Greg Scott

Greg Scott

About Greg Scott

Greg is TransAccel's Practice Lead in Operational Effectiveness, specializing in process design and engineering, and program, project, and portfolio management. ITIL v3 and Project Management Professional (PMP) certified and cyber security expertise validated by obtaining his Certified Information Systems Security Processional (CISSP) certification, Greg has 25 years' experience ensuring clients' capacity to derive the most value from their operations. Greg has a degree in Applied Computer Science and an MBA in Information Systems Management from St. Joseph's University.

Are you too focused on the technical aspects of cyber security?

By |April 23rd, 2015|Categories: Security Awareness|Tags: , , , , |Comments Off on Are you too focused on the technical aspects of cyber security?

When someone mentions information security, invariably thoughts go to technical aspects such as firewalls, routers, wireless access points and how to set those devices up—or to physical aspects such as locks, security guards and fences. These are the technical and physical controls that usually comprise our understanding of how to achieve the best level of security possible. But controls for information security fall into three main categories: the physical and technical—which we’ve already described—and the administrative, which often receives short shrift. Why?

My guess is that administrative controls are considered “soft,” focusing on management and training, and it’s pretty enticing to think that technical controls and physical controls will suffice for cyber security defense. Not a good idea, says Art Gilliland, senior vice president and general manager for Hewlett-Packard’s software enterprise security products in a recent issue of Computer World.

“…businesses and government agencies often focus on the next “silver bullet” product, unaware that most cybersecurity problems stem from flawed procedures and human error…invest in your people and process.”

In the broader world of business, success depends on the correct balance of the three main pillars: people, process, and technology. Within information security, are we creating a three-legged stool with one leg (technology) longer than the others? That can’t be good. Technology is an important piece of your arsenal, but insufficient by itself. Having sound policies, defining clear role-based processes and procedures, and providing communications and training for key stakeholders (which may include every employee) will create balance for the three-legged stool of information security. Policies and processes might sound like management overhead, but any organization desiring to provide consistent goods and services must have consistently applied policies and processes—i.e., CMMI, but that’s a topic for another
[ Read More ]

Is Your Head in the Cyber Security Sand?

By |April 9th, 2015|Categories: security|Tags: , , , , , , |Comments Off on Is Your Head in the Cyber Security Sand?

“We started as a relatively small company. Through success and internal growth along with some acquisitions, we are now a medium- sized company using the same policies and processes as when we first started.”

Does this sound familiar?

If so, take solace in knowing that you are not alone, but things have to change. For many companies, growth has outpaced their policies and processes, which can be a risky situation, especially in cyber security.

In information security, due care means “acting responsibly and doing the right things.” While information security is a very complex field, there are certain basic building blocks that must be in place for every company.

Ask yourself:

Do you know your company’s most important assets, where they are located, and how they are protected?
Do your employees understand their role in information security?
Do you understand the major vulnerabilities within your company?
Do you know the major threats and threat agents to your company / industry?
Do you know how your company would respond in the event of a cyber attack?
When the topic of cyber security comes up, most people think about firewalls, intrusion protection/detection systems, and other technical solutions. While these are inevitably part of the solution space, if you are hesitant or unsure of the answers to any of the questions listed above, you could be negligent in providing “due care” for your company.

You probably understand the things that need to be done to make your company secure from an information perspective. Nevertheless, not taking action—even by doing something as small as raising the issue with your leadership—can be construed as not “acting responsibly.” Knowing what to do and actually doing it are two completely different things. There will always be the “hot,” critical project that needs
[ Read More ]

Cutting Your Project Portfolio Down to Size

By |July 10th, 2014|Categories: Planning|Tags: , , , , , , |Comments Off on Cutting Your Project Portfolio Down to Size

That big project portfolio of yours is your biggest headache. It’s true. If you are like most companies, your portfolio has grown to an unwieldy size, which means you have way too many projects competing for the same resources. Here’s what to do.

