Today, Mark Curphey posted about Tenets of Effective BPM. He lays out five high level principles for doing business process management. This is really great stuff. It’s so good, in fact, that I’m going to quote a huge chunk of his post here:

1. Understand and Documenting the Process

Effect: Implement a Structured and Effective Information Security Program

2. Understand Metrics and Objectives

Effect: Understand Success Criteria and Track Effectiveness

3. Model and Automate Process

Effect: Improve Efficiency and Reduce Cost

4. Understand Operations and Implement Controls

Effect: Improve Efficiency and Reduce Cost

Effect: Fast and Accurate Compliance and Audit Data (Visibility)

5. Optimise and Improvement

Effect: Do More With Less

Effect: Reduce Cost

Notice that none of the above is specific to security, but if you apply them you do get security and compliance benefits. Also, you recover cash for use with other projects without having to ask for more cash, which always makes you more popular with the CIO and CFO. Perhaps most importantly, this type of behavior enables you to demonstrate that IT Security is taking on a business oriented focus, which is good for your career and for raising the exposure of InfoSec at the executive level. It’s like the old maxim, dress for the job you want to have; you have to act like the executive you want to be treated as.

Posted on February 28