NIST
Melissa Hathaway Op-Ed on Cyber Security
I wanted to post this in totality for a couple reasons. One is it is something all of us should read. Although I believe most readers of this blog will find no surprises in this op-ed, Melissa has a real talent for capturing information in easy to understand ways and I think we can all borrow lessons from the way she explains things.
Performance Management In Organizations and Computers
There are some interesting analogies between performance management applied to organizations and performance management applied to computers.
In both cases, performance metrics are crucial to success. In organizations, what we reward gets measured, and what gets measured can be more efficiently and effectively done. In our computers, what we decide is important gets measured, and those measurements can help us drive to increasingly effective and efficient performance.
Compliance enhances IT support to the mission
I’ve previously blogged about Triumfant, a company that has mastered
the automated detection and resolution of IT problems. I also think
of them as the world’s greatest compliance monitoring capability. What
do I mean by compliance? I mean compliance in the context of the many
rules, regulations and configurations that external organizations and
the government require, and also compliance with your own policies and guidance.
For those who are not familiar with the full scope of compliance
issues, a great source is the site of the IT Compliance Institute.
Their goal is to be a global authority on the role of technology in
business governance and regulatory compliance. That means they are
driven to seek out regulations, understand the requirements for
compliance, and then help determine the best way to automate that
compliance.
The site holds several white papers and
checklists on topics like IT Audit, Risk Management, keeping up SOX
compliance, Change Management, Logging, Reporting, and Security.
These papers seem to be good primers for any CTO or other enterprise
technologist who needs to understand this domain.
Here are some other thoughts on compliance:
– During my time as a CTO of a DoD Agency, I noticed a shift in how
federal organizations perceived compliance. Federal organizations are
all about compliance, and have long followed mandates like the
Clinger-Cohen Act, FISMA, the many Enterprise Architecture requirements
(like DoDAF or FEA), and a wide variety of other requirements. But
most federal organizations did not treat compliance as a way to
optimize delivery of IT capabilities to users. And most federal
organizations did not have to comply with many of the regulations being
levied on industry (like SOX, for example). That is all changing.
– More recently IT professionals began to see compliance and the need
for automated control of systems as a way of not just complying with
regulation and reporting requirements, but a way of ensuring uptime,
helping speed delivery of new software deployments, helping reduce IT
admin costs, and helping with overall abiity to support the mission.
Add to this new awareness of the importance of compliance the recent
shifting of federal policy towards having agencies produce financial
audits and IT auditing requirements to the same standards as the
commerical sector.
There are more shifts in compliance underway in the federal space,
including a new Federal Desktop Core Configuration (FDCC). I see all
this compliance as a good thing that should be executed in a way that
enhances uptime, enhances security, and enhances the delivery of
capability to end users.
For more on compliance see my previous post http://www.ctovision.com/2008/07/automated-resolution-of-it-problems.html
For more on triumfant see: http://triumfant.com
Automated Resolution of IT Problems
In January 2008 I was named to the advisory board of Triumfant, a
company who has mastered the automated detection and resolution of IT
problems. Of all the IT firms I’ve seen, they are the ones with the
most comprehensive approach to automated resolution management and the
only one I’ve seen that can automate the entire lifecycle of IT problem
management, from identification to resolution.
I recently read some very exciting news about Triumfant. They have
just signed a partnership agreement with one of the largest suppliers
of computers to the federal government: computer giant Dell Inc.
Triumfant software will be sold pre-installed on Dell computers to
federal customers running Microsoft Windows XP and Vista.
I take this as a huge endorsement of the Triumfant approach of
automated process monitoring and IT compliance enforcement. This agreement between Triumfant and Dell is
also great news for enterprise CTOs and other technologists who must
meet the mandate of the OMB’s Federal Desktop Core Configuration
(FDCC).