By Joe Knape
Performing your duties as a security professional with the following “code of conduct†in mind is quite possibly the best thing you could do for your company this year.
1. Learn to use what you already have as efficiently and effectively as possible before asking for more.
* Are you using your current people, processes, and technologies to their fullest?
* Are there any people in your organization with untapped or unrecognized potential?
* Are there processes or procedures on the books that aren’t being used?
* Are there policies or standards that aren’t being enforced or are in fact unenforceable or even damaging to the enterprise?
Find those diamonds in the rough, those nuggets of wealth. Use what you have as efficiently and effectively as possible before asking your company to pay for more.
2. Sometimes the best thing to do is to do nothing at all.
If you’ve decided that you ARE using everything you have and it’s time for something new, then before writing that policy or deploying that new device or putting forth that recommendation ask yourself, is it truly necessary? Is it possible the problem isn’t as serious as you might think or the risk isn’t quite as high as first thought?
Try to NOT make changes. Sometimes the problem does just go away by itself.
3. First, do no harm.
If you’ve decided you’re people, processes, and technologies are being used to their fullest and that something absolutely has to change then ask yourself, how can I architect, design, deploy, implement, etc. this “new thing†in such a way that it causes the least amount of change or trauma to the enterprise as a whole?
Minimize the amount of change you are responsible for in your enterprise, especially at any one time. When things have to change then make the changes gradually, over time, and always with the rest of the enterprise’s systems at the forefront of your thoughts.