Methodologies and Frameworks
Anyone else getting tired of these? Don't get me wrong best practices are great, but after a while they all read the same.
Communication
Stakeholder Buy-In
Risk Management
Business Alignment
Business Continuity
It's funny because if you go from Prince 2 - PMP - TOGAF - ISO - ITIL (With their own spin, they say a lot of the same things)
Communication
Stakeholder Buy-In
Risk Management
Business Alignment
Business Continuity
It's funny because if you go from Prince 2 - PMP - TOGAF - ISO - ITIL (With their own spin, they say a lot of the same things)
Comments
-
philz1982 Member Posts: 978Yep, they are spreading as well. Now there are a bunch of security frameworks...Read my blog @ www.buildingautomationmonthly.com
Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito -
N2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■Really, how many if you had to take a guess Phil?
You know project management alone it's around 25 or so. -
Matt2 Member Posts: 97 ■■□□□□□□□□Ah frameworks, we need more! We gotta keep PMs employed, errr busy after all (I was one for years so I can say that).
-
philz1982 Member Posts: 978Where to begin.
You have
Risk Assessment Frameworks
IT Audit Frameworks
Penetration Testing Frameworks
GRC (Governance, Risk, Compliance) Frameworks
Secure Software Development Frameworks
and the list goes on and onRead my blog @ www.buildingautomationmonthly.com
Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito -
TheFORCE Member Posts: 2,297 ■■■■■■■■□□Funny that this thread came up because I was actually going to post something similar. My current role deals only with these frameworks and I'm being asked to develop some procedures and policies are these frameworks. Then when I try to implement any of these, no one follows them or listens. Instead they still follow the same processes. The biggest obstacle that there is in this frameworks is that they are just guidelines. Companiea can pick and choose what they like and for others they make expections because of office politics. Sure we will do this but we don't want to do this other thing because we don't want to upset this VP.
-
N2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■They are a complete and utter joke for most organization. If senior management isn't pushing down this initative, this can be six sigma, pmi, iso 1XXXX whatever, prince2, ITIL, all those security ones, etc. If they don't come from the top management they don't mean chit.
Such a waste of money etc. -
philz1982 Member Posts: 978Well,
I agree and disagree. I agree that in most cases frameworks are a waste of money. You get someone who reads an HBR or CIO article and decides that they need to implement something. The Framework is implemented only to be changed in 2-3 years.
On the flip side, there are some orgs that implement frameworks and they customize the heck out of them, avoid the high priced consultants and they are quite effective.
I have seen more open source frameworks in the Info-sec world then general IT.
At the end of the day, a framework will not solve personnel, funding, or culture problems.
If you have a solid personnel, funding, and a good culture a Framework may help you to measure and improve. However, from my consulting experience if you have solid personnel, funding, and a good culture you usually have your own Adhoc Framework.
What I really dislike is the ISO's of the world selling themselves to Government Agencies to the point where Framework compliance is required in order to win work.
-PhilRead my blog @ www.buildingautomationmonthly.com
Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito