Putting ORM to Work

Executives need a different approach to acquiring and deploying technology toward a common operating picture; and, they need the ability to do that before they purchase and deploy. We seem to be getting closer to that goal.

There are some critical steps needed before a technology is identified, tested within a defined solution, and ultimately deployed:

1. Organizational goals and directives are aligned with security. Security executives are ultimately best leveraged as advisors of risk and resilience directives to their executive peers.

2. Standards must be understood within the context of organizational directives and embedded in organizational workflows. This will provide continuous compliance, data for performance analysis and metrics for improvement.

3. Workflows cite use cases in process design. The main characteristic of a use case is that it demonstrates by example how the process works and what appropriate tools are used to exercise it.

4. Integration of controls. This involves effectively measuring and managing alignment of policy and procedures.

5. Gaps, process improvement and roadmaps. Once the four previous steps are executed, a baseline measurement and gap analysis provides a measurable perspective of risk, business process alignment and value against organizational directives. This will provide a roadmap for improvement that bridges time, cost, risk and value.

When you complete these steps, you can: predict that what is deployed meets the organizational directive; pre-define how to improve the process through the technology acquisition; be better prepared to leverage that success for future improvement.

At ASIS 2012, I saw evidence of this approach, with a continued emphasis on the training of next-generation leaders in Organizational Resilience Management (ORM). General Dynamics Information Technology was at the show for the first time, and they were emphasizing an ORM approach.

We are also seeing the incursion of non-traditional companies into the integration market as well as the existing integrators accelerating their consultative IT skill sets. As are result we are hearing the term “architecture” more than ever.

And finally, we are seeing a proof point for placing the embedded, standards-based workflows on top of a COTS collaboration platform that already is present — albeit underleveraged — in most organizations.


Ronald Worman is the founder and managing director of The Sage Group.