First, inventory ALL projects and activities that require any kind of IT resources, making sure to include non-obvious ones like SMEs and user training time. According to Gartner, 60% of IT’s budget is spent on operational, “keep the light on” activities, so it is important that these are included to ensure correct allocation of project resources. Projects that pull resources from core operations can create business risk.

Second, decide who will comprise a governance committee, i.e., who will make decisions concerning the portfolio. This should be a mix of IT and business leaders with the authority to make decisions for the organization. The governance committee will determine which projects should continue, which should be delayed, and which should be terminated. These decisions will be made based on determining which projects have the potential to create the most value for the company. Each project in the portfolio should align with business goals and be ranked on the strength of its business case outlining benefits, costs and risk. Keep this simple, but also be on the lookout for project interdependencies. You certainly don’t want a critical project bungled because it relied on deliverables from another project that was killed or delayed.

The importance of strong governance in the portfolio process cannot be overstated. Projects that are nice but not essential drain away resources that could be used more productively. Focus on cutting unnecessary demand and don’t start new projects until you know for certain that
[ Read More ]

Terminate the time guzzler: Inefficient meetings

By |November 15th, 2011|Categories: time|Tags: , , , , , |Comments Off on Terminate the time guzzler: Inefficient meetings

Are you a big fan of impromptu meetings via Skype, Instant Messaging or other technology? These meetings seem to be laser focused because the meeting originator contacts you for a specific reason and has some targeted questions already at hand. Therefore, your ad hoc meeting has a clear-cut purpose, and resolution and closure is fast and painless.

So, how do you take this paradigm and apply it to the biggest time guzzler in most people’s day—the inefficient meeting?

Here’s how. Every meeting should have an agenda and specific objectives. This information should be communicated to participants well in advance so they arrive prepared. Your meeting should also be run by a facilitator who brings well-formed questions to the table; these are considered time-management “gold.” Every item on your agenda should have specific, corresponding questions that are used to elicit information and move you on to the next item. For example, if your project has the agenda item Risk Planning, some questions might include:

An interesting thing occurs when the objectives and agenda are clear, the participants come prepared, and the facilitator keeps the discussion reined-in through the use of thoughtful questions: meeting objectives are met and meetings are adjourned on-time or early. Participants think, Wow! We finished everything on the agenda and I’ve even got some spare time to put back into my day…I love it. As the meeting owner or facilitator, you might even find participants actually look forward to your meetings as the most productive time of their workday. How cool is that?

– See more at: http://www.transaccelgroup.com/blog/2011/11/15/terminate-the-time-guzzler-inefficient-meetings-2/#sthash.A0bkSWDv.dpuf

Mark that project APPROVED…

By |October 17th, 2011|Categories: Planning|Tags: , , , , , , , , |Comments Off on Mark that project APPROVED…

Today, every company is pursuing more projects than it can successfully handle, and that puts your project at risk of not getting the approval it needs to move forward. So, what can you do to make sure that a governance committee review doesn’t leave you and your project on the outside looking-in? Follow these steps to give your project an advantage over other projects in the queue for review.

 

Understand and communicate the business case for your project.
This starts with understanding the business strategy and business drivers that prompted your project in the first place. If you don’t understand what the business is trying to accomplish, you have very little chance of your project hitting the mark.Once the business strategy and drivers are clear, identify very specifically—and quantitatively where possible—exactly how your project will provide benefit relative to the business drivers and business strategy.

Work with key people in the business area to develop and review the business case to ensure that it is sound and strong.

Creating a solid, strong business case is the most important factor in not only getting the project approved, but also in ensuring that the project team clearly understands what is to be accomplished, why, and how it will help the business.
Identify resourcing needs by role.
Resources, especially people, are always in high demand, and you need to be very clear about the resources that your project will require (people, facilities, equipment, etc.). Clearly identify your resource needs by being specific. Assuming that your request for two technical analysts you will get you what you actually need might be a mistake. Having the right skills, expertise and individuals detailed on a project can greatly improve the probability of project success.
Identify project interdependencies.
As
[ Read More ]