The importance of IT performance management cannot be neglected these days. Explain business benefits that can be achieved from IT performance management.

One of the major benefits which can be achieved businesses with IT performance management is being aligned with the business goals. For every IT firm, it is considered critical to ensure that its processes and procedures are contributing to the achievement of business goals and accomplishment of objectives. Therefore, it is considered essential to ensure that IT processes are aligned with the goals and strategies. Performance management allows management to determine whether IT activities are effective or not. Another important benefit which is achieved by IT performance management is that the efficiency of different processes are identified accurately.

Every firm has numerous processes interconnected with each other and these processes and working together to contribute to the efficiency of the firm in the market. If even a single process is not being efficient, it adversely influences the performance and efficiency of the organisation in the market. Therefore, it is considered more than just a little important for the frim to determine the efficiency of each and every process. IT performance management allows the firm to determine whether a specific process is producing the desired results or not. For instance, it can also identify which process is not being efficient and it requires to be adjusted or restructured. Thus, it helps in ensuring that each and every process is effectively contributing to the success of the firm.

Another major benefit achieved with IT performance management is the better allocation and management of resources. For instance, since a firm is able to identify which processes and areas are not producing the desired results, it can simply determine that these areas are the ones which require more resources. Therefore, timely and required resources can be allocated which can serve to keep the organisation efficient in the market and keep producing the desired and expected results. In addition to it, it also enables firms to make better decisions related to activities, resourcing, priorities, and budgets. For instance, performance management helps in the determination of priorities which need to be addressed first. This enables the firm to make decisions which are related to these priorities and help the smooth functioning of different processes. These are some of the common benefits which are associated with IT performance management.

Critically evaluate author’s statement that “performance measurement metrics should not be copied from similar enterprises”. Give your justifications as to what extent this statement is true, or to what extent you agree with the author’s statement.

According to the author, metrics for measuring performance should not be copied from similar organisations. The main reason why a firm should not copy metrics is because of different objectives, goals, and strategies. In general, every organisation is different and they have different goals and processes. As long as they have different goals and strategies, they cannot utilise the same performance metrics. Obviously, when a firm has a different objective, it is going to choose those metrics and processes which are specifically aligned with its goals and strategy.

An example can be taken from a firm that is focused on ensuring the financial performance. For instance, this firm has the objective of generating more revenues than the previous year. Therefore, it is going to utilise financial performance metrics such as monthly sales etc. In contrast, there is a firm which is focused on the development of long-term relationships with its customers. It is going to utilise those metrics which can help in determining customer activity and responses. Therefore, they cannot copy each other’s performance metrics because if they do copy the performance metrics, these performance metrics will give the information which is not desired by the firm. For instance, they will provide the organisations with the information which is not aligned with their current business strategy. In fact, if they continue to utilise these metrics, it will result in a loss of efficiency for the firms and they might even lose their competitive advantage in the market.

For every organisation, it is important to ensure that its processes are aligned with its current strategy and the same goes for its procedures as well. Therefore, every firm should only utilise those performance metrics which are aligned with its strategy and its current objectives. If those metrics which are utilised which are not aligned with its strategy then it will adversely influence the firm (Sunil, 2016).

What is the vulnerability being exploited?

SSL certificates are one of the key components of an online business because it relies on these certificates to ensure the development of an environment where customers can make purchases without being worried about any kind of threat to security. For assuring customers and visitors that their connection with the business is secure, special visual cues are provided by browsers which are referred to as EV indicators. For getting a certificate, it is important to create a CSR or certificate signing request on the server.it serves to develop a public and private key on the server. Once the SSL certificate is received, it is installed on the server. In addition to it, an intermediate certificate is also installed which establishes the credibility and reliability of the SSL certificate.

Actually, an important part for an SSL certification is SSL or Secure Sockets Layer which is a standard technology that develops an encrypted link between a client and a server. It allows important and personal information such as login credentials, social security numbers, and credit card numbers to be transmitted without an issue. Therefore, it would not be wrong to say that it is a critical component in terms of security. This layer has a vulnerability and it is exploited by hackers.

