Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, December 07, 2006

Ideas You Can Steal from Six Sigma

Six Sigma’s data-driven, acronym-laden focus on quality improvement might seem like a mismatch if the rest of your company isn’t on the program.  But if you listen to a few well-respected security veterans of Six Sigma talk about its benefits, you might be ready to give some Six Sigma ideas a try.  “Six Sigma is all about measuring process improvement, about taking defects out of a process,” explains Frank Taylor, CSO of General Electric.  As fiscal pressures and consequences of security grow, business leaders are going to demand that we have a way to indicate how effective our programs have been,” Taylor points out.  Once you’ve got that in place, here are a few Six Sigma tenets that stand to deliver the biggest bang for the buck in terms of improving the efficiency and effectiveness of both physical and information security.

With the blessing of top management, security looked at the entire supply chain and made some discoveries that were not apparent to individual managers.

Voice of the Customer (VOC) VOC is the process used to determine the needs of the customer, aimed at improving the customer experience and increasing loyalty.  “Voice of the Customer forces you to leave the ivory tower and reach out and interface with your customers,” explains Greg Avesian, vice president of enterprise IT security at Textron.  Following VOC’s directives to interface directly and frequently with the customer (Avesian meets formally with business unit CIOs every quarter, for example) ensures that security’s focus is on servicing the business units rather than guarding the bits and bytes, he says.

Failure Modes and Effects Analysis (FMEA) The FMEA procedure aims to identify every possible way in which a process or product might fail, rank on a scale of one to 10 those possible failures and probable causes, and prioritize solutions.  “For security, the twist would be to say not just how could a given step fail, but how can we make it fail, how can we force it to fail?”

Posted on 12/07