PRO+ Premium Content/Information Security

Thank you for joining!
Access your Pro+ Content below.
June 2007

Apply manufacturing management techniques to information security

Total Quality Management isn't just a gimmick. Its techniques are helping improve information security. After years of waiting, I've decided the profession is ready to know the truth: what we are doing is essentially a form of Total Quality Manage-ment (TQM). I know what you'll say--it's a fad, a gimmick, a buzzword that lacks substance. At best, it is a manufacturing technique that has absolutely no relevance to the practice of security. Anything that's appeared in so many airport bookstores has to be superficial, right? There are a lot of misapprehensions about TQM, so let's start with what it isn't. It does not imply a rigid and objective quantification of human activity, and it's definitely not a mechanism for the calculation of security ROI. To be fair, today's TQM owes a significant debt to the pioneering research of Frederick Taylor, whose methodical time and motion studies demonstrated things such as the relationship between the density of a bulk material and the optimal size of a shovel. While statistical controls are ...

Access this PRO+ Content for Free!

Features in this issue

  • SIMs maturing and suitable for mid-market

    Security information management systems (SIMs) tools have expanded with more capabilities such as active threat response. The broadening of the technology will provide security managers with a sharper view of their overall security posture.

  • Product review: nCircle Configuration Compliance Manager

    nCircle Configuration Compliance Manager brings policy compliance and secuirty management into one centralized software suite. It provides vulnerability scanning via third-party scanners such as Nessus. This product review rates the software's ease of installation, features and effectiveness.

  • Encryption key management blunders can render deployments useless

    Encryption sounds like an ideal way to protect data but key management, including accountability, training, and enforcement of password complexity, are challenging.

Columns in this issue