Seems like a pretty off the wall question, no? Well one day about 23 years ago, I was standing on the putting green at the then named "Quad Cities Open" with Mark Calcavecchia, Clarence Rose and Larry Rinker and this question came up. Forget the fact that these guys had recently come out of the PGA Tour Qualifying School. Their minds were suddenly focused on this minute trivia and somehow seemed to be missing the big picture: how were they going to make it on the Tour? Or maybe they were just trying to relieve themselves of the tedium of practice?
When it comes to the implementation, management and evaluation of business controls as they apply to the IT Environment, sometimes we as administrators, developers, management, ownership and members of the board of directors miss the big picture as well. It may not be tedium, but it could be we simply are faced with fighting the fire drill du jour. As a result, we scarcely have time to look at the big picture, how we are doing are work, and measuring/evaluating if what we are doing meets the strategic goals an objectives of the organization.
This takes on new importance as we deal with increased regulation and oversight. Do we focus on Sarbanes-Oxley (SOX) today, or are we dealing with HIPAA issues? Do we have a business continuity plan? How did that developer we fired manage to slip a Trojan horse into that application and delete all of our person documents in our Domino Directory? Have you seen the extra key for the server room lately? Is there a reason that every user has the same HTTP password? What do you mean we are being sued because someone got access to all of our customer credit card numbers?
Well like Cal and Clarence,sometimes you just need a good caddy to help you though the issues and develop, implement, manage, and evaluate sound business controls.
I will be using this blog to initiate discussions on issues as exciting as security and as mundane as have we counted our licenses recently. I will be posting case studies for discussion and comment. For those readers in the Lotus Notes & Domino community, I will be talking about ways to utilize the power and security of the Lotus Notes & Domino platform to manage your efforts and successfully implement COBIT standards for your organizations.
As a member of the Information Systems Audit and Control Association (ISACA), having spent many years in a management review/audit/oversight role, and having successfully (painfully some might say) having passed the Uniform CPA Exam in 1995, I will be approaching issues from an audit perspective and offer you tools and information to undertake Control Self-Assessments (CSAs) and if need be, hold your hands through getting ready for an audit. I am going to say things that may make your hair stand on end because it may make you go outside of your comfort zone. I am sure I will