Critical conversations at work

On By Kate CarruthersIn ideas, management

Managing people is a skill

I’ve been a manager for over twenty years now, managing teams ranging in size from 2 to 263. One thing that I have learned is that if you want to do anything big then you need to work through other people to achieve at scale. And managing through other people to achieve goals is one of the biggest challenges when one shifts from being an individual performer to being a team leader or manager.

The skills of team leadership are not often taught formally to new managers, and they are often learned on the job. One of the scariest things that one is called upon to do as a new manager is to provide negative feedback to a team member. But it is important to know how to build the context around it so that it becomes part of the working relationship and not a surprise to anyone.

Critical conversations

Many problems in workplaces are caused by hesitation in initiating critical conversations. And this does not necessarily mean conversations that are focused on criticism of an individual or their work. It also means conversations that clarify the work to be done, issues and risks relating to the work, and any barriers to getting the work done.

“Know what you want. Clarity is power. And vague goals promote vague results.”
– Robin Sharma.

If teams are not having meaningful conversations with each other on an ongoing basis then, instead of small adjustments in course, it can evolve into enormous delivery and execution issues, and even escalate into an official performance management issue that can result in a job loss. Many times I have seen the performance management issue come as a complete surprise to the individual staff member involved, yet it is rarely a surprise to their team members. This is typically the result of the team leader being afraid to have a critical conversation, and the result of poor ongoing communication between the team leader and the team member.

“Often we go through an entire conversation – or indeed an entire relationship – without ever realizing that each of us is paying attention to different things, that our views are based on different information.”
Douglas Stone, Difficult Conversations: How to Discuss What Matters Most

This means that, as leaders, we need to create an environment where team members (including the team leader) communicate effectively about the work to be done, who needs to do what tasks, when they are needed by, and to what quality standards they need to be done in an objective manner.

Some techniques that I have used to create this kind of environment include the use of specific language. For instance, a team member will often give updates in terms of “I hope to deliver it by Tuesday”.  I make it very clear that hope is not a delivery strategy, and often reply that:

“We don’t hope. We provide a percentage confidence level it will done on time and budget, so what is your confidence level for this task?”

By shifting the language used by the team to talk about delivery and relating it to the reality of getting things done this creates an opportunity to discuss issues and barriers to getting the task done.

Performance management

Once this kind of environment is in place, in the normal course of things, there is little reason for the manager to intervene. However, when it becomes evident that a team member is unable to deliver assigned tasks at the required quality standard and to the relevant timeframe, the manager needs to intervene.

As a manager it is important to have ongoing conversations with team members. Performance issues rarely pop up overnight. They develop over longer periods and there are usually warning signs. If critical conversations happen early and often enough then the issues can be addressed and performance can be  improved. However, it is necessary to understand why people sometimes do not do what they are supposed to do.

Reasons why employees don’t do what they are supposed to do

The starting point for this is to work out why the person is not performing as required. Former Columbia Graduate School professor, Ferdinand Fournies,  interviewed nearly 25,000 managers asking them why, in their experience, direct reports did not accomplish their work as assigned. Here are the top reasons Fournies reported :

  1. They don’t know why they should do it.
  2. They don’t know how to do it.
  3. They don’t know what they are supposed to do.
  4. They think your way will never work.
  5. They think their way is better.
  6. They think something else is more important.
  7. There is no positive consequence to them for doing it.
  8. They think they are doing it.
  9. They are rewarded for not doing it.
  10. They are punished for doing what they are supposed to do.
  11. They anticipate a negative consequence for doing it.
  12. There is no negative consequence to them for poor performance.
  13. Obstacles beyond their control.
  14. Their personal limits prevent them from performing.
  15. Personal problems.
  16. No one could do it

Why Employees Don’t Do What They’re Supposed To and What You Can Do About It

It is always one of these types of issues that is at the root of poor performance. But lack of clarity around tasks and acceptable quality standards has been the most common reasons in my experience, and this is the most easy to remedy.

Healthy workplace conversations

This list above is a good starting point for conversations about performance. But performance is also a result of the team culture, high performing teams tend to experience a lot less poor performance.

Most of the issues listed by Fournies can be discovered by having meaningful conversations among the team about goals and objectives, and open discussions about roadblocks.

