Create Your Methodology Based on a Standard Framework - Part One
Learn Management Articles on management-info.biz. Create Your Methodology Based on a Standard Framework - Part One article will help answer your questions on Management Articles.We at management-info.biz specialize in Management Articles. Management Articles at management-info.biz provides the most up to date news and articles. If you have questions please do not hesitate to contact us.
OK. So you have decided that your organization has to
improve the way in which it works. You have chosen to
implement a methodology as the best way to achieve this
goal. And now you ask yourself, where do I start?
Whatever the discipline you are trying to model (from
software development to supply chain management), it is
highly probable that a standard framework exists, that can
serve as the basis for your own methodology. WHAT IS A STANDARD FRAMEWORK? A standard framework is a set of best practices, normally
expressed as a set of repeatable processes created by an
organization (a professional association, university, public
administration, etc...). These frameworks are sometimes
referred to as bodies of knowledge, methodologies, etc... Standard frameworks cannot be applied out of the box. They
are aimed at a wide spectrum of organizations and thus
cannot be detailed to a level at which they are ready to
use. In order to have an executable set of processes, a
project has to be undertaken in order to fill the gap
between the framework best practices and your methodology
executable processes. This gap is filled when you have
translated the best practices into concrete procedures and
policies that take into account the characteristics of your
organization and its environment. For example, when the framework says “determine which risks
might affect the project and document their characteristics”
the methodology can say “the project leader registers all
project risks in the risk list and documents its
characteristics”. The methodology also provides a link to
the excel spreadsheet that is used as a template for the
risk list, and a description of the project leader role in
the organization (skills needed, minimum experience,
etc...) Some of the existing frameworks that can be used as a base
for a methodology are the following: - IT Service Management: ITIL / COBIT / MOF
- Project Management: PMBoK / PRINCE2
- Software Development: RUP / OPEN Process Framework
- etc... ADVANTAGES OF USING A STANDARD FRAMEWORK - You can take advantage of the work made by experienced
professionals in the field. - It establishes a standard terminology, that enhances
communication both internally and externally. - It facilitates process benchmarking, so that you can know
how well you are performing compared to other
organizations. - Software vendors create products that are compliant with
the framework, so you will be able to find software that
automates your processes smoothly. - Your employees are motivated. They learn something that
adds value to them professionally. - Mainstream frameworks evolve over time, so you will be
able to enhance your methodology. WHICH FRAMEWORK SHOULD I CHOOSE? When choosing a framework the following must be taken into
account: - Research and investigate. It is normal that several
frameworks exist for one discipline. - Determine which standard best meets your needs in terms of
industry, size of the organization, etc... - Determine how the standard integrates with standards of
other disciplines. - Evaluate the structure of the framework. Does it have a
uniform structure and format for all process descriptions?
Does it name roles consistently? - Evaluate scope. Does it contains all the processes you
need to describe? Does it make reference to the supporting
systems? - Does it contain guidelines and templates? - Evaluate accordance to your company characteristics. You
might find that one standard is too heavy for your needs. Having said this, please note that processes that seem very
complex in the framework can be implemented through very
simple processes that embed the most value-adding best
practices. SUGGESTIONS - Implement processes gradually and start with those
processes that demonstrate most value. - Choose a wining framework used by a big number of
organizations. - Choose a framework that maps to a Capability Maturity
Model. This way you can have a roadmap and gain visibility
on where you want to be. Lucas Rodríguez Cervera is founder of Nevant – Process
documentation software a company specialized in delivering
process solutions to knowledge based companies. They
pioneered this concept with metoCube.
Starting A Child Daycare. - Complete business package to help you easily and quickly start your own profitable home-based day care business!
WebMaster Media Maker. - Create Streaming Audio and Video with Media players that do not require a streaming media server.
Interview: Jo Stewart-Rattray, Award Winning Top Executive, International Security and Risk Management Authority and Vice President ISACA
 QUALIFICATIONS
- Masters of Education Studies – Psychology
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in the Governance of Enterprise IT (CGEIT)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Social Engineering Prevention Specialist (CSEPS)
- Registered 27001 Lead Auditor
- Certified Professional (Australian Computer Society)
PROFESSIONAL ASSOCIATIONS
- Member, Australian Computer Society, Certified Professional
- Co-opted member, ACS SA Branch Executive Council
- International Vice President, ISACA International
- Chair, Leadership Development Committee, ISACA International
- Past President, ISACA, Adelaide Chapter
- Ambassador, Women in Innovation & Technology
- Professional Member, Australian Information Security Association
- Member of the Australian Institute of Management
AWARDS
- National ICT Professional of the Year (iAwards 2011-2012)
EXPERIENCE
See RSM Bird Cameron
Jo has 24 years experience in the IT field, some of which were spent as CIO in the Utilities space, and 16 in the Information Security arena. She underpins her information technology and security background with her qualifications in education and management.
