Everyone can think of a moment when they have experienced a problem with goods or services. Everyone can also think of a moment after the problem that…wait for it (drumroll)…there was poor customer support or no support at all.
So where does the disconnect between an enterprise’s strategic objectives and its failure in the eyes of the customer begin? Could this failure have been avoided from the start?
Here’s how it happens: Oftentimes an enterprise reviews its strategic plan, which is a process that often generates new ideas and a new focus on how to achieve its objectives. A critical factor in achieving these objectives is IT. As part of this effort business cases are created and reviewed with due diligence and care, focusing on risk analysis, costing and other key planning issues. Approvals are given at various levels, and once the green light is reached, we then develop the product/service/upgrade, with implementation to follow.
The Lone WolfSome months ago I responded to a question in the ISACA forum posed by a person who described himself as a lone wolf security professional. In being alone, he was involved in all information security tasks, in every phase of the Deming circle—Plan, Do, Check and Act. The question asked if it was possible and ethical to check his own policy, plan and progress; this is a very good question, and a dilemma that is known by many information security professionals.
In 2010, the Dutch government forced all hospitals to implement information security. This resulted in the creation of my own job as information security officer in one of the larger hospitals in the south of The Netherlands. It was a huge challenge; I had a willing management, but very limited resources, and I was the only information security professional in the organization. In other words, I was a lone wolf. And I had, like the person on the forum, to check my own work. Not because nobody was willing to check my work, but the knowledge was simply not there. Like the person on the forum, I felt very uncomfortable with that situation.
Over the years, it has come to my attention that few industries innovate faster than IT. And while I am surrounded by many of these changes in my everyday life, I try not to underestimate the value of ongoing training and how it improves my skill set and could potentially open up new career opportunities.
Regular IT training is by far one of the single most valuable things I do on a regular basis.
Benefits of Ongoing TrainingI will admit that I do not like the word “training.” It takes me back to being a student in a structured classroom setting. But training really is a positive thing. It is what gives us the knowledge and skills necessary to complete the tasks and objectives we face in our jobs.
We live in an age when social media, mobile devices and the Internet of things (IoT) dictate how we access, manage and communicate information. This technology is constantly changing and relatively complex in nature. Thus, it is essential that enterprises have a fully functional and effective information security program.
The responsibility to ensure such a program is properly implemented resides with senior management. The main objectives of such a program are to ensure the confidentiality, integrity and availability of the information assets and associated resources.
For a moment think about these statements:
After considering these statements, how would you answer the question of whether your business will be competitive in 10 years?
With the countless factors that exist across every sector, the question is very difficult to answer. The pace of positive, negative and unclassified technological advancements is exponentially greater than ever before. How will your enterprise and IT governance structure survive these exciting times?
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.