1.2 Frameworks of Knowledge and Industry Standards

Use of Frameworks and Industry Standards in Information Systems

When developing an information system, frameworks provide guidance to help IS professionals apply critical thinking as they identify the goals of the system and problems that can be resolved by the system. Frameworks promote proactive communication and help IS professionals organize their ideas and provide a foundation for strategic planning to develop and maintain a system that meets an organization’s specific needs. As part of this process, frameworks also provide IS professionals with resources such as continuing education, best practices, and guidelines for systems operations.

Industry standards help IS professionals ensure that the system they develop has the appropriate infrastructure and technological components required to function efficiently. This includes ensuring the system is compatible with information systems used in other organizations. After all, an important objective of IS to enable information sharing internally and externally as organizations interact in the marketplace.

Specific Frameworks and Standards in Information Systems

Starting with the most commonly used frameworks, those applicable to IS include Agile, Control Objectives for Information and Related Technologies (COBIT), Information Technology Infrastructure Library (ITIL), the Skills Framework for the Information Age (SFIA), Waterfall, and Zachman.

Agile methodology is a framework used to guide project management, primarily by dividing projects into phases, or sprints. Typically, these sprints include planning, designing, developing, testing, deploying, and reviewing. After each sprint, the project team examines their progress and adjusts before moving to the next sprint. Agile can be a useful framework as IS professionals plan and develop an information system. Several versions of Agile frameworks are used for project management, including Kanban, Lean, and Scrum.

Control Objectives for Information and Related Technologies (COBIT) is a framework that develops and maintains an information system using five processes: Evaluate, Direct, and Monitor (EDM); Align, Plan, and Organize (APO); Build, Acquire, and Implement (BAI); Deliver, Service, and Support (DSS); and Monitor, Evaluate, and Assess (MEA) (Figure 1.6). COBIT is promoted by the Information Systems Audit and Control Association (ISACA), which is a global organization that provides training, research information, news updates, advocacy, and related support for IS professionals and others involved in information technology.

Figure 1.6 COBIT’s framework provides IS professionals with five processes—Evaluate, Direct, and Monitor (EDM); Align, Plan, and Organize (APO); Build, Acquire, and Implement (BAI); Deliver, Service, and Support (DSS); and Monitor, Evaluate, and Assess (MEA)—that can help develop and maintain an information system. (credit: modification of work from Introduction to Computer Science. attribution: Copyright Rice University, OpenStax, under CC BY 4.0 license)

Information Technology Infrastructure Library (ITIL) is a comprehensive framework of documentation that discusses best practices for managing information technology. ITIL is managed and updated by AXELOS, a company that provides training and certifications to various technology professionals, including those in IS. ITIL offers guidance, as well as professional certification, for carrying out twenty-six processes in the areas of service strategy, design, transition, operation, and improvement.

The McKinsey 7-S Framework focuses on how an organization can be efficient and effective with interaction and coordination of its staff, structure, strategy, skills, systems, style, and shared values. The goal of the framework is to determine how an organization can be effective with interaction and coordination of the seven elements:

• Staff: the people who lead and work in an organization, as well as the tools to support the staff, including training and incentive programs
• Structure: how an organization is designed, including its hierarchy and chain of command
• Strategy: the organization’s goals/objectives and the plans to achieve these
• Skills: the skills, knowledge, and competencies held by the organization’s staff
• Systems: the workflow processes used to achieve the organization’s goals and objectives
• Style: the tone at the executive level established by the organization’s leaders and managers
• Shared values: the organization’s mission and values that motivate its operations

The McKinsey 7-S Framework can be used by following four steps:

1. Identify the parts of the organization that are not aligned with shared values, including a shared mission, goals, and objectives.
2. Determine the design and structure that will enable the organization to achieve alignment and reach its goals and objectives.
3. Identify areas where changes are needed to update the organizational design.
4. Implement the necessary changes.

This framework can help ensure organizations are in alignment and have an effective design, making it easier to develop and maintain the appropriate information systems to meet the organization’s needs.

The Skills Framework for the Information Age (SFIA) provides a comprehensive skills and competency framework in a common language for the IT industry. It includes the steps listed in Figure 1.7. It was developed and is overseen by the SFIA Foundation, a global organization committed to helping IS and other technology professionals acquire the skills and competencies needed to successfully develop and manage technology. Organizations around the world in both the public and private sectors use SFIA to map out the knowledge and expertise needed to fill each role in their organizations. This includes entry-level to advanced positions in the areas of technology development, strategy, architecture, and support.