She specializes in consulting in information security issues with a particular emphasis on governance in both the commercial and operational areas of businesses. Jo provides strategic advice to organizations across a number of industry sectors including banking and finance, utilities, automotive manufacturing, tertiary education, retail and government.
Jo is the Chair of both ISACA's International Leadership Development Committee and its Security Culture Taskforce. She is past president of ISACA's Adelaide Chapter, and she was sworn in as International Vice President of ISACA in June of this year at the Association’s Annual General Meeting in Washington, DC.
ISACA is a professional body with some 95,000 members in 180 countries around the world, and represents professionals from the assurance, governance and security disciplines.
She was appointed to CIGRE's international working group B5.38 and worked with the group to assess information security risks in power system operations within SCADA systems and the implementation of appropriate security controls.
To listen to the interview, click on this MP3 file link
DISCUSSION:
Interview Time Index (MM:SS) and Topic
:00:25:
Jo, you have a strong history of significant global impact in security, risk management, governance, and senior executive leadership. Thank you for sharing your considerable expertise, deep accumulated insights, and wisdom with our audience.
:00:45:
Congratulations on your recent significant award. Can you tell us more about it?
"....In August of this year I was named the Australian ICT Professional of the Year....When I was asked by a colleague if I minded if they nominated me, I agreed and quite frankly I didn't think I would hear any more....You can imagine my absolute surprise when I received a call from the committee saying that I had won the award. I was really blown away by it...."
:01:42:
What was the reaction from your family from receiving this award?
"....I have been fortunate over the years — my husband has been exceptionally supportive of my efforts....Also close colleagues were also blown away...."
:02:27:
What valuable lessons can you share from ISACA's research initiative on 'Creating a Culture of Security'?
"....One of the most valuable lessons for me was about not judging a book by its cover. You can find the champions of a culture of security in all sorts of places, not just at the top of an organization...."
:04:35:
What are the main thrusts around your work on COBIT 5.0 that will be of value to the audience?
"....It's looking at COBIT as not just the framework itself which of course is the platform, it will be a strong framework on which a series of lenses can be applied depending on what you do in the IT or Information Security space...."
:06:07:
What are important takeaways on your work on ISACA's Business Model for Information Security (BMIS)?
"....BMIS gets rid of the silos in organizations because it takes a cross-functional approach to information security....My important take-away from this is that there is something in BMIS for everyone and it's absolutely worth a look at...."
:07:42:
Please share your goals as the Chair of both ISACA's International Leadership Development Committee and its Security Culture Taskforce.
"....The Security Culture Taskforce was formed to specifically develop and publish the research on creating a culture of security....The completed goal was to publish that document and also to get this piece of work out into the world....The Leadership Development Committee was formed last year in 2010 and it's in place to encourage ISACA members to volunteer at the international level....It's about making the experience worthwhile from both sides of the fence. We are also looking to identify high potential future leaders of the Association....It's always a work in progress...."
:12:44:
I guess there would be a lot of crossovers with other Societies. I'm sure there are lots of members of both Societies. Do members of ISACA collaborate with the Australian Computer Society?
"....Absolutely. That's one of the things in my role as International Vice-president I have ensured....It's fair to say that we do have a fairly strong relationship with the Australian Computer Society...."
:14:51:
What do you hope to contribute as International Vice President of ISACA?
"....One of the important things for me is furthering the connections that I've already fostered within the Australian and Oceania regions....One of my roles is to work closely with our President's Council....I'm also very active in promoting ISACA and forming those relationships with other professional bodies...."
:17:22:
Can you briefly describe your work and outcomes with international working group B5.38?
"....CIGRE is an organization with its focus on large utilities....What we produced was what CIGRE calls a technical brochure which is actually a very large guide with many pages on the security on electricity substations. Very rewarding piece of work which allowed me to work with a multi-disciplinary, multi-national group of professionals...."
:18:51:
Can you outline important lessons from your work in the Utilities space?
"....I learned so much from my engineering and telecommunications colleagues during that time that I'm still grateful for today. It actually piqued my interest in securing that kind of environment so it's a little bit of a passion. It's not something I work in all the time, but it is something I really enjoy..."
:20:26:
When you did your work with the Utilities space were you working with government agencies as well?
"....In Australia, until about 6 – 10 years ago they were always government owned. Now we have a combination — some are privately owned and some are still government owned, so that creates a whole raft of issues when it comes to crisis or emergency management. The Australian government has recognized that and have put in place some safeguards around critical infrastructure....There is understanding of critical infrastructure protection and I was involved in part of those programs which was about information sharing in those environments...."
:22:42:
What are your top five governance tips?
