This article discusses IT strategy as it relates to higher education. The writers use their professional experiences in IT and education to give recommendations for the creation and change of IT strategy. Reasons for change and the benefits of strategy are included.

Bates, Cathy. “IT Governance Toolkit.” EDUCAUSE, Dec.2017, library.educause.edu/resources/2017/12/it-governance-toolkit. Accessed 16 June 2020.

This article gives wonderful professional advice while examining the purpose of IT governance. Bates also provides examples of governance models for higher education. The human aspect of governance (something sorely lacking in many of the other articles I read) is discussed in detail, like the need for committees and the roles and responsibilities of typical committees. Additionally, the article provides implementation steps and practical information relating to communication and governance plans. Bates ends the article with a detailed checklist of governance needs and questions professionals should ask themselves as they create a governance model and plan.

Bowen, Pauline et al. “NIST Special Publication 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems.” NIST, May 2010, nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf. Accessed 11 June 2020.

This is an example of a NIST publication with industry guidelines and standards that can be adapted to a company’s policies or governance. This particular publication concerns seven steps for creating contingency plans for federal information systems.

“Business Model.” Wikipedia, 24 May 2020, en.wikipedia.org/wiki/Business_model. Accessed 2 June 2020.

This article describes various business models, such as razors and blades, pipes, and platforms. It gives great attention to their applications and designs, then finally ends with some examples of frameworks.

CIO Index. CIO Wiki, 2020, https://cio-wiki.org. Accessed 18 July 2020.

This is an invaluable resource for IT professionals. Promoted as an IT management encyclopedia, the CIO Index is a growing collection of articles that range from business-oriented to IT-specific. I relied heavily on this website when I first began to research the concepts for this course.

CMMI Product Team. CMMI for Acquisition, Version 1.3. Software Engineering Institute, Nov. 2010, https://resources.sei.cmu.edu/asset_files/TechnicalReport/2010_005_001_15284.pdf. Accessed 6 June 2020.

CMMI is an example of an IT framework, much like ITIL and COBIT. It describes best practices that allow an organization to improve various process acreas related to the lifecycle of a product or service.

“COBIT.” Wikipedia, 4 Nov. 2019, en.wikipedia.org/wiki/COBIT. Accessed 16 June 2020.

This article on COBIT is rather brief compared to other Wiki sources included here. It lightly touches on the origins and components of the framework. On the whole, the articles linked to this one provide more useful information.

“Computer Security.” Wikipedia, 7 June 2020, https://en.wikipedia.org/wiki/Computer_security#Vulnerabilities_and_attacks. Accessed 12 June 2020.

This article is part of a series on computer hacking and information security. It defines various forms of attacks, the vulnerable systems, and the protection measures organizations can put in place. It is one of the most detailed Wikipediaarticles cited for this project and definitely worth a browse.

Computer Security Resource Center. “Publications.” National Institute of Standards and Technology, n.d., csrc.nist.gov/publications/. Accessed 10 June 2020.

This page gives a collection of contingency planning resources.

“Core Competency.” Wikipedia, 16 May 2020, en.wikipedia.org/wiki/Core_competency. Accessed 5 June 2020.

This article introduces the concept of core competency, which sets an organization apart from others and can be used for strategic purposes.

“Corporate Governance of Information Technology.” Wikipedia, 29 Mar. 2020, en.wikipedia.org/wiki/Corporate_governance_of_information_technology. Accessed 16 June 2020.

This article relates risk mitigation to corporate governance of IT. It provides a brief overview of the history of IT’s inclusion in corporate governance, then provides definitions of the concept from various sources to compare different aspects and views of the discipline. It includes a list of related frameworks, such as COBIT 5, and certifications.

Cox, Ian. “Developing the Right IT Strategy – How to Support Business Strategy with Technology.” CIO, 12 May 2016, www.cio.com/article/3526736/developing-the-right-it-strategy-how-to-support-business-strategy-with-technology.html. Accessed 7 June 2020.

