Why Costidity is Important to C-Level Management
We are certain the subject of Costidity is of relevant interest to IT Security and Identity, Governance and Administration practitioners. But at the same time, we know that these practitioners need support from C-level management and executives to get anything done and manage Costidity. Support comes from personal interest though, so it’s important to know what each C-level manager can gain from implementing Costidity management.
The CEO is the highest governance authority in the company. Costidity exposes hidden loss of controls through governance element analysis on both internal (logical flaws, ambiguity, passive acceptance, “human bottleneck”, etc.) and external (constituents deviations) processes. Loss of control means “blind spots” in governance, which could bring some serious issues to the company image among investors, customers and partners.
The CEO is interested in mitigating these “blind spots”–Costidity brings them the ability to do just that.
The CFO cares about budget and spending, open and hidden. Specifically, the CFO cares about additional efforts to manage the results of policy maker’s uncertainties–lack of policy enforcement due to passive acceptance and disengagement and user deviations. Hidden costs could be in working hours, monitoring software, forensics consulting and other sources of expenses. The CFO is interested in finding those and minimizing them. Costidity allows measuring, analyzing and mitigating hidden cost related to the human factor.
The CIO is the most involved C-level manager since he/she is responsible for IT Security and IGA, as a part of the organization technology. Costidity should be on his radar, as one of the blips, but interestingly enough, not as much as for other top level managers. Why? Because technological challenges of implementing business requirements are much more important and costly than human factor cost in policy management. At the same time though, Costidity is a great tool for the CIO to show to business leaders that IGA and IT Security cannot be solved just by technology and that others should pitch in too, taking some responsibilities on themselves.
In our opinion, the COO is the most interested party. “What a strange choice!” some of you may be saying. “The COO usually delegates all security and technical decisions to the CIO.” We agree. But Costidity is not about hackers or other “penetrators” who want to harm the company. It’s about the human factor cost created by regular day-to-day operations, done by honest and loyal employees simply doing their job. Policy makers and policy enforcers, are just deliverers and workhorses of the COO’s office messages. For the COO, it is critical to know what is happening every day. Since Costidity brings the most accurate assessment of the day-to-day reality of internal business, the COO should gain the most by implementing Costidity methodology within the organization.
To learn more about Costidity and managing the human factor within your organization check out this post.