The business of security
By Mitch Betts, Computerworld (US)
We secure information systems because the business would be brought to its
knees if we didnt protect trade secrets, vital corporate networks and
sensitive data. Yet the business would also be brought to its knees if we spent
every last dime in the treasury on security. Yes, its possible to overspend on
security. The trick is to figure out how to reach what ex-CIO Doug Lewis calls
"the prudent zone" of security investment.
Increasingly, IT leaders are using a risk-based model that directs security
spending to the places where a breach would cause the most damage to the
business. Companies such as Textron and Standard Chartered Bank are already
headed down this road, using metrics to prioritize security risks and allocate
resources to mitigate them more efficiently. Some companies also use a
dashboard to keep an eye on all of those security metrics from a single central
console. Some of the companies classify data at different security levels much
like intelligence agencies do so they can match the security effort to the
This new model is replacing "gut feel" decisions with equations like Risk = P x
L, where P is the probability of an event that will cause a financial loss of
L. Its a far cry from installing a firewall. But a business-driven,
cost-benefit approach to security investments is something the chief financial
officer, CEO and board of directors can embrace, which may be the most
important benefit of all.
The competitive advantage
By Michael Friedenberg, CIO (US)
On July 11, 2005, Hewlett-Packard Co. announced with great fanfare that former
Dell CIO Randy Mott would be joining the company. This was one of HP CEO Mark
Hurds first significant hires, and it deserved the applause it received.
However, what went conspicuously underreported was the identity of Motts
successor, Susan Sheskey. Dell does more than US$54 billion in sales but this
past year saw its stock price fall from $42 a share to $29. In todays times,
change is a fact of business life. Yet what has not changed is that Dells
competitive advantage is closely tied to its ability to execute on technology.
And with Sheskey in the CIO post, Dell is still executing. As weve frequently
noted in CIO, succession planning is critical to business success, and never
more so than when markets are volatile. At this point, it seems that Mott lived
up to his succession-planning responsibilities. Having had the opportunity to
meet with Sheskey recently, its clear to me that her business technology floor
plan for Dell is to push the boundaries of innovation. Sheskey discussed her
goals for Dell, and I think theyre relevant for every CIO who is leading the
charge for innovation: n Create an IT environment that can differentiate your
specific customer interactions; n Make your IT architecture a model of
excellence that your customers can learn from; n Have your IT organization
become a destination of choice for IT professionals. Spend enough time inside
Dell and youll hear the mantra "Discipline to Delivery," which describes the
companys desire to move from strategy to process to execution at the speed of
light. Creating an environment where one can achieve business leadership,
technology leadership and career development enables one not only to chant this
mantra but to live it. Sheskey and her team are on their way to generating
their own press clippings.
Shark Tank: Progress!
By Sharky, Computerworld (US online)
Senior sysadmin pilot fish fields a problem from the sysadmin at a remote site:
The server wont boot. "He said it starts to boot and goes into an extended
self test, reboots and goes into the extended self test again, and so on," says
fish. "Thats all hed say."
So off goes fish, armed with a full set of install disks and some blanks for
backups, just in case.
Fortunately, diagnosing the problem is the easy part. "When I got there, I
found hed moved most of the servers system files to his workstation," fish
says. "And he wondered why it wouldnt boot, without a working OS!
"I had to reformat the hard disk and reinstall from scratch to get the server
working. Then nothing else on the network would talk to the server. In the end,
I rebuilt the two print servers and the communications server and the six
workstations on the network.
"Then I asked him where the backups were. He went white and started sweating.
"I said, you know, the incremental backup you do every day, and the full one
once a month. Er, no.
"I found a 4-month-old box of backup disks and restored from that. Fortunately,
the users knew he didnt do backups and kept their own on floppies.
"But he did do backups after that."
The business of security By Mitch Betts, Computerworld (US) We secure information systems because the business would be brou...
autor Patrik Khudhur | Archiv |
The business of security