Each congruence relation is important in forming organizational diagnoses that help us understand the current state of security in the enterprise, and the causes of the vulnerabilities. Analyzing these relations tends to define the political map and how the players tend to navigate it. It helps identify organizational behaviors that are helpful, neutral or detrimental to the security architecture initiative.
Analyzing the following three alignments using an appropriate "congruence questionnaire" is crucial to determining the security posture of the enterprise.
The Task and People Congruence Relation:
- Do people have the required competencies to perform the critical tasks that ensure safety of data and process?
- To what extent do the skills, abilities and motives of today’s human resources fit with security planning, architecture formulation and implementation requirements?
The Task and Formal Organization Relation:
- Do the formal linking mechanisms between units facilitate security task integration, security team building and agility from a product delivery perspective?
- Is there a company wide vision for security and a strategy for addressing regulations, audit and security breaches?
The Task and Culture Relation:
- Does the existing culture energize the accomplishment of critical tasks?
- Does the informal communication network and informal distribution of power help get the work done?
- Is there a reluctance to take action? Is there reliance on being told what to do? Identification goals: culture-task inconsistencies that drag performance down and inhibit consensus on security goals.
Next month, I will be attending IBM Pulse 2013 in Las Vegas, the industry-leading conference on Security Intelligence. Prolifics will exhibit in the solution showcase and host a number of sessions throughout the conference. To learn more about Prolifics' presence at IBM Pulse, visit: www.prolifics.com/pulse-2013.htm. If you would like to connect with me before the conference, please click here.
Javed Shah is a Practice Director for Security at Prolifics with more than 12 years experience in identity and access management architectures. He has broad exposure developing identity and access management solutions, and system software components that deliver reliable data security, web enablement and user lifecycle management services to customers. Before joining Prolifics, Javed founded and ran a professional services company in India for 6 years. Spanning over a decade, Javed has led identity management projects to successful exits at Nestle, University of California San Francisco, Kaiser Permanente, ABM Industries, BRE Properties, UPS, Tampa General Hospital and E*TRADE Bank. He was also the leader of the ITIM Level 3 defect resolution and analysis team in India where he was responsible for handling all customer defects for North America and Asia. Javed holds a Bachelor’s degree in Computer Science, a Certificate in Implementing and Managing an Enterprise Architecture using the Zachman Framework and the CISSP certification. He is also currently pursuing an MBA from the Haas School of Business, University of California Berkeley.