Monthly ITsec Leadership Quotes and Articles: August 2010

• Second attempt, sequel to What's "a risk" anyway?, on riskmanagement.com.
• 7 questions that staff performance in small and medium-security for better, an industrial medicine article that applies well to IT management, to my mind.
  
• Bob Carr on Leadership in a Crisis.
• Michael Krigsman (that I quote often): Do large projects really fail more often?.
• Also Michael Krigsman: Federal gov't gets serious about IT failures. I'm pretty enthusiastic when governments think IT is an important matter. But their actions (worldwide) seem to range from mere speech to strict costly compliance going through using IT as a fear-monger. I'm welcoming anyone with positive examples of government involvement in IT (I know there are, some).
• If you're managing networks, go read a statistic-rich, worldwide survey of SSL by Qualys.
• On SecurityRecruiter.com, they do care about how you write. I approve. Verbal and Written Communication Skills for Technology Professionals.
• The Guerilla CISO's troll excellent article about Thought-Terminating Cliches and Infosec.
• Seth Godin's "The fear tax" (reported by Bruce Schneier).
• Carlos Ghosn's quote, about his conduct of the Renault-Nissan merger: "When you need people to work together, the last thing you want is a legal structure that gets in the way." We're so often concentrating on building a better work system, when we'd better concentrate on the people who work... There's no point in building an ISO system with many PDCA wheels and numerous policies and charts if the people that should action those wheels are not on the move.
  

Fun Fact: Wrong Sense of Rotation for Deming's PDCA Wheel

Have you noticed how many times management consultants draw the PDCA wheel so that the way to climb up the hill is ACDP and not PDCA?

This picture from [GE] Paeger Consulting.