Protecting your digital assets is very much like looking at the whole board. A proper defense is not just one thing, but comprises a systematic construct of what you know (past events, known best practices, proven strategies), what measures you plan on putting in place, and the anticipation of what your adversaries might try to do.  This would be augmented by an endless cascade of if/then planning and dry runs to prepare for an attack.

A security program should not be static but a living, breathing thing that is ever-changing based upon the observations you make and information you gather. It is a series of defenses and actions premised on what your opponent is doing to others, and perhaps will do to you. For this reason, technology alone won’t guarantee success. While best practices around firewalls, protection systems, network configurations, passwords and processes is essential, people—as in ALL the people in your company—need to play a vital role. This cannot be understated. While it’s true that people often cause cybersecurity risks and outright breaches through negligence or idle curiosity or ignorance, they can also be educated to help identify and stop bad behavior. That said, an annual security “training” program alone won’t do this. A continuous communication campaign that engages the employees and gives them a forum where they can ask questions and learn how to better protect their personal digital world will pay a nice security dividend. If you can show them how their efforts as an integrated part of your security team have paid off, you will have built a security function that isn’t static but considers the changing world. By using your company’s staff as part of your security program, you are now looking at the whole board!

– See more at: http://www.transaccelgroup.com/blog/2015/05/07/what-would-bobby-fischer-do-taking-a-cybersecurity-lesson-from-a-chess-master/#sthash.1u1vHupb.dpuf

Despite anyone’s best efforts, IT customers will always have questions or need something, and IT systems will always run into issues. As an IT organization grows, there comes a time when the volume of calls for help becomes large enough to necessitate establishing a formal help desk with the goal of simply answering customer inquiries to prevent them from calling technical resources directly. In this environment, help desk analysts often take on heroic proportions merely by answering complaints and fixing IT things that break.

But there are a few troubling aspects to this.

1. Based upon the kinds of repetitive calls the analysts field, they develop a “tribal” knowledge that lives only in their heads of how to satisfy the needs of the customer.
2. One analyst’s “solution” might be different from another’s.
3. The “solution” might not ultimately be the correct one or follow the proper process.

The result is little to no standardization or documentation because every analyst is focused on, and praised for, being a hero.

The superhero help desk scenario would probably land the IT organization somewhere below a level 1.5 on TransAccel Group’s Maturity Model. While this kind of hero-driven help desk might seem effective in the short term, it can’t possibly scale to meet the challenges of increased business demand, more complexity or greater economic pressures (costs). In order to meet those challenges, a help desk needs to transform itself into a service desk and banish the hero mentality!

Transforming from operating as a help desk to a service desk means shifting from being individual-centric and ad hoc to business-centric and strategic; from relying upon tribal knowledge to leveraging a knowledge-base of standard solutions; from being a self-made jack-of-all-trades to being a professional who knows how to get issues resolved; and from minimizing customer “noise” to measuring customer satisfaction.

While it sounds like common sense, it will take discipline and rigor to implement. The discipline comes in the form of program and project management, and the rigor in the form of a standards-based framework (we recommend ITIL) coupled with an ongoing measurement and analytics function. Once implemented, your service desk analysts will have tools at their disposal in the form of checklists, decision trees, and a comprehensive knowledge base to ensure that either a customer’s question is answered or the issue is routed to the proper person to resolve. Once the transformation is complete, IT maturity will move closer to level 2.5.

If you haven’t already guessed it, the animator was Walt Disney and the film was Snow White and the Seven Dwarfs. It earned over $7 million in its first run, paving the way for Walt Disney Company to deliver other astonishing firsts.

In terms of project success measures, the project was abysmal. Disney blew the schedule, budget and scope, but for understandable reasons:

• No metrics: Since a feature-length cartoon had never been made before, there was no historical data to rely upon.
• Little understanding of risks: Without data, risks could only be guessed at based on the experience of past successes and failures making shorts, not full-length features.
• High margin of error in the estimate: With such a lack of empirical data, it was easy to miscalculate the time and budget required for the effort.

Nevertheless, in terms of sponsorship, the project was wildly successful. Here’s why:

• Clear vision: Disney knew what he wanted, unwaveringly stayed the course, and worked hard to achieve his vision.
• Understanding of the customer: He knew what his customers liked and set out to expand his brand to appeal to adults as well as children.
• Decision-making ability: Without a board of directors to rely on, it came down to Disney to make the hard decisions vis-à-vis the risks and reward of the project.

This imbalance of strong sponsorship on the one hand, and an insufficient project management process on the other, is fairly common for companies at the 1.2 to 1.7 maturity level. This is a people-centric model centered on passionate individuals, but it doesn’t scale when four or five projects are being pursued in tandem. Assuming everyone at a company doesn’t have the passion or vision to drive his project à la Mr. Disney, it becomes essential to install and implement process, which moves you closer  to crossing over the level 2 maturity hurdle.

Disney did just that. Over time, he learned from his project management mistakes, leveraged this learning to build a repeatable process, and further developed his visionary sponsorship to give his customers something new and extraordinary time and time again.  For Walt Disney, it wasn’t all just wishing on a star—he is one of the greatest American innovators because of his mastery of realization.

If you’ve worked on a project with a visionary sponsor but poor project management (or vice versa), tell us your tale.