Cyber Security is no longer just for Information Systems. Businesses need to create adaptive strategies from the top down in order to become Cyber Resilient. Cyber breaches affect the C Suite even more today than they did last year. The 5 strategies listed below are a good starting point.
Define your business risk – Senior Management has to be involved. Despite the media attention following a series of high-profile retailer breaches, many organizations have not yet elevated information security to a Board-level discussion.
According to PWC, fewer than half (42%) of respondents say their Board actively participates in the overall security strategy and 36% say the Board is involved in security policies.[i]
In the wake of yet another massive retailer breach, management is starting to ask more questions about cybersecurity readiness.
What will put your company under?
Defining your business risk will let you know where to invest resources; to look at the outcomes and focus on the business impact of cyber risks. To get perspective, business leaders need to ask “what are our most important business assets and how do our security measures relate to them?” (more…)
Today data breaches are so prolific it is no longer a matter of if a network will be breached, but when. Spilled secrets, exposed data, damaged reputations and lost market share are just a few of the challenges awaiting the careful and the careless.
This weekend, I took my wife and son golfing. At one point in time a few years back, they had both received lessons and played quite frequently. However, after a few years off of the fairway, they had forgotten a few fundamentals about the golf swing. Many of us, no matter how amateur or expert we may be, know that the golf swing is not an easy thing to conquer. Out on the course, I tried to keep it simple and continued to remind them about two of the most important things every time you hit the ball: keep your head down and come around. While I could probably write a piece on about how to perfect the golf swing, I promise this blog is not just about coaching my family’s golf games, but rather, how these two golfing fundamentals reminded me of my Service Management work and how I often need to remind myself of the same things professionally. Please allow me to explain…
You might be asking what “service centric” means. Let’s start with ITIL guidance, where Service Management is defined as a set of specialized organizational capabilities for providing value to customers in the form of services. In this definition, service and value are key words that are intrinsically tied together – if your services are not providing value, your customers are not happy. A service centric vision includes elements of process, technology, roles/responsibilities and organizational structure that work together to form a service value chain – a set of interdependent capabilities that deliver value to your customers and the associated business constituency. (more…)
The other day, I was driving back to the office after a long day at a conference with a colleague of mine. Not being a parent myself, I found this upcoming interaction to be particularly interesting: his 14 year old daughter’s voice came up on the car’s Bluetooth, and she seemed distraught. She briefly let him know about her day at school and how easy her math quiz was, and then proceeded to tell him the most important information of the day… “Dad, Zayn quit One Direction, I can’t believe it! What’s going to happen to them now?”
Recently I attended a series of client workshops concerning the collection and use of their IT financial data. The discussions centered on how to effectively allocate their IT spend on Fixed Assets, Fixed and Variable Operating Costs, Storage Costs, Server Costs, and Applications. These workshops were important to the client because in order to achieve valid Benchmarks, or a Bill-of-IT for showback and chargeback, costs must be properly allocated amongst the entity’s programs, contracts, and Business Units (BU). (more…)
Since my last blog post on Economic Benefits Analysis, I immersed myself in the principles of Technology Business Management (TBM) as a means for CIOs and IT Managers to better show how they produce value for their organizations. TBM helps IT professionals distinguish themselves as strategic partners in driving business strategies, and makes them enablers of “Business Growth” and “Business Transformation” rather than just another cost center or commodity needed for only “Running the Business”. In fact, all the work I have done up to now for my clients in evaluating the benefits and costs of investing in Major Automated Information Systems (MAIS) has, in an oblique sort of way, been an attempt to show IT Business Value. Now that I understand this, I have determined that in some ways I have failed my clients by not showing them how to use this Value-of-IT information in conversations with executive management, Business Unit (BU) owners, and service vendors. Even though I met the specifics for contract delivery, I could have helped my clients to exploit their now documented value and cost transparency by positioning them as business and strategy decision makers. From here on out, I will be approaching my IT Economic Benefits and IT Business Case Analysis work from a TBM point of view.
Last month, I completed my first Ironman Triathlon in Boulder, Colorado; this was a huge personal accomplishment in itself, but I missed my target by about an hour. Sure, I was happy to have completed, but still not satisfied with the result! The feeling was similar to implementing a new strategy within your organization, only to fall short of achieving the objectives you had set. Upon missing my goal, I spent some time over the next few weeks reflecting on the amazing journey I had taken and wondering what I could have done different. It didn’t take too long for me to recognize the issue. Yes, I had understood the dedication, and lifestyle changes that were necessary to complete an Ironman, but I did not have the expertise to take me to the next level. Like so many things in business and life, bringing in a coach or expert would have helped early in the planning stages and ultimately improved the results.
Software implementations within companies have gotten a bad rap.
Browse the internet for a few minutes, and you will find staggering statistics ranging as high as 80% of projects within organizations being recognized as failures. I don’t believe that the software is to blame, but instead, I believe that the company doing the implementation does not have a clear idea of what they should truly be focusing on during their project. I suspect that in many cases they misunderstand the difference between ‘Installation’ and ‘Implementation’. It doesn’t have to be this way. (more…)
Last week I was approached by a prospective customer who was struggling to get buy in from their senior leadership team for a project they would like to start. I asked her, “what’s the value of your project?” and she proceeded to tell me about how much the project would help the organization and the huge impact it would have on their internal customers. (more…)