Figure 1.7 SFIA can be an important framework as organizations develop the skills needed to manage technology. This includes planning and organizing, acquisition, deployment, assessment, analysis, and development. It is also important that organizations reward employees and recognize their success. (attribution: Copyright Rice University, OpenStax, under CC BY 4.0 license)

Individually, IS professionals use SFIA to identify the skills they personally need to develop to perform their jobs and advance their careers. SFIA is structured to help organizations and individuals achieve success in the following seven levels of responsibility:

• Level 1, Follow: This level applies to entry-level positions that are closely supervised, perform routine tasks, rely on basic tools, and have minimal influence on the work environment, essentially following others as they perform their jobs.
• Level 2, Assist: These employees also work under close supervision, but their work is a bit more complex, and they have more influence with colleagues.
• Level 3, Apply: At this level, employees receive more general supervision, and they have more autonomy. Their work is more complex and may not be routine. They also may be allowed to make some decisions on their own and may oversee other employees.
• Level 4, Enable: Employees at this level have much more complex work in a broader range of contexts. While they receive general direction, they have considerable autonomy, as well as personal responsibility for work outcomes.
• Level 5, Ensure and Advise: At this level, employees receive broad direction, giving them more autonomy, including the ability to self-initiate work that they think should be performed. Their tasks tend to be complex and are an integral part of an organization’s strategic plans.
• Level 6, Initiate and Influence: Employees who initiate and influence play a central role in establishing an organization’s objectives and assigning responsibilities to subordinates. These employees perform highly complex tasks and make decisions that directly impact an organization’s performance and achievement of organizational goals and objectives.
• Level 7, Set Strategy, Inspire, and Mobilize: The final and highest level is filled by an organization’s top leaders and managers. These individuals establish an organization’s policy objectives and have oversight and accountability for all decisions made and actions taken throughout the organization.

SFIA is an important framework used globally to promote success in the digital world. Its common language helps technology professionals across the globe integrate the processes they must learn to successfully manage technology.

Waterfall is a structured, linear framework used to guide project management. Generally, the steps of Waterfall include compiling documentation of the project requirements, using logical design to brainstorm how to approach the project, developing the physical design, implementing the design plan, verifying and testing the design, and maintaining the design once it is in use. While Waterfall tends to focus on computer programming and coding, the framework can be applied to IS.

The Zachman Framework provides a structure for developing and organizing the artifacts of enterprise architecture, including data and documents, which are vital for a robust information system. Using a 6 × 6 matrix, the Zachman Framework asks the following six questions to identify the needs and perspectives of stakeholders in a particular system:

• What? seeks to understand the data needed for the system by learning about the organization’s data, objects, and information.
• How? seeks to understand the organization’s processes and functions.
• Where? seeks to learn where the organization operates.
• Who? seeks to learn who the organizational members are, as well as gather details about the organization’s units and hierarchy.
• When? seeks to learn the organization’s schedule of operations, including when processes are performed.
• Why? seeks to learn why the organization has selected certain systems and solutions for its enterprise risk management and information systems. This question also seeks to determine what motivates the organization to perform certain functions.

As shown in Figure 1.8, these questions are posed across the top of Zachman’s 6 × 6 matrix. On the left side of the matrix, the rows list the organization’s stakeholders. To understand the system needs, the stakeholders’ perspectives are entered into the appropriate cells in the matrix. The Zachman Framework can be an important tool to understand what an organization’s information systems should entail and develop the appropriate enterprise architecture to support that system.

Figure 1.8 The Zachman Framework provides a structure for developing and organizing the artifacts of enterprise architecture. By asking what, how, where, who, when, and why, the Zachman Framework can help IS developers understand an organization’s needs from the perspective of an organization’s various stakeholders, including executives, managers, and technicians. (credit: modification of work “Zachman Framework (9026775815)” by National Institute of Standards and Technology/Wikimedia Commons, Public Domain)

The industry standards that are applicable in IS include the American Society for Industrial Security (ASIS), the Federal Information Security Modernization Act (FISMA), IS2020, ISO/IEC 27001, and the Open Group Architecture Framework (TOGAF).

