3 steps to measure what matters in any situation

3 steps to measure what matters in any situation

Once the fear of truly measuring what matters subsides, the actual process centers on 3 basic steps. And they work in any situation. While it only takes 3 steps and is easy to understand, the process of measuring what matters  is deceptively hard to operationalize. Measuring what matters is a process that requires the experiences and perspectives of different people. By bringing the right people together and seeking to avoid politics (at least the politics of selection), the result is more effective. Precision and common understanding of terms and effective communication are essential for this process to work. Using words with different meanings or failing to clarify -- including context -- sets the stage for confusion and failure. When I guide clients … [Read more...]

Why the definition of security awareness matters

Why the definition of security awareness matters

Your paradigm is so intrinsic to your mental process that you are hardly aware of its existence, until you try to communicate with someone with a different paradigm. ~ Donella Meadows A practice built on teaching and creating materials based on the art and science of effective communication often leads to discussions about how to build and improve security awareness programs. I start the conversation by first asking, "what does it mean to be aware?" After a nervous laugh (or two), answers range from blank stares and silence to lengthy lectures with no connection to security awareness. In fact, I had one executive suggest to me that trying to define security awareness was akin to US Supreme Court Justice Potter Stewart attempting to define pornography when he wrote, … [Read more...]

How Virtualization Affects GRC

By Dave Shackleford Virtualization technology is becoming ubiquitous. More and more organizations are replacing physical infrastructure with virtualized systems, including desktops and servers, and application and storage virtualization are popular as well. Virtualization changes a number of paradigms across the information technology landscape – some obviously for the good, some possibly for the worse. In the realm of GRC, virtualization has some distinct points to consider, many of which may require changes in operations and policy, as well as overall information security management. Where governance is concerned, virtualization brings about changes in separation of duties and policy definition. In traditional IT environments, distinct teams with specialized … [Read more...]

Into the Breach – Audio Series – Chapter 8 (Measuring Success)

Into the Breach – Audio Series – Chapter 8 (Measuring Success)

Welcome to the continuation of the Into the Breach: Protect Your Business by Managing People, Information and Risk audio series. (Click this link) to learn more about this how this book solves today’s challenges and pick up a complete copy. This series, underwritten by Configuresoft, now part of EMC, is the full and unabridged audio version of Into the Breach, written by Michael Santarcangelo and read by the author. Join us for a new chapter released on the first Tuesday of each month (there are 13 chapters total). What you’ll find in this episode (Chapter 8) The strategy has been revealed. The fundamentals of what is now The Catalyst Method have been shared (note: if you want the update on The Catalyst Method, drop me an email). The key considerations for a pilot … [Read more...]

Leading from the Front: Bringing Planned Disruption To The Organization

By Martin Fisher What is the most important job/function of a leader? Inspire the team? Use resources effectively? Make tough decisions? Set an example? Develop others? All of these are good answers and are important things for a leader to be sure they are accomplishing in an organization. But none of these is the most important answer. The number one job of a leader – the reasons leaders exist – is to bring change to organizations. “That's silly!” – is a common reply I hear when I make the statement. “Leaders only bring change if change is what the organization needs. They assess the situation, analyze their resources, and only make changes if there is a reasonable chance of the change improving the organization.” My … [Read more...]

Continue Playing

Continue Playing

by Jeff Kirsch In “Playing Games”, I shared some lessons that I learned while playing chess with my son. Chess is a rich example of the need for, and challenge of, planning ahead. For those unfamiliar with this game of skill and strategy, the goal is simple: Capture your opponent's king and force him into a position known as “checkmate.” During the game, opponents take turns moving one piece at a time until a player is considered to be in “checkmate”, meaning he can no longer move his king. An interesting element is the need to notify an opponent when they are one move away from being captured by declaring “check.” This is a great game rich with strategy and nuance, with more details here. So how does chess fit into my “plan ahead” … [Read more...]