Holes and wholes

Holes and wholes

Holes and wholes

Electronic security is hot news and big business. There are magazines, conferences and many consultancies offering advice on security and how to plug the gaps. Far be it from me to suggest that this "industry" is costing you more than perhaps it might … but I do want to remind you that most breaches of security – electronic or otherwise – are very simple. They are usually in-house and, though they may be perpetrated by illegal or vengeful personnel, are mostly accidental. Definitely cock-up rather than conspiracy!

Electronic security simply serves as an example and a lesson. The lesson is that if you are going to "keep your eye on the ball", then make sure you are in the right game. Paying attention to detail is important but its wise to ensure that you are first addressing the right problem.

This brings us to another growth area – risk management. Of course, we all put in some effort to managing risks associated with our work. We may even have adopted a risk assessment and management methodology – you know, the kind where one assesses the impact and the likelihood of events happening to give a pseudo-quantitative assessment of risk. My experience is that people (and organisations) pay far more attention to the initial analysis than they do to the subsequent "real" risk management. There seems to be a kind of collective analgesia about adopting a scoring system … it says, "we take risks seriously, there they won't happen".

Now, Work Study often includes papers on methodologies, tools and techniques. I am therefore committed to adopting them whenever and wherever they are applicable. I repeat … "whenever and wherever they are applicable". Again, the trick is to stay awake. Poor managers treat new methodologies as panaceas. They await the next guru with bated breath feeling that the next big thing might be the really big thing. I hope that when we publish details of a new approach to productivity improvement, we ensure that it is written up carefully, with all the caveats and contexts that help show when it might be helpful.

Above all, we expect you to be intelligent. (Well, you do read Work Study, after all!) We expect you to filter what you read through your own experience and judgement. Judgement. There's a fine word.

Dealing effectively with electronic security – or risk management – or most other business issues – takes judgement. Yours. Not your consultants, not your conference speaker's or your magazine's.

It's your job to look at the whole set of information you have and determine the extent of risk, and the investment that is reasonable to make in addressing it. Of course, you should take advice. But if you can't pass the buck, engage your brain and think before acting. That's what they pay you for!

May good luck … and good judgement … stay with you.

John Heap