charging pennies to save pounds.
Identifying and cutting costs.
There is no debate that cost cutting is the major topic of these times. What is debated is what kind and where?
The business leaders of today are just as conscious of costs as their lesser foes, but they understand that they can't slash costs to prosperity.
Follow their thinking and you follow their oft proven path to successfully emerging at the end of this current crisis in much better shape than your own foes.
They are cutting excess from excessive budgets, withdrawing totally from budgets that did not have defined quantitative goals for real business improvement, and creating small budgets for experts to cut the costs in their expert fields.
Information technology security and risk management is one such field.
Today, the leaders are employing us to look at the cost saving opportunities in three very distinct parts of their business, each briefly described in the list below.
Long range strategic activities, where these would include threat and vulnerability management, security strategy, framework and roadmap, also compliance, governance and information security management, as well as review and development of policies and standards.
Short range tactical activities, where these would include securing network, operating system, and applications, also unauthorised access prevention along with business event impact and information risk assessments.
Day-to-day activities, where these would include securing access communications and data, also securing data at rest and in transit.
We begin our cost saving activities by conducting an information security risk assessment to drive out the business-driven information security drivers. We then divide a business into its operational processes and working components and review their risk linkage to the IT services and systems and the IT security controls required.
This unique method decomposes an enterprise into its discrete zones of trust, systems and activities. This enables our team to list the resources, and exposures, for each component. We can then set to work decreasing the cost of security management of that component. We find this component framework is also very useful for communicating with the executive management team giving them clear insight into exactly what is being done, what costs are being eliminated and where.
The savings we liberate from your systems are quantifiable and are not one-offs. The savings are cumulative month after month.
Somewhat less quantifiable in terms of immediate boosts to your bottom line are the savings we also liberate from your people. Some of these costs saved are listed below.
High cost staff do not need to be hired or replaced if they leave, we can take over their tasks and ensure continuity. No recruiter percentage fees. No bidding in a very competitive field. No paying expensive wages for people not being productive each day.
Technology support personnel can get back to supporting your staff and the smooth running of your infrastructure. No technicians working on issues beyond their capability. No increase is issue backlogs.
Operations staff can get back to their core tasks. No taking their focus away from profit critical processes.
Executive management can once more focus their attention and talents on business strategy. No distractions from soundly guiding the firm.
Perhaps in times of trouble the management differences between market leaders and those on the brink become more visible.
In market leaders their CFO takes a very strategic business role deciding how to deploy a lessened balance sheet to the best business advantage. While the also-rans have CFOs that take a one dimensional bean-counter approach and memo all divisions to simply stop spending.
And it is perhaps in times of trouble the responsibility differences between market leaders and those on the brink also become more apparent.
In market leaders all management positions are involved in information technology outcomes and all see the high importance of security. While the also-rans leave the responsibility, and blame, at the door of their CIO.