I once talked to a finance manager and asked her why her group couldn’t produce an accurate list of cost center owners. Her response was simple, “I would love to have an updated list, but no one ever tells me when there’s a change, so I have no way of maintaining a list.” As with [...]
Vacancy Management and Hierarchies Part 4: Cost Center Ownership
September 1, 2010 By Leave a Comment
How can The Catalyst Method™ benefit your efforts?
August 31, 2010 By Leave a Comment
In Chapter 6 of Into the Breach (click here to listen to the audio book version of the chapter), I shared a method I use to effectively assess people, information and risk – in their own context and with a personal connection. That success led to the creation of The Catalyst Method™ — a powerful [...]
Vacancy Management and Hierarchies Part 3: Data/Access Ownership
August 25, 2010 By 1 Comment
How often has a customer sat waiting on an access request, only to discover that it was delayed because the approver left the company and there was no replacement? This is an all-too-common scenario, and one that can be handled with vacancy management. If all of the data/access approvers (owners) can be identified, they can [...]
Vacancy Management and Hierarchies Part 2: Line Management Hierarchy
August 18, 2010 By 1 Comment
In this month’s Introduction, three hierarchies were introduced. We continue the series discussing the first of those: line management. The line management hierarchy is the most common of the approval hierarchies, the most frequently-used, the easiest to understand, the most highly sought-after, and possibly the hardest to develop because it encompasses everyone in the organization. [...]
Identity Management Series – Vacancy Management and Hierarchies Part 1: Introduction
August 11, 2010 By Leave a Comment
So far in this series on identity management, the focus has been on activities and cleanups for data that is ultimately handled by identity manager. Now we shift the lens to focus on an element of role manager – building hierarchies and managing vacancies. This is actually one of the big advantages that role manager [...]
Why the definition of awareness matters
August 9, 2010 By Leave a Comment
Your paradigm is so intrinsic to your mental process that you are hardly aware of its existence, until you try to communicate with someone with a different paradigm. ~ Donella Meadows Considering the meaning, purpose and expression of awareness is a personal and professional pursuit. In fact, it’s my sole focus and the reason I [...]
Why people are not the problem and where to look (hint: grab a mirror)
August 6, 2010 By 2 Comments
Do not put your faith in what statistics say until you have carefully considered what they do not say. ~William W. Watt Over the last few years, we have been presented a series of reports, complete with statistics, suggesting the cause of breaches is people. Whether external attackers taking advantage of people, insider mistakes or [...]
Memo from users: educate, but don’t embarrass us
August 3, 2010 By Leave a Comment
The moment we judge someone, we forfeit the ability to help. Seems like a lot of what is being promulgated in so-called “security awareness” today is nothing short of berating people with a list of the things they shouldn’t do, coupled with a non-intuitive list of what they should do. I read a lot of [...]
Into the Breach – Audio Series – Chapter 12 (Final Thoughts: Courage to Act)
July 6, 2010 By
Welcome to the continuation of the Into the Breach: Protect Your Business by Managing People, Information and Risk audio series. (Click this link) to learn more about this how this book solves today’s challenges and pick up a complete copy. This series, underwritten by Configuresoft, now part of EMC, is the full and unabridged audio [...]
Podcast: Play in new window | Download (6.7MB)
Identity Management Series – Role and Rule Basing Part 5: Implementation and Cleanup
July 1, 2010 By
The final step in this month’s activity is to implement the roles and clean up any extraneous access that’s left behind. As in the previous segment, the distinction between enterprise and IT roles doesn’t matter, so I will generalize. The reason for this is that what you implement depends on your strategy – as defined [...]
Engage with Michael