April 30, 2015

April 10, 2015

Please reload

Recent Posts

I'm busy working on my blog posts. Watch this space!

Please reload

Featured Posts

Magnificent 7: CISO must have management tools

January 24, 2010

Working for and with many CISO's I've had the benefit of learning many approaches to manage teams and programs. In 2009 I started to formalize the most effective practices. A question I continue to struggle with is why doesn't everyone manage their program proactively? The reasons vary and most are legitimate e.g. culture, resources, expertise. At the end of the day all these practices are discretionary. Companies can operate for years without investing in program management. As someone who's worked too many hours with too few resources, I definitely emphasize. My commitment is to reduce the time and effort to improve by sharing how I and others manage programs, so the return is obvious to CISO's, executives, and staff.


Over the years the number of management practices remains at seven: Security Strategy, Balanced Scorecard, Security Risk Prioritization, Service Catalog, Role Definitions, Resource Allocation, and finally, Operational Scorecard.


I'll spread the details across 7 posts sprinkled in with other newsworthy items. I'm excited to share how I've used them and seen them used in my travels. I'll also share which can benefit by evolving into software for efficiency and consistency.  I'll also emphasize the standardization and usability that software offers aren't the key success factors - you are. There's lots to write on this topic and here's a preview: the faster we standardize security management deliverables and processes, the faster you can spend more time on your unique technical and political realities.


My guess is almost every CISO and experienced consultant has templates and versions of these tools lying around in excel and powerpoint. I hope we all continue to share and improve.


Links to the other Magnificent 7 posts. 


Magnificent 7 - 1/7 Security Strategy

Magnificent 7 - 2/7 Balanced Scorecard

Magnificent 7 - 3/7 Risk and Investment Prioritization 

Magnificent 7 - 4/7 Security Service Catalog

Magnificent 7 - 5/7 Know Your Role (RACI) 

Magnificent 7 - 6/7 Capacity Management 

Magnificent 7 - 7/7 Metrics and Scorecards

Share on Facebook
Share on Twitter
Please reload

Follow Us

I'm busy working on my blog posts. Watch this space!

Please reload

Search By Tags