Tuesday, March 18, 2008

CIO Magazine 20 Minute Miracles and Real Risks

I liked CIO Magazine's article 20 Things You Can Do In 20 Minutes to Be More Successful at Work by Stephanie Overby. Several excerpts follow.

  • Grab cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 annual 10-K reports that your top competitors have filed with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Securities and Exchange Commission and read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 section called "Management's Discussion and Analysis." That's where cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 CEO (through corporate lawyers) describes what happened to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 past year, good and bad.

    By scanning that material, you can immediately get a better understanding of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 competition.

  • Sit down right now and reschedule all your internal IT meetings for just 20 minutes...

    "There's only about 15 minutes to 30 minutes of true productivity in most meetings, even though meetings are typically set up for an hour," says Michael Hites, CIO of New Mexico State University, who once placed a 30-minute limit on all meetings. "The idea is that it forces you and your meeting buddies to prepare and focus." Hites found that shorter meetings were more effective and left more time to actually accomplish things.

    If you like that idea, consider this even more sweeping suggestion from Direct Energy CIO Kumud Kalia: Cancel all recurring meetings with your subordinate staff. "Ask cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to come to you with major issues, not every little decision," Kalia advises.

  • Take your own company's 10-K and pay attention to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 bad stuff that happened in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 past year. Think about how technology affects such events, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n figure out what you can do about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m. For example, in its latest 10-K, Owens Corning, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 $6.5 billion maker of construction materials, talks about how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 decline in U.S. home building hurt sales. Could better business intelligence have predicted how steeply new construction would fall and have helped Owens prepare?

    Think also about how IT can mitigate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scary possibilities cited in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "risk factors" section.

  • Ask yourself if you're working toward something or just working.

  • [S]end an e-mail to your staff to encourage cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to pick up on something new. And tell cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are expected to spend one day a month learning. Make it an official day on everyone's calendar...

    One no-cost way to do this is to encourage participation in computer user group meetings and industry associations.


Speaking of 10-K forms, I looked at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 latest from Owens Corning, specifically cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Risk Factors section. It reminded me that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 idea of creating a "Chief Risk Officer" out of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ranks of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information security staff is generally a bad idea. Why? All of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 risks that businesses care about have little to do with information or security. Here's what Owens Corning cites:

  • Downturns in residential and commercial construction activity or general business conditions could materially negatively impact our business and results of operations.

  • Our cost-reduction projects may not result in anticipated savings in operating costs.

  • Adverse weacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r conditions and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 level of severe storms could materially negatively impact our results of operations.

  • We may be exposed to increases in costs of energy, materials and transportation and reductions in availability of materials and transportation, which could reduce our margins and harm our results of operations.

  • Our hedging activities to address energy price fluctuations may not be successful in offsetting future increases in those costs or may reduce or eliminate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 benefits of any decreases in those costs.

  • And cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 list continues...


Do you see what I mean? At cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top levels of business, risk is all about business. It has little or nothing to do with anything we in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information security space manage on a day-to-day basis. I'm fine with that. My major role is to protect my company, our users, and to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 extent possible, our customers and peers from digital threats... without cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m worrying about it. My company makes money, and I try to keep us safe.

If you do aspire to be a CRO, work for a financial or insurance firm, get a MBA, and lead a business line after being a security person. The companies popularly cited as having CROs are all insurance and financial in nature. These industries internalize risk via financial calculations and models on a daily basis, but it's risks involving capital and not data.

4 comments:

Anonymous said...

Great article; right up to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 point you said "At cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 top levels of business, risk is all about business. It has little or nothing to do with anything we in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information security space manage on a day-to-day basis. I'm fine with that. My major role is to protect my company, our users, and to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 extent possible, our customers and peers from digital threats... without cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m worrying about it."

How do you know what to protect or how much protection is appropriate without input from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 business? I agree that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y should not have to worry about information security, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y should be aware of it. They should also be comfortable that your activities are aligned with business objectives. (Gack! I'm starting to sound like a vision statement!) Seriously, companies don't have IT resources for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sake of having IT resources; cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m for business reasons. Therefore IT objectives (security or ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rwise) are (or should be) business objectives.

Anonymous said...

@Richard: I couldn't agree more with some of Stephanie's observations. This also happens when we get too bogged down in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 trivia - "sweating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 small stuff". I recently carried out a small survey of some technical security peers that showed some depressing stats just around time spent on email vs getting actual projects done that can actually make a difference (post to come soon). Sidenote: The ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r tip of 10-K reports is to check out your supplier R&D figures - always interesting to see who is investing in capability and who is not.

@Stacy: I didn't interpret Richard suggesting that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is no need to take input from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 business. It was more that at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 board level, IT security issues are rarely on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 agenda (if things are going well that is ;-).

Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...

Boy do I love cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 20 minute meeting idea. A former manager (with Army background) used to say, "meetings are for making decisions. Schedule a 1x1 if you need to discuss something." Unfortunately, too much of that can lead to "not being engaged," but old habits are hard to break. Which is why I still love concluding a 90-minute staff meeting in 25 minutes. :)