This article examines the differences between classic IT strategy, agile IT strategy, and no IT strategy, and the steps, strengths, and weaknesses of each approach. Cox’s outline of the steps for classic and agile IT strategies is very helpful, but overall this serves as a nice introduction to strategy, not a deep dive.

“Definition of ‘Pest Analysis.’” The Economic Times, n.d., economictimes.indiatimes.com/definition/pest-analysis. Accessed 5 June 2020.

Like other resources mentioned here, The Economic Times site has a section on key IT terms. It is more detailed than the Georgia Technology Authority and the Reference for Business websites.

De Vos, Colton. “An Example of an IT Strategic Plan.” Resolute Technology Solutions, 6 Jan. 2020, https://www.resolutets.com/it-strategy-plan-example/. Accessed 21 June 2020.

De Vos turns examples of strategy plans into brief, but engaging, graphic organizers. He compares IT strategy plans with actual IT strategy. Next, he describes how an IT strategy plan should contribute to the alignment of business and IT strategies and objectives, cover short-term and long-term (3-5 years) initiatives, provide a roadmap for technological changes, and include best practices and metrics. Finally, he addresses the challenges of creating a good IT strategy plan, such as the need to counter ambition with practicality and to weigh resources against inspiration.

De Vos, Colton. "How to Develop a Business IT Strategy." Resolute Technology Solutions, 30 Dec. 2019, www.resolutets.com/it-business-strategy. Accessed 4 July 2020.

In this article, De Vos highlights the basics of IT strategy: following business strategy, setting clear (and feasible) objectives, using the talents of the right people, and measuring success against goals.

EDUCAUSE-Jisc Working Group. “Technology in Higher Education: Defining the Strategic Leader.” EDUCAUSE Review, 27 Apr. 2015,https://er.educause.edu/articles/2015/4/technology-in-higher-education-defining-the-strategic-leader. Accessed 7 June 2020.

This Educause-Jisc article describes the group’s vision of a strategic leader in higher education’s adoption of IT: a credible and reliable person who builds connections with all departments of the university. Though the leader would ideally be from a technological background, they can explain the purpose, limits, and value of IT to people from other backgrounds, be a voice for change in the university, and turn a vision of IT adoption to a reality.

FFIEC. “Management .” FFIEC IT Examination Handbook Infobase, Nov. 2015, ithandbook.ffiec.gov/media/274809/ffiec_itbooklet_management.pdf. Accessed 20 June 2020.

This handbook gives a wealth of information about IT strategy, policy, and governance and neatly ties the three concepts together. It is broken into two parts: governance and risk management, each full of definitions, recommendations, and details about the responsibilities of various IT professionals (ex: CIO). It is also part of a collection of handbooks provided by FFIEC, so if information about Management is not enough, you can look up guides on auditing or information security, to name two examples.

Georgia Technology Authority. “Enterprise Policies, Standards, and Guidelines.” Georgia.gov, n.d., gta-psg.georgia.gov/enterprise-policies-standards-and-guidelines. Accessed 11 June 2020.

This page differenciates between standards, guidelines, and policies according to the Georgia Technology Authority.

Georgia Technology Authority. “Glossary of Terms and Definitions Supporting Policies, Standards and Guidelines for Information Technology and Information Security.” Georgia.gov, Jan. 2014, gta-psg.georgia.gov/glossary-terms. Accessed 11 June 2020.

This is a useful resource if you are new to IT and want to quickly learn the general meaning of commonly used terms.

“Governance, Risk Management, and Compliance.” Wikipedia, 9 June 2020, en.wikipedia.org/wiki/Governance,_risk_management,_and_compliance. Accessed 16 June 2020.

This Wikipedia article covers the overlapping areas of governance, risk management, and compliance. It attributes the earliest scholarly research on the subject to Scott Mitchell’s 2007 study. The article gives an overview of the three areas and their roles within an organization.

Grenier Lynn and Sarah K. White. “What is ITIL? Your Guide to the IT Infrastructure Library.” CIO, 18 Jan. 2019, www.cio.com/article/2439501/infrastructure-it-infrastructure-library-itil-definition-and-solutions.html. Accessed 5 June 2020.

