Writing a paper-need problems in the IT field

Basically my entire English Comp. II class revolves around writing a paper discussing a problem in my field of study. Here's the prompt:

A first step toward completing the Final Project is to choose a topic, and then form research questions. You will be developing a solution to a problem that exists in your program or field of study. For instance, if you are studying nursing, you might discuss a specific problem in that field (such as shortages, long hours, or other things of this nature).

Click to expand...

My program is Information Technology, with concentrations in both Network Management and Security. Considering that I don't actually work in the field, I really have no idea what types of specific problems there are. Well, I know that end-users are (largely) tech illiterate and sometimes even screw things up with step-by-step instructions. I really don't feel like developing a solution to that I'd appreciate suggestions of common problems related to the industry, and maybe a little background/explanation where necessary.

I'm not an IT tech (though I did that w/H&R Block one tax season) but one big issue is outsourcing overseas. Not only is outsourcing itself often a problem, because updates are slow in coming and sometimes the knowledge of a particular platform isn't there, but outsourcing overseas often leads to communications problems between the customer and the technician. Something you might want to look into..


PS
Locally in KC, Road Runner tried this and it lasted about 6 months before they were getting so many complaints they tried something else. Now they have a national center in TN, I think, instead of the local offices handling their own issues.

Security is valuable, but also expensive and potentially the hardest subject to get money for because of it's cost and no immediate return to the end users.

Persuading management to invest in security can be like pulling teeth. Some prefer to panic and throw money at the problem AFTER the fact, instead of before. Or they use history as a deterrent with the ol "Well it hasn't happened to us yet, so why bother?" line.

And the payoff never occurs until an admin can tell his boss "We blocked X amount of attacks today" or "The systems were breached, but thanks to our prior investments, we were able to react in a timely manner and ensure no confidential information was compromised." It's new technology/toys that ONLY the IT staff get to utilize, so only they see the direct benefit.

The other issue with security is teaching and enforcing security awareness to end users. Securing time to host classes or the blessings to enact policies requiring signatures is also a chore. Then the obvious, worrying about everyone else playing their part.

I think those are 2 great subjects you can dive into. Maintaining security at the technology level......and at the human level.

Branching off on Steve here...

Its an issue to get management to invest in anything IT, let alone security.

Hardware ages, and most shops are always in break-fix mode, instead of keeping on top of things mode.

As far as teaching users about security, I had to explain to someone why I couldn't make a label with a user name and password to our information system and put it on the monitor. This is just an example from today.

One of the larger issues security-wise that some firms struggle with is data ownership. Answering that question to everybody's satisfaction is difficult. Another issue is that sometimes security becomes too invasive. Some Administrators sometimes forget that security shouldn't inhibit authorized access to data. The stronger security is, the more likeley others will seek work-arounds. Security and IT usually aren't the core of the business. They are usually cost centers that require capital outlay but don't produce a visable direct link to the bottom line.

Another thing you could write about is IT certs. Some employers will only hire individuals who have certs, yet are clueless on the job. Sometimes, certs are not necessarily a good indicator of knowledge, because many people simply memorize the questions to pass the exam and lack a thorough understanding of the material.

Awesome ideas so far everyone, thanks! I've got until Sunday if I procrastinate the writeup, so keep 'em coming if you've got 'em!

So far I'm kind of liking the idea that IT and Security end up being considered as money sinks and get treated like the red-headed step-child. Well, as a topic, not as a fact

pejsaboy said:

Awesome ideas so far everyone, thanks! I've got until Sunday if I procrastinate the writeup, so keep 'em coming if you've got 'em!

So far I'm kind of liking the idea that IT and Security end up being considered as money sinks and get treated like the red-headed step-child. Well, as a topic, not as a fact

Click to expand...

Security isn't so much a technical problem as it is a managerial, human, and policy problem. You can have all the technical security in the world but have one guy drop a DVD-R labeled "Katy Perry" to an Aussie and well there goes the whole business (if you're the State department).

The technical safeguard side is nothing but an endless arms race. Exploit written -> Patch developed -> New exploit written. Sure, there are occasionally things that change the game slightly but it's simply grind-tastic.

But the policy, managerial safeguards, risk management...that's where you can make some changes. So much of security starts and ends with the individual users. Communicating the risks to management can be a full-time job for an infosec person.

A real challenge in this business, though, is getting law and regulation to keep pace with the technology. In this country (USA) I would say we're at least 20 years behind. This is evident in copyright, privacy legislation, and on, and on. That, to me (political scientist part of the time) is interesting.

I have to agree that users can be the biggest problem. Money is an issue, but that is just about any field you get into. You can have the best equipment in the world, but all you need is one user who does not understand why it is not a good idea to write all of their passwords down in an unlocked desk and freely give them out whenever someone asks.