We're having 'Internet connectivity issues' - par for the course really, out here in rural NZ, but in trying to diagnose the problem, I find this message particularly ironic ...

" Persuading Senior Management with Effective, Evaluated Security Metrics " is a lengthy new research report from ASIS Foundation , a membership body for (primarily) physical security professionals. Quoting from the report's executive summary: "Security metrics support the value proposition of an organization’s security operation. Without compelling metrics, security professionals and their budgets continue largely on the intuition of company leadership. With metrics, the security function grounds itself on measurable results that correlate with investment, and the security professional can speak to leadership in a familiar business language." Fair enough.  That's similar to what we wrote in PRAGMATIC Security Metrics , in referring to measurable results and business orientation. "Security metrics are vital, but in the field and in the literature one finds few tested metrics and little guidance on using metrics effectively to inform and persuade senior ...

Dan Swanson sent me  a generous extended summary (from Summary.com ) of Mike Myatt's recent book Hacking Leadership that set me thinking this morning about the extent to which the corporate culture can be hacked. Specifically, the [unnamed] author of the summary wrote: "Great corporate cultures are intentional — they are built by design. Creating a healthy culture is a matter of making a focus point within the corporate values, purpose, vision, mission and strategy." Skimming quickly past the thorny question of what might make a corporate culture 'great' or 'healthy', I don't fully understand 'making a focus point within the corporate values, purpose, vision, mission and strategy'. I appreciate that values, vision and mission statements, and strategies are commonly used to express management's intent, but what the author means by 'making a focus point within [them']' literally escapes me. If he/she means that management uses, o...