Are you one of the lucky few NOT suffering from these six costly management problems?
During seventeen years at Hunt Business Intelligence and Forrester Research I’ve had the privilege of researching trends and best practices across the security industry. In-depth interviews with over 450 CIOs and security leaders show that the greatest weaknesses in security programs are not technological, nor are they skill- or personnel-related. The greatest shortcomings, affecting more than 9 out of 10 security programs, have to do simply with management, or what I like to call Security Maturity.
Here is where the success of security leaders consistently breaks down:
Security teams waste time putting out the same fires, continually “reinventing the wheel” of many security tasks, and performing “busy work” for auditors and customers, recreating documents and filling out SIGs and assessments and the like.
Audits and assessments invariably find deficiencies that need to be fixed fast. Each “mitigation” project pulls valuable people off of important “normal” projects.
Lack of Systematic Processes
Security and IT teams rarely function together as a finely-tuned-machine. As a result, managers are constantly running interference when conflicting processes and personalities interfere with productivity.
Lack of Quality Measurement
Annual 3rd-party assessments do a good job of establishing a progress report, like your child’s growth chart at his pediatrician’s office. However, waiting a year or longer between assessments means there is no way to catch operational errors in real time.
Employees Feel Left Out
Employees hoard information and protect turf when they feel uncertainty around them. They want to feel “essential.” Therefore, managers have a difficult time responding with agility. After all, if an employee becomes irreplaceable— “He’s the only guy who knows how to run our kludgey authentication server”—then he also becomes un-promotable. The manager has no way to move that worker to any other critical function, and is critically affected when key employees unexpectedly leave.
Support & Training Sporadically Available
Outside consultants and professional conferences offer excellent sources of training and improvement. Unfortunately, it is prohibitively expensive to finance full time consultants or constant employee trips to conferences.
Any leader who desires to improve security this year should focus less on technology and more on these key areas of security management.
To learn my Four Steps to Security Maturity, and to find out your organization’s Security Success Score™ connect with Steve using the button below.