4 key questions about your security programme

If you are the CISO of your organization and implementing a security programme, what questions shall you ask yourself to help realizing a successful programme rollout ? No, it is not about what software to use, what hardware to install, what process to put in place or even what vulnerabilities you are going to remediate or mitigate. In fact, they are:

  1. Are we doing the right things ?
  2. Are we doing them the right way ?
  3. Are we getting them done well ?
  4. Are we getting the benefits ?

Four simple questions about your security programme, all about the business results – but not technology, schedule, and resources. Four questions about the reality such that your company can make informed decision. In addition, each of the four questions can be further elaborated, for examples:

Are we doing the right things ?

  1. What technology, processes are proposed ?
  2. For what business outcome ?
  3. How do the deliverables within the programme contribute ?

Are we doing them the right way ?

  1. How will it be done ?
  2. What is being done to ensure that it will fit with other current or future capabilities ? (e.g. Business / Operational / Technical capabilities)

Are we getting them done well ?

  1. What is the plan for doing the work ?
  2. What resources and funds are needed ?

Are we getting the benefits ?

  1. How will the benefits be delivered ?
  2. What is the value of the security programme ?

You shall answer all the questions based on relevant, current accurate business-focussed information. By that time, I am sure, you will find that to have a successful security programme, it is no longer depending on the technology, process and policy only, but also an investment that has an enormous impact on creating and sustain business value.

question-mark

Advertisements

Author: Michael Yung

Michael possessed over 30 years of experience in Information Technology with focuses on complex application development, database technologies and IT strategy. He also spent the last 20 years in Internet technology, eCommerce development / operations, web usability, computer security and Public Key Infrastructure technologies.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s