“difficult conversations are almost never about getting the facts right. They are about conflicting perceptions, interpretations, and values.”
Douglas Stone, Difficult Conversations: How to Discuss What Matters Most

Don’t wait until someone is performing poorly, look out for the early indicators of problems and initiate conversations about the issues early. Provide relevant feedback, both positive and negative in timely manner – it is much better when the feedback is delivered close to the action.

It is important that it is a conversation too, that is, a dialogue between two human beings – with give and take. So listening as well as speaking is critical. Building a relationship with your team member is important too. If you have taken the time to build a relationship with your team member then the difficult conversation becomes somewhat less difficult.

Some good questions to ask at regular catchups

Here are some questions to prompt the types of conversations we need to have to build healthy and productive workplaces:

  • How are you going?
  • Are there any road blocks you need help with?
  • Is there anything you need me to do?
  • Who are your key stakeholders? What are their issues? How are your relationships with them going?
  • Does that align with the culture we’re building here?
  • Does that align with team/individual KPIs or should you be doing something different?
  • How do you plan to achieve that objective?
  • Are you on track with that?

Resources about difficult conversations

Carmichael, S. G. (2017, May 02). Difficult Conversations: 9 Common Mistakes. Retrieved from https://hbr.org/2010/10/difficult-conversations-9-common-mistakes

Dowling, W. (2014, July 23). 7 Tips for Difficult Conversations. Retrieved from https://hbr.org/2009/03/7-tips-for-difficult-conversat

Fournies, F. F. (2007). Why employees dont do what theyre supposed to do – and what to do about it. New York: McGraw-Hill.

Patton, B., Stone, D., & Heen, S. (2011). Difficult conversations: How to discuss what matters most. London: Portfolio/Penguin.

Riegel, D. G., Healey, T., Roberts, J., Knight, R., & Whitehurst, J. (2016, June 30). When to Skip a Difficult Conversation. Retrieved from https://hbr.org/2016/03/when-to-skip-a-difficult-conversation

Rowland, D. (2016, April 14). What’s Worse than a Difficult Conversation? Avoiding One. Retrieved from https://hbr.org/2016/04/whats-worse-than-a-difficult-conversation-avoiding-one

Sharma, R. (undated). The Giant Achievement Method [and free worksheet]. Retrieved from https://www.robinsharma.com/article/the-giant-achievement-method-and-free-worksheet

Published: Visual Tools for Developing Cross-Disciplinary Collaboration, Innovation and Entrepreneurship Capacity

On By Kate CarruthersIn ideas

For the last couple of years I have been working on a book with Selena Griffith, Martin Bliemel and a long list of wonderfully creative and innovative authors from across the globe. Today it has been released for sale in digital and hard copy.

Visual Tools for Developing Cross-Disciplinary Collaboration, Innovation and Entrepreneurship Capacity identifies and documents pedagogical and practice-based visual approaches to scaffolding and developing these capacities in your classes, with your clients or in your teams. The editors have selected a diverse range of best practice case studies and theoretical frameworks from leading international educators and practitioners across a broad range of disciplines to illustrate how visual tools can be used to greatest effect.
P-B3-Postcard_Visual Tools
Divided into four logically sequenced sections, the book will progressively build upon the array of visual tools you can employ in your practice. Initially starting with tools for collaboration it expands to include ways to overcome the challenges of cross-disciplinary collaboration. Building on this foundation you will then explore visual tools for stimulating and supporting Innovation in classrooms, with clients and customers, or your team. The third section introduces strategies for selecting visual tools to aid in Entrepreneurship and entrepreneurial activities. The final section provides you with case studies of fully integrated practice where teams have collaborated to innovate and bring the resultant outputs to market. Visual tools for Developing Cross-Disciplinary Collaboration, Innovation and Entrepreneurship Capacity is the perfect companion for an educator, facilitator or practitioner to help students, clients or teams maximize their potential through the use of visual tools. Read cover to cover or dip in as you need to.

You can order the book at this link.

Huge thanks to Vaughan Rees and Arianne Rourke for their series curation. And to all our Authors

Visual tools for developing student capacity for cross-disciplinary collaboration, innovation and entrepreneurship

On By Kate CarruthersIn ideas

Very happy that our book is finally being published – huge thanks to my wonderful co-conspirators, co-editors and co-authors – Selena Griffith and Martin Bliemelbook 2018

Visual tools for developing student capacity for cross-disciplinary collaboration, innovation and entrepreneurship

Common Ground Research Networks, Champaign, IL 2018

“Visual tools for developing cross-disciplinary collaboration, innovation and entrepreneurship capacity identifies and documents pedagogical and practice-based visual approaches to scaffolding and developing these capacities in your classes, with your clients or in your teams.

