Alan Calder on IT Governance, information security & ISO 27001

This promises to be an interesting event. Sherron Watkins, the celebrated Enron ‘whistle blower’, will be addressing an IT governance symposium in August in Orlando. Ms Watkins is obviously doing well on the lecture circuit, but it’s hard to begrudge that, and she seems an excellent person to talk on IT governance. Enron is the starkest illustration of how vital proper governance is to the running of an organisation and the potential dire consequences of taking this lightly. Let’s hope a few CEOs go along to hear her.

Yoo Cheng Hwee told a HCMC conference on information security that more than 80% of of companies trying to implement an ISO 27001 ISMS had failed because they thought of the exercise as a one-off investment, rather than just the start of a life-long commitment to systematically and continuously improving information security.

He’s absolutely spot-on.

He went on to say that strong management support and tailored operational processes were essential to success. There are a few others as well (as I describe in Nine Steps to Success), but strong management support is undoubtedly the most important.

CSO Online from reports from Australia that ITIL is fast gaining popularity around the world, spurred on by regulatory factors such as SOX – read their article here. We’ve also seen a steep increase in demand for ITIL information so we’ve put together what we believe is the most comprehensive specialised ITIL and IT Service Management shop on the web, offering books, toolkits and exam-based distance learning products. Have a look here and let us know if there’s anything you can’t find.

There is ongoing debate of how safe it is to work wirelessly, with much discussion about how likely it is that your digital information will be monitored and stolen while you are online in a coffee shop or wherever. Of course, by far the most common security threat related to wireless internet use is physical, not virtual – it is the theft or loss of the laptop or PDA on which you’re working. However, beyond taking sensible steps to ensure that a device remains in your possession there are a variety of other security measures that companies need to adopt. This article on Computerworld gives a good overview.

Type ‘liar’ or ‘failure’ into the Google search box and see whose personal Internet sites are right at the top of the organic search listing for each of these terms. Whatever your own personal views of these two individuals, a quick scan of what’s on their websites will not find any occurrences of either of ‘liar’ or ‘failure’. So, how did their sites acquire these top rankings?

The power of internet links, that’s how. So many people have linked to these sites using one of these terms that the Google algorithm has ranked the sites as number one for them. While this fact conveys an important message to both these folk, it has a broader implication for anyone interested in IT governance and intellectual capital management.

An organization’s brand and brand name are of part of its intellectual property and have a fundamental importance to its long term competitive success. Where an audience’s experience of the brand diverges sharply from the brand’s values, the Internet provides them with a means of telling everyone what they really think. They’ll use it – and once a site has acquired that sort of ranking on the basis of direct links, the only way to delink is to de-commission the URL – and that’s a potentially expensive step, particularly for any organization that uses its URL as part of its identity.

If ever there was a reason for brand integrity, there you have it.