Embedded Files
Information Risk Management
This was a group project that consists of three members separated into various teams. Each team was tasked with creating a two-part report of Information Risk Assessment (IRM) on purchasing an ERP (Enterprise Resource Planning) system for SME business.
My team members are Laura and Amy. We did not know each other well; the only communication we had was during the seminar. After the seminar, we contacted each other. We established a means of communication, and then we set up a zoom meeting to discuss the project and Slack to share documents and instant messaging.
The project brief: ACME manufacturing has shortlisted three option. COTS (Commercial Off the Self) In-house (Bespoke) and Free Open-Source Software (FOSS). We need to produce a comprehensive report with a DR (Disaster Recovery) solution for the company. The first part of the report was to create a Status Report that’s setting an expectation to the company what the final report will cover and what methodology we will use.
Week 1: We created a team contract following the UoE guideline, also decided on a group name (TLL Consulting) and agreed on roles and how we will look at what solution. After the group meeting, team leaders send out a recap email outlining all the relevant tasks for each of us (an example email below). My portion was to look at the COTS solution.
Our plan was for each member to get on with their task and keep in regular communication with each other, so knows we are on the right track and have to team weekly meetings to put all our findings together. We created a shared drive where we kept all the research material. See below an example of our team communication and my contribution in the first week.
Our method of working was very productive. For Part one submission, we had a deadline to meet by the end of week three. We managed to submit the assignment three days early.
Every member contributed equally. Due to my IT consultancy background and industry knowledge, my contribution was more to do with a real-life scenario and ensuring the solution will work and guide the team on keeping everything on track. Amy was very good at finding relevant literature, and Laura was very good at doing all the analytical work. Therefore, we had a well-balanced team.
Week 2: Worked on the post for the discussion forum one, which started well. I needed to research a lot on the forum post and the COTS solution for ERP, which was challenging for me, as this was one of my weaknesses. Below is one of my forum discussions articles.
Week 3: Over a three-hour group meeting, we managed to put all of our work together and submitted the first part of our assignment a few days early.
Simultaneously, we managed to divide our work for part two of the assignment and set up the timeline, as shown in the images below. We decided to create a 1200 word between us and keep 300 for our summary and conclusions. The screen below showing our discussion on each task.
Week 4: This was another exciting week, as we discussed SDLC. I also worked on collaborative discussion two and worked on the tutor’s feedback. Below is one of my post for discussion forum two.
Week 5: We decided to have an extra group meeting as we had few disagreements on using the framework and summary table for the project. The solution we submitted on the first report later realised it’s much more challenging and time-consuming than initially thought. As we are getting closer to the deadline, we needed a backup plan. We agreed on a timeline and decided to drop two of the topic from our report (OCTAVE and Monte Carlo simulation) if we don’t have anything by then. Amazingly Laura and Amy managed to pull this off by finding relevant literature and completed their part.
Week 6: Final week, we collated and reviewed our work together over a group meeting, then we submitted our assignment a few days early. During this teamwork, I made two excellent friends who I never knew before, and I thoroughly enjoyed this module. IRM was one of the modules that interested me in joining this course. Having a tutor who worked in the field and with industry knowledge made it more interesting for me. Information Risk management is something I do unconsciously during my work, but I never realised there are so much more to it.
This course has given me knowledge on:
- How to identify and analyse IT system risks and problems critically and identify appropriate methodologies, tools, and techniques to solve/mitigate them.
- How to research and critically analyse and evaluate a solution that I recommend and explain why it will be the best solution.
Page updated
Google Sites
Report abuse