I just attended a session with Jay Heiser and Tom Scholtz at the Gartner Information Security Summitcalled “Don’t be a Dr. No: A Framework for Positive InformationSecurity Management”.  The premise of the title, and session, is thatinformation and secutiy management often develop a reputaton forrestricting and discouraging activities for risk considerations thattheir colleagues just don’t understand.  I admit that I have been a“Dr. No” from time to time in the past; I try to use the “no” cardsparingly, and only when I really mean it.

One of the important positive actions that the speakers stressed wasto use risk/data ownership as a communication tool – the premise beingthat when people assume ownership they tend to accept less risk.  As ahumourous anecdote, Tom Scholtz told a story about how a business unitdownloaded ownership a particular application to the IT department. The IT department thought there was too much risk associated with theapplication, so they drafted plans to elimnate it; naturally, when thebusiness unit got wind of this they accepted ownership and worked withIT to make positive changes.

This novel tale is just like saying “no”, but in a much moreconvoluted/devious way.  Of course, Heiser and Scholtz didn’t advocatethis as a viable strategy; yet, when the audience heard the story,everyone gave that sort of chuckle that says “that’s so riduculous, but…”

If you are at the end of your rope (and aren’t afraid of gettingfired) maybe this is an “ace in the hole” that you might like to try.

Dave Morgan, Director of Privacy Research at Camouflage Software Inc.
Guest blogger for ComputerWorld Canada at Gartner Information Security Summit 2009
Regular blogger for Cogitatio Privatim by Camouflage

Related Download
CanadianCIO Census 2016 Mapping Out the Innovation Agenda Sponsor: Cogeco Peer 1
CanadianCIO Census 2016 Mapping Out the Innovation Agenda
The CanadianCIO 2016 census will help you answer those questions and more. Based on detailed survey results from more than 100 senior technology leaders, the new report offers insights on issues ranging from stature and spend to challenges and the opportunities ahead.
Register Now