IT and Security Business Alignment

 
IT and Security Business Alignment
 
Questions you might hear from a board member, council member or senior management:
What is the purpose of IT?
What is the purpose of Security?
IT's place in an organization?
Security's place in an organization?
 
Business managers often need a reminder of what the value of information technology and security brings to the organization.  Some see information technology and security as cost centers and not as business enablers.  Best in class organizations see information technology and security as strategic and business enablers.  The question I often get is, how do we get senior management to buy in on this maxim?
 
We need to go back to the basics; Business and Management 101.  I like to quote from Peter F. Drucker, the famous business consultant and writer on management and business topics, and apply that wisdom to technology and security.  Here is the quote:
 
"Business enterprises - and public-service institutions as well - are organs of society.  They do not exist for their own sake, but to fulfill a specific social purpose and to satisfy a specific need of a society, a community, or individuals."  Peter F. Drucker
 
This is a great business maxim and is often quoted.  To apply this maxim to information technology simply substitute the organization with IT.  Once you read the quotes you will see how clear the purpose of IT and security in the organization.
 
"Information technology is an organ of the organization.  It does not exist for its own sake, but to fulfill a specific organizational purpose and to satisfy a specific need of the organization."
 
Apply this maxim to information security:
 
"Information security is an organ of the organization.  It does not exist for its own sake, but to fulfill a specific organizational purpose and to satisfy a specific need of the organization."
 
Here is another Drucker quote that is great for a maxim.
 
"Business exists in a society and community and, therefore, has to discharge social responsibilities, at least to the point where it takes responsibility for its impact upon the environment."  Peter F. Drucker
 
Here are the new maxims for information technology and information security:
 
"Information technology exists in an organization and, therefore, has to discharge organizational responsibilities, at least to the point where it takes responsibility for its impact upon the organization."
 
"Information security exists in an organization and, therefore, has to discharge organizational responsibilities, at least to the point where it takes responsibility for its impact upon the organization."
 
Armed with these maxims alignment of information technology and security with the organization should be clear.   Here is how we ensure business alignment at Maze & Associates:
 
Maze & Associates Mission
"We are in business to help our clients succeed."
 
Information Systems Department Mission
"We help our clients succeed by helping them secure and manage their technology investment."
 
IS Department Internal Clients: We support Maze and Associates by securing and managing the IT systems.  By supporting the staff of Maze and Associates we can help them help their clients to succeed.
 
IS Department External Clients: We help clients align their IT investment with their business goals and vision.  We can help them lower the total cost of ownership by proper IT governance.
 
Our information systems department mission statement is fully aligned with our overall business mission.  The mission of our information systems department support the overall business mission.
 
In the military a drill instructor or platoon sergeant will call cadence as a way to keep all members of the platoon in step with everyone else and going the same direction.  In the opening scene of the movie “A Few Good Men” starring Tom Cruise as a Navel JAG officer we are shown the world famous Marine Corps silent drill team as they practice drills all in locked step and precision movements.  One impressive aspect is no one calls cadence and yet they are in unison.  It looks impressive because everyone is marching in precise unison.  If one person is off you will notice it and the entire platoon will become an unorganized cluster and will not reach its intended destination.
 
The Silent drill team is able to maintain unison only after extensive practice.  In other words they don't need the cadence because of all the practice they have had.
 
Think of this illustration in your organization.  Is the entire organization in step?  If not who is going to call cadence to get everyone in step?
 
Brought to you by Maze & Associates, a leading Northern California Accounting Firm specializing in Municipal & Nonprofit Audit, Tax for individuals and all types of entities, Information System Audits, Security Reviews, as well as PCI Scans and certified training. Maze & Associates is a PCI ASV - Approved Scanning Vendor.
 
 
Disclaimer: The views expressed here are those of the author and do not represent those of Maze & Associates.
 

Slashdot Facebook Technorati Stumble It! Google Yahoo MyWeb Reddit Del.icio.us; Digg This!
 

Subscribe To Feed

Subscribe to LearnSecurity Blog using your favorite feed reader by clicking here.


Donald Hester Bio


Click here to read Donald Hester's bio.


Facebook

Click here to subscribe to the LearnSecurity Facebook Group.



Latest News

New PCI Web Application Scanning! Helping your organization meet PCI compliance with PCI DDS § 6.6.
Copyright © 2010 Maze & Associates. Designed by Purple Cow Websites.