In this video, Kip Boyle discusses the importance of management. Learn why program leaders need to become strong managers in order to build a valuable information security program.
- I don't know if you've noticed, but for a long time now I've seen and heard lots of people saying we need more leaders, not managers. So who's better? A manager or a leader? Well it's a trick question of course. Neither are better. They're two sides of the same coin and both are needed. John Kotter, a published leadership expert and former professor at the Harvard Business School says that leadership is about producing useful change. So is management. Is it an antiquated form of leadership? Is it the group of people who set the policies at work? A paper pusher? Or something else? While it's true that management can refer to a role or a job, it's more helpful for us to focus on the function and tools of management.
John Kotter said that management is about keeping organizations operating reliably and efficiently. And if you like getting your paychecks and overnight package deliveries on time, you should be glad for good management. Kotter's definition also tells us management is about maintaining the status quo. A major result of your information security program will be keeping your organization operating reliably and efficiently. Good management practices will help you maintain the confidentiality, integrity, and availability of your organization's information.
Here's some examples. Reporting the status of your program and projects to senior managers so they can make high-quality decisions that are dependent on your work. Holding your staff members accountable for the quality and timeliness of the work that you've delegated to them. Processing access control requests accurately and on time, so people remain productive. Reviewing violation reports accurately and on time so bad behavior online is detected and stopped. My geeky personality and natural interests make it easy for me to understand and use the tools of management.
And my roles as husband, father, project manager, IT security manager, and IT operations manager, I've had lots of experience with the practice and tools of management. In contrast, the tools of leadership have been much more difficult for me to use and master and I've made some big mistakes trying. In the next video we'll examine why leadership matters for your information security program.
- Goals and components of an information security program
- Measuring and managing information risks
- Reducing risks to an acceptable level
- Using a workflow to organize your work
- Communicating progress with executives and stakeholders
- Demonstrating compliance