A recent article in InfoSecurity Professional ("The Challenge of Change"
by Deborah Johnson, January/February 2017) states that a 2013 study shows only 54% of 2,219 corporate participants reported that their efforts at change succeeded – and lasted. Other studies show equally disheartening results. What is an IT security professional to do when trying to manage change?
Sometimes lack of leadership is the issue, sometimes it is a failure to communicate.
As Ron Ashkenas says, "The first step is to make the business case, not the technical case. They must say what are the financial implications, strategic implications, customer implications. What does it mean for the rest of our business? What are our competitors doing?
You've got to make that case, just like any other investment. The CEO needs to look at IT as a strategic investment, not just a nice thing and 'I'll do whatever the IT guy tells me.'"
Ron also stresses that, "Holding all the stakeholders accountable for their part in the project is a necessity for success; through a regular review process to keep everyone on track."
This article includes a case study from Enterprise Integration.
Learn more at InfoSecurity Professional.