Decision to Perform an Acquisition Is Heavily

¶ … decision to perform an acquisition is heavily influenced by how it relates to the strategic business goals of an organization. Explain why you think the acquisition could potentially supports the strategic business goals of your organization

The decision to perform an acquisition must be approached precisely as though one were planning f or a military campaign. In a military campaign, the success of the battle depends on the initial planning and input. The better this is done, the greater and more effective will be results, and the strategist will, hopefully, win his battle.

A similar situation exists with the influence of action on the strategic business goals of an organization. Cost overruns, schedule slips, and performance shortfalls can all be seen as potential obstacle that can stand in the way of achieving optimum strategic success. The person performing an acquisition has to start off with a clear idea of IT risks entailed and what he can do to prevent these. He must know his program-specific risks, and formulate a strategy to hence his ability of avoiding these risk in the ever-changing world of his strategic deployment and program environment.

The acquisition has to be well and thoroughly planned out beforehand before decisions are made. If the basics are secure and in place, subsequent business strategy is likely to be more smooth-running since it will be devoid of problems of data leakage and other complications that may have ensured without the previously required planning that should have gone into the system.

The decision-making that needs to go into acquiring an acquisition consists of the following:

Quality

• Cost

• Schedule

• Performance

• Supportability

Given that each of these factors are thoroughly looked into, assessed, and worked out, the person's IT system will be expected to work in a reliable, cost-effective, and problem-free manner preventing future problem that may have otherwise been evoked. This helps him actualize his projects in a more effective manner better satisfying his clients, holding the organization more effectively together, and achieving timely and quality-rich collaboration hat is free from IT errors.

Care taken into acquisition prevents deficiency creeping into the system that will affect the work later on.

Deficiency may include incorrect terms, repetitive terms or erroneous information. Deficiencies may also impede safety and security of data.

There are cost-related deficiencies too where the cost of system acquisition is insufficiently worked out resulting in the system accruing further costs later on. This can impact strategy since the business may be having to be involved in the constant expense of investing more money into the system than it could, in actuality afford.

Furthermore, deficiencies in system may necessitate revamping of system later on. This distracts the organization form moving forward with their business concerns as well as involving a huge amount of time in unnecessary matters that could have -- and should have -- been dealt with a long time ago.

In other words, faulty and deficient acquisition planning may likely have adverse effects on the organization's strategy in more ways than one.

Acquisition strategy has been described as a master plan, a road map, a blue print, and a plan-to plan-by to achieve program goals and objectives (GSAM Version 3.0). The more carefully and scrupulously thought out the strategy, the more smooth running and lest fault-free the subsequent strategy will be. All major software development strategies have the possibility of failure. The planning of the software acquisition has the potential of reducing potential software risk. It serves a guide for planning and controlling the program and foreseeing as well as attempting to prevent future problems. It also serves as a framework for integrating functional activities that are important for the whole operating system not just for the pieces of hardware or software themselves. In short, awareness and knowledge of one's future strategic goals should be implemented into the acquisition process so that carefully and mindfully planned, the acquisition stage guides and supports the strategic business goals of the organization.

Question 2. Risk analysis is a critical part of the acquisition process and is often not done very well. Looking back at the risks you identified, which ones do you believe would be most likely to be identified and accurately measured and which ones either less likely to be identified at all or measured correctly. Explain why

The ones that I believe would be most likely identified and accurately measured were the following:

1. Problems with technical security namely:

Communications (e.g., dial-in, system interconnection, routers)

• Cryptography

• Discretionary access control

• Identification and authentication

• Intrusion detection

• Object reuse

• System audit

2. Possible problems with operational security, namely:

Control of air-borne contaminants (smoke, dust, chemicals)

• Controls to ensure the quality of the electrical power supply

• Data media access and disposal

• External data distribution and labeling

• Facility protection (e.g., computer room, data center, office)

• Humidity control

• Temperature control

• Workstations, laptops, and stand-alone personal computers (NIST)

I also believe that risk associated with management security -- namely maintenance and uptake of system -- would be identified and measured correctly.

I was less sure about the unpredictable risks such as terrorist's attacks since one never knows about external events that can happen to an organization. However, we had conducted contingency planning of such n eventuality. Other natural events, given our geographical locality, I was quite sure would not occur to us (for instance, hurricanes and earthquakes).

Hacking is a situation that I could not get my finger around. We could do the best to prevent it, but absolute security precautions can never be fully guaranteed.

Again, I was well-aware that some of the potential vulnerabilities may not represent real vulnerabilities in the context of the system environment therefore some threats that I may consider to be so may not be so in reality, and, equally significant, I may overlook threats that are actually so. This is due to the fact that we often go for threats that we expect form previous experience and reading on the subject (or hearsay) to befall us. We do not think of threats that we are less familiar with or less apt to hear about.

We may secondly also be over-confident that our organization is immune from such risk. The ITRB, f or instance observes that "A surprisingly large number of organizations still fail to implement basic, widely recommended security measures to defend against the tidal wave of cyber-attacks originating from the Internet. " Being that cyber-attacks have, unfortunately, become common it is surprising that the quantity of organizations that neglect the problem is so large.