Posts Tagged ‘IT project’

Newer Entries »

Vulnerability Management: The CIO’s Other Job

Monday, July 6th, 2009

CIOs Will Get The Blame If They Don't Do A Good Job Of Vulnerability Management

The role of a CIO is to find ways to apply IT to enable the rest of the company to grow quicker, move faster, and do more. As part of this task a CIO needs to take steps to ensure that nothing happens that would prevent this from happening. This side of the job is not nearly as glamorous; however, it is at least as critical. What can a CIO do to ensure that

nothing bad happens

to a firm’s IT systems?

The Job Of Vulnerability Management

The first step in ensuring that a firm’s IT systems continue to allow the company to move forward is to come to terms with the real world. This means that CIOs need to acknowledge that the world can be

an ugly place

and there will always be outsiders

who want to do harm to your firm

. The person in the firm who will be most interested in what is being done to defend against attacks on IT systems will be the

CFO

. When discussing vulnerability management with the CFO, the CIO needs to explain that at its heart it’s really just the principles involved in

risk management

combined with

practical logic

and an understanding of

business value

for the firm.

How To Do Vulnerability Management

Although a CIO won’t actually perform the process of Vulnerability Management, he /she is responsible for ensuring that the program is

set up correctly

. This means that the three key components of a Vulnerability Management program need to be put in place:

  • Data Collection Needs To Be Integrated: Attacks on your IT systems rarely show up all at once. Instead, there is a sequence of minor events that occur as your defenses are probed looking for weaknesses. Having all of your data on system configurations, patch status, and access management polices in one place is a critical part of providing you with the ability to identify issues and respond proactively.
  • Prioritize Based On Business Value: Look, we are all busy and have too little time and budget to begin with. If you understand the value of each IT system, then you can allocate resources appropriately. Not all events require a full blown response – low value systems can be monitored further. Defenses for such can be augmented on your schedule as opposed to on an emergency schedule.
  • Improve, Improve, Improve: Vulnerability management is not something that can be done once and then forgotten about. The world is constantly changing and your program will need to be constantly being refined to adapt to new threats.

Final Thoughts

A CIO can do a great job of empowering the rest of the company to accomplish wonderful things; however, if the firm’s IT systems are compromised then all of the good that he/she has done will be

forgotten in a flash

. A well executed vulnerability management program provides a way to defend the firm against a cruel world. CIOs who follow the three steps that we’ve discussed will have

found a way

to apply IT to enable the rest of the company to grow quicker, move faster, and do more.

Questions For You

Does your firm currently have a vulnerability management program? Have you taken the time to assign a business value to each of your IT assets or does everything have the same value? Do you constantly refine your vulnerability management program based on changes in you IT systems and the direction of your business? Leave me a comment and let me know what you are thinking.

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

What does it take to do a really good job of securing your company’s systems and data? Is it just a matter of picking and implementing the right software or hardware solution? Is there a consulting firm that you can pay millions to who will come in and take care of this problem once and for all? Bad news – the answer is no

Tags: , , , , , , ,
Posted in security | 2 Comments »

Unified Communications Is An Opportunity For CIOs To Show Their Value

Wednesday, June 17th, 2009
The Arrival Of Unified Communication Solutions Is An Opportunity For CIOs To Shine

The Arrival Of Unified Communication Solutions Is An Opportunity For CIOs To Shine

The role of a  CIO in any organization is to find ways to enable the company to be more successful. This can include introducing new products quicker, reacting to changes in the marketplace faster, or even lowering the cost of doing business.

Underlying all of these different ways to assist the business there is one area that every CIO must master first: providing great internal communications. An opportunity to radically transform how a firm’s employees communicate has arrived and it’s time for CIOs to step up and lead the charge.

Just What Is Unified Communications?

Unified Communications” (UC) is starting to take on all the characteristics of a high-tech buzzword and in the process folks are losing track of just what it really means. If you boil it down to its bare essence, unified communications is all about moving all of your voice, video, and data business communications to a single network. Instead of having a phone network, a LAN, and the Internet, you combine all three of these into a single unified (get it?) network that carries all business communication.

Is This Really The Right Time To Be Talking About This?

Hey, there’s a recession going on – right? Despite the current economic problems that the world is facing, CIOs still have a job to do and studying and implementing a unified communications solution is a key part of this. The world markets will recover and if the company is left behind while its competition zooms ahead because they didn’t stop innovating then there’s going to be an opening for a new CIO.

Nicholas Hoover over at InformationWeek has been asking around and he’s found out that:

  • 57% of companies have not gotten past the pilot stage
  • 86% say that they can make a good business case for it
  • 55% admit that their company is confused about the value of UC

What Global Crossing Did

Just in case you need some more motivation to look into what unified communication can do for your firm, how about if we take a look at what the communication company Global Crossing did.

