Upload
melinda-lamb
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
1
I2 Security Professionals Workshop - May, 2004
Partnering for Successin the Security Discussion at NortheasternGaining Traction through Influence
Glenn C. Hill, CISSPManager of IT Security, Northeastern University
Copyright Glenn C. Hill, 2004This work is the intellectual property of the author. Permission is granted for this material to beshared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
2
Imperatives aroundInformation Security
Customer, community, institutional and regulatory expectations exist.
3
Imperatives aroundInformation Security
Customer, community, institutional and regulatory expectations exist.
Security does not come naturally to everyone.
4
Imperatives aroundInformation Security
Customer, community, institutional and regulatory expectations exist.
Security does not come naturally to everyone.
Not everyone understands the relevance of security to their work.
5
Imperatives aroundInformation Security
Customer, community, institutional and regulatory expectations exist.
Security does not come naturally to everyone.
Not everyone understands the relevance of security to their work.
Educators often have other things to think about.
7
Yet…
Security is a shared responsibility.
Security risks are man-made problems that require human and technical forces to address.
8
Yet…
Security is a shared responsibility.
Security risks are man-made problems that require human and technical forces to address.
Single-sided efforts are often less successful and more costly over the long run.
10
Challenges…
Create mutual understanding: “Security is more a journey than a destination.”
Create shared value in the security proposition.
11
Challenges…
Create mutual understanding: “Security is more a journey than a destination.”
Create shared value in the security proposition.
Identify reasonable “waypoints” on the security journey.
12
Challenges…
Create mutual understanding: “Security is more a journey than a destination.”
Create shared value in the security proposition.
Identify reasonable “waypoints” on the security journey.
Identify and overcome natural resistance.
13
Challenges…
Create mutual understanding: “Security is more a journey than a destination.”
Create shared value in the security proposition.
Identify reasonable “waypoints” on the security journey.
Identify and overcome natural resistance. Underwrite successful outcomes through
cooperation.
14
Techniques togain traction…
Identify essential/optimum partnerships and stakeholders. (the right people)
15
Techniques togain traction…
Identify essential/optimum partnerships and stakeholders. (the right people)
Codify business problems (relevant risk and consequence list)
16
Techniques togain traction…
Identify essential/optimum partnerships and stakeholders. (the right people)
Codify business problems (relevant risk and consequence list)
Diagnose the environments.
17
Techniques togain traction…
Identify essential/optimum partnerships and stakeholders. (the right people)
Codify business problems (relevant risk and consequence list)
Diagnose the environments. Anticipate resistance, but avoid SFP.
18
Techniques togain traction…
Identify essential/optimum partnerships and stakeholders. (the right people)
Codify business problems (relevant risk and consequence list)
Diagnose the environments. Anticipate resistance, but avoid SFP. Expect the academic argument.
19
Techniques togain traction…
Identify essential/optimum partnerships and stakeholders. (the right people)
Codify business problems (relevant risk and consequence list)
Diagnose the environments. Anticipate resistance, but avoid SFP. Expect the academic argument. Illustrate relevance and benefits of
security opportunities
21
Techniques togain traction…
Create safe and respectful discussion environments.
Exchange trading currencies.
22
Techniques togain traction…
Create safe and respectful discussion environments.
Exchange trading currencies. Build trust.
23
Techniques togain traction…
Create safe and respectful discussion environments.
Exchange trading currencies. Build trust. Identity incremental opportunities and
clear paths to change.
25
Trading Currencies
Inspiration Task Position Relationship Personal
Adapted from Allan Cohen & David Bradford:“Influence without Authority”
26
Inspirational Currencies
Vision- Involvement in task of larger significance.
Excellence- Chance to do important things well.
Moral/ethical correctness- Doing what is “right” by higher standard.
27
Task-related currencies
New resources- $, budget increases, people, space
Challenge (Doing tasks that increase skills) Assistance (Getting help) Task support
- Backing or assistance with implementation Rapid response Information (Access to knowledge)
28
Position-related currencies
Recognition (acknowledgement) Visibility to higher-ups Reputation (seen as competent/committed) Importance (sense of belonging) Contacts (opportunity to link with others)
29
Relationship currencies
Acceptance/inclusion (closeness)
Understanding- Having concerns listened to.
Personal support- Personal/emotional backing.
30
Personal currencies
Gratitude- Appreciation/expression of indebtedness.
Ownership/involvement- Ownership/influence over important tasks.
