Principle No. 2: Applying a Laser Focus on Operational Efficiency
Email
Print
Principle No. 2: Applying a laser focus on operational efficiency
The second key principle is a laser focus on the operational efficiency of each solution used to implement each of these "high-value" control activities.
1. Innovate: Don't take the easy way out and implement well-established solutions without thoroughly evaluating their effectiveness. Too often, organizations will implement a solution that's well-established as long as it can support the needed control activities and is perceived as low-risk. The operational considerations take a back seat.
2. Emphasize operational considerations: When determining the evaluation criteria for processes and solutions, put operational efficiency near the top of the list. It can be argued that the following three criteria are nearly all that matter:
-Coming close enough to satisfy the control objective: it doesn't have to be perfect.
-An acceptable level of risk: evaluating the risk of impact to application availability and the likelihood that the control will fail.
-Operational efficiency: the ongoing staff requirement to implement the control.
3. Tool consolidation: Additional operational overhead is often a result of the proliferation of security point solutions and data sources. Training and maintenance requirements rise, and the normalization and correlation of data can be very labor-intensive. This fact may be overlooked during the decision to implement individual tools.
