Defensive

Offensive

Factory mode

• If a system fails for more than one minute, there is
  an immediate loss of business
• Decrease in response time beyond one second has
  serious consequences for internal and external users
• Most core business activities are online
• Systems work is mostly maintenance
• Systems work provides little strategic differentiation
  or dramatic cost reduction

Strategic mode

• If a system fails for more than one minute, there is
  an immediate loss of business
• Decrease in response time beyond one second has
  serious consequences for internal and external users
• New systems promise major process and service
  Transformations
• New systems promise major cost reductions
• New systems will close signifi cant cost, service and/
  or process performance gaps with competitors
  
  

Support mode

• Even with repeated service interruptions up to 12
  hours, there are no serious consequences
• User response time can take up to 5 seconds with
  online transactions
• Internal systems are mostly invisible to suppliers and
  customers. There is little need for extranet capability.
• Companies can quickly revert to manual procedures
  for 80% of value transactions
• Systems work is mostly maintenance

Turnaround mode

• New systems promise major process and service
  transformations
• New systems promise major cost reductions
• New systems will close significant cost, service and/or
  process performance gaps with competitors
• IT constitutes more than 50% of capital spending
• IT makes up more than 15% of corporate expenses

• Mobile computing: Anytime and anywhere connectivity/high volume portable data
  storage capability.
• Social media: New and advanced information
  sharing capabilities such as crowdsourcing.

• Increased vulnerability due to anytime, anywhere accessibility.
• Risk of unintended sharing, amplifi cation of casual remarks, and disclosure of personal and company data. The availability of this data on the web facilitates cyber attacks.
• Employees may violate company policies in terms of data leakage

• Security and privacy
• Data
• Legal and regulatory
• Infrastructure

• Lower total cost of ownership.
• Focus on core activities and reduction of effort spent on managing IT infrastructure and applications.
• Contribute to reduction of global carbon footprint

• Lack of governance and oversight over IT infrastructure,
  applications and databases.
• Vendor lock-in
• Privacy and security
• Availability of IT to be impacted by the use of
  the cloud
• Increased risk to regulatory non-compliance (SOX, PCI etc.).
  The cloud also brings about challenges in auditing compliance.
• The cloud may impact the agility of IT and organizations; the
  platform dictated by the provider may not align with software
  development and strategic needs of the user

• Security and privacy
• Data
• Third-party suppliers and outsourciing
• Applications and databases
• Infrastructure
• Legal and regulatory

• 24/7/365 availibility of IT systems to enable continuous consumer support, operations,
  e-commerce, etc.

• Failure of the business continuity and disaster recovery plans
  causing fi nancial or reputational loss

• Infrastructure
• Applications and databases
• Staffing
• Operations
• Physical environment

• N/A

• Spread of malicious code in company systems causing system
  outages
• The risk of theft of personal, fi nancial, and health information
• Loss of confi dential data due to external vulnerabilities
• Financial loss due to unauthorized wire transfers

• Security and privacy
• Data

• N/A

• Assigning access rights that are beyond what is required for
  the role by employees or contractors
• Failure to remove access rights for employees or contractors
  on leaving the organization

• Data
• Applications and databases

• Fast adoption of new business models or reducing costs provides organizations with competitive advantage

• Failure to deliver IT projects and programs within budget, timing,
  quality and scope causing value leakage

• Programs and change management