"....Never under-estimate the human factor when you are putting governance posture in place....Ensure that there are good policies in place that are as unambiguous as possible. Ensure that the policies that have been developed are disseminated to the appropriate staff, contractors and temporary staff — whatever is appropriate to your organization....Information security or IT must be aligned with the overall corporate strategy....Information security awareness has to be an ongoing program and not a one-off event....If we are talking about information security governance, it’s got to be a commitment from the top...."
:26:55:
Please overview your certifications and the value they bring to your work and your clients?
"....The certifications that I have show my clients that I have a strong understanding of the core body of knowledge that relates to each of those credentials. Holding the certifications also shows that I have an on-going professional development program in place...."
:28:59:
Jo, can you profile your extensive history and valuable lessons you wish to share from each of your top three leadership areas?
"....Don't expect everyone to have the same standards and concepts of time and urgency as yourself....Let people do their jobs without breathing down their necks....Never underestimate the human factor....Never judge a book by its cover....Look for the champions...."
:39:46:
Have you encountered what I would call unconscious bias in your career and how did you overcome it?
"....This is not always the case and it is not the case in all organizations or all walks of life but I have certainly found it over the years....Oftentimes it's unconscious, but it can be ingrained and it can be systemic in organizations where they don't recognize that what they are doing is actually a form of discrimination so it is a problem....There are lots of questions you have to ask yourself: "Am I prepared to continue to fight for it? How far would I go with this? What is the impact going to be? Is it worth the impact or the consequences of the impact?"....For early career professionals, women do have to be prepared that it's not the equal playing field that we would like to think it is, in some cases – in other cases, yes it is...."
:43:42:
Do you think it will happen in our lifetime that we're going to see this or do you think it's going to 50 years before we see a flat playing field?
"....It has been enshrined in legislation so we have won part of the battle....Now it's getting it accepted in the corporate sense which has got nothing to do with the legislation. This is about developing new social norms and we're talking about creating that kind of culture....It is longitudinal — it's not going to be something that is going to happen overnight and women have to continue to want to fight...."
:44:49:
Jo, tell us about your most difficult challenges and the valuable lessons you wish to share?
"....One of the greatest challenges that I've had is actually getting people to understand what information security really is about. Lessons to be learned — I need to collect stories and anonymize those stories in order to help educate markets...."
:48:49:
How will you accomplish your three top goals in your current position and how will you measure success for each of these goals?
"....Goals: To build a highly successful practice....To people it with the very best that I can....To exceed my clients’ expectations....Measurements: profitability....staff retention and cohesiveness of staff....customer satisfaction...."
:51:11:
Describe some areas of controversy or much discussion in the areas that you research and work.
"....There is a great deal of controversy about what is culture and how do we build a culture that is appropriate to our organization....How much is technology and how much is culture in the IT and IS type businesses — that's another area of controversy. I have a theory that in information security it's 80% about the people and 20% about the technology....One of the areas of much discussion currently is cloud....The other area of controversy or much discussion I think is the use of social media in the corporate environment...."
:57:14:
Why should IT professionals and executives join non-profit associations?
"....I believe it's a way of enriching your understanding of the industry sector in which you work. It's a sensational way of networking with people....You generally have access to a core body of knowledge as well....There's also the credentialing and that sort of stuff....Quite frankly it's about giving back to the community that has given you so much...."
:58:30:
What specific challenges and opportunities should IT practitioners and businesses embrace today and in five years?
"....Consumerization of IT....The issue of BYOD (bring your own device)....Security on the inside, not just the perimeter....We live in a outsourced, offshore, cloud-provided world and we need to make sure we know who has access to our data legally through those means...."
:01:02:15:
Do you think the concept of singularity will happen in the next 50 years?
"....We see it with the younger career aspirants in the workplace. They are sitting right next door to their colleague but send them an email or they text them. What concerns me is that we are losing the art of one-on-one interplay; the human to human interplay disappears and more and more is done through a different interface....There's always that issue when we talk about downloading the conscious into a computer system....but where does the moral or ethical stuff come into it....I certainly see that more and more we are relying on an interface and it’s becoming just part of the way people do stuff...."
:01:06:06:
What are your thoughts on computing as a recognized profession like medicine and law, with demonstrated professional development, adherence to a code of ethics, and recognized credentials?
[See www.ipthree.org and the Global Industry Council, http://www.ipthree.org/about-ip3/global-advisory-council]
"....I really think we are seeing it more with a lot of organizations....I think that regardless what you do and how you do it, professionalism is about the people themselves and the values that they hold as professionals...."
:01:09:01:
From your extensive travels and work, please share one or more stories (amusing, surprising, unexpected, amazing).
"....Sometimes out of the worst experiences the best things come...."
:01:14:36:
If you were conducting this interview, what 3 questions would you ask and then what would be your answers?
"....If you had to pick out one event what was the turning point for you in your career?....Can you take out your crystal ball and predict what will happen in the IT world in the next 5 to 10 years?...." 
Article Index: | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81
|
