Monday, May 28, 2007

People -- Assets or Stakeholders?

Someone asked an interesting question today on LinkedIN. It went something like "Does anyone really believe that people are the most important assets for an organization?"

It reminds me that one of the first principles of COBIT is that IT Resources includes "people" (along with "applications", "information" and "infrastructure"). So also other literature and best practice guidance classifies people as an important IT or business assets.
So far, so good. :-)

I find it a bit difficult to agree to people being classified as assets or resources along with infrastructure, applications etc.
In our view of assets, we expect them to add value to the business or work at hand without asking any questions! I mean one doesn't have to seek a "buy-in" from an application to get it to work -- sometimes 24 hours a day without asking for any "return" of any sort. Imagine doing that with any person anywhere.

Just to stretch it a bit more, one needs preventive maintenance on most physical assets to ensure the quality and productivity of the assets. The nearest to this with "people" assets is the training and improvement programs that need to be conducted. In this scenario, the maintenance program acts on the asset which can be termed as a passive recipient. Contrast this with training programs where the best trainer cannot achieve much if the attendees are not receptive and motivated. Without adequate participation by the "human asset", ensuring quality and productivity is not achieved.

IMO, people should not be viewed as "assets" but rather as "stake-holders". Only that view will incorporate the fact that people do things with an objective and expect their efforts to be met with due returns.
Whether the returns are monetary or otherwise and what means there would be to ensure motivation are different stories. Let us at least accept that people are much more than just "assets" or "resources".


Have a good day and thanks for spending some time with me.
Gautam

Thursday, May 10, 2007

Business Acumen for Security professionals

Have you ever had that experience when you keep thinking of something for a long long time ... maybe months sometimes ... and then something totally unrelated points you into the right direction ?

(Yeah I know I sound like Archimedis and Kekule, but no, I haven't made any discoveries yet).

What I was referring to was an excellent excellent article here http://www.microsoft.com/technet/community/columns/secmvp/sv0507.mspx written by Gideon T. Rasmussen.

A lot is said about the need for Information Security to align with business and for professionals to be sensitive to business needs. Gideon comes up with some practical advice on the "how". Read it first-hand at the site.

Gideon is an experienced Information Security professional, one of the leading members of the CISAforum group on Yahoo and has been recently honoured with the Microsoft MVP award. His personal web-site is at http://www.gideonrasmussen.com/

Happy Reading ...