Further on the secure socket layer (SSL) vulnerability, there are some more important thing are included in the vulnerabilities SSL. The first thing in the SSL vulnerability is the rollback attack. It can also be known as the downgrade attack which is the type of the cryptographic attack on the communication protocol or the computer network system. In this type of attacks, the system users are forced by the attackers to revert to less secure version protocol in which the system user is unable to have the upgraded security. In simple word, the system user is forced to come in the older security environment where the attacker can easily attack on the computer system and the communication protocol to steal the information (Bard, 2004).

In this type of attack, the data breachers inserts within the message a code of TCP that is representing the message has completed. Therefore, it is preventing the recipient to pick the message. Furthermore, the input of the truncated code may be very problematic if the truncation disturbs the comparison. For instance, it checks the users against the blacklist before performing the truncation as well as the truncated names are taken to perform the login to the steal information (Berbecaru & Lioy, 2007).

All SSL certificates work with the strong as well as weak encryption practically. The encrypted SSL connection’s strength is identified by the browser as well as the web browser. It will be specified by the server that what kind of strength and type of encryption willing to use.

What information or data can be gained by a hacker exploiting this vulnerability?

If vulnerabilities in the SSL security layer are exploited, some important information can be gained by a hacker such as credit card numbers and personal information of a person. In fact, it can be said that if a hacker targets a specific platform, then he can gain data of millions of people using that specific platform. For instance, Amazon is quite a renowned platform and thousands of people make purchases on the platform. If Amazon is targeted by a hacker and SSL vulnerabilities are exploited by the hacker, he can get access to personal information of these thousands of people. This information can not only include contact numbers and addresses of people but it can also include credit card numbers of people.

How is the hack performed?

The hack is generally performed by sending unexpected information to the server. For instance, if the server is expecting to receive one digit then the hacker sends two digits and where the server is expected to receive two digits, the hacker sends two digits. By sending uncontrolled and unexpected information to the server, the hacker determines the breaking point of the server and a gap in which he can send his own codes and get all the information that he needs. This is the common method of performing the SSL hack to get confidential information.

What about this particular hack interested you?

The most important thing which interested me about this hack is that although this hack is quite simple, it is capable of stealing information of numerous people. Furthermore, this information is quite personal and important. By just burdening the server, a hacker can find the gap in the server and can control the data of countless people. Actually, it intrigued me to know that some of the most reliable and secure websites are also not secure when I think about it from the perspective of a hacker. It means that users have to be more than just a little careful when it comes to online transactions. It does not only require users to be careful but it also requires providers to make sure that their platforms are secure and that even if a hacker attempts to modify and breach the platform, he cannot do so.

Another aspect which intrigued me about this hack is that almost every firm with an online transaction system relies on SSL security protocol, which means that all these organisations and online platforms are not safe from the hands of hackers (El‐Hajj, 2012).

How do you think this particular hack could be mitigated?

This hack can be mitigated by strengthening the SSL layer and by implementing advanced firewalls and security protocols. With every passing day, new innovations are being made in the field of IT and this can be utilised by organisations and online businesses to make their platforms safe. For instance, they can either develop these advanced firewalls or they can just purchase from another party. With the use of these firewalls and security protocols, this hack can be mitigated. In addition to it, scenario planning can also be utilised for identifying gaps in the security layer and mitigate them (Holman, 2012).

References of Management and Governance

Bard, G. V., 2004. The Vulnerability of SSL to Chosen Plaintext Attack.. IACR Cryptology ePrint Archive, , p. 111.

Berbecaru, D. & Lioy, A., 2007. On the robustness of applications based on the SSL and TLS security protocols. In European Public key infrastructure workshop, pp. 248-264.

El‐Hajj, W., 2012. The most recent SSL security attacks: origins, implementation, evaluation, and suggested countermeasures. Security and Communication Networks, 5(1), pp. 113-124.

Holman, P., 2012. Top hacker shows us how it's done | Pablos Holman. s.l.: Pablos Holman.

Sunil, B., 2016. Performance Measurement Metrics for IT Governance. ISACA Journal, Volume 6, pp. 21-27.