Unclear on the Terminology
Over the week end I was looking at a bunch of newsletters that have something to do with security, compliance, governance, etc. Several of them had subject lines that seemed to be right up my alley. When I looked at the detail however, I found that a lot of them had nothing to do with what I was looking for.
At first I thought this was simply poor content in the subject lines. But then I realized this has more to do with the fact that these words have so many different applications. It’s not really the fault of the vendors sponsoring the emails as much as it’s a statement about their respective industries.
For example, “Compliance” can mean a number of different things. If the email comes from CFO Magazine, it is likely discussing some sort of government requirement for financial reporting. If the email comes from Cisco, the topic might be about network security. And if the email comes from Teamstudio, it might be talking about good practices for developing and managing Notes applications.
These perspectives reminded me of the complex job you all have with regard to IT governance. Not only is this a difficult topic in its own right, but organizational structures compound the complexity. Even within the IT organization, the Network Operations Center (NOC), the Security Operations Center (SOC) and the audit groups are all responsible for managing security threats, keeping up with existing and new regulations, and ensuring all reporting mandates are met.
Complicating all this is the fact that if your company has all of these groups (or more), they probably operate in their own silo. Frequently, this means that they don’t discuss common threats with one another, they implement independent solutions to address their specific issues, and they don’t necessarily know what the other groups are doing. This seems to be an excellent recipe for disaster. Well maybe not a disaster, but problems for sure.
So how do you deal with these issues? Do you deal with each group independently tying it all together on your own? Is there some sort of centralized clearing house for all things compliance? Do you look for the nearest pile of soft sand and bury your head? Seriously, how do you deal with this? At the end of the day, failure to comply will likely come back to you.
At first I thought this was simply poor content in the subject lines. But then I realized this has more to do with the fact that these words have so many different applications. It’s not really the fault of the vendors sponsoring the emails as much as it’s a statement about their respective industries.
For example, “Compliance” can mean a number of different things. If the email comes from CFO Magazine, it is likely discussing some sort of government requirement for financial reporting. If the email comes from Cisco, the topic might be about network security. And if the email comes from Teamstudio, it might be talking about good practices for developing and managing Notes applications.
These perspectives reminded me of the complex job you all have with regard to IT governance. Not only is this a difficult topic in its own right, but organizational structures compound the complexity. Even within the IT organization, the Network Operations Center (NOC), the Security Operations Center (SOC) and the audit groups are all responsible for managing security threats, keeping up with existing and new regulations, and ensuring all reporting mandates are met.
Complicating all this is the fact that if your company has all of these groups (or more), they probably operate in their own silo. Frequently, this means that they don’t discuss common threats with one another, they implement independent solutions to address their specific issues, and they don’t necessarily know what the other groups are doing. This seems to be an excellent recipe for disaster. Well maybe not a disaster, but problems for sure.
So how do you deal with these issues? Do you deal with each group independently tying it all together on your own? Is there some sort of centralized clearing house for all things compliance? Do you look for the nearest pile of soft sand and bury your head? Seriously, how do you deal with this? At the end of the day, failure to comply will likely come back to you.
Category Best Practices
| Permalink |
|
|
|
|
|
