How to Build an HR Analytics Center of ExcellenceAPEX Global
Using analytics to turn data into insights regularly provides strategic advantage to all areas of organizations, from marketing to supply chain management and finance.
The formation of an HR Analytics Center of Excellence can enable firms to derive strategic insights from workforce data and justify the investments made in HR programs and technology.
Nulearn provides an Opportunity to get Hr analytics certification from IIM Rohtak under India's Top faculties. Get Industry interactions, end term projects and more.
Praxophy at Palisade Regional Risk Conference in DCPraXophy
Robert Pirsig, author of Zen and the Art of Motorcycle Maintenance, said "The place to improve the world is first in one's own heart and head and hands, and then work outward from there.” When a small non-profit in Northern Virginia found itself in an existential crisis, the Strategic Planning Team turned to the practitioner of a novel decision-making approach that is value-focused (as opposed to alternative-focused) and data-fueled (as opposed to data-driven). The author will describe how he helped this non-profit organization on the verge of collapse to educate and engage its diverse stakeholders and emerge from the crisis better than before. Tools gleaned from disciplines as diverse Systems Thinking (Checkland), Value-Focused Thinking (Keeney) Lean Six Sigma (George) and Multi-Objective Decision Analysis (Raiffa) are used to help any organization put its values first, then seek to understand its options before taking action: Heart, head, and hands.
How to Build an HR Analytics Center of ExcellenceAPEX Global
Using analytics to turn data into insights regularly provides strategic advantage to all areas of organizations, from marketing to supply chain management and finance.
The formation of an HR Analytics Center of Excellence can enable firms to derive strategic insights from workforce data and justify the investments made in HR programs and technology.
Nulearn provides an Opportunity to get Hr analytics certification from IIM Rohtak under India's Top faculties. Get Industry interactions, end term projects and more.
Praxophy at Palisade Regional Risk Conference in DCPraXophy
Robert Pirsig, author of Zen and the Art of Motorcycle Maintenance, said "The place to improve the world is first in one's own heart and head and hands, and then work outward from there.” When a small non-profit in Northern Virginia found itself in an existential crisis, the Strategic Planning Team turned to the practitioner of a novel decision-making approach that is value-focused (as opposed to alternative-focused) and data-fueled (as opposed to data-driven). The author will describe how he helped this non-profit organization on the verge of collapse to educate and engage its diverse stakeholders and emerge from the crisis better than before. Tools gleaned from disciplines as diverse Systems Thinking (Checkland), Value-Focused Thinking (Keeney) Lean Six Sigma (George) and Multi-Objective Decision Analysis (Raiffa) are used to help any organization put its values first, then seek to understand its options before taking action: Heart, head, and hands.
This presentation was part of the talk delivered by T Ashok Founder & CEO STAG Software at the HSTC 2013: "Think Testing" Conference on Nov 21 & 22 at Hyderabad.
Business Analytics to solve your Business ProblemsVishal Pawar
Business Analytics Solution in 12 Steps
What is Business Analytics ?
Why we need it ?
Identify your Focus Area and Target Applications
Importance of Business Analytics with different Roles
Confirming your Business Goal with value of Business Analytics
Differentiating Business Analysis , Analyst & Intelligence
What world is doing for Business Analytics Problems
Segregate solution with Data Discovery , Analytics & Science
Gathering information with All Available Data Source
Developing Business Analytics Framework & Components
Developing Visualization with Best User Experience
Improvising Maturity Level of Business Analytics
Get Connected with Expert Team , Who know technology !
04052011 On September 21, 2010, the DFW HR Roundtable, hosted by Pearson Partners International, discussed brain health, and fundamental strategies and brain training to enhance individual and corporate productivity. The featured speaker was Shelly Richardson, University of Texas at Dallas Center for Brain Health.
What to consider when preparing the business case for HR Analytics?Hendrik Feddersen
Several converging issues are driving the need to rewrite the rules: Technology is advancing at an unprecedented rate. Individuals are relatively quick to adapt to ongoing innovations, but organizations move at a much slower pace. Initiating the HR Analytics journey can be challenging, as measurable outcomes and impact are initially limited within many organisations.
Partner Activ8 are leaders in harnessing the value hidden in people data using a sophisticated database and analytics in the cloud.
Synapse captures the people data found in operational systems such as Resource Management and Capacity Planning.
Combining these two types of leads to very powerful new insights:
• Are my best people working on the highest value/risk projects in my portfolio?
• Which of these resources are most likely to leave in the next 6 months?
• How is the absence rate correlated to current Portfolios, Programmes, Projects and Managers?
• What will be the predicted financial impact of this in these Portfolios in the next 12 months?
Synapse is able to direct a ‘stream’ of new operational data into the Activ8 system and provide these and many more answers.
The Softer Skills that analysts need (beyond Data Visualisation)Paul Laughlin
A talk I gave at #DataVizLive online event in Nov 2020. Introducing the Laughlin Consultancy 9-step model for Softer Skills needed by Analysts & previewing some of those steps (beyond data visualisation & storytelling skills).
It is increasingly difficult for leaders to earn respect, trust and loyalty if they do not bring results. The focus has to return to good management, results and responsibility. Evidence-based HR provides HR with the means to build credibility & capability.
The purpose of this presentation is providing an overview of the main approaches in using big data: data focus vs. business analytics focus. The following topics will be covered:
- Why getting data should not be a starting point in business analytics, and why more data not always result in more accurate predictions
- The simulation analytics methodology in comparison to machine learning and data science approach
- Examples of two business cases:
(i) Healthcare: Pediatric Triage in a Severe Pandemic-Maximizing Population Survival by Establishing Admission Thresholds
(ii) Banking & Finance: Analysis of the staffing and utilization of a team of mutual fund analysts for timely producing ‘buy-sell’ reports
Introduction to Business Analytics Part 1 published by BeamSync.
BeamSync is providing business analytics training course in Bangalore. If you are looking for analytics training then visit BeamSync. Regular classes are running during the weekend.
For details visit: http://beamsync.com/business-analytics-training-bangalore/
Building Stronger HR Partnerships Through Talent AnalyticsHuman Capital Media
Big data, we’ve heard the phrase for quite some time, but how can human resources leaders get in on the action? One way is through the development and implementation of talent analytics strategies. Talent analytics is fundamentally changing the way organizations – and practitioners – are thinking about the role of HR in organizations, uncovering never before seen insight. During this spotlight webinar, Alexis Fink, director of talent intelligence and analytics at Intel, will share insights on the evolution of talent analytics and offer practical tips for doing talent analytics well in organizations. She will also discuss some of the key questions talent analytics can answer, the methods you can use to answer them and the key capabilities needed to do the work.
During this webinar, attendees will hear:
How talent analytics has the ability to transform the decision-making process within an organization.
New methods of data collection, analysis and display – and the new questions we can answer with them.
Cautions to consider when developing and implementing talent analytics within your organization.
Predictive project analytics: Will your project be successful?Deloitte Canada
We may not often ask ourselves whether our project will succeed for fear of the answer. But 63 percent of projects either fail or struggle to meet their budget or completion objectives. The more complex the project, the more likely it is to fail. A recent, high-profile example of this was the roll-out of the U.S. government’s healthcare.gov program. While the government acted quickly to fix major problems with the website, the glitch led many Americans to delay their decision to join the program and turned many others off altogether. Several factors contributed to the website’s failure, including incorrectly forecasting the performance requirements, not giving sufficient time for appropriate testing and underestimating the complexity of the project. The same shortcomings doom other projects, too.
To avoid making similar mistakes, leading organizations need to identify in advance which projects are more likely to end badly and how to give them the best shot at success. Predictive project analytics, or PPA, is a new approach that leverages advanced analytics to evaluate a given project’s likelihood of success. Read how it works and how it can help your organization.
Knowledge as an asset has not lost momentum, in fact organizations still need proper KM tools and methods in order to reduce the risk of knowledge loss, improve collaboration, standardize best practices and so on. Problem begins when we try to solve this issues with a KM vision that was meant for a 90s-type business and not for today’s exponential organizations
This presentation showcases a proven method for KM for modern organizations developed by Wakiy, a knowledge management consultancy firm based in Lima, Perú.
The Softer Skills Analysts need to make an impactPaul Laughlin
25 min presentation given at London Business School, to the OR Society's Analytics Network. Summarising Laughlin Consultancy's 9 step model of Softer Skills for Analysts.
This presentation was part of the talk delivered by T Ashok Founder & CEO STAG Software at the HSTC 2013: "Think Testing" Conference on Nov 21 & 22 at Hyderabad.
Business Analytics to solve your Business ProblemsVishal Pawar
Business Analytics Solution in 12 Steps
What is Business Analytics ?
Why we need it ?
Identify your Focus Area and Target Applications
Importance of Business Analytics with different Roles
Confirming your Business Goal with value of Business Analytics
Differentiating Business Analysis , Analyst & Intelligence
What world is doing for Business Analytics Problems
Segregate solution with Data Discovery , Analytics & Science
Gathering information with All Available Data Source
Developing Business Analytics Framework & Components
Developing Visualization with Best User Experience
Improvising Maturity Level of Business Analytics
Get Connected with Expert Team , Who know technology !
04052011 On September 21, 2010, the DFW HR Roundtable, hosted by Pearson Partners International, discussed brain health, and fundamental strategies and brain training to enhance individual and corporate productivity. The featured speaker was Shelly Richardson, University of Texas at Dallas Center for Brain Health.
What to consider when preparing the business case for HR Analytics?Hendrik Feddersen
Several converging issues are driving the need to rewrite the rules: Technology is advancing at an unprecedented rate. Individuals are relatively quick to adapt to ongoing innovations, but organizations move at a much slower pace. Initiating the HR Analytics journey can be challenging, as measurable outcomes and impact are initially limited within many organisations.
Partner Activ8 are leaders in harnessing the value hidden in people data using a sophisticated database and analytics in the cloud.
Synapse captures the people data found in operational systems such as Resource Management and Capacity Planning.
Combining these two types of leads to very powerful new insights:
• Are my best people working on the highest value/risk projects in my portfolio?
• Which of these resources are most likely to leave in the next 6 months?
• How is the absence rate correlated to current Portfolios, Programmes, Projects and Managers?
• What will be the predicted financial impact of this in these Portfolios in the next 12 months?
Synapse is able to direct a ‘stream’ of new operational data into the Activ8 system and provide these and many more answers.
The Softer Skills that analysts need (beyond Data Visualisation)Paul Laughlin
A talk I gave at #DataVizLive online event in Nov 2020. Introducing the Laughlin Consultancy 9-step model for Softer Skills needed by Analysts & previewing some of those steps (beyond data visualisation & storytelling skills).
It is increasingly difficult for leaders to earn respect, trust and loyalty if they do not bring results. The focus has to return to good management, results and responsibility. Evidence-based HR provides HR with the means to build credibility & capability.
The purpose of this presentation is providing an overview of the main approaches in using big data: data focus vs. business analytics focus. The following topics will be covered:
- Why getting data should not be a starting point in business analytics, and why more data not always result in more accurate predictions
- The simulation analytics methodology in comparison to machine learning and data science approach
- Examples of two business cases:
(i) Healthcare: Pediatric Triage in a Severe Pandemic-Maximizing Population Survival by Establishing Admission Thresholds
(ii) Banking & Finance: Analysis of the staffing and utilization of a team of mutual fund analysts for timely producing ‘buy-sell’ reports
Introduction to Business Analytics Part 1 published by BeamSync.
BeamSync is providing business analytics training course in Bangalore. If you are looking for analytics training then visit BeamSync. Regular classes are running during the weekend.
For details visit: http://beamsync.com/business-analytics-training-bangalore/
Building Stronger HR Partnerships Through Talent AnalyticsHuman Capital Media
Big data, we’ve heard the phrase for quite some time, but how can human resources leaders get in on the action? One way is through the development and implementation of talent analytics strategies. Talent analytics is fundamentally changing the way organizations – and practitioners – are thinking about the role of HR in organizations, uncovering never before seen insight. During this spotlight webinar, Alexis Fink, director of talent intelligence and analytics at Intel, will share insights on the evolution of talent analytics and offer practical tips for doing talent analytics well in organizations. She will also discuss some of the key questions talent analytics can answer, the methods you can use to answer them and the key capabilities needed to do the work.
During this webinar, attendees will hear:
How talent analytics has the ability to transform the decision-making process within an organization.
New methods of data collection, analysis and display – and the new questions we can answer with them.
Cautions to consider when developing and implementing talent analytics within your organization.
Predictive project analytics: Will your project be successful?Deloitte Canada
We may not often ask ourselves whether our project will succeed for fear of the answer. But 63 percent of projects either fail or struggle to meet their budget or completion objectives. The more complex the project, the more likely it is to fail. A recent, high-profile example of this was the roll-out of the U.S. government’s healthcare.gov program. While the government acted quickly to fix major problems with the website, the glitch led many Americans to delay their decision to join the program and turned many others off altogether. Several factors contributed to the website’s failure, including incorrectly forecasting the performance requirements, not giving sufficient time for appropriate testing and underestimating the complexity of the project. The same shortcomings doom other projects, too.
To avoid making similar mistakes, leading organizations need to identify in advance which projects are more likely to end badly and how to give them the best shot at success. Predictive project analytics, or PPA, is a new approach that leverages advanced analytics to evaluate a given project’s likelihood of success. Read how it works and how it can help your organization.
Knowledge as an asset has not lost momentum, in fact organizations still need proper KM tools and methods in order to reduce the risk of knowledge loss, improve collaboration, standardize best practices and so on. Problem begins when we try to solve this issues with a KM vision that was meant for a 90s-type business and not for today’s exponential organizations
This presentation showcases a proven method for KM for modern organizations developed by Wakiy, a knowledge management consultancy firm based in Lima, Perú.
The Softer Skills Analysts need to make an impactPaul Laughlin
25 min presentation given at London Business School, to the OR Society's Analytics Network. Summarising Laughlin Consultancy's 9 step model of Softer Skills for Analysts.
How to sustain analytics capabilities in an organizationSAS Canada
This presentation is part of Analytics Management Series that is designed to suggest paths towards effective decision-making in order to help sustain and grow analytical capabilities. It features thought leaders who actively manage complex analytical environments who share their best practices. How to sustain analytics capabilities in an organization features Daymond Ling, Senior Director, Modelling & Analytics (CIBC) on how organizations who want better performance and less problems can use data to their advantage.
Only 20% of innovation management suitable for digitalization. Find out what key success factors drive those disciplines and what tools are possible options.
The case dives deeper into digital idea management (the tool shown live is viima) and InnoSurvey, a 360 degree innovation assessment built on proven metrics.
Slides are from a lecture on Digital Industry (Certificate of Advanced Studies at FHNW).
The lecture is min. 1 hr plus practical parts provided as preparation or exercises. Get German language support and more material here: https://www.sensaco.com/digital-innovation-management/
These slides were presented by Pauline Chow, Lead Instructor in Data Science & Analytics, General Assembly for her talk at Data Science Pop Up LA in September 14, 2016.
Planning your analytics journey - webinar slidesSprout Labs
In this webinar you’ll learn how to plan and implement sophisticated learning analytics in your learning programs.
As our workplaces are becoming more data-driven, Learning & Development has new opportunities for measuring learning and the impact of your learning programs. You don’t need to become a data scientist to take advantage of these opportunities.
You’ll learn:
- What are data-driven approaches to learning
- Useful statistics and visualisation techniques for L&D
- The link between learning analytics and xAPI
- Test-driven approaches to learning analytics
- Emerging approaches using artificial intelligence and machine learning
- How to plan a successful learning analytics project
Is your go-to business analysis approach centered around completing a standard organisational template? Do you spend your time filling in document sections with little guidance on how to get the information needed? Are you stuck in the cycle of completing the same deliverable, top-to-bottom, each, and every, single, time?
That’s the trouble with templates, they dumb business analysis down – “if your only tool is a hammer then every problem looks like a nail” - and keep the perceived value of the role rooted in the stereotype of scribe, documenter, and translator.
Isn’t it time you owned the template, rather than letting the template own you? This workshop will shift you away from template-driven documentation by taking you on a journey of discovery into the world of technique-driven analysis.
You’ll cover:
Resetting what it means to be successful as a business analyst
An agnostic business analysis process model for meaningful work
Core tools and techniques that mobilise your influence and impact
Surefire ways to grow business analysis knowledge, skills, and abilities
Whether you are just starting out in your first business analyst role or have been in the profession for some time (or even longer!), this session will give you expert guidance to avoid the pitfalls of templates and build your business analyst career the smarter way.
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
Sustainability has become an increasingly critical topic as the world recognizes the need to protect our planet and its resources for future generations. Sustainability means meeting our current needs without compromising the ability of future generations to meet theirs. It involves long-term planning and consideration of the consequences of our actions. The goal is to create strategies that ensure the long-term viability of People, Planet, and Profit.
Leading companies such as Nike, Toyota, and Siemens are prioritizing sustainable innovation in their business models, setting an example for others to follow. In this Sustainability training presentation, you will learn key concepts, principles, and practices of sustainability applicable across industries. This training aims to create awareness and educate employees, senior executives, consultants, and other key stakeholders, including investors, policymakers, and supply chain partners, on the importance and implementation of sustainability.
LEARNING OBJECTIVES
1. Develop a comprehensive understanding of the fundamental principles and concepts that form the foundation of sustainability within corporate environments.
2. Explore the sustainability implementation model, focusing on effective measures and reporting strategies to track and communicate sustainability efforts.
3. Identify and define best practices and critical success factors essential for achieving sustainability goals within organizations.
CONTENTS
1. Introduction and Key Concepts of Sustainability
2. Principles and Practices of Sustainability
3. Measures and Reporting in Sustainability
4. Sustainability Implementation & Best Practices
To download the complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
Premium MEAN Stack Development Solutions for Modern BusinessesSynapseIndia
Stay ahead of the curve with our premium MEAN Stack Development Solutions. Our expert developers utilize MongoDB, Express.js, AngularJS, and Node.js to create modern and responsive web applications. Trust us for cutting-edge solutions that drive your business growth and success.
Know more: https://www.synapseindia.com/technology/mean-stack-development-company.html
2. Disclaimer
This presentation and the concepts herein are my
opinions through private research, practice and
chatting with other professionals.
It is not the opinion of past, present or future
employers.
Now lets have fun…..
3. Agenda
Overview – The current state of affairs…
Psychology – The mindset for getting it
done right…
Diversification – It really does take a
village…
Theorems – Thought middleware for
getting it done…
Toolkit – How to harness security in the
enterprise…
5. How Did We Get Here?
When in Rome…Treating Information
Security as a ‘specialty’ rather than a
business investment
Cart before the horse syndrome…ROI for
antivirus, firewalls and other technologies is
proactive rather an reactive
Introducing Chicken Little….too much FUD
vs. not enough tangible business data
Forgetting the K.I.S.S principle….lack of
judicious countermeasures and controls
has created complexity
6. Tactical Overdose
Information Security has relied on a more
tactical approach to gain traction
The tactical side of Information Security is
fairly mature due to the reactive nature of
dealing with intruders and malware
Information Security is no longer ‘siloed’
part of the business and requires alignment
to organizational objectives
7. Mistakes We’ve Made
Forgetting support of dynamic
environments.
Applying linear thinking to largely
associative practices.
Becoming myopic and forgetting business
drives strategy.
Not evolving with the business.
8. The Flaw in Strategic Plans
Strategic plans are not easily consumable,
scalable or sustainable
Answers the questions without appropriate
stakeholder buy-in
Doesn’t provide upfront negotiation of
priorities
Does not answer “What is Information
Security?”
9. Strategic Planning Models
Followed by
companies
who are
extremely
small, busy,
and have
not done
much
strategic
planning
before.
This model
requires
continual
reference to
common
values,
discussing
these values,
and shared
reflection of
the process.
Used to
ensure that
what the
organization
does is
aligned with
its mission
statement. It
is useful in
fine-tuning
strategies or
exploring why
strategies are
not working.
This model is
a combination
of the Basic
model and
more
comprehensiv
e planning
such as
setting a
budget or
executing a
SWOT
assessment.
Used to
identify
different future
organizational
scenarios
(including best
case, worst
case, and
reasonable
case) which
might arise.
Used to evoke
strategic
thinking
Basic Issue Alignment
Self
OrganizingScenario
10. Multidimensional Challenges
Programs/Activities
Vision - Mission -Values
Objective -
Strategies/Targets -
Goals
Width
Depth
Length
Compliance issues
Human issues
Technology issues
Cross department business
integration
11. Lack of Authoritative Artifacts
Documentation which…
◦ sets the direction
◦ the business validates its decisions
◦ the business executes against
◦ the business captures resource
requirements
◦ the business verifies the activities
necessary to support a solution
12. Tortuous Taxonomy
Not setting the floor around business
definitions.
Setting the ceiling around business
definitions.
14. Which has more value?
*-centric diversification
With the sense of
‘having a (specified)
center’
Spread (investment)
over several
enterprises or
products, especially
to reduce the risk of
loss
15. Security is a practice within the
business/not the business
Information Security Portfolio Enterprise Portfolio
IAPP
ISACA
ISC2
ISF
ISO
NIST
OWASP
SANS
Business Process Modeling
Economics
Enterprise Architecture
Information Design
Investing
16. How to apply as middleware
Business Process Modeling – it translates
what you have to offer in terms and
techniques used by the business.
Economics – translates the production,
distribution, and consumption of goods and
services you offer.
Enterprise Architecture – aligns IT initiatives
to business needs.
Information Design – a communication tool
that takes the complex and makes it
consumable.
Investing – ties solutions to value
17. Challenge
Are you an associative thinker or a
didactic thinker?
Research both terms to understand how
you process information. It will help you
understand how to diversify your
knowledge base
19. Observations
Its as much how you think, how you
interpret the information and how its used.
Individualistic derivations of information do
not compliment enterprise environments.
Aggregate derivations results in ‘real’ multi-
data sets with a 360 degree rendering of an
organization.
20. Aggregation of Thought
Scientific Focus Design Focus
Theory
Philosophy
Practice
Associative
Linear (Didactic)
Cyclical (Iterative)
21. Teaser
Which term is better suited to denote
repetitious patterns in information
security and why?
Cyclical or Iterative
29. K.I.S.S.
Adopt traditional business methods
◦ Business modeling vs. information warfare
Start with basic planning
◦ Business logic modeling
Identify and involve major
stakeholders at the beginning
Find your logic model
◦ Logic models make your strategy easy to
consume and present.
32. Additional Elements for Modeling
Review strategic models
◦ At least three of the five models are used
Logic models
◦ Theory of Change – used to set strategic
direction over a long period of time and identify
issues
◦ Result Chain – provide a mid-level roadmap of
intentions, activities, and end state results
Software Development Methods
◦ Spirial
◦ Agile
◦ Waterfall
34. Logic Model Overview
Outlines how program is supposed to work
to achieve intended changes and outcomes
A simple method for engaging stakeholders
Facilitates thinking, planning,
communication and shared understanding
about targets and intended outcomes
37. Your Strategy and Roadmap
Using the taxonomy the organization has
developed, write a strategic narrative based
on the results chain.
Using a Raci/Rasci model, map resources,
activities, responsibilities etc.
Using information design, develop a
strategic roadmap which shows each
infosec project using the business projects
as a backdrop facilitated via OMI.
Your strategy and roadmap are artifacts use
your authoritative documentation taxonomy
to select the most informational elements.
39. Tips to Success
Set the floor of communication by
establishing a common taxonomy.
Set the floor for artifacts by establishing
authoritative documentation.
Set the floor for planning by establishing
Business Process Modeling as the
framework for driving strategy.
Set the floor for innovation by encouraging
and supporting diversification of knowledge
for yourself and your staff.
Aggregation not individualism is key to
enterprise sustainability.
40. Stimulating Innovation
What – using discovery to identify
strengths, opportunities, customers,
partners
When – During business process modeling
and strategy development.
How – XPLANE discovery cards
41. Xplane Discovery Cards
Can be used for self, 1:1 or in a small group
Review the situation cards and action cards
Identify the Hits and Misses
Identify what actions you need to take
End result is developing a game plan that
aligns with everyone’s thinking
42. Recommended Reading
The New School of Information Security
Business Model Generation
The Information Design Handbook
Enterprise Security Architecture
Logic Model Development Guide
◦ http://www.wkkf.org/Pubs/Tools/Evaluation/Pub3
669.pdf
Enterprise Architecture
◦ http://www.opengroup.org/togaf/
43. Credits & References
General Personal Influencers
Business Model Design:
http://business-model-
design.blogspot.com/
Business Model Generation
www.dictionary.com
Information Security: A Strategic
Approach
ISACA: www.isaca.org
Logic Model Development Guide:
http://www.wkkf.org/Pubs/Tools/E
valuation/Pub3669.pdf
Oxford Dictionary
Wikipedia: www.wikipedia.com
Xplane: www.xplane.com
Alex Osterwalder
Carolyn Trapp
Deanna Locke
Ernie Hayden
John Clouse
Kirk Bailey
Myles Conley
Mom & Family
Stewart Stremel
44. Copyright Information
Some works in this presentation have been
licensed under the Creative Common
license (CC). Please respect the license
when using the concepts or adapting them.
For more information please go here:
www.creativecommons.org
This is what we are covering today. I would like this to be as interactive as possible. If you have a question, please feel free to ask. If you have your own ideas, please share as this is a learning opportunity for everyone in the room.
Why is information security hard to sell to the business? There are many reasons, however in talking with my peers and non-information security professionals they seem to agree on these.
Many information security professionals continue to rely on a tactical approach to selling information security. When we are not beating management over the head with the latest malware outbreak, then we are pushing compliance.
Management is interested in what information security can do for the business.
Here are some of the mistakes we’ve made. Would anyone care to share the mistakes they’ve made in building programs?
What is associative thinking? The mental process of making associations between a given subject and all pertinent present factors without drawing on past experience. Free association. Associative thinking enables you to see possibilities where some may think there aren’t any. Linear thinking, the step-by-step gets you there but should not lead.
Businesses are dynamic. When they change, we need to change. Holding on to long forgotten ideals will not help your organization.
In the past 4-5 years strategic planning has become all the rage. Ask someone for their strategic plan and get a nice long narrative with maybe a couple of charts associated with cost. Once someone maybe reads it, is it ever references again? Is the best method of driving strategy compiling all strategy in one documents? Is strategic planning a destination or journey?
There are five types of strategic plans. Which one would you chose to use for your organization? Typically you’ll the need to use at least 2 of the 5. More than likely you’ll need to blend all of them to develop a well crafted strategy. How can you do so without overloading your audience?
In the previous slide, I asked if strategic planning is a destination or journey…when applied in the manner illustrated it’s a destination which might be ok. However for an enterprise mindset, we need to make strategic planning a journey.
Then there is information security. It’s a broad discipline which requires support from non-infosec professionals in order to succeed.
How many people have what is considered authoritative documentation in their organization? Authoritative documentation can support audits, business continuity, disaster recovery etc. It’s the policies, procedures, standards, business plans of your organization. We make them artificates because it infers historical references. We expect ourselves and the business to go back to these documents as a point of reference in understand decisions and direction.
As an exercise ask people in your organization what a procedure is. Then ask them what a policy is. If you cannot agree on terminology, don’t expect to agree on what it’ll take to make an enterprise strategic plan. Developing a simple taxonomy as part of your business plan (which in itself is a strategy) can facilitate communication when plans are discussed and developed.
Setting the floor is to establish your baseline. It means you are working from an expected point. Setting the ceiling is establishing a baseline that provides no room for inference or adaptability and or extensibility.
To set the floor of your taxonomy, use terms that are industry standard that can be built upon. This becomes especially important if your organization is global or international.
One method of addressing the challenges of information security is through diversification. Lets look at terminology to support our discussion.
Look the both definitions. Which has more value for a information security professional who has a job function with a strategic focus and why?
Discuss it with the person next to you. If you are a information security professional who is in a matrix position then diversification is of more value to you. You must understand how your colleagues think and work to interact with them in a healthy way that promotes the organization’s mission.
Prior to analyzing which term would add the most value, how many of you have run programs that look like the left-side of the slide? How many of you here have integrated any of the disciplines and or practice in your portfolio? Let’s talk about why we should not just be aware of these disciplines but understand how integration can bring more value to our programs.
In software development, middleware is used to support interoperability between disparate systems. For information security innovation, non-infosec disciplines and practice can serve as the middleware to achieving success by supporting the business in a manner that is accepted. By learning at least two non-infosec practices in your organization, you can develop informational artifacts that are easily consumed and sustainable.
Now that we know what we can add to infosec we need to understand how to apply diversification.
We’ve got NIST, SANS CSI, ISACA, ISC2…with all the input we’ve been provided to shape our practice, why are we having such a hard time selling security to the business.
Individualistic ratings systems and frameworks makes it all about me, not we. When we talk about the enterprise its about we.
To make it about we, aggregate information as a point of reference will yield more accurate results rather than an individualistic point of view.
Theory is the start of creating a certain train of thought. Once solidified philosophy can be used to prove or disprove a the body of information derived from theory. Finally practice is the application of proven theory. Its an aggregation of thoughts (input) that end in a result (output). Design focused thinking offers a similar path. Associative thinking provides the vehicle for possibilities of a given solution. Linear thinking is applied to the associative to make it logical and the compliment of established principles. Cyclical thinking is applied to each solution to determine if a process or practice should occur at regular intervals.
If infosec is to operate as part of the business then repetitious patterns should be looked at from a value perspective. In investing, cyclical denotes a business or stock whose income, value, or earnings fluctuate widely according to variations in the economy or the cycle of the seasons. To stay afloat as a business proposition, infosec must constantly be aware of and communication its value.
In the last ten years I’ve been asked by many how I’m able to handle large scale initiatives with little resources. Other than the obvious of having great mentors and influencers, I have my own secret sauce in the forms of theorems. They are essentially the middleware solution to handle capacity challenges.
This goes back to what we discussed during the review of diversification. By diversifying thought you can understand the enterprise and deliver solutions that fit.
One of my most successful tools is the OMI tool. I use this whenever I’m approached about a solution that has a specific framework, guideline or methodology. O or overlapping is the default. Why? Because if I can overlay that means not much will change when I present the infocsec-side to the business. They will quickly comprehend intentions. If I cannot overlay, then a mapping occurs where infosec business planning or activities are used as a map to support the solution needs. Finally there is the integration layer where infosec practices are translated to activities that will occur within and parallel to the project.
In looking at various definitions of the word enterprise, lets agree that enterprise at its most basic, is the amalgamation of many concepts, disciplines, solutions etc. of a discipline. As relationship building relies upon the ability to quickly convey information in a manner that can be understand by neophytes, an iterative process can be applied through the duration of each engagement.
This theorem supports the communication layer in a very simple manner.
Let’s put what we’ve discussed so far to the test.
This a logical drawing of Security in a 10 phase SDLC. Can you match the philophies we’ve discussed to the outcomes seen in this drawing
Which elements of the drawing are information security centric? (only two of them, the security testing and overall phases of the Infosec activities)
Which theorems are at use here? (OMI and Enterprise Thinking)
Which mappings did I use (both O and M. M first to align infosec activities to the partner model, then O to communicate support of ITIL)
Which elements are pulled from a policy methodology? (ITIL process level is used)
How was diversification applied? (used ITIL as a driver to show the outcome while mapping to security activities)
What non-infosec disciplines were used to develop this drawing (BPM, Information Design and Enterprise Architecture)
Why is input driven from the SDLC rather than Infosec? (Its the business who sets direction, not infosec, its an intergrator and solution provider)
Bonus Question: What middleware was used here (the ITIL process level framework)
Why do we need a toolkit? Well as we’ve discussed, strategy is a journey, not a destination. As such, we must have a way of getting there in an incremental fashion. That really is what the toolkit is about. It’s a process methodology for approaching strategic planning in a systemic, cyclical and phased manner.
This is the first layer of your strategy journey. Adjust the questions to fit your culture, organizational goals, and program maturity.
This is the business model canvas adapted to fit an information security centric model. Its basically a prototyping tool that can be used to build relationships with your partners but also build a business plan that will integrate and align with the business. I used the Overlay and a bit of mapping from OMI to build in the logic.
This can be the 2nd layer of your strategy journey. Its more a sanity check for yourself and a checkpoint for others who might want to know where you are headed.
This is an example of how I used the OMI principle. To develop my security model, I performed an overlay with integration. As a point of diversification, notice the use of the spiral methodology as inspiration to this logic model as well.
As a designer of a security program and or architect, a logic model is a visual tool to present and share your understanding of the relationships among the resources you have to operate your program, the activities you plan, and the changes or results you hope to achieve in a systemic manner. Most of all it can verify and validate that your program is aligned to the business.
You want your program to be systemic as it will have greater influence and extensibility which will result in sustainability.
This is the third leg in your strategy journey. This is the basis of building a more detail strategy artifact. This is a point of validation with your partners and some high-level stakeholders.
This is fairly static strategy. It should not change unless there is significant evolution of mission and values associated with your role/team.
This is the 4th leg of your strategy journey. This is where the rubber hits the road. In order to complete the Result Chain logic model, you’ll have engaged primary stakeholders, vendors and likely your project managers. It is all about capacity, ability to execute and deliver. This is the pie in the sky.
This strategic plan is dynamic as you can expect it to evolve over time given priorities and change of direction from the organization.
As I mentioned at the outset, while we in practice are information security professionals, in philosophy, we are designers. As such we must build a tool set that will compliment our toolkit.
Take the time to develop and share your taxonomy. Use a Raci/Rasci model to map resources to activities. These are both tools that are being used by non-infosec professionals and many of the influential technology consulting firms.
Information design is probably one of the most important middlewares you can become proficient at. Why? You know the old saying…”A picture is worth a thousand words.” That is true. If you can present strategy using graphics as the backdrop, you’ll find your information more consumable.
This is the information security juggernauts toolkit. I’ve told you what middleware I used to make it functional. Use all or part, its your choice. I’d like to see you come up with your own. It’s a great way to communicate our concerns without loosing the audience. I built the toolkit using the concepts associated with building a logic model which is closely associated to business process modeling. You’ll notice as well that I’ve aligned to ITIL. This communicates to the business the effort is aligned to industry standards and practice. Using information design techniques, the toolkit flow is represented without becoming overly busy. I could have added more arrows, however through inference of shape flow and shape type I’ve captured a top-down feeling.
I mentioned the need to answer the question posed by the business as to ‘What is Information Security?’ This is the answer in a nutshell from a graphical point-of-view. Its many elements with multiple strategies and diversification.
At the end the of the day, you are already an expert with information security. Now its time to expand your horizons and add capabilities that will communicate simply what your mission, goals and activities are to non-information security professionals. Diversify your skill set to accomplish more.
Consider investing in innovation cards from Xplane. Its also a great way to give yourself a sanity check if you are a team of one. You use the cards in third person against the first draft of your business model canvas. Remember, we don’t want to be myopic, we want to be adaptable and evolutionary. If your organization’s culture permits, attempt use to facilitate developing your business model with your business partners. It is a non-threatening method of illicit the feelings of others about subjects which can sometimes lead to heated debates and a simply translator to establish common ground and language with non-infosec professionals.
Can be used for self, 1:1 or in a small group you will (1) Review the situation cards and action cards as they relate to the draft business model canvas, (2) Use the wild cards to address situations and actions not presented in the cards as they relate to the draft business model canvas , (3) Identify the Hits and Misses which to us means the Alignment and Gaps, (4) Identify what actions you need to take as they relate to your business model canvas draft and update.
End result is developing a game plan that aligns with everyone’s thinking.
If you’d like to diversify your skill and mind set consider reading the books above. As we are information security practioners, start with The New School of Information Security. This will get you thinking in the right direction from an infosec perspective. Then read the rest. I hope this changes the way you present information security and brings you success.
Something I’d like to encourage all of you do to…when presenting in the future, list not only your online and book references, but also your people credits. We all meet people who are pivotal in growing or knowledge or professionalism. Don’t forget to mention them.