Tech does not fix process

This week’s resource selections looks at resiliency, security education and awareness, risk management, and “process”.

Each subject is critical in implementing an effective information security program!

How are your efforts going?

Finally, I’d be very interested in hearing what your information priorities are, please drop me a note at [email protected]

Have another great week.

Dan Swanson

Making information security everybody’s business!Continuous security awareness programs are very beneficial – Information security is a vital element of corporate and IT governance and risk management. Secure organizations confidently pursue new business opportunities that would be too risky for their insecure peers. Simply put, good security is good business.

CERT Resiliency Management Model Being ReleasedCERT has begun releasing individual process areas of the CERT Resiliency Management Model, version1.0, a capability model for operational resiliency management.

Improving Corporate Risk Management!Has your organization completed a comprehensive review of its corporate risk management practices lately? Richard Anderson new study regarding leading practices to adopt would be a great place to start.

Extensible Business Reporting Language (XBRL) (2009)Filing financial statements in XBRL format has become a regulatory mandate for many companies across the globe. Management and internal auditors should understand the value it brings throughout the entire compliance and reporting process — from the initial transaction at the business-unit level, to the release of the group financial statements or management report.

Summer issue of MIT Sloan Management ReviewMIT Sloan Management Review aims to be the most trusted source of useful and innovative ideas for business leaders, in print and online.

Technology does not fix processPeople are drawn to IT by a fascination with complex technology. This is most unfortunate because this fascination blinds so many of us to the importance of the People/Process/Product trilogy. Change and Configuration Management are processes. If the process is working, they collect and maintain good configuration data (in a repository that you can call a CMDB if you insist). If the process is broken technology is not going to fix it. Bang your head hard against the desk while repeating five times “technology is not going to fix it”.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight