Intel Igence.
tk just has the best quote in the latest VERT Daily Post:
Decision support is driven by intelligence. No one knows this better than your adversaries and competitors.
I have been screaming for quite some time now that CEOs need to reinvent and transform their security organization into the INTELLIGENCE ORGANIZATION. It is a much higher value proposition and much more accurately describes their role in the organization ...
Being at the core of your organization’s decision support is critical and it is not about always being the bearer of bad news but about being the one stop shop for Operational Intelligence and Situational Awareness.
I couldn’t agree more, but I’m finding it hard to do so without looking like I’m pinning a Mensa Medal on myself.
“Intelligence” is a loaded word. Can we use “information” instead? It doesn’t sound as macho as “intelligence” when you’re in the DoD Metropolitan Area and you also like to use the word “cyber” a lot. But it also keeps you from sounding smug when you’re trying to justify your reporting line to other areas of your IT department.
Actually, let’s break it down some more. I end up being a nearly-one-stop shop for answers that require the discreet gathering of system data, the holistic view of IT if any of it is arguably security-related, and any legal or HR policies that need to be implemented in any way at the IT level. In other words, if they need IT information that involves confidentiality, enforcement or any kind of risk, then they come to me. Since there’s hardly anyone in the building who doesn’t use a computer for their work, that ends up being pretty often.
I like the words “decision support” in this context. I like them a lot. I don’t make the decisions, but I provide the information and help break down the problem space for those who do. Often I say, “I don’t know whether you’ve thought of this particular issue, but if you have, what do you want to do about it?“ (Disingenuity disclosure: yes, I know that their decisions will be influenced by the data I give them, and half the time they will punt and say, “What are your recommendations?“) But I really do see my role as a holistic sort of regulatory-and-risk IT person who ends up in the boardroom more often than others because the issues bring me there.
The theme for today that I’ve seen twice now is how to marry security to something else so that it gets listened to or becomes relevent.
Decision support and organizational intelligence/information is another such place.
Mission statements like the one in tk’s post from Harley Davidson (an awesome case study in strategic management, btw) about selling a lifestyle is something I think larger departments in a company should have as well. Security (or IT) can be aligned to providing a safer and happier life experience (for employees or customers). Aligning security with happiness for employees and customers while allowing them to live their lives and earn money at a stable, protected job and assure customers of your business longevity, stability, and reliability. Blah, blah, blah, add additional buzzwords and marketing-speak as needed.
I hope you like your role as the person others go to for information and decision support. I truly feel that there are two departments that know the company health and internals better than anyone else: accounting and IT/security. This keeps you relevent to the important parties. Security and IT are only going to become more powerful in corporate environments and business and government…the variable is how quickly the rest of management and execs embrace and understand those roles (opposite from what I read a lot about how IT/security needs to align to business…I think a large part of the real need is opposite, the rest of the business needs to be cognizant of IT/security).
I’m feeling talkative today, hah!