http://www.ourownlittlecorner.com/2009/09/20/some-thoughts-about-organization-structure/ Commentary on social networking, technology, movies, society, and random musings Fri, 27 Aug 2010 09:32:15 +0000 hourly 1 http://wordpress.org/?v=3.0.1 http://www.ourownlittlecorner.com/2009/09/20/some-thoughts-about-organization-structure/comment-page-1/#comment-7 Dennis Filler Mon, 21 Sep 2009 11:47:46 +0000 http://www.ourownlittlecorner.com/?p=77#comment-7 As CIO for the FAA Air Traffic Operation, this was a major issue and still is today. Security in my opinion, should report to the CIO. The CIO should be at the board level as was your position and the FAA position (but not the ATO structure). Security - strategy (policy) and operations (implementation) are and must be linked. When security is separate from the operation , the tendency is to put security on such a pedestal that one forgets that secure operations is the organizational goal. Security and operations is a balance game. Operational expediency and security are always at odds. I found that making operations and security have the same (ie- shared goals) I achieved a better result. Many times security was advising to shut the system or parts of it down; operations' goal was to keep as much of it working despite the security threat. When focused together - they collaboratively worked on strategies that reduced the impact of the threat and optimized the secure availability of the organization. Together, operations and security worked to formulate policy - ie strategy that cold be implemented on a day to day basis without detracting form the overall CIO objectives. Finance is not he place to ever put your IT elements - unless the IT is your business as it will take a back seat to a myriad of other issues. When everything becomes a dollars and cents discussion, portals, OS considerations, Blackberries and the like would never be implemented until they are passe technologies because determining the future value and operational impacts are too much an art rather than a simple mathematical formula. As CIO for the FAA Air Traffic Operation, this was a major issue and still is today. Security in my opinion, should report to the CIO. The CIO should be at the board level as was your position and the FAA position (but not the ATO structure). Security – strategy (policy) and operations (implementation) are and must be linked. When security is separate from the operation , the tendency is to put security on such a pedestal that one forgets that secure operations is the organizational goal. Security and operations is a balance game. Operational expediency and security are always at odds. I found that making operations and security have the same (ie- shared goals) I achieved a better result. Many times security was advising to shut the system or parts of it down; operations’ goal was to keep as much of it working despite the security threat. When focused together – they collaboratively worked on strategies that reduced the impact of the threat and optimized the secure availability of the organization. Together, operations and security worked to formulate policy – ie strategy that cold be implemented on a day to day basis without detracting form the overall CIO objectives. Finance is not he place to ever put your IT elements – unless the IT is your business as it will take a back seat to a myriad of other issues. When everything becomes a dollars and cents discussion, portals, OS considerations, Blackberries and the like would never be implemented until they are passe technologies because determining the future value and operational impacts are too much an art rather than a simple mathematical formula.

]]>