The American Society for Industrial Security (ASIS) is a global organization that provides training and certification to help professionals in all industries provide security for people, property, and information. ASIS is a global organization that collaborates with public and private organizations throughout the world—such as the Department of Homeland Security and the Federal Bureau of Investigation—to ensure that IS professionals and others involved in security have the resources needed to successfully handle security issues at every stage of their career.

IS professionals who work for government agencies or private businesses that contract with the government should be familiar with the Federal Information Security Modernization Act (FISMA), which sets the guidelines and standards for security that affected organizations are required to meet to minimize the possibility that data will be stolen, lost, or misused. Under FISMA, affected organizations must have a security strategy that addresses issues such as system access control, risk assessment and management, information integrity, audit and accountability, incident response, and staff’s continuing education.

IS2020 is a competency model that provides guidance and standards to higher education institutions to ensure that undergraduate IS programs effectively prepare students for careers in IS. Developed by an international task force of members of the Association for Computing Machinery (ACM) and Association for Information Systems (AIS), IS2020 outlines the curriculum that should be offered to IS students and the competencies that students should develop as they complete the curriculum. This includes the knowledge, skills, and dispositions that students need for successful careers in IS, as well as the tasks that students should learn to perform.

ISO/IEC 27001 is a worldwide standard established by the International Organization for Standardization that defines the requirements information systems must satisfy to provide adequate security for any system. ISO/IEC 27001 applies to all sizes and types of organizations in both the public and private sectors. The standard focuses on cybercrime but helps organizations guard against any threats to data availability, integrity, and confidentiality.

The Open Group Architecture Framework (TOGAF) is a trademarked standard in its tenth edition that promotes best practices for IS and other technology. TOGAF is used by organizations throughout the world in both the public and private sectors to support requirements management for enterprise architecture. The areas covered by TOGAF include architecture vision, business architecture, information systems architectures, technology architecture opportunities and solutions, migration planning, implementation governance, and architecture change management.

Application of the Frameworks and Standards

IS professionals should rely on the frameworks and standards applicable to their organization and specific role to guide their work. This helps ensure that the work meets the organization’s needs, while also following standards important for maintaining IS compatibility with other organizations.

It is also beneficial to join one or more professional organizations such as the Association for Information Systems (https://aisnet.org/), International Association for Computer Information Systems (https://www.iacis.org/), or Information Systems Audit and Control Association (https://www.isaca.org/). Such organizations provide members with important resources, including training, as well as news and updates about events and changes important to IS professionals. Joining such organizations and taking advantage of learning opportunities helps ensure that you obtain the appropriate continuing education to stay abreast of changes and new requirements in the field of IS. In addition, members of such organizations gain access to colleagues around the world who can become an important networking resource for information sharing and collaboration.

Characteristics and Roles of Information Systems Professionals

People working in IS may be involved with new technologies applicable to information systems, how information systems are used globally, and the ethical requirements necessary to ensure a system is managed securely with integrity. IS professionals hold a variety of important roles and responsibilities in an organization. These include the following:

• A chief information officer (CIO) establishes and maintains an organization’s overall information systems. The CIO’s responsibilities include ensuring that the systems comply with legal requirements and that others involved in an organization’s information systems do their jobs competently.
• Data information systems management manages the people, technology, and procedures needed to convert data into information. This includes cleaning, extracting, integrating, categorizing, labeling, and organizing data.
• Database management develops procedures to organize, manipulate, and retrieve data that are stored on computer databases.
• Systems analysis, design, and development examines an organization’s system needs, and designs and develops a system to meet those needs.
• IS security risk management manages the risks that threaten an organization’s information system.
• Enterprise security, data privacy, and risk management focuses on threats, such as data breaches, cyberattacks, and risks to data privacy, that can compromise an organization’s data and information systems.
• Cloud computing focuses on how an organization uses information systems in the cloud for purposes such as storing and processing data.
• Data analytics and modeling transforms raw data into useful information and analyzes that data to provide information useful in organizational decision-making and other operations.
• IS project management uses the project management steps of initiation, planning, execution, monitoring, control, and closure to handle IS projects.

In addition to the benefit of working in a role aligned with an individual’s experience and interest, IS positions tend to pay competitive salaries, and the field’s outlook remains promising.