• Add a Comment
  • Edit
  • More Actions v
  • Quarantine this Entry

Comments (1)

1 BillHaase commented Permalink

Information Security Governance like our Federal Government works best when it uses incentives rather than mandates. Our current Federal Government is going to get to experience what happens when you have a poor communication program and lack of buy-in from the governed.

Making change happen and getting participation is best done when it is made to "feel" like the "my choice" or "my idea".
When a data governance change is implemented it is usually done for compliance reasons or more to the point . .risk mitigation. There are always three options with risk . .
1) Acceptance
2) Transfer
3) Mitigation
Rapid adoption of a governance policy or process happens when the governed deliberately choose to implement. Making this choice appealing can be enhanced by providing incentives though real reduction in costs or avoiding an increase in costs. Once a risk has been identified and all agree that it exits . . providing the owner of that risk with options to mitigate, transfer or accept empowers them to participate in the new governance program and make it their choice. This can be a valuable par of the communication and change management program. I find it must be a part of any good governance program. Helping the "consumer" to self discover the facts so they will not be in dispute helps them to make an informed choice for their segment of the business. The business case will not need to be explained once the "costs" acceptance, transfer and mitigation have been outlined . . the business case becomes self-evident.
Our current Federal Leaders lack this understanding . . I find leaving it this out of a Governance program dooms it to failure. Communication and Change Management are the cornerstone of a good governance program that enables the governed to make the choice in their own interests.

Add a Comment Add a Comment