Skip to content

People and Processes First… Technology Later.

May 27, 2011

As a consultant working with several folks who are trying to design what is best for their organization in a “Best Practice” cyber security stance, I see decision makers being besieged by marketers who are out telling potential prospects that “You have to have my tool or really bad things will happen to your organization.”  Most of these folks are well-meaning, but often motivated by the marketing objectives of their organization and their compensation plan.   Additionally their knowledge base is often limited to the space of their product and its immediate periphery.

We need to step back and realize that Cybersecurity is a “state”, not a tool or any universal templet of tools, and that one “state” does not fit all.  More over it is a living “state” and must be able to morph as threats become more sophisticated.    Recently, a very senior government cyber official told me “I realize now it is not about tools, it is about process.”

It is important that we as managers create the requirements for this “Best State” or process.  Additionally we need to be knowledgeable enough to do this our selves or to manage the persons or team writing the requirements for our organization’s “Best State.”  It is equally important for us as managers to make an honest self-assessment and ask ourselves “Do I have the knowledge base to do or manage this?”  If not…  then we need to be smart enough to get help. Why?…  When you sit back and review all of the bad things that can effect your organization a Cyber incident has to rank right up there with the worst of the worst and cyber defense is tough stuff.  Very few people are really good at this and have the ability to know what “right” looks like for their organization.  Do you?

Don’t get me wrong: tools are good things.  That being said they are tools designed to do their part of the job you will design when you develop the requirements for your organizations “best state.”  So the next time one of those tool persons stops by your office listen to what his or her product does and then ask yourselfdoes this have a place in my best state?”  Does this do something new, better or unique to what I am already doing

Then, make your decision.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: