Facebook Twitter Linkedin
 

Blog

Archive for tag: CMMI

Blog fusion - CMMI brought to light

We've finally integrated our CMMI dedicated blog with this one.
All older posts have been migrated and we'll continue debating CMMI subjects of interest here.
Stay tuned for updates, news and articles!

IT Security and The Great Wall of China Lesson



The Great Wall of China , one of he world architecture wonders, built, rebuilt and maintained between the 5th century BC and the 16th century to protect the northern borders of the Chinese Empire became useless in a single day when one man who disliked his Emperor opened the gates.
We are now in a different world but the Chinese Wall Lesson is more than ever to be considered, especially in IT systems protection.

Whatever the security tools you use, from already classic antivirus programs to sophisticated devices and software which would make Orwell's Big Brother pale with envy, beware !
The whole security edifice could collapse due to one person.

This person doesn't necessarily have to hate the boss but stupidly, unaware of all the perils of the great Internet could fall victim to an ingenious www terrorist.

Whatever the reason of the "treason", tools are not enough to prevent the failure of your security system.
I won't discuss how to prevent the potential harm due to hate, greed, sheer stupidity etc.
This is thousand years history and we still have a lot to learn.

So I'll presume that everybody in the company has good intentions, loves the job and the related benefits and fears the consequences of some inadequate action.

An approach based on best practices, politics, procedures (updated and disseminated rapidly in the whole organization) is a must. People should be trained to understand them and apply them on a daily basis. Processes related to security should be defined, implemented and monitored.

More than that, you need a collaborative platform with a functionality that will offer some important benefits:
- ensures that everybody stays informed and nobody can complain that one was not informed
- all politics, processes, procedures and instructions that implement all company's best practices (including security related) are up-to-date and are visible to everybody anytime (in a normal day business or in a crisis situation).
- bad news and good news are rapidly spread
- tools for risk management, of course
- easy access to an efficient internal helpdesk which will prevent small incidents becoming disasters
- tools for monitoring of planned events. Don't forget that moving a company or replacing a server or upgrading software can cost more than a fire or a flood if not properly dealt with.
- easy two way communication. Management should be able to communicate rapidly all decisions related to security. The humblest person in the company should be able to communicate all others issues or ideas.
- a Business Continuity plan, procedures and tools to monitor crisis situations.

Such a collaborative software will surely change the culture of the organization.
Sharing essential information is as vital as the technical infrastructure.
As some gurus of the Management systems say: "knowledge is power" should be replaced by "shared knowledge is power".
Emilia Dragne

Intertek ISO 9001:2008CMMI Level 2ISO  9001/2008 Dun & Bradstreet