TLT028 - How to Determine if Your IT Department is Part of the Solution or Part of the Problem

Size: px

Start display at page:

Download "TLT028 - How to Determine if Your IT Department is Part of the Solution or Part of the Problem"

Joseph Wilkerson
8 years ago
Views:

1 TLT028 - How to Determine if Your IT Department is Part of the Solution or Part of the Problem Mark McCurley Senior Information Security Advisor IDT911 Consulting Page 1

2 Mark McCurley Senior Information Security Advisor at IDT911 Consulting. Prior to his role at IDT911 Consulting, he was responsible for vulnerability management at Sony Network Entertainment in San Diego, California. Mark has over 24 years of experience in information technology and security with the last 8 years centered on information security, risk management and compliance for customer information systems that need to adhere to commercial, federal and DoD regulatory compliance mandates and directives. Page 2

3 Before we begin IT Departments are the fusion of people, processes and technology IT Department budget and resources should be commensurate with the level of risk IT Departments are often asked to do more with less Page 3

and resources should be commensurate with the level of

4 Key Risk Areas Lack of Executive or Owner sponsorship Lack of knowledge and understanding of company business objectives Lack of strategic and tactical planning No proof of concept program Inadequately trained and knowledgeable staff Lack of communication and soft skills Lack of policy and process development Page 4

planning No proof of concept program Inadequately trained and knowledgeable

5 Lack Executive or Owner Sponsorship Executives or owners see IT Department as a cost center and not as a partner in delivering vital services that support the business by reducing costs and increasing productivity Budgets do not align with stated company business objectives Executives or owners are unable to accept or address risk they not aware of Page 5

reducing costs and increasing productivity Budgets do not align with stated company

6 Lack of knowledge and understanding of company business objectives How can your IT Department help your organization meet its business objectives if they don t know what they are? Evangelizing your companies business objectives enables your IT Department to do strategic and tactical and operational planning Page 6

7 Lack of strategic and tactical planning Strategic planning is the exercise of documenting the strategy for how the IT Department will allocate resources, technology and services to meet business objectives Tactical planning is the exercise of documenting how the strategic plan will be implemented Page 7

resources, technology and services to meet business objectives Tactical

8 No proof of concept program Try before you buy reduces waste and risk Allows company to validate technology will meet company objectives Uncovers potential technical and logistical challenges and costs before you purchase Page 8

will meet company objectives Uncovers potential

9 Inadequately trained and knowledgeable staff IT Departments manage and support complex technologies and software applications that require subject matter expertise Self study is no substitute for formal training and experience Risk: Unplanned outages, delayed resolutions and implementations Page 9

subject matter expertise Self study is no substitute for formal training

10 Lack of communication and soft skills Ability to communicate effectively with management, internal employees, customers, vendors and cross organizations Increased customer and employee satisfaction Page 10

11 Lack of policy & process development Policy and processes reduce risk and provide IT Departments guidance and direction Policy development is the exercise of formally documenting companies stated intent Process development is the exercise of documenting repeatable processes Change and Patch Management Policy Incident Response Policy Page 11

documenting companies stated intent Process development is the exercise of

12 How do you monitor and measure risk? Excessive number of unplanned outages, disruptions and breaches Leverage internal ticketing system to gather metrics on incidents Service Level Agreement violations Leverage monitoring tools to alert Customer and End user surveys Page 12

Leverage internal ticketing system to gather metrics on incidents

13 Questions, Final Comments and Contact Information Contact: Mark McCurley Page 13

14 KEEP THIS SLIDE FOR EVALUATION INFORMATION/MOBILE APP ETC. Please complete the survey on the RIMS14 mobile application. Page 14

Enforcing IT Change Management Policy

Enforcing IT Change Management Policy WHITE paper Everything flows, nothing stands still. Heraclitus page 2 page 2 page 3 page 5 page 6 page 8 Introduction How High-performing Organizations Manage Change Maturing IT Processes Enforcing Change