Sometimes, complying with standards such as HIPAA and dealing with critical software security vulnerabilities feels like drinking from a fire hose. You’ve heard about Zeus spyware and Trojan Horses deployed by competitors for industrial espionage and data theft. You’ve heard about security in the cloud but you don’t know if it’s right for you or robust enough or the right price tag for your needs.
Maybe you outsource portions of your software development to sub-contractors and you are concerned that the key algorithms might leak.
In short – you want to run security and compliance like you run your business – with objectives and measurable results; Software Associates will take you there with Top Mapping.
How Top Mapping can help you build the best information security and compliance management program for your company
Software Associates runs a short, intensive work session for CxO level managers to create a shared view of today’s security situation and map out a plan to start running information security like you run the rest of your business.We use a unique, proven facilitation tool called Top Mapping® that enables groups to quickly turn diverse views into agreed actions. For more than a decade Top Mapping® work sessions have been delivered to clients across most industries, the public sector and with both large and small organizations around the world. Read a sampling of references and case studies to learn about the results clients have achieved.
TopMapping® – 2 intensive days of work
A printed set of TopMapping® materials that allows you to build large pictorial process maps showing the current situation as well as future scenarios. TopMapping® materials combine the efficiency of pictures (a picture is worth a thousand words) with people’s ability to use road maps. TopMapping® materials are intuitively easy to use and have the power to visually capture complex business situations and processes.
A Top Mapping® work session focuses on a business requirement such as implementing new clinical trial software , is sponsored by a senior manager, has nine or more participants with relevant knowledge, is guided by an experienced Top Mapping® consultant and lasts 2 days.
In a planning meeting the Top Mapping® consultant works with the sponsor to set clearly defined goals and outcomes for the session Since much of the work is done in small breakout groups, everyone takes an active part. The consultant guides the group through a fast-paced process to:
- Reach a common assessment of their company’s success factors,
- explore several future scenarios for implementation
- commit to a concrete set of actions.
A TOP Mapping® work session is particularly effective with groups whose members have different perspectives, motivations and professional or national languages. Participants come to appreciate others’ viewpoints, build on each other’s knowledge, and jointly plan actions to which they can all commit.
Read a sampling of references and case studies to learn about the results clients have achieved.
Method – A Top Mapping® work session helps participants to:
- collectively understand the way their company currently operates in the application area
- decide what trends and challenges are shaping their future
- explore competitive, innovative scenarios for moving into the future
- commit to a competitive course of action that will implement the application
The Top Mapping® method cover 5 modules: To reach the above objectives for each client, consultants choose the modules, their sequence and duration. In this way they adapt the flow of a work session to the specific needs of their client sponsor. These client-specific decisions are discussed with the client sponsor in a 2-3 hour planning meeting, which takes place far enough in advance of the work session to ensure that all relevant people can plan to attend the work session.
Covering all of the work described in these five categories takes two very long days, or two and a half regular days.
A quick look at the past puts today’s situation into a process perspective. Participants focus on the larger context of the application, which gives meaning to their specific work. The time spent on this activity is deliberately kept short to avoid in-depth analysis and to set the stage for moving forward with the work. Participants have an opportunity to begin sharing ideas in a very simple set of activities that include individual work, sharing their thoughts with the whole group and then working in small groups.
The outcome is a common historical background for the work session topic and an experience of sharing knowledge in this work setting.
This first mapping session helps participants understand the business process related to the application, while giving them practice in using each other as resources. All the current situation maps they build form the base line for the rest of their work. In sub groups of 3 or 4, participants build their first map. The consultant guides them in the TopMapping® building technique, which is supported by a symbol legend and is quickly, learned.
This first map shows how the company currently operates. The topic of the work session determines the exact scope and content of the map. When the maps are completed, each mapping group presents its map to the whole group. Participants typically see that different organizational groups have a somewhat different view of what happens with the application in the company.
Participants are then asked to zoom in on one or more key areas of the first overview map and show in detail what happens in these areas. For example, in a sales order process that collects customer credit card numbers, one sub group may map the order management process and another the billing process. These maps are then presented to the whole group for discussion. The consultant facilitates more in-depth group exploration of problems and issues raised during the map building. The group may develop a set of critical success factors in order to clarify how to protect the asset.
From the current situation discussions comes a clear indication of business objectives, current business problems and issues, and opportunities for change – all supported by a set of visual images that everyone can see, understand, and explain to others.
The Top Mapping® method aims to help clients not only solve current issues with applications, but also prepare themselves for new challenges such as the threat of social networking in the workplace. For this reason the participants are now asked to share what they believe are the key threats that their company will have to face. Sometimes the consultant is invited at this point to give a brief input to complement participants’ knowledge. The output of this work is a set of focus areas for future implementation.
Participants at this point use the Top Mapping® materials to create maps of the different application focus areas. After the maps are presented, the consultant facilitates a discussion around any number of relevant criteria: cost and time of implementation, competitive advantage, long term company viability, etc. Out of this discussion the consultant helps the group distill their preferred scenario by exploring new roles and responsibilities, competency and development requirements, and impact of new technology.
New Course of Action-Application Implementation
The final activity of a Top Mapping® work session is the kick-off to implementation. Participants create an action plan of what will be done, why, and how. More detailed commitments can also be included, e.g., deadlines, expected outcomes, and resources. Establishing a progress monitoring process puts review milestones in place. Maps created during the work session are used to communicate work session results to stakeholders both inside and outside the company.
A global electronics manufacturer needed to assess if key pricing and product development information was leaking to competitors. Within 2 weeks after the CSO presented a proposal for a TOP mapping based threat analysis; consensus was obtained between, engineering, manufacturing, information security and IT networking groups to embark on a data protection program. Hard data collected using network surveillance, was input into the TOP mapping sessions and enabled the team to accurately asses the volumes and types of outgoing data and recommend prioritized, cost effective data security countermeasures to the management. As a result of the TOP Mapping analysis, the company was able to focus their data security efforts, justify acquisition of a high-performance data loss prevention system, invest in data security awareness and cut expenses of non-value-added information security and compliance activities.
A telecommunications service provider, having just acquired another company, realized that they were facing significant exposure to their customer data during the integration process. Network engineering, information security, customer service and marketing spent five days in a TOP mapping process designing a network integration structure that would enable the new business unit to access CRM applications without creating data loss vulnerabilities.
Not content to rely on perimeter security and policies and procedures, the company decided to further mitigate the threat of data loss by using a network DLP system that monitors the link between the new business unit and the parent operator and detects suspected data loss and data abuse events
The work session sponsoring manager said:
At the end of the process, the methodology left us with a sense of self-ownership. If we hadn’t gotten involved with this methodology, I think we would be about a year behind where we stand today…it saved us going down a route which we could not possibly have achieved.