Divided into four logically sequenced sections, it will progressively build upon an array of visual tools to aid your practice. Initially starting with collaboration it expands to include cross-disciplinary collaboration.

Building on this foundation you will then explore visual methods for Innovation, followed by Entrepreneurship. The final section provides case studies of fully integrated practice.

The perfect companion for an educator, facilitator or practitioner to help students, clients or teams maximize their potential through the use of visual tools.

Contributing authors include in international array of leading educators and practitioners from a diverse range of disciplines.”

Info sec, AI and ethics – some thoughts #codemesh

On By Kate CarruthersIn ideas

I’m heading off to speak at the CodeMesh Conference in London shortly and I’ve been thinking about the emerging boundaries between information security, AI and ethics. I will post some thoughts as they evolve.

Developers (and others) and ethical approaches

We need to help everyone, from coders through info sec professionals to senior organisational leaders, to understand that information security, AI and ethics are part of the everyday landscape for everyone now. It is no longer something that someone else does and it needs to become embedded into our everyday practices.

Nobody has all of the answers, and nobody even has all of the questions. But this intersection between information security, privacy, AI and ethics is becoming increasingly important as we start to think about the kind of future we are building. We need to think about to create the kind of future we want and not merely wander blindly into some kind of dystopian future.

In particular, ethics is an area that we do fairly well in academic research. Universities have well-established ethics processes and there is a high level of consciousness among researchers of its importance. But in business this is not even a secondary consideration. There is general theoretical agreement that everyone ought to take an ethical approach to their work, but it is not always welcome in practice. And yet business folks have a part to play in creating ethical workplaces. We all do.

In software development some of the practices that have been proposed – things like Privacy by Design or Security by Design – are interesting,  yet I’ve not seen either in the wild. These are sensible approaches, and Privacy by Design is even part of GDPR so it might even work (eventually). Yet neither of these explicitly focuses on ethics.

And all of this is not much help when a developer is approached by a business person and is asked to develop something that might be ethically a bit shady. Look at the example of the developer for Volkswagen who went to prison for his role in creating software to deceive regulators around the world. There can be real world consequences for poor ethical decision making in the workplace.

VW engineer sentenced to 40-month prison term in diesel case: [he] was a “pivotal figure” in designing the systems used to make Volkswagen diesels appear to comply with U.S. pollution standards, when instead they could emit up to 40 times the allowed levels of smog-forming compounds in normal driving. – Reuters 26 Aug 2017

It all seems to point to a need to develop ways for business people to run an ethical lens over their ideas way earlier than when they approach a developer.

One approach that has merit is something like the Ethics Canvas, which is inspired by notions like the Lean Canvas or the Business Model Canvas. A simple and easy to use tool such as this could provide business folks with a way to consider the ethical implications of things that they ask developers to do. I’ve started to use the Ethics Canvas at work in some projects, it will be interesting to see how it goes.

Header image: By Martin420 [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)%5D, from Wikimedia Commons

 

Future proof your career – some tips for women

On By Kate CarruthersIn ideas

Spoke at a women in technology conference recently on the topic of how to future proof your career. It might seem strange that I hardly mentioned technology at all in this talk. But the essentials for a long career are mostly outside of technology. Any intelligent person can pick up technology skills, but other essential skills include:

  • Self analysis and self understanding
  • NO to office housework
  • Support networks
  • Power of sponsorship
  • Impostor syndrome
  • And lastly, actual technology

Self analysis and self understanding

Self analysis and self understanding are the first thing to consider. If you can get a clear eyed understanding of your strengths and weaknesses this provides a good foundation for managing your career. This will also help with the development of the ability to take rejection, to ignore it, and to move on regardless. You will be rejected – sometimes because you are a woman, sometimes for other reasons. But if you have clear idea of your skills and the value that you provide then you can pick yourself up, regroup and get on with things.

Resilience counts – a career is a marathon not a sprint!

Another key skill to develop is not to take things personally at work. I always imagine that they are talking to the chair when someone appears to be having a go at me. Many times I have found out later that the person who was giving me a hard time was upset about something completely different. Of course there can be the case where someone really is out to get you – I’ve suffered from bullying at work before – the best thing to do in that case is to engineer an exit as soon as possible.

