IT Audit (8) IT Operations (29) IT Security (11)

The Stick - additional training as gentle deterrent

One more post on the use of consequences as a way to enforce documented procedures - then we'll move on to the use of the carrot.

Here is a link to an article that offers an interesting idea.  It highlights a technique to help enforce security related procedures. 

Stealing from the idea - if IT/operations/security identifies someone who has made a change outside the change process - they could be directed via an e-mail to a web-based training course on why making changes outside of process is a bad idea, and be required to pass a short test.  Test results could be automatically e-mailed to their manager. 

This 15 minute exercise, with manager notification, could be a powerful deterrent.

Please post any comments on wheter you think this simple approach would work?

Published Wednesday, January 31, 2007 11:43 AM by kurtmilne
Filed Under: ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# re: The Stick - additional training as gentle deterrent

You bring out some interesting points. However, I don't know if I would categorize this as a "stick" or "carrot". Imposing organizational change in a technological environment like IT is not less difficult than anywhere else. Perhaps maybe even more difficult. However, the adage that most people want to do the right thing I believe applies to this situation - they just need subtle reminders. Hence, I would adjust the escalations for non-compliance in accordance with the organizational norms of the company. This is where an organizational behaviorist or just a more progressive HR department might be of some assistance in establishing ground rules for the execution of this plan.
Friday, February 02, 2007 8:05 PM by Steve Gerick

What do you think?

(required) 
required 
(required)