In part 2 of this series, I talked about getting to know the “language” of your particular business. This week, I want to talk about how to leverage Enterprise Architects, if they are available. According to Wikipedia,
The role of the enterprise architect [builds a holistic view of the organization’s strategy, processes, information, and information technology assets and takes] this knowledge and ensures that the business and IT are in alignment. The enterprise architect links the business mission, strategy, and processes of an organization to its IT strategy, and documents this using multiple architectural models or views that show how the current and future needs of an organization will be met in an efficient, sustainable, agile, and adaptable manner.
Doesn’t that seem like the perfect person to help you connect the tactical aspects of information security to something that is strategically relevant to the business?
These individuals are compelled by their role to understand how everything fits together to make the business “go” and you can tap into their unique perspective to help map your work back to key capabilities, goals, and obstacles faced by the business.
One other benefit of this interaction, at least from my experience, is that you can often identify areas of your own work in which you are over-investing. If the Enterprise Architect can’t find relevance in some of your activities, and you can’t justify why you’re doing it in business terms, then it is a great candidate for something that should be on the chopping block. After all, window dressing in the Information Security realm is a big waste of time.
If you don’t have an official Enterprise Architect role, you may be able to identify the person who is filling that role. Typically, you will know them because:
- They are the “go to” people for how systems, processes, technologies, and business strategies work together.
- They have been with the company for a while, and know how everything works together.
- They are the people that executives seek out when something bad hits the fan.
- They regularly work with the business and IT on problems and solutions
- They are involved in most, if not all, strategic projects and seen as someone whose advice holds a lot of weight.
If you can identify such a person in your company, engage with them and solicit their help in communicating the value of your security activities.
Next week, I’ll talk about a surprising ally in this battle. Stay tuned. And, as always, if you have your own tips to contribute, please leave a comment below.