Problem solve Get help with specific problems with your technologies, process and projects.

Week 34: Mid-year status check -- What's going right?

We focus so much on what is wrong with our systems and what could go wrong, we need to take some time to recognize what works and doesn't need fixing.

Midway through your annual personnel review cycle.

We focus so much on what is wrong with our systems and what could go wrong, we need to take some time to recognize what works and doesn't need fixing.

What's going right? List five things the IT department is doing well, and put them in an article for the corporate newsletter or a trade publication. Did you put a process in place that has saved you time, money or headaches? Other people in positions like yours want to know!

You should record all of the things you've accomplished so far, if you haven't been doing so along the way. Can you quantify a cost savings from any particular incident? For example, did an upgrade happen on schedule and with zero downtime? If you run a help desk, you may have some statistics regarding number of customers served, problems solved, issues requiring a larger solution, trends, etc. Have people thanked your organization for anything you protected or maybe recovered? Did your systems keep running flawlessly despite rampant reports in the media of massive virus attacks?

Have an organization-wide suggestion contest for ways to use systems even better or save money. A terrific prize can be pretty motivating -- how about an extra day off to the winner?

After reflecting on everything you've done since the beginning of the year, do your duties match your job description and vice versa? Think you're just keeping things secure? At review time, think again: What have you accomplished in the following areas?

  • Time/access/project/identity/file/configuration/risk/inventory/crisis management
  • Host/system management
  • Network management and architecture
  • Budget projection and management
  • Auditing and critical analysis
  • Training/technical knowledge growth
  • Contingency planning and disaster recovery
  • Maintenance/troubleshooting
  • Regulations and laws
  • Lifecycle/systems planning
  • Asset allocation
  • Decision-making

What would you like to accomplish in your department by the end of the year? This is also a good time to adjust your perpetual calendar if you have not done so already.

More Information
Talk to your colleagues. Find your counterpart at another corporate site, or an unrelated but friendly business in the same building/campus/city and have lunch; trade stories and resources. What's working for them?

About the author
Shelley Bard, CISSP, CISM, is a senior security network engineer with Verizon Federal Network Systems (FNS). An information security professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia. Please e-mail any comments to

Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.

This was last published in August 2004

Dig Deeper on Risk assessments, metrics and frameworks

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.