When
Midway through your annual personnel review cycle.
Why
We focus so much on what is wrong with our systems and what
could go wrong, we need to take some time to recognize what works and
doesn't need fixing.
Strategy
What's going right? List five things the IT department is
doing well, and put them in an article for the corporate newsletter
or a trade publication. Did you put a process in place that has saved
you time, money or headaches? Other people in positions like yours
want to know!
You should record all of the things you've accomplished so far, if
you haven't been doing so along the way. Can you quantify a cost
savings from any particular incident? For example, did an upgrade
happen on schedule and with zero downtime? If you run a help desk,
you may have some statistics regarding number of customers served,
problems solved, issues requiring a larger solution, trends, etc.
Have people thanked your organization for anything you protected or
maybe recovered? Did your systems keep running flawlessly despite
rampant reports in the media of massive virus attacks?
Have an organization-wide suggestion contest for ways to use systems
even better or save money. A terrific prize can be pretty motivating
-- how about an extra day off to the winner?
After reflecting on everything you've done since the beginning of the
year, do your duties match your job description and vice versa?
Think you're just keeping things secure? At review time, think again:
What have you accomplished in the following areas?
- Time/access/project/identity/file/configuration/risk/inventory/crisis management
- Host/system management
- Network management and architecture
- Budget projection and management
- Auditing and critical analysis
- Training/technical knowledge growth
- Contingency planning and disaster recovery
- Maintenance/troubleshooting
- Regulations and laws
- Lifecycle/systems planning
- Asset allocation
- Decision-making
What would you like to accomplish in your department by the end of
the year? This is also a good time to adjust your perpetual calendar if you have not done so already.
More Information
Talk to your colleagues. Find your counterpart at
another corporate site, or an unrelated but friendly business in the
same building/campus/city and have lunch; trade stories and
resources. What's working for them?
About the author
Shelley Bard, CISSP, CISM, is a senior security network engineer with
Verizon Federal Network Systems (FNS). An information security
professional for 17 years, Bard has briefed and written infosecurity
assessments and technical reports for the White House and Department
of Defense, special interest groups, industry and academia. Please
e-mail any comments to securityplanner@infosecuritymag.com.
Opinions expressed in this column are those of Shelley Bard and don't
necessarily reflect those of Verizon FNS.
