To be successful, you must know yourself and your business.
There's a fine line between success and failure, and sometimes the difference has nothing to do with the merit of the project or how it's presented. How many times have you been in a situation where politics or personalities sidelined a decision? Unfortunately, it happens a lot. Information security policies and procedures are developed with the best of intentions, but often fail because they were created without accounting for the dynamics of the organization for which they were built.
Success (as we've heard others say) has a lot to do with group dynamics, motivation and leadership. Whether they realize it or not, the best infosecurity professionals are situationally aware and attuned to what is happening to them and their environment.
The MIT Sloan School of Management has developed a way to assess situations around you. Called "Three Lenses," it encourages managers to look at organizational processes from different perspectives to understand how to excel.
Which of the three lenses is right for your business? All of them. Unfortunately, as information security professionals, we tend to approach security from a purely technological perspective, without accounting for the "softer" side of organizations. Looking through three lenses into your environment will change that.
Will this approach work? Well, consider a security management program that is not tied to the organization's strategic needs. If treated as a goal in itself, the program will become irrelevant. Similarly, a security architecture that lacks support from influential individuals, regardless of formal titles, will be unlikely to gain widespread adoption. A manager who devises policies that conflict with the organization's culture, perhaps by being too constraining or overly permissive, will get stuck fighting a losing battle.
Try using these three lenses when you approach your next security project. They will help you understand which measures are likely to work, which might fail, and who needs to be involved in the development of the program in your organization.
When the security program succeeds, so will you.
Authored by Lenny Zeltser. Lenny is a business and tech leader with extensive experience in information technology and security. His areas of expertise include incident response, cloud services and product management. Lenny focuses on safeguarding customers' IT operations at NCR Corporation. He also teaches digital forensics and anti-malware courses at SANS Institute. Lenny frequently speaks at conferences, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania. You can follow Lenny on Twitter, read his blog and circle him on Google+.
Copyright © 1995-2013 Lenny Zeltser. All rights reserved. RSS Feed.
The information on this site does not necessarily represent positions or opinions of my employer.