|
| Recent
Articles |
Open Source Advertising Not Necessary?
Okay, here's another one of Dana's stories that I take exception to. Note that I respect Dana's writings and I read his blog daily. In Reputation vs. marketing in open source by ZDNet's Dana Blankenhorn, he says...
Managing Risk In Information Technology
As information technology increasingly falls within the scope of corporate governance, so management must increasingly focus on the management of risk to the achievement of its business objectives. There are...
The Ex-lawyer And Red Hat Support
When I bought my first home, I used a lawyer that a friend referred me to. The lawyer was great, thorough, responded quickly and took the time to explain things in plain English. I used him again 2 years later for an investment and found that he was still thorough but not...
Google Not Having Luck Hiring In India
The Times Of India reports that Google has had trouble finding enough quality talent to hire for its Indian offices. India may have an exploding IT industry, but Google has been notorious in setting its standards super-high...
The IT Consultant Keeps Spare Parts Handy
An IT consultant needs to be aware that PC vendors are typically very willing to cover inexpensive products like a mouse under standard warranties. But because as an IT consultant your client can probably buy a replacement...
|
 |
|
01.09.07
Common Language Equates To Common Goals
 By Dan Morrill
Over at Dark Reading, Dr. Chris Pierson an attorney with Lewis and Roca discuses the impacts of not being able to communicate between business, security, IT, and others within the company.
The interesting bit of the article, and this is where it gets hard for a lot of IT Folks, Dr. Pierson states:
"How can an IT department increase awareness and understanding of security issues among leadership or other business units?
One possible solution is to educate your company's leadership by demonstrating how IT security is interconnected with the law, compliance issues, and privacy requirements. By being able to translate technical aspects of your job into real business terms -- and by working across business sectors to implement real solutions -- IT staff can garner the support of others within their company.
While it may not be possible for everyone to fluently speak the same language of IT security, you should expect that the basics of IT security be understood by a broader corporate audience." (Dark Reading)
The core issue that is being spoken of here is that the communications between point A and point B really mean nothing to either party. Business school graduates do not get an in-depth view of technology, nor are technology graduates really steeped in the needs of business. Crossover degrees like the University of Maryland's MS of E-commerce go way so that the student gets both, at least a work vocabulary. But the education system does not put an emphasis on cross training each side to really see or have a working understanding of each group.
Adding to the complexity is that both strategic and tactical goals within the company are different for each group. Business mangers have their own strategy and their own tactical goals, while IT has their own strategic and tactical goals within the company. These goals are not defined so that an organizational dependency is formally known; rather the interdependencies between the two are informal and often frustrating to both sides. The additional complexity, along with communications difficulties can lead, and often does lead to the horrific project failure statistics that we currently have.
"It is only by combining the technical issues of cybersecurity, the framework of corporate governance, and the regulatory/legal framework that progress can be made in better securing the corporate information technology systems that comprise our nation's critical infrastructures." (Dark Reading)
The good part is that Dr. Pierson also understands the issue, and by offering the solution above, shows that he does get it. Unfortunately, the systems that we use both in education and within the organization are not geared towards this kind of process. Each one of those factors is often in the hands of disconnected organizational groups, who have marginal interaction at any level. That is where organizational change has to happen, and that is exactly where organizational change is not happening. Sharing territory like that is often a disruptive and painful process for a company, but has enormous benefits for those companies that can successfully make this adaptation in their organization.
While we would like to see more alignment between the various groups that make up an organization, it will require strong alignment between strategic and tactical goals along the entire company infrastructure. As well as an alignment of understanding between the various vocabularies and taxonomies that each group in the organization uses.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
