Harvard Business Review Competitive Forces Paper Essay

Harvard Business Review Competitive Forces Paper - Essay Example However, the risks can be translated to a competitive advantage (Porter, 2008). Areas where IT represents a risk to company’s competitive advantage Physical threats Physical threats arise from damage of company servers and other IT resources e.g. by fire, theft and floods. It may also happen as a result of unauthorized access of information by malicious employees. Electronic threats Such risks when they materialize aim at compromising the information security of a company. They come in the following ways: virus attacks e.g. luv bug and Melissa viruses; attach by black hat hackers who are usually malicious and crack your IT system hoping to gain something out of the information; fraudulent emails and websites. These threats can cause fraudulent transactions. The staff also misuses organizations emails and web. Organizations bandwidth can also be misused by Staff who performs peer-to-peer file transfer and sharing. Failure to update or configure the organization's software usual ly brings about these types of threats. Technical failure Occur when a hardware device ceases to function or some of its components get damaged. In some instances, it occurs when a software bug is introduced to the system or shows up due implementation errors. This failure can occur due to large, complex systems which are unstable and are frequently maintained and updated. Infrastructural failure Occurs when network and power outages occur and one cannot access the internet. These will definitely interrupt the business process and valuable transactions might be missed out. A company may have an Uninterrupted Power Supply, but in other cases, they seem to fail. Human error These happen when an employee fails to adhere or to be keen to IT stipulated policies and procedures or when an employee accidentally deletes important business data. Specific areas in which IT may support or promote a company’s competitive advantage Know the IT environment/estate In order to manage risks, a company needs to know all its IT assets. It needs to know how many servers are there, how many PCs per department, the applications running on the servers and client PCs. The company should also keep track of who uses which IT asset, who manages the assets, supports the systems, the data stored and processed in servers and machines, the workflow of the processes e.tc. A company might rate the importance of an asset by the data they store the liability which can be got when the data gets mishandled. Companies also have tools which track the assets even by the person who uses it and can even happen in real time, but the most important thing is arranging the assets in groupings which are organized e.g. as a business unit, data center product line. It can be put in any grouping which allows the analysts to do their job without too much consultation or up and down movements. A manager may want to view analysis reports or an auditor may want to view compliance reports. Identifying risks and policies The organization needs to identify the risks which are a likely and their probabilities. It should also identify the policies which can be utilized in managing risks. The starting point is identifying the operational policy controls which are usually under the company’s IT Governance and risk compliance (GTC) program. The operational controls standards used