This week on NVTC’s blog, Dr. Didier Perdu of LMI discusses the challenge of information assurance and how managers should address it.


enterprisepicMore and more organizations are discovering the challenge of information assurance (IA). But, if you are like many other managers, you do not know how to address, let alone mitigate, the risks associated with common threats such as power failures or wireless intrusions. A solution is to leverage your enterprise architecture (EA) to make IA an integral part of the information technology (IT) planning and management activities of your organization. Here are four reasons why you need to get serious about protecting your information assets by integrating IA directly into your EA.

1. Improve Communication

An integrated EA/IA framework gets information flowing among the various layers of your organization. Sharing information improves communications. It is important to improve communication between senior leaders and the technical staff when making decisions about security controls and their implementation. By communicating early in the development process, security remains a primary consideration from initiation to disposition, which is especially important for mission-critical systems.

2. Reduce Complexity

Traditionally, security was practiced on a system-by-system basis. Having a standard approach to addressing security requirements reduces complexity. Clearly expressing the relationship between EA processes and IA controls helps security and non-security personnel understand the other group’s planning processes and procedures. And, when people understand one another’s perspectives, they are better able to work together to ensure that security requirements are addressed.

3. Achieve Compliance

Senior leaders often find themselves unable to navigate the myriad laws, regulations, and policies expanding the scope of IA. Improving communications and reducing complexity enables business and IT managers to work together, thereby enhancing your organization’s response to evolving, complex compliance requirements.

4. Lower Costs

Making security implementation decisions early in the system development lifecycle can reduce your IT costs significantly. Moreover, because IA also addresses vulnerabilities and risks, it saves future resources by providing for the restoration of information systems through built-in protection, detection, and reaction capabilities.

Senior leaders often feel unprepared to identify gaps in IT security and take appropriate action. Obtaining guidance to meet security and compliance requirements is critical to any organization. IT security no longer means simply making sure the door is locked or keeping passwords secure. Today, it means securing the information and information systems upon which your organization relies in order to be successful.


Dr. Perdu works in the Information Management Group with the Enterprise Architecture team, refining the LEAP methodology, and contributing to enterprise architecture related tasks. He holds a Ph.D. in Information Technology from George Mason University and a Master of Science in Technology and Policy from MIT. During his career he has sought to use Enterprise Architecture beyond just compliance and apply it to solve a variety of business issues faced by an enterprise. Cybersecurity is one of these challenges.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

How To Be Strategic With Your IT Hiring

June 18th, 2014 | Posted by Sarah Jones in Guest Blogs - (Comments Off)

NVTC is inviting members and industry leaders to serve as guest bloggers, sharing insights and information on trends or business issues relevant to other members. In the below post, Marc Berman of member company Vector Technical Resources shares strategic steps for managers when hiring an IT staff.


Hiring tech talent can be a serious challenge for many organizations. Depending upon where your company is located, you may be competing with shinier, flashier tech
companies that can offer massive salaries, on-site gym memberships, free daycare, and other perks. Conversely, you may be operating in a rural area where new IT talent is hard to come by.

The (somewhat) good news is that no matter where you are or what your organization does, you are not alone. The Technology Councils of North America conducted a survey in 2013 that found nearly 70% of participating executives believe there is a shortage of quality tech talent in the marketplace. They feel that “all the good ones are taken,” and it can be difficult to attract and hire the right people.

Making Strong IT Hiring Decisions

This climate can lead companies to make poor IT hiring decisions. Hiring managers may feel pressured to jump on the first candidate with the appropriate skill set. But even if an IT candidate’s skills match up with your needs, there are other things to consider before making an offer.

Here are some tips to help you make strategic IT hiring decisions:

  1. Documented Work – An IT candidate can claim certain skills and accomplishments, and it may be possible to glean their expertise from an interview, but it is important to get documentation of previous projects.
  2. Look for Broad Experience – Specialization can be beneficial for certain positions, but more often than not, your organization will depend upon IT pros with a broad knowledge base. When someone focuses narrowly on one specific skill, it can lead them to be less effective at solving large problems.
  3. Match Personality with Company Culture – Employees must be happy in order to do their jobs well, and if the culture of the organization isn’t a good fit, your new hire won’t feel comfortable or happy. For example, individuals with a laid-back attitude and work history in casual environments may feel stifled in a workplace with a more rigid corporate structure.  Be sure to take personality and your company culture into consideration before making an offer.
  4. Don’t Make a Panic Hire – Making a fast hiring decision out of sheer panic rarely turns out well. If the position is so critical that it must be filled immediately, it’s worth it to take a breath and move deliberately, because a bad hire will ultimately force you back into a desperate situation. Never hire for an IT position after one interview.  Always conduct a phone screen first. This can help narrow the field before you potentially waste your time and the candidate’s time on an in-person interview.
  5. Include the Team – If an IT professional will be reporting to three managers, include all three managers in the hiring process. It is important that everyone gets a sense of a candidate’s personality and work style, so that they can feel comfortable bringing that individual on board.

 

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS