Riding the waves

 


Yesterday, I wrote about preparing and promoting your budget proposal, strategy, programme of projects or an individual initiative, gaining management support and negotiating for approval. Today I'd like to emphasis a fleeting, easily overlooked step in your journey, an opportunity to do even better.

At the very moment when the negotiations are completed and management finally agrees your infosec budget, their interest, motivation and support for it is high ... so, before the dust settles, why not seize the moment: a window of opportunity has opened. Before long, the wave of enthusiasm will subside and management's focus will turn to other matters. 

What else, aside from your infosec budget, might you quickly shove through the window before it slams shut? What ideas can you seed? Thinking about how things will play out over the months/years ahead, can you foresee the need for further support or approvals later on, and if so can you establish the basis now (for example, an emergency or contingency budget to fund unanticipated work)?

Likewise when you (or your CISO) report to the team that the budget has been approved, motivation will peak as the team feels empowered and supported. Tempting though it may be to press straight ahead with executing the plan, consider setting things up for an easier ride further down the track, while the team is in a good mood - for example, developing or refining team and individual metrics and targets.

There will be further opportunities ahead as you surf the waves of motivation. So long as things are going well and the mood is positive, people are receptive to doing more, tackling harder/bigger challenges, thinking further ahead, being more proactive. Conversely, when times are tough, motivation drops, progress slows and horizons come closer. Simpler, more immediate tasks may be all we can reasonably cope with, drawing on our reserves of resilience built up during the good times. 

[This note was inspired by behavioural scientist BJ Fogg.]

Popular posts from this blog

Pragmatic ISMS implementation guide (FREE!)

Two dozen information risks that ISO forgot

Philosophical phriday - compliance risk

ISMS internal audit priorities

Reading between the lines of ISO27001 [L O N G]

Passionate dispassion

45 ISO Management Systems Standards

Philosophical phriday - a noncompliance ramble

Adaptive SME security Crowdstrike special