This article gives an introduction to the ITIL framework.

Hillstrom, Laurie Collier. “Value Creation.” Reference for Business, n.d., https://www.referenceforbusiness.com/management/Tr-Z/Value-Creation.html. Accessed 7 June 2020.

Much like the Georgia Technology Authority’s glossary, Reference for Business another helpful resource for those new to IT.

Hu, Vincent C., Rich Kuhn, and Dylan Yaga. “NIST Special Publication 800-192: Verification and Test Methods for Access Control Policies/Models.” National Institute of Standards and Technology, June 2017, https://csrc.nist.gov/publications/detail/sp/800-192/final. Accessed 14 June 2020.

This publication is an example of a NIST report of ITIL research regarding access control systems and recommended policies and models. The article describes verification methods for access control (AC) models that an organization can use when testing the effectiveness of their security measures and when integrating new technologies to existing ones while still following the business’s policies.

IT Alliance for Public Sector. “ITI’s IT Alliance for Public Sector Task Force Recommendations.” ITI, 30 July 2020, https://www.itic.org/dotAsset/5/1/511cc94e-ca93-4d7c-87cd-678c05af7495.pdf. Accessed 21 June 2020.

In this 2015 letter addressed to executive leaders in cybersecurity, the IT Alliance for Public Sector gives recommendations for cybersecurity measures in the federal government (that can be applied to organizations at large, though). It delves into the allocation of roles and responsibilities and the necessity of upholding accountability and various protective measures from a technical and interpersonal perspective.

“IT Policy Framework Based on COBIT 5.” ISACA Journal, 1 Jan. 2013, www.isaca.org/resources/isaca-journal/past-issues/2013/it-policy-framework-based-on-cobit-5. Accessed 14 June 2020.

This site advertises the COBIT 5 framework and its influence on IT policy.

Leary, Jennifer M. “Keeping Your Company Safe: The Top 5 Corporate Compliance Issues Trending Now.” Corporate Compliance Insights, 11 Aug. 2011, www.corporatecomplianceinsights.com/keeping-your-company-safe-the-top-5-corporate-compliance-issues-trending-now/. Accessed 18 July 2020.

In this article, Leary gives an overview of five corporate compliance issues: keeping up with changes in IT, managing corporate risk, reducing noncompliance risk, managing corporate compliance internationally, and managing a corporate compliance system and how to address them.

Lobato, Carlos. “Implementing IT Governance to Ensure Regulatory Compliance.” EDUCAUSE, 24 Apr. 2017, er.educause.edu/articles/2017/4/implementing-it-governance-to-ensure-regulatory-compliance. Accessed 18 June 2020.

This article advises on how to employ IT governance to ensure regulatory compliance in higher education. It gives the example of New Mexico State University’s creation of a IT governance framework and the years of deliberation and design that went into the plan’s approval.

“Market Research.” Wikipedia, 3 June 2020, https://en.wikipedia.org/wiki/Market_research. Accessed 7 June 2020.

This article defines market research as an “organized effort” for researching target markets and customers for business strategy. I should note that as of July 2020, it has multiple warnings of possible bias (an indicator of Wikipedia’s aim for accuracy and reliability).

Minimarisk. “Cobit 5 Checklist.” Miroslaw Dabrowski, 2013, miroslawdabrowski.com/downloads/COBIT5/COBIT%205%20-%20Cheatsheet%20%5bv1.0,%20Minimarisk%5d.pdf. Accessed 17 June 2020.

This graphic organizers describes the main principles of the COBIT-5 framework and breaks them down into processes and their enablers.

National Cybersecurity Center of Excellence. “Access Rights Management.” NCCOE, Apr. 2017, https://www.nccoe.nist.gov/sites/default/files/library/fact-sheets/fs-arm-fact-sheet.pdf. Accessed 18 July 2020.

This fact sheet lists the ways Access Rights Management (ARM) can help improve a company’s data security through (the financial service) organization’s policies, field guidelines, and government standards.

