Uncategorized

Language of Risk

No Comments 26 February 2010

Why is “The Language of Risk” so important right now?  What are the drivers for Business and Security to speak the same language?  The answer is change: massive, fundamental change in both camps.

Technology has moved to center stage as a partner in business enablement, and has brought along its associated risks.  IT and IT Security see massive changes daily in the very nature of the capabilities and services they provide.  Transformative changes and their resulting risks and benefits impact the business enterprise overall.

What changes?  EVERYTHING. This is a paradigm shift far greater than that of changing from mainframes and terminals to desktop computing. Potential anarchy lurks, and security risks change hourly.  IT Security can no longer manage risk in a vacuum.  The risks to IT Security are the risks to the enterprise, period.

It is imperative now for the Language of Risk to be a common element between Business and IT Security.  Each of these transformative changes in IT brings the potential for competitive advantage, cost savings and economies of scale.  The security risks bring potential for financial ruin, loss of reputation and regulatory fines.  Technology evolves, but it is past time for IT Security and Business to define what is essential, the security and availability for the resources required to do business.

We need a common lexicon.  We need “The Language of Risk.”  Let’s talk.

Here is the opening set of slides from the (ISC)2 2010 Security Leadership Series on Competitive Compliance which outlines how thinking like the business leads to improved communication between parties on risk.

Professional Services Firm

Information Security as a PSF

No Comments 26 February 2010

Can security operations be run as though it were a Professional Services Firm (PSF)? Management guru and firebrand Tom Peters thinks so, and so do I. I first read Tom’s book, “The Professional Services Firm 50″, when it first came out, back in 1999. And I have to say, after spending the first few years of my infosec career listening to those that had tread before me bemoan the “lack of attention” or “poor management support” for their programs, it opened up a whole new world to me. It set me on the path that has defined my career for the last 10 years (and counting).

Tom understands what makes people tick, and more importantly how they can tap into that energy and change how they are perceived and valued within their organizations. By drawing parallels between our daily grind as white collar professionals and the work of “traditional” professional services firms such as those in advertising, legal, accounting, and other disciplines, he weaves together a model that each of us can use to great advantage in our day-to-day work.

If we choose to.

Tom’s fundamental understanding of the PSF boils down to three simple axioms. Here they are, in his own words:

The Professional Service Firms. “PSFs,” as I call them, sell one and only one thing: Creative Intellectual Capital.

PSFs depend on one and only one thing: Superb Client Relationships.

The PSF bedrock consists of one and only one thing: Superior, Animated, Creative TALENT … dedicated to…EXCELLENCE.

As security practitioners, we have been stellar at understanding and trumpeting the first point, often to our very own discredit. You see, we tend to imbue the information security universe with a certain mystique, an air of the supernatural.

Unfortunately, it has backfired, and something fierce.

In creating this atmosphere of complexity and high-tech mumbo-jumbo, we have alienated our stakeholders, the very people we are supposed to be educating and working with to manage risk. Perhaps it’s our IT backgrounds, or the glut of TLAs (three letter acronyms) in our field that have built this Tower of Babel. The root cause is irrelevant; the end result has stayed the same. We have destroyed Tom’s second point, often before we even realized it. Our “client” relationships are in shambles. We don’t have a seat at the big table. We aren’t taken as seriously as we would like, or feel that we deserve to be.

And despite our focus on Tom’ s third point, the fresh and exuberant talent we bring in gets poisoned by our own jaded worldview. We are destroying the future of our profession, one new hire at a time.

Thankfully, this trend can be reversed. All it takes is a fresh look at how our operations are run, and how we choose to measure our success.

You can just click here to jump to Amazon and pick up a copy of Tom’s book, “The Professional Services Firm 50“.

If you’re the impatient type, and just want the highlights, then click the button below to download “PSFs Are Everything”, the e-book he has been gracious enough to allow us to redistribute.

Get Tom’s Paper

(ISC)2 Secure San Antonio 2010

Newsflashes

(ISC)2 Secure San Antonio 2010

2 Comments 15 February 2010

Don’t miss this chance to hear Brightfly’s Managing Director of Research, Brandon Dunlap, present exciting new research as part of (ISC)2‘s 2010 Security Leadership Series.

Building on the work of University of Connecticut Asst. Professor Robert Bird, Brightfly has recently conducted a study into how organizations at the leading (and trailing) edges of maturity are managing their security and compliance programs. In this session, “Compliance As Competitive Advantage: Value-Added Security”, we’ll explore the somewhat controversial notion of how information security and compliance activities can be used to generate and maintain competitive advantage for your  organization.

The event will be held at the San Antonio Marriott Northwest:

3233 NW Loop 410
San Antonio, Texas
78213

Brightfly would like to thank the generous supporters of (ISC)2. Through their sponsorship, this Security Leadership Series event is free to (ISC)2 members (only $99 for non-members) and represents an incredible opportunity to connect with your peers. Just click the button below to register for the event. Register quickly, as these events fill up quickly!

Register Here


Twitterstream

© 2010 Brightfly, Inc.

Powered by You, the Community.