Tag Archive - specifics

Balancing the Leadership Challenge.

February 11, 2010 in Leadership with 46 Comments

Leadership Challenge 300x299 Balancing the Leadership Challenge.Leaders who attract quality people, know that the key is to become a person of quality themselves.  Leadership is the ability to attract someone to the gifts, skills, and opportunities you offer as a parent, as a manager, as a business owner. I’m going to go ahead and call leadership the great challenge of life.  It seems that what is important in leadership is refining your skills.  All great leaders keep working on themselves continuously until they become effective.  And once they become effective, they continue to grow in all aspects of life.

Here are some specifics that the late Jim Rohn showed us during his journey into the leadership horizon.

1) Learn to be strong but not rude. It is an extra step you must take to become a powerful, capable leader with a wide range of reach.  Some people mistake rudeness for strength. It’s not even a good substitute.

2) Learn to be kind but not weak.  We must not mistake kindness for weakness.  Kindness isn’t weak. Kindness is a certain type of strength.  We must be kind enough to tell somebody the truth.  We must be kind enough and considerate enough to lay it on the line.  We must be kind enough to tell it like it is and not deal in delusion.

3) Learn to be bold but not a bully.  It takes boldness to win the day.  To build your influence, you’ve got to walk in front of your group.  You’ve got to be willing to take the first arrow, tackle the first problem, discover the first sign of trouble.

4) You’ve got to learn to be humble, but not timid.  You can’t get to the high life by being timid.  Some people mistake timidity for humility.  Humility is almost a Godlike word.  A sense of awe…a sense of wonder.  An awareness of the human soul and spirit.  An understanding that there is something unique about the human drama versus the rest of life.  Humility is a grasp of the distance between us and the stars, yet having the feeling that we’re part of the stars.  So humility is a virtue; but timidity is a disease.  Timidity is an affliction.  It can be cured, but it is a problem.

5) Be proud but not arrogant. It takes pride to win the day.  It takes pride to build your ambition.  It takes pride in community, it takes pride in cause, in accomplishment.  But the key to becoming a good leader is being proud without being arrogant.  In fact, I believe the worst kind of arrogance is arrogance from ignorance.  It’s when you don’t know that you don’t know!  Now that kind of arrogance is intolerable.  If someone is smart and arrogant, we can tolerate that. But if someone is ignorant and arrogant, that’s just too much to take.

6) Develop humor without folly.  That’s important for a leader.  In leadership, we learn that it’s okay to be witty, but not silly.  It’s okay to be fun, but not foolish.

Lastly, deal in realities. Deal in truth.  Save yourself the agony, just accept life like it is…life is unique.  Some people call it tragic, but I’d like to think it’s unique.  The whole drama of life is unique.  It’s fascinating and I’ve found that the skills that work well for one leader may not work at all for another.  But the overall fundamental skills of leadership can be adapted to work well for just about everyone: at work, in the community, and at home.

Recent Information Security Task

October 13, 2009 in Business, Technology with 8 Comments

TheSecurityCycle 300x297 Recent Information Security TaskA client called me up the other day and asked me to come to his office. Once I arrived, he asked me to install a firewall so that his network would be secure. I asked him for his company’s security policy so I could configure the firewall. He gave me a curious look and asked, “What do I need that for?” In the years since the explosion of the Internet, this response is still the rule rather than the exception. Companies have comprehensive employee policies, sometimes filling two inch binders, but do not have information security policies. If they do, they will hand you 5 sheets of paper that cover the assets of a multimillion-dollar corporation. Just as employment policies describe the practices that employees and managers must take, security policies describe how the company wants to protect its information assets. That is an important concept to remember: Information is an asset. You might not be able to assign it a value, but your competitors might pay thousands or even millions of dollars to understand or even steal those assets.

Information security policies are high-level plans that describe the goals of the procedures. Policies are not guidelines or standards, nor are they procedures or controls. Policies describe security in general terms, not specifics. They provide the blueprints for an overall security program just as a specification defines your next product. Questions always arise when people are told that procedures are not part of policies. Procedures are implementation details. A policy is a statement of the goals to be achieved by procedures. General terms are used to describe security policies so that the policy does not get in the way of the implementation. For example, if the policy specifies a single vendor’s solution for a single sign on, it will limit the company’s ability to use an upgrade or new product. Although your policy documents might require the documentation of your implementation, these implementation notes should not be part of your policy.

Although policies do not discuss how, properly defining what is being protected assures that proper control is implemented. Policies tell you what is being protected and what restrictions should be put on those controls. Although product selection and development cycles are not discussed, policies will help guide in product selection and best practices during development. Implementing these guidelines should lead to a more secure system.

When management participates in the creation of information security policies, it demonstrates that management supports the effort, lending credibility to the entire security program. Having management support is always important. Without leadership, employees will not take policies seriously. Therefore, if you do not have the support of your upper management, your program is doomed to fail before you finish writing the policy.

First you can try to reason with them. You can point out that the systems and data have real costs. You can demonstrate how an outsider or a disgruntled insider can easily access sensitive information that could damage the company’s business functions. You can show them studies, articles, even this book. But if this doesn’t convince them, you might have to wait until your first disaster.

Management might say that everybody is responsible for his or her own security. That might work in the short term, but it prevents the company from working with itself. If one department uses one standard and another department uses another standard, interoperability could be a problem. Policies ensure that the company uses the same standards in every security instance. This consistency makes it easier for the company to integrate, interact with customers, and maintain a sense of security throughout the system.

Finally, an information security policy will help avoid liability. We live in a litigious society. If you try to enforce rules that are not expressly written, you will be sued. If you fire an employee for security violations that have never been written, presented to the employee, or previously enforced, that employee also can sue your company. I know it sounds harsh, but the reality can be devastating when the subpoena arrives.