Self-concept- Affirmation of own values/identity.
Comfort (avoidance of “hassles”)
31
Handling yourtrading currencies…
Your optimum/necessary partners are the targets of influence.
To gain influence, one must have and spend valued trading currencies.
32
The Key Relationships:Where to spend your trading currencies
Administrative Faculty Business-Centered Student-Centered External
36
Spending on Administrative Relationships
CIO Office of University Counsel Internal Audit Human Resources
37
Spending on Administrative Relationships
CIO Office of University Counsel Internal Audit Human Resources External Affairs/University Relations
38
Spending on Administrative Relationships
CIO Office of University Counsel Internal Audit Human Resources External Affairs/University Relations Public Safety
39
Spending on Administrative Relationships
CIO Office of University Counsel Internal Audit Human Resources External Affairs/University Relations Public Safety Student Affairs
40
Spending on Administrative Relationships
CIO Office of University Counsel Internal Audit Human Resources External Affairs/University Relations Public Safety Student Affairs Office of the President
43
Spending on FacultyRelationships
Provost Faculty leadership Individual faculty with specific interests
45
Spending onBusiness-Centered Relationships
Office of the Registrar Student Customer Service Center
46
Spending onBusiness-Centered Relationships
Office of the Registrar Student Customer Service Center Enrollment Services
47
Spending onBusiness-Centered Relationships
Office of the Registrar Student Customer Service Center Enrollment Services CFO/Controller
48
Spending onBusiness-Centered Relationships
Office of the Registrar Student Customer Service Center Enrollment Services CFO/Controller Risk Management function
49
Spending onBusiness-Centered Relationships
Office of the Registrar Student Customer Service Center Enrollment Services CFO/Controller Risk Management function Division of Research
50
Spending onBusiness-Centered Relationships
Office of the Registrar Student Customer Service Center Enrollment Services CFO/Controller Risk Management function Division of Research Residential Life
51
Spending onBusiness-Centered Relationships
Office of the Registrar Student Customer Service Center Enrollment Services CFO/Controller Risk Management function Division of Research Residential Life “ResNet”
52
Spending onStudent-centered Relationships
Students (1:1) Student representation (RSA) Student media leadership Student advisory groups
56
Spending onExternal Relationships
Peers in higher ed Peers in other businesses Local media (**)
- Observe policy on speaking with media.
- Carefully identify opportunities to get involved.
- Create positive impression.
- Get on the “experts” lists.
58
Lessons Learned
Security is a shared imperative with shared responsibility.
Security is not universally understood.
59
Lessons Learned
Security is a shared imperative with shared responsibility.
Security is not universally understood. Risk must be relevant and illustrated.
60
Lessons Learned
Security is a shared imperative with shared responsibility.
Security is not universally understood. Risk must be relevant and illustrated. Resistance is natural.
61
Lessons Learned
Security is a shared imperative with shared responsibility.
Security is not universally understood. Risk must be relevant and illustrated. Resistance is natural. To gain traction, must overcome
resistance.
62
Lessons Learned
Security is a shared imperative with shared responsibility.
Security is not universally understood. Risk must be relevant and illustrated. Resistance is natural. To gain traction, must overcome
resistance. Diagnose the others’ world.
63
Lessons Learned
Security is a shared imperative with shared responsibility.
Security is not universally understood. Risk must be relevant and illustrated. Resistance is natural. To gain traction, must overcome
resistance. Diagnose the others’ world. Know trading currencies.
64
Lessons Learned
Security is a shared imperative with shared responsibility.
Security is not universally understood. Risk must be relevant and illustrated. Resistance is natural. To gain traction, must overcome
resistance. Diagnose the others’ world. Know trading currencies. Calculate your exchanges.
67
Lessons Learned
Know when to give binary vs. analog answers.
Encourage evolution…not revolution. Not everyone is “wired” for these
discussions. Choose optimum partners.
68
Lessons Learned
Know when to give binary vs. analog answers.
Encourage evolution…not revolution. Not everyone is “wired” for these
discussions. Choose optimum partners. Technical, influential and diplomatic
skills not always found together.- Seek participants with these skills.
- Where they don’t exist, grow them.
69
Lessons Learned
Know when to give binary vs. analog answers.
Encourage evolution…not revolution. Not everyone is “wired” for these
discussions. Choose optimum partners. Technical, influential and diplomatic
skills not always found together.- Seek participants with these skills.
- Where they don’t exist, grow them. Be willing to accept small victories.