Monthly ITsec Leadership Quotes and Articles: September 2010

Back from vacations in Tunisia ^^

• "Managers spread powerlessness by limiting information", Rosabeth Moss Kanter in July-August HBR.
• "The powerless retaliate through subtle sabotage. They slow things down by failing to take action-a form of pocket veto, in which a bill is killed simply because time runs out", Rosabeth Moss Kanter, same source.
  
• "Drawing a line between strategy and execution almost guarantees failure", Roger Martin, same source. The whole article is a jewel. A must-read for many managers.
  
• "Antagonizing the performance engine [vs the innovation engine] is a really bad idea. The performance engine always wins in an all-out fight. It is, quite simply, bigger and stronger." by Vijay Govindarajan and Chris Trimble, same source. So true about security if you take performance=IT and innovation=ITsec...
  
• "I don't see the legal advisor as a fusspot, always waving his law-code book. On the contrary, he/she must escort the company through its development and minesweep the legal area.", Sabine Lochmann, in the French review "Management", issue number 179 (my own translation). I feel exactly the same about the company's security officer.
  
• A disturbing disconnect between CSOs and CIOs
• Put down the pink stickies to improve your career
• Too Perfect to Be an Effective Security Manager?, follow-up to the previous one.
  
• Do All Hospitals need a CISO?
• Zero Trust Security – The Technical Discussion, good note on the now-obsolete MZ/DMZ model and the fact that silos should never be considered "safe".