National Institute of Standards and Technology. “Framework for Improving Critical Infrastructure Cybersecurity.” NIST, 16 Apr. 2018, nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf. Accessed 12 June 2020.

This framework provides guidance and recommendations for the improvement of cybersecurity risk management in an organization. This document breaks the framework into three sections: the framework core, its implementation tiers, and its profile. All sections work together for an organization to assess and improve its cybersecurity measures.

National Institute of Standards and Technology. “NIST Mission, Vision, Core Competencies, and Core Values.” NIST, 26 Jan. 2017, https://www.nist.gov/about-nist/our-organization/mission-vision-values. Accessed 12 June 2020.

This page gives NIST’s overall mission, values, and competencies that shape the other publications cited in this project.

“PEST Analysis.” Wikipedia,26 Apr. 2020, en.wikipedia.org/wiki/PEST_analysis. Accessed 5 June 2020.

This article describes the PEST Analysis model and its multiple alternatives. As with most Wiki articles, it is a good starting point for anyone interested in getting an overall look at the concept.

“Policies.” Business Jargons, n.d., businessjargons.com/policies.html. Accessed 13 June 2020.

This page defines and classifies business policies by source, level, function, and expression. It compares implicit and explicit policies, along with the range from general to policies specific to certain departments. A description of an ideal policy is given.

Reddy, Nirmala. “Want a Successful Business? Build an Effective Strategy.” Forbes, 12 Feb. 2018, www.forbes.com/sites/forbescoachescouncil/2018/02/12/want-a-successful-business-build-an-effective-strategy/#ff5133169bf0. Accessed 7 June 2020.

This article argues that an effective strategy is the key to success. Reddy points to Amazon as an example of a business that is successful due to its strategy. She explains how an effective strategy should be based off fact and support the decision-making process and distribution of resources.

“Responsibility Assignment Matrix.” Wikipedia, 28 May 2020, https://en.wikipedia.org/wiki/Responsibility_assignment_matrix. Accessed 21 June 2020.

The Responsibility Assignment Matrix (RACI) is described as a tool for describing the roles and responsibilities assigned to participants in a project. This article defines the RACI acronym and describes the multitude of alternatives to the model.

SANS. “Disaster Recovery Plan Policy.” SANS Institute for the Internet Community, June 2014, assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt3cf8b9a0b2e45133/5e9ddb9ab1704560004196b5/disaster_recovery_plan_policy.pdf. Accessed 11 June 2020.

The SANS Institute is a company concerned with information security and cybersecurity. The cited resource includes multiple related contingency plans: computer emergency response plan, succession plan, data backup and restoration plan, equipment replacement plan, a data study for the organization’s stored data, and a criticality of Service List.

“SWOT Analysis.” Wikipedia, 23 May 2020, en.wikipedia.org/wiki/SWOT_Analysis. Accessed 5 June 2020.

As with the article on PEST Analysis, this article introduces the SWOT Analysis method and its variants. As of 2020, the article has a few helpful graphic organizers to illustrate the overlap between the organization’s strengths, weaknesses, opportunities, and threats.

“Technology Intelligence.” Wikipedia, 18 Apr. 2020, en.wikipedia.org/wiki/Technology_intelligence. Accessed 5 June 2020.

This article, part of a series on Technology strategy, defines technology intelligence as an activity for identifying threats and opportunities and considers it a strategic planning activity (like market research).

UC Santa Cruz. “IT Policies and Guidelines.” University of California, 27 Feb. 2020, its.ucsc.edu/policies/index.html#:~:text=IT%20Policies%20and%20Guidelines,certain%20situations%20will%20be%20handled.&text=Laws%2C%20policies%2C%20and%20regulations%20not,information%20technology%20may%20also%20apply. Accessed 10 June 2020.

This is an example of an official set of IT policies for a university.

White, Sarah K. “What is COBIT? A Framework for Alignment and Governance.” CIO, 15 Jan 2019, www.cio.com/article/3243684/what-is-cobit-a-framework-for-alignment-and-governance.html. Accessed 11 June 2020.