Posted by:
meikah | 7 December 2006 | 1:49 am
CSO Online, the resource of security executives, outlined the ideas that you can learn from Six Sigma
Being a data-driven strategy to measure and improve processes and remove defects, Six Sigma’s control phase is a good start to monitor security-related incidents. The tools outlined are the following:
- Business Process Quality Management. In Six Sigma, before we can begin to measure and improve processes, we have to map out business process flow and device a system that will monitor each process. The business process quality management allows us to view each process, evaluate the gaps and work on them.
- Voice of the Customer (VOC). We use the process of VOC to determine the needs of the customer, and work toward improving the customer experience and increase loyalty. Those needs are captured through direct observation, interviews and focus groups, customer-supplied specifications and requests, data from customer service records and warranty claims, and more.
- Failure Modes and Effects Analysis (FMEA). With FMEA procedure we can identify every possible way in which a process or product might fail, rank on a scale of one to 10 those possible failures and probable causes, and prioritize solutions. Example: If information security wanted to determine the impact of data loss resulting from a stolen laptop, its FMEA assessment might look something like this:
- Severity = 10
- Likelihood of Occurrence = 7
- Detection = 5 (the higher the detection number, the more difficult the failure is to detect)
- with a total Risk Priority Number of 350, which helps management rank that risk against other threats.
- Change Management. Narrowly defined, Six Sigma Change Management is the process of controlling and managing change while minimizing the risk of disruption to services. Loosely interpreted, it’s a way to get the rank and file on our side, by effectively and efficiently communicating what’s going to happen and why.
Read more…
*Photo credit: MorgueFile.com
