Mastodawn

Sten Eikrem Sep 20, 2023

"Any organisation that designs a system... is constrained to produce a design whose structure is a copy of the organisation's communication structure."
Melvin Conway, 1968

#OrganisationalChange #OrganisationalDevelopment #BusinessValue #Analytics #TrueCustomers

GitHub - gchq/BoilingFrogs: GCHQ's internal Boiling Frogs research paper on software development and organisational change in the face of disruption #boilingfrogs

Show thread

Sten Eikrem May 7, 2023

@PartHaircut A framework is a good start, however it’s important to select metrics that makes most sense from your situation, company and area. Which topics and what areas would you and your stakeholders to focus on?
For a particular stakeholder group we selected these metrics (picture) that we wanted to improve on. We measure these on device and business site level and then follow up the score with individual business sites as well as per business areas. And it has become a roaring success. Sites are competing to be better as well as between businesses areas. Technically most of the score data is collected automatically from operational tools (#malwareProtection, #Patching, #Backup, #Firewalls etc) #ServiceNow #grc module making reporting and follow up more effective. The score component and composition is a subject to change when situation improves over time, making sure we measure what is important and relevant for us over time.

Sten Eikrem Jan 25, 2023

Jason Haddix Jan 25, 2023

RT @Jhaddix
🧵A hackers guide to FINDING cybersecurity jobs🧵

Many people know of the normal ways to look for jobs like LinkedIn & Indeed... but we're hackers!

Today I'm going to share with you my top places/tips for finding your next gig.

🚨Retweet, follow, & like for more! 🚨

Sten Eikrem Nov 22, 2022

Recommended video by youtuber #Perun trying to explain the organisational phenomenon #враньё #Vranyo and how that may have contributed to the #Russian #military #failures in #Ukraine. #slavaUkraini From my understanding the closest thing we have in the western world is #organisational or #workplace #bullshit. #strategy #humanbehaviour #war #organisation #organisationalculture #culture #OrganisationalBehaviour https://youtu.be/Fz59GWeTIik Source: Confronting indifference toward truth: Dealing with workplace bullshit, by lan P. McCarthy, David Hannah, Leyland F. Pitt and Jane M. McCarthy in Business Horizons, 2020

Sten Eikrem Nov 22, 2022

Interesting take on #Risk #Ownership.

https://normanmarks.wordpress.com/2021/10/15/who-owns-and-is-responsible-for-a-risk/

Is risk ownership clearly defined in your organisation?

#RiskManagement #Cybersecurity #Governance #Management #ISACA #cRISK

No, not really

Well... Sorta, individual X is responsible (CISO, Information Security Manager, Risk Manager etc)

33.3%

Yes, Risk Ownership follows Resource Ownership

66.7%

Of Course, we follow the model in this article!

We follow best practices as stated in ISACA cRISK

Poll ended at Nov 29, 2022 at 4:13pm.

Who owns and is responsible for a risk?

Norman Marks on Governance, Risk Management, and Audit

Sten Eikrem Nov 19, 2022

@malanalysis #bestpractices is for me the same as orgs doing #compliance based approach instead of #risk based, cos its just seen as too “difficult” to do the latter.

#bestpractices have value if the stakeholders have the skills, competence, visibility and understanding how they best can be utilised in their organisation, in their setting as a mean to drive meaningful improvement work.

Just touting the phrase don’t add any value at all and actually be harmful!For me its been an indication the the persons don’t really know what they’re talking about. My favourite way to clarify if they really know is to ask them to clarify and demonstrate what that would look like in our orgs setting or contexts.

Unfortunately the phrase is frequently used by management in my experience.

Sten Eikrem Nov 13, 2022