Tech does not fix process

Published: August 24th, 2009

This week’s resource selections looks at resiliency, security education and awareness, risk management, and “process”.

Each subject is critical in implementing an effective information security program!

How are your efforts going?

Finally, I’d be very interested in hearing what your information priorities are, please drop me a note at

Have another great week.

Dan Swanson

Making information security everybody’s business!Continuous security awareness programs are very beneficial – Information security is a vital element of corporate and IT governance and risk management. Secure organizations confidently pursue new business opportunities that would be too risky for their insecure peers. Simply put, good security is good business.

CERT Resiliency Management Model Being ReleasedCERT has begun releasing individual process areas of the CERT Resiliency Management Model, version1.0, a capability model for operational resiliency management.

Improving Corporate Risk Management!Has your organization completed a comprehensive review of its corporate risk management practices lately? Richard Anderson new study regarding leading practices to adopt would be a great place to start.

Extensible Business Reporting Language (XBRL) (2009)Filing financial statements in XBRL format has become a regulatory mandate for many companies across the globe. Management and internal auditors should understand the value it brings throughout the entire compliance and reporting process — from the initial transaction at the business-unit level, to the release of the group financial statements or management report.

Summer issue of MIT Sloan Management ReviewMIT Sloan Management Review aims to be the most trusted source of useful and innovative ideas for business leaders, in print and online.

Technology does not fix processPeople are drawn to IT by a fascination with complex technology. This is most unfortunate because this fascination blinds so many of us to the importance of the People/Process/Product trilogy. Change and Configuration Management are processes. If the process is working, they collect and maintain good configuration data (in a repository that you can call a CMDB if you insist). If the process is broken technology is not going to fix it. Bang your head hard against the desk while repeating five times “technology is not going to fix it”.

Would you recommend this article?

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Download
Moving to the Cloud: Beyond the Myths Sponsor: Carbon60
Moving to the Cloud: Beyond the Myths
Get on the road to cloud success by moving past the myths around it.
Register Now