There is a theory that if something isn't broken we don't need to fix it.
Well I am here to tell you that is a poor way to live, especially in IT.
Last week I discussed risk management. With that also comes re-evaluation of systems and those associated risks. So while the idea of "it ain't broke, don't fix it" might work for other aspects of your life...if your in IT it doesn't.
While the world is an ever changing place, we all know technology is as well. What iPhone are we on now? 16 or something. (Ok, I know it's 6...I think) The point is that rapid change also means threats are changing rapidly as well. With that comes a responsibility to maintain a current risk management strategy that follows current threats with current technology.
Let's face it...if we have sever or any hardware from ages ago with the associated cost of that equipment from that time period and the threats from back then as well...It really doesn't do an organization any good for today, because it's no longer valid. Much like just because you took a shower yesterday, doesn't mean you never need a shower again. (I had a classmate use this analogy and I did tell him I would steal it, so there)
Just as technology changes so much the organization re-analyze their strategies. Risk management would be a big one to keep current. And it's not the only one, they are all important to maintain and re-analyze from time to time. One thing I learned is establishing these as "living" documents, they are ever changing and evolving to keep up with the times.
Some interesting pieces related to my topic:
http://www.pwc.com/gx/en/governance-risk-compliance-consulting-services/resilience/publications/business-resilience-sustainability-enterprise-risk-management.jhtml
http://www.accuvant.com/resources/risk-and-the-ciso-role
http://www.resolvergrc.com/blog/what-makes-for-an-effective-risk-manager-in-todays-ever-changing-world/
While the topic is broad and I could go on for a long time....ultimately this type of thinking makes any organization stronger, being able to recognize and to adapt to changes that happen...that should get them to a level of greatness and hopefully protect themselves better from the ever changing world of technology.
No comments:
Post a Comment