and Identifying Residue Risk for which contingency plan must also be in place. 

Contingency planning is seen as an element of Risk Management. A risk assessment identifies the system vulnerability to attack which necessitates a proper assignment of a Risk level; Either high, Medium, or Low. The publication found that there is a strong correlation between IT system and Business process it supports.  A proper coordination between plans is necessary to fine tune the Planning process with the Firms' business strategy.

Contingency Planning involves; Business Continuing Planning (BCP); which keeps the company in operations after an event or disaster. Continuity of Operations Plan; which focuses on restoring the organizational operations. IT Contingency Plan, Crisis Communication Plan; which deals with effective and efficient mode of communication after a crisis, Disaster Recovery plan and Occupant Emergency Plan.

The publication also investigated system architecture and line of succession. The organization's line of succession deals with reorganizing t decision-making hierarchy in the event of a crisis.

The Ashley Madison Security Breach

The now infamous Ashley Madison website has had a successful run at helping its clientele be disloyal. So perhaps some would view it as poetic justice if the website became one of the most scandalous breaches in history at the hands of one of its own

After thorough "IT security analyst John McAfee, who noted recently, "yes, it is true." The website was not hacked by an outsider but rather by an insider.  The article stated that there is a strong indication that the website data were stolen. There has always been strong believe by organizations that most threats to security are external, though empirical evidence has always supported the fact that most attacks to security are from sources outside the firm's immediate environment. In most cases, external attacks are motivated by the desire to profit from either by selling the information in the black market or by blackmailing the firm.

The article focuses on new trends of threats either by disgruntled, unsatisfied or disengaged employees in stealing sensitive data from their employers. Furthermore, the article also gave another instant "where four former Gillette Company employees", where accused of disclosing confidential information and trade secrets to direct competitor. The trend shows that more and more firms are subjective to an insider attack.

In many cases, when we talk insider threat, the person may no longer be with the company – so if you add that piece to the definition you can see why it becomes pretty big; much bigger than people probably think about

More attention is being paid to activities within the organization; from negligence employees to suspicious activities y employees. In retrospect, to mitigate against security breach from employees, the articles noted that changes in employee behavior could be a good pointer in spotting a potential rogue employee.

References

Weldon, D., (2015). Are your biggest security threats on the inside? Retrieved from:

http://www.cio.com/article/2985790/security/are-your-biggest-security-threats-on-the-inside.html

Determining a firm's Profitability Margin. The case for United Hub at Dulles.

The primary reason a firm is in business is to get a return on investment (profit). A company makes a profit when marginal cost equals marginal revenue. A firm is at lost where the Short-run/ long-run marginal revenue is below average cost. At a price where marginal revenue is equal to marginal cost or above, the firm is in Economic profit.  In this case study, it can be concluded that United Airline is operating in the market under oligopoly; "where a small number of firm constitute the market"(Brickley, Smith, & Zimmerman, J., 2016).

 To see why a company will remain in a market where marginal cost is not equal to marginal revenue or "where the price of the product is insufficient to cover the average variable cost, we approach it from the theory of Future Demand. Future Demand is the anticipation or the forecasting of future sales of company's product. We can see that firms will sometimes anticipate future demand for a product but not at the present (Brickley, 2016). During the period,  we assume the firm is operating just above break-even point.

Furthermore, firms sometimes uses Incumbent advantage (Brickley, 2016) in the market. In the short-run, the firm is not so concerned about the present price of its product in the market; it is more concerned with the long-run return on investment. All these tools are used by firms in the hope that when demand increases, they would have passed the learning curve stage in the market. This can be well explained by the research conducted by Vinay Bhaskara in 2015;

Over time, we expect United’s hub at Dulles (Washington) to converge on an international O&D focused operation with service to key business domestic destinations to retain corporate contracts dependent on DC and offer some feed for the international routes. In other words, United’s Dulles operation will look a lot like that of the new American at New York JFK. This does mean that the small cities – Charleston, Albany, Columbia, Charlottesville, Greensboro, and the like – will likely be dropped (Vinay B., 2015).

In retrospect, it will be advantageous for United to remain in Washington DC Dulle Hub. The prospect of raise in demand for flights from Washington DC is bound to increase, and United Airlines will be at the forefront of other Airline in capturing the market since it already has a presence and does not have the issue of a new entrance to the market. Furthermore, if United relinquish the market, the cost of entry when the market demand increases might be too high. As long as the Total marginal revenue is above Total average cost, United should remain in the market.

References

Braskara, V. (2015). Analysis: What does the future hold for United at Washington Dulles? Retrieved from: http://airwaysnews.com/blog/2015/12/01/analysis-what-does-the-future-hold-for-united-at-washington-dulles/

Brickley, J., Smith, C., & Zimmerman, J. (2016). Managerial economics and organizational architecture (6th ed.). New York: McGraw Hill/Irwin

MEGAMIKEJR (2013).  Airline Costs and Expenses. Retrieved from: http://megamikejr.com/blog/business/airline-costs-and-expenses/

The blur line between decentralization and efficiency

It is imperative to stress that for a firm to succeed, it has to abide by the tenet of a market system. Human want are insatiable hence, the need for firms to meet demand with supply is necessary for the growth and sustainability of the firm. Also, for the firm to enjoy returns earnings on investment, Market system are better than Central Planning. With the world tending towards full globalization, most Centrally planned economic/ firm are playing catch up to firm operating a market economy.

 For instant, there is low motivation regarding setting innovated ideas in motion due to bureaucracy associated with Centrally planned firm. Moreover, there are bound to be shortages or surplus of supply due to lack of free market prices that set quantity to be produced, who the target demographics are and how much of the products will be demanded to avoid over saturation of supply. A firm operating under Centrally Planned economy faces the threat of Economic Darwinism. In this case, the firm is forced out of the market by more efficient competitor.

References

Brickley, J., S., & Zimmerman, J., (2016). Management Economics and organizational architecture. 6th edition.