‘Wisdom is the principal thing; therefore get wisdom: and with all your getting get understanding.’ Proverbs 4:7

Take every opportunity to obtain a 360 degree understanding of yourself. And ensure that you seek feedback from diverse and reliable sources. Take time out to reflect on your work and assess it dispassionately. Learn to recognise your strengths and weaknesses, so that you can use your strengths and improve on your weaknesses. I often say that it’s not a weakness if you know about it and can compensate.

Say ‘NO’ to office housework


Office housework consists of the myriad of little tasks around  the office that folks just assume that women will do. These range from filling the dishwasher, to tidying the bench tops, buying the birthday cakes and opening the mail. People will unconsciously expect women to do it.

  • Stop doing it immediately (unless, of course, you really really want to do it)
  • It takes time for which you are not remunerated
  • It distracts you from your mission

If you consider how much of this you’ve probably done over your career it really adds up over the years. And our male colleagues have been blissfully ignoring all of this unremunerated labour and coasting past us.

Find your support network

Find a work support network. Often social friends will not understand your work context and you do need someone who understands. I’ve had conversions with family members as I try to explain some work thing and watch their eyes glaze over, or they simply do not have the mental map for my work. The main thing is that you need a cheer squad of folks who understand your work context and who can also provide contextually relevant advice.

Another sad fact is that sometimes colleagues at work will diverge as you progress in your career. This is especially true if you have risen up the ranks within a single organisation. In that case there might be envy or resentment, so you might need to socialise with different folks.

Discover the power of sponsorship

Sponsorship not mentorship. As noted in this article:

‘Mentors advise. Sponsors act.’

A sponsor is someone who will advocate on your behalf. Mentors are helpful when you need advice, but to really get ahead a sponsor can be more useful. It is helpful to have mentoring throughout your career, but a sponsor can help to make things happen and be real change agent for your career.

Nobody knows you feel like an impostor

Impostor syndrome is real, and almost everyone experiences it at some time. But the important thing to remember is that nobody knows how you feel so heed the advice to ‘fake it until you make it’ or rather ‘fake it until you become it’ as Amy Cuddy argues.

The crucial thing about imposter syndrome is that there is clear evidence that you are not an imposter, that is, someone has given you a particular role. You have the feeling that you are an imposter but there is evidence that you are not.

The Dunning–Kruger effect is a cognitive bias wherein persons of low ability suffer from illusory superiority, mistakenly assessing their cognitive ability as greater than it is. Therefore by having imposter syndrome at least you know you’re not suffering from the Dunning-Kruger effect.

New jobs will emerge as technology changes

The 21st century offers us great challenges and opportunities. Things like the  digital revolution, AI, machine learning, Internet of Things, big data and data science, and Quantum computing – among others – are all going to change things beyond recognition. Always be looking to generalise your current skillset into the next big thing, and keep in mind Amara’s law:

‘We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run.’

As Paul Roehrig, chief strategy officer for Cognizant Digital Business, notes:

‘People skills are more and more important in an era where we have powerful and pervasive technology,’ he says. ‘It sounds counterintuitive, but to beat the bot, you need to be more human.’

21st Century skills include:

  • Problem solving
  • Creativity
  • Analytic thinking
  • Collaboration
  • Communication
  • Ethics, action, and accountability

Above all…

You can have multiple careers

Don’t panic!

Remember to breathe

Data is the engine of the fourth industrial revolution

On By Kate CarruthersIn ideas1 Comment

“Data is the new oil and we are in the midst of the fourth industrial revolution that is driven by the internet of things. The old fossil fuelled industrial revolutions are in their dying days and we are seeing the birth of a new era that will reshape everything that we know.”
– Kate Carruthers

Last week at the 2018 Stanford University Women in Data Science Conference in UTS Sydney I spoke on a panel along with Theresa Anderson,  Ethel KarskensNicole Dyson , Aurelie Jacquet,  Joanne Cooper, and Angela Chin. 

As first speaker I got to set the scene for the remaining speakers, here is a summary of my remarks.

My remarks

One thought to start with. I am currently the Chief Data & Analytics Officer at UNSW Sydney, and this job did not exist when I left school, and this job did not exist when I graduated from university. So, do not worry about educating kids for the jobs of the future when we probably cannot even imagine what those jobs will be. We’re at an exciting point now where people can’t be trained for the jobs they’ll have in the future because they don’t exist yet. Of all the things that I have studied, history, philosophy and anthropology have been among the most useful. And they have actually been a good grounding for an unknown future.

