Do you want to...
Take some time and read our Blog?
Meet the Team?
Develop a cloud security strategy? I am always puzzled when I face with open questions with the word strategy involved. Strategy, by definition, is the plan of actions to achieve long term goals. In the case of an enterprise, these goals are naturally driven by the business context; vision, priorities, opportunities, risks. etc. Cloud is […]
There is no doubt in today’s digital world that agile methods for software development have been successful. Organisational agility refers to applying these methods to the whole organisation (a.k.a the enterprise) to create an agile operating model across strategy, structure, people, process, and technology. The essence of all these is to be able to adapt […]
Adapting a security control framework is a common response for an organisation when cyber security is a concern. This may be driven by an operational security function, a risk & governance function or a regulatory directive. I presume the readers of this article are familiar with abbreviations such as ISO, NIST, PCI, SANS, CIS, ISF, […]
This is the digital era. This is about transforming behaviours and expectations with disruptive business models and technologies. These are challenging times for traditional enterprises as disruption starts from inside the organisation, to build the culture of agility and flexibility so that they can offend (or defend) the market place. Adapting Agile methods is imperative to […]
WhY ARE WE DOING THIS?
Information Technology (IT) solutions frequently fail to deliver desired value to the business, often due to inadequate integration to the rest of the IT service portfolio or overlooked processes for their life-cycle management. The “digital” era makes the challenge even bigger as organisations rush to deliver services rapidly and expand their IT to the Public Cloud. The outcome is often a pile of fragmented technology solutions and wasted resources. While many try to build and evolve traditional organisational functions to address the problem, such as, IT Governance, Enterprise Architecture or Service Management, the challenge to run the IT business in coherence is yet to be overcome. We harmonize industry guidance, frameworks, research and our practical experience with a holistic approach, by embracing system thinking, lean thinking and agile principles, and develop guidelines and models to build the modern practice of cyber security in the digital era. Our goal is to contribute and advance our profession, and our work is open to all for use without restriction.
We are in Enterprise IT business since the early 2000s. These were the times when IT evolution accelerated with new technologies and the Internet boom. We met each other in a large program that transformed interaction of a government organisation with citizens. It is almost 20 years since then and we worked in many IT transformation programs with a common problem; management of IT is a prolonged problem despite plenty of reference available for guidance. Frameworks, standards, and best practice guidance are continuously developed and published for particular areas, such as, IT governance, enterprise architecture, cyber security and IT service management. They all have value but from a specific viewpoint. We harmonize them all with research and professional experience, and develop practical guidance that eliminate fragmentation of disciplines and focus on the business value stream. Our principles are built on system thinking (comprehensive, methodological), lean thinking (establish flow, eliminate waste, small batches, continuous feedback), and agile (fast, responsive, iterative, collaborative, autonomy, less formality). All content is free to use. Just note that these are the our personal view and opinions only, and do not represent the opinions of any entity whatsoever with which we worked for at any time.