6 Secrets of Highly Secure Organizations

A recent article in CSO Magazine (Vol. 1, No: 2 2004, p. 21 ff.) noted the 6 Secrets of Highly Secure Organizations. These organizations:

1) spend more on security

2) separate information security from IT

3) conduct pen tests

4) create a risk assessment process

5) define an overall security architecture

6) establish quarterly review process with metrics

These are all fairly obvious things to do. The real question is why not many organizations are actually doing this. Mostly, I suspect, because this is seen as a cost and not as an investment. Until security is seen as a positive benefit to the organization rather than as an overhead obtaining budget and management support will continue to be difficult. The benefit equation will become easier to articulate as losses from security gaps focus management attention on security issues.

Brushes with Fame

Sometimes through life you run into famous people – we call these ‘brushes with fame’ in my family. Recently I was reminiscing with friends about two brushes with fame that related to well-known international politicians.

Many years ago – in the mid 1990’s – in Sydney Australia I met George Bush Snr at a function. Funnily enough Mr Bush stopped to chat with me (much to the concern of the security folk) during a circuit of the room. We chatted for about five minutes about how he was enjoying his trip, nothing of any consequence was discussed. But one thing I do recall is that he seemed like a really nice guy who seemed to take a genuine pleasure in meeting people. You can see how this would have come in handy in his old job.
Then not long after that, at another function, I met Margaret Thatcher – nowadays Baroness Thatcher – at another function. While Lady Thatcher was very polite and chatted with me for a few minutes it was hard to see how anyone had ever warmed to her on casual acquaintance. She did not seem the type to be comfortable just chatting with anyone, and she gave off a more intense vibe than Mr Bush.

I now wonder if the different levels of warmth I experienced from each of these politicians was the result of a cultural difference between the US and UK?

More on Bullies @ work

Recently I posted on bullies @ work & made some fairly harsh comments about a colleague who had been doing this sort of thing often and openly. The other day I actually had some time to talk with this person and discovered that they had been going through a very difficult time at work. It seems that the behaviour I was seeing was a reflection of the behaviour that was being displayed by this person’s own superior. Also the other day I was under a lot of pressure from senior management and was very snappy with a few of my own team members. This really got me thinking that bullying is not just an incident – it is really a culture.

The nature of bullying is that it is tied to the power relations of a workplace. These are still essentially hierarchical (in spite of what organisational management theorists would have use believe). Further, the threat of job loss or downsizing means many people operate in a fearful way. All of this goes towards making bullying almost inevitable.

What can people do about this? How can people low down on the food chain make it stop? I do not have the answer, but many folk I know are going out on their own to escape. It is definitely one response. But those of us in management positions have to ask ourselves do we want to leave the world of work just as dysfunctional when we leave it as when we arrived?