By Joe Knape
Performing your duties as a security professional with the following â€œcode of conductâ€ in mind is quite possibly the best thing you could do for your company this year.
1. Learn to use what you already have as efficiently and effectively as possible before asking for more.
* Are you using your current people, processes, and technologies to their fullest?
* Are there any people in your organization with untapped or unrecognized potential?
* Are there processes or procedures on the books that arenâ€™t being used?
* Are there policies or standards that arenâ€™t being enforced or are in fact unenforceable or even damaging to the enterprise?
Find those diamonds in the rough, those nuggets of wealth. Use what you have as efficiently and effectively as possible before asking your company to pay for more.
2. Sometimes the best thing to do is to do nothing at all.
If youâ€™ve decided that you ARE using everything you have and itâ€™s time for something new, then before writing that policy or deploying that new device or putting forth that recommendation ask yourself, is it truly necessary? Is it possible the problem isnâ€™t as serious as you might think or the risk isnâ€™t quite as high as first thought?
Try to NOT make changes. Sometimes the problem does just go away by itself.
3. First, do no harm.
If youâ€™ve decided youâ€™re people, processes, and technologies are being used to their fullest and that something absolutely has to change then ask yourself, how can I architect, design, deploy, implement, etc. this â€œnew thingâ€ in such a way that it causes the least amount of change or trauma to the enterprise as a whole?
Minimize the amount of change you are responsible for in your enterprise, especially at any one time. When things have to change then make the changes gradually, over time, and always with the rest of the enterpriseâ€™s systems at the forefront of your thoughts.