Global Crossing has embraced unified communications in a big way. Their chief operations officer uses it to hold weekly global staff meetings with his 16 direct reports. They use the video conferencing capabilities that they now have. The savings of using a unified communications solution for this type of meeting can be calculated in terms of savings on conferencing services, long distance calls, and even travel costs.

Global Crossing has taken unified communications one step further. They’ve discovered that the real hidden value to this new service is what is called “presence awareness” – who’s currently there for you to communicate with? They’ve integrated this functionality into their day-to-day business applications so that people using them will know who they can contact if something goes wrong.

Final Thoughts

All too rarely does an opportunity like this come along that will allow CIOs to clearly demonstrate their value to the firm. As existing PBXs and data network components start to become obsolete, there has never been a better time to start to analyze WHEN will be the right time to upgrade to a unified communications solution. Your company needs you now…

Questions For You

Is there a driver that you can use to start to build a business case for upgrading to a unified communications system? What features does your firm need most urgently: voice features, instant messaging, location awareness, video conferencing, etc.? Who do you think will be your biggest booster in the firm? Who will be your greatest challenge? Why? Leave me a comment and let me know what you are thinking.

Click here to get automatic updates when
The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

The job of  a CIO and the IT department is to equip the rest of the company to move faster and do more. One of the ways that a CIO can do this is by staying on top of new and emerging technologie. One such technology is called Complex-Event Processing

Tags: , , , , , , , , , , , , , , , , , , ,
Posted in communication | 1 Comment »

3 Ways To Bring Business And IT Together

Wednesday, June 3rd, 2009

Executing A Single Business / Technology Strategy Leads To Success

Executing A Single Business / Technology Strategy Leads To Success

In the end, it all comes down to execution. No, not chopping heads off, but rather how you go about having your IT department perform the tasks that the business needs them to do. How hard could this possibly be?

What’s The Goal?

The power term “alignment” is tossed around a lot these days. I think that it’s gotten used so much that a lot of us have forgotten just exactly what it means. In its simplest form, when a company is truly aligned then it is able to mange both its business and its technology together.

As simple as this may seem, too few companies are able to achieve this goal. The reasons are many: differing personalities, budgets that are unrelated, lack of accountability for business results, etc.

Fredric Fishman has spent some time  thinking about this and he’s come to the realization that in order for a a company to commit to managing both its business and its technology together, then it needs to do three things well:

  • Provide a clear vision for the organization
  • Create a well-defined roadmap that shows how to get to the future
  • Measure outcomes against predefined criteria

One Strategy For Both Business And Technology

If you have any hopes of bringing your business and technology activities together, then you’re going to have to make sure that the firm has a living business strategy. The world changes and your business strategy needs to be able to change with it. One way to accomplish this is to implement processes that will allow feedback on the business strategy to be collected and used to make adjustments.

The next step is to make sure that everyone understand just exactly how technology is going to be used to achieve each one of your business objectives. Finally, don’t just hope for the best – make sure that you have criteria in place to judge success before you start any IT project.

Strategic Imperative: Talk & Spend

A company’s goals are no good if nobody knows about them. Make sure that any planned investment in technology has a direct link to a business objective. This kind of decision making won’t happen overnight. You’re going to have to take the time to create internal processes that will allow your staff to learn how to make the correct investment decisions.

Once again, good communication is at the heart of any well run organization. You need to make sure that EVERYONE knows what the expected outcomes are and what the expected business results are. This will establish a sense of ownership and will make sure that everyone has “skin in the game”.

Measure, Measure, Measure

The best IT programs in the world don’t amount for much if you can’t determine what their impact was. You need to monitor the outcomes of each IT investment decision so that your decision making process just keeps getting better.

This is where IT folks can really shine: collect those metrics, stats, and usage data and use these numbers to measure impacts and report results.

Final Thoughts

As you can see, the steps that we need to take to align technology and business are pretty straightforward. The challenge is that this calls out not for a technology solution, but rather for a human-to-human solution. Within IT we’re great at writing code and hooking up new systems, now we just have to do a better job of talking and communicating with the rest of the company.

Questions For You

Within your firm, do you feel that you have a clear vision or is it just a piece of paper on the wall? Do you know how the company is going to achieve its stated goals? Are there effective ways to measure your IT results in place today? Leave me a comment and let me know what you are thinking.

Click here to get automatic updates when
         The Accidental Successful CIO Blog is updated.

Coming Up Next Time

HP’s CIO Randy Mott has done some fantastic things in helping to turn the company around. However, now things are starting to get tricky and it’s not clear that the company is going to be able to continue to be successful…

Tags: , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in alignment | 5 Comments »

Newer Entries »