Data is the new oil and we are in the midst of the fourth industrial revolution that is driven by the internet of things. The old fossil fuelled industrial revolutions are in their dying days and we are seeing the birth of a new era that will reshape everything that we know. We’ve had industrial revolutions before, this is just the next one.

Data scientists are the currently the new high priests, but not for long, as algorithms take over from them. Data engineers are the new coal miners, preparing the data ready for use in new applications which are only now emerging.

This is the next stage of the digital revolution. It includes VR/AR and the internet of things. Everything will change. Things that were impossible will become possible.

Things that will change

Among the things that will change are:

  • Education is on the brink of changes, and it will make the way that we were educated so divergent from the modern world. Technologies such as VR and AR will drive change in the place and nature of education and the role of educators are shifting from chalk and talk to technology and facilitation of discovery.
  • Science and Engineering will bring us new technologies such as quantum computing and CRISPR-Cas9 genome editing technology that will revolutionise everyday life.
  • Medicine is at the start of a new world of genomic medicine powered by data, AI and machine learning.
  • Home life with intelligent devices like Google Home and Alexa are reshaping how we manage our homes.
  • Autonomous vehicles are becoming a reality faster than I had imagined a few years back.
  • Jobs will change – some jobs will go, for example truck drivers, and new jobs will emerge as things like autonomous vehicles become the norm.

All of this is powered by data and enabled by the internet of things.

The people who are educated in data will be well placed in this new economy. Data science and cybersecurity grads will be well placed, and we are already seeing this in the graduate outcomes.

Challenges

We still face big challenges with things such as privacy and identity management. There is still no one ring to rule all in identity. The threats to privacy and data security are increasing. With biometric data being stored by companies in the cloud, our identities with our unchangeable features such as voice and finger prints, are now more at risk than ever.

Also, we face threats such as the increasing corporatisation and creation of proprietary goods from our data. As folks say if you’re not paying then you are the product.

And this means that old fashioned things like ethics will become increasingly important in both education and in business.

I’m particularly (and increasingly) interested in digital ethics. I think that we will need to develop customary practices that embed ethics into software development. Ideas like privacy by design and security by design will need to become commonplace.

There are huge opportunities offered by this new industrial revolution. There will be winner and losers. And the higher education sector has an important role in both inventing this future and in preparing young people to be a part of it. It is certainly an interesting time to be alive.

Thank you.

Image: By DARPA (Defense Advanced Research Projects Agency (DARPA)) [Public domain], via Wikimedia Commons

Data For Public Good

On By Kate CarruthersIn ideas

I’ve been meaning to share this discussion for ages: from the Constellation Research Conference last year on Data For Public Good.

Data data data everywhere but what to do with the deluge?

It was a wideranging discussion about how to extract the signal from the noise and ponder how data can be used for the public good. The panel discussed the power of data for health care, public sector, education, and society, and how organistions can tap in to the power of data and do good. It is clear that there is no guarantee that data will do good without our help.

Moderator: Doug Henschen
Chief Data Officer at UNSW Australia: Kate Carruthers
Director at NDSSL, Biocomplexity Institute of Virginia Tech: Madhav Marathe
Principal Digital Architect, ASRC/Federal Communications Commission: Andrew Nebus

Executive Exchange – Data For Public Good from Constellation Research on Vimeo.

Some thoughts on digital and data Ethics

On By Kate CarruthersIn ideas

‘We ask ethical questions whenever we think about how we should act. Being ethical is a part of what defines us as human beings.’
The Ethics Centre, Sydney

Humans have been thinking about the moral principles that govern our behaviour or the way in which we conduct ourselves for aeons. We are moving at lightspeed towards a new and exciting future that is built on algorithms, data, and digital technologies. Ethics is an area of increasing importance since we are barreling forward with the proliferation of data through digital and IoT and there seems to be little opportunity to slow things down.

I’ve been thinking about digital and data ethics since I joined Steve WilsonDavid BrayJohn Taschek, and R “Ray” Wang  on a Digital Ethics for the Future panel with in 2016.

5 propositions about data

  1. Data is not neutral – that is all data is subject to bias
  2. There is no such thing as raw data – that is, by the simple mechanism of selecting data, you have exercised judgment as to which data to include or exclude
  3. The signal to noise ratio has changed – we now have so much data that there is more noise than signal and it gets difficult to ascertain what is the signal
  4. Data is not inherently smart – it is our interpretation of data that adds value
  5. The more data we have the less anonymity – thus it becomes increasingly difficult to avoid identification

Why this is important

There have been numerous examples of data breaches for example the Australian Red Cross and the nation of Sweden. Every data breach is the result of some defect in the design, development or deployment of the technology. These breaches could be prevented by means of including some ethical frameworks into the design, build and deployment phases.

By the way, the World’s Biggest Data Breaches visualisation tool provides an excellent and mesmerising way to explore data breaches.

It is also interesting to recall the ease with which Microsoft’s Tay Twitter bot was trained to become rather nasty very quickly. Thus demonstrating the need to be sure of the training data one uses and to ponder the potential consequences of design and deployment decisions:  Twitter taught Microsoft’s AI chatbot to be a racist asshole in less than a day.

microsoft_tai-1024x575

And there is the recent example of bathroom soap dispensers having been designed to recognise white hands not coloured ones. This is obvious bias from the design and development team, and  an example of why diversity in teams is critical. The fact the average developer is white male means that it is likely that every design has as its default setting as a white male.

The issues of bias – both unconscious and conscious – are enormous.

Data is increasing at a vast rate, as demonstrated by this chart from the IDC Data Age 2025 study, and this means that we need to develop ethical frameworks to support the acquisition, management and analysis of large datasets .

Some existing approaches

Universities have a long history in managing ethics, but even they are struggling with the implications of the complex data sets and algorithms that they are dealing with.

Over the years the ICT industry has developed a number of codes of ethics and codes for professional practice, yet many developers and data scientists are mostly unaware of these. Some examples of these codes of practice include:

But realistically, if developers have not even heard of these codes then how can they possibly influence the design of solutions that avoid bias and other ethical issues?

Some newer approaches

“Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.’

Bruce Schneier

There are the beginnings of some new approaches, such as the Accenture: 12 guidelines for developing data ethics codes. And recent initiatives such as the OWASP Security by Design Principles and the Privacy by Design might well provide a good starting point for thinking about how we can embed good practice into the design and building of data sets and algorithms.

There is some good discussion of these issues  in  Floridi, Taddeo What is Data Ethics? (2016), and as they note, we need to examine ethics in terms of the following categories:

  • data – including how we generate, record and share data, including issues of consent and unintended uses of the data
  • algorithms – how we interpret data via artificial intelligence, machine learning and robots
  • practices – devising responsible innovation and professional codes to guide this emerging science

There have been developments in the area of community based approaches to improving digital and data ethics, chiefly in the area of machine learning and AI. Here are some examples of groups working in this area:

Some new ways to think about digital and data ethics

‘Complexity is a defining feature of the digital era, and we are not adjusting our governance structures to manage it.’

Kent Aitken, Prime Ministers Fellow, Public Policy Forum Canada, 2017

We need to be clear that technology has no ethics. It is people who demonstrate ethics. And technology inherits the biases of its makers.   We need to develop ethical frameworks and governance practices that enable us to develop solutions that are better from an ethical perspective.

I believe that if we start from the principles of Privacy by Design and Security by Design that we have a fairly firm practical basis for the future.

One thing is certain at an institutional level, information security , privacy and data governance will need more work to form a solid foundation to enable better data ethics.

References

Data governance and cybersecurity

On By Kate CarruthersIn ideas

The connection between data governance and cybersecurity might not be immediately apparent. But if one considers the ‘5 knows of cyber’, it becomes obvious that cybersecurity is all about data, and data is all about information, and we want information to be secure.

I use the ‘5 knows’ as the foundation of our data governance framework, because it really helps people to understand why data governance is important and how it can help them. And if people can understand the why then they can move towards controlling their data more effectively. And once we move towards managing our data then we can start to manage information.

Cybersecurity is very much a team sport, it is a collaboration between teams – Data & Information Governance, Cybersecurity, Risk Management, IT Operations, and the business units. There is no way any single group can manage security, especially with the emerging threat landscape.

But the fundamentals of data governance are an essential starting point for the collaboration:

  • policies, standards, procedures and guidelines for data governance
  • governance groups to coordinate activities
  • data classification
  • data handling guidelines
  • system classification
  • an information security management system