Money and IT Security : Things You Don’t Want to Lose

Photo courtesy of

Would you entrust your hard-earned money to someone you barely know or just met? The classic answer to this question is of course a “No”. No, simply because of the lack of bond and trust with the other person. And another reason could be that, you can already keep and protect your money on your own.

But with today’s environment and business landscape, a “Yes” as an option is not bad at all. Yes, I will entrust my money to that someone/something provided he or she or it has the expertise and tools to safeguard my money at all cost or even make my money grow. I also believe that this is one motivation why we make use of banks.

We deposit our hard earned money in banks for security and the additional benefit in the form of interests earned. Banks, in my opinion can be compared to that third party known as outsourcing company – a company that provides services that could be provided by company employees, as according to George W. Reynolds (2010), as in this case, we ourselves.

IT security in a company can be compared to our hard-earned money. As much as we want to just keep our money to ourselves, there are times the company needs an extra push to see to it that all integral data, information and information systems and processes are secured which most of the time, the company alone cannot do or is more costly and skills intensive when a company does it.

However, just as our hard-earned money when put in a bank is exposed to various risks such as interest/market risks and the like, various issues are also involved when IT security is outsourced. The following, I believe, are the primary questions the management should ask themselves and should be answered by a “YES” when outsourcing IT security is taken into account:

  1. Don’t we have the expertise and facility to do it on our own?
  2. Is this strategy cost efficient?
  3. Do we know a reputable and trusted company to do this for us?
  4. Can we ensure that information technology security is not compromised?

When IT security is outsourced, the answer to question no. 4 is very vital. Just like in banks, confidential information are safeguarded by policies and protocols indicated in documents signed by the depositors/clients. In question no. 4, yes, we can ensure that information security is not compromised. How? By creating stipulations in our service level agreement that warrants exploitation of systems and all company information.  The SLA pertaining to this section should include clauses similar to the following:

  1. Right of the company to terminate the contract anytime when any of the following is leaked and and/or compromised and/or exploited:
    • Company information such as strategies, processes, information systems, employee data and/or any other data or information deemed by the company as confidential
  2. Fine amounting to for example, the total contract price plus 50% of the total contract price
  3. Case to be filed by the company legal counsel when such situation arise
  4. The contract will not be allowed for subcontracting
  5. The project will be headed by the selected project manager of the company in partnership with the selected project manager of the outsourcing company
  6. The project team members will be composed of the top performing employees of good character and the like

When IT security is outsourced, vigilance of each of the employees and managers is also necessary. On the spot audits can also be done just to see to it that everything is in order. Just as what we do, we do balance inquiries of our bank accounts for our own internal control.

Yes our hard-earned money and IT security on the onset may seem very different but when you look at it closely, similarities do exist. One thing is for sure, they are the things we and the company don’t want to lose.






Management Skills and Decision Making

Every company that envisions to be the best in a particular industry can only do so much with information technology and system in its daily operations. Thus, every company is faced with complex information system (IS) decisions that should be addressed properly. One of the keys in this decision making process are the managers in the company. For them to actively participate in information system decision making, managers must possess certain skills.

We have learned many skills manager must possess in order to effectively run an organization in Management. With these various skills, I believe that conceptual skills, interpersonal skills and diagnostic skills are the most important ones when managers are to deal with IS decision making.

Conceptual, Interpersonal and Diagnostic Skills

Photo by


Conceptual skills are used in analyzing complex situations in the company. It also allows a manager to visualize work interrelationships in an organization. IS decision making is indeed one of the most complex task a manager will take on. Having the conceptual skills will enable a manager to anticipate impact of chosen option such as an upgrade in the company system, to the overall operation of the company. Specifically, a manager can also determine if a particular project, may it be an IS investment and the like is a fit to the company’s goal and objective.

A manager should also possess interpersonal skills. This is necessary such that IS decision making entails interaction with individuals having different positions in the organization and intentions/cause on why a certain option should be chosen. As a manager, this set of skills will enable him/her to effectively handle relationships and conflicts when they arise.

Lastly, diagnostic skills are also necessary such that it enables a manager to picture out the most appropriate response to a situation. For example, a company’s information system can be one of the most vulnerable to threat and system disruption. When these arise, a manager should have the diagnostic skills so he/she can easily lead the team on how to react appropriately to the situation. Should the company let go of the old system because it shows sign of deterioration, or should it be appropriate to devise a contingency plan and action when this happens?

Conceptual skills, interpersonal skills and diagnostic skills are for me the most handy skills a manager should posses may these be pertaining to IS decisions or even other tasks and responsibilities in the organization. But there are certainly other skills that may also be deemed important too. How about you? What do you think?

IT and ME

Two years of working in the retail lending industry and my computer has become my understanding partner, the local network as my supply of oxygen and the various systems at work as the extension of my brain.

I am currently working as a marketing staff in a financial institution specifically in its retail lending segment. My work basically caters the needs of businessmen/entrepreneurs for additional funds may they be existing businesses or new ones. This line of work basically has IT at its core.

A typical day at the office

I spend my entire 8-12 hours a day at the office. My day starts by logging on the employee attendance site where I would punch in my time of arrival at work then, by opening my computer and blasting in my emails for urgent transactions usually from colleagues, clients and bosses. These would take me around 2-3 hours depending on the transaction being processed. Here, I would usually make use of various integrated systems and online databases usually having the necessary information such as client’s accounts and more. The rest of my day runs on e-approvals to and from bosses. Power interruptions, systems offline, and network errors should not be in our vocabulary as these impede transactions and make us of no use.

Values in a box

Being mindful and cautious have been inculcated in me since working in the industry. A mistake will cause not only your time but the smooth flow of work from one department to another since these are all integrated. Having the integrity, sense of responsibility and likewise honesty are also essential since all actions using the systems are closely monitored and information confidentiality is a mandate.

To wrap it up: IT while at work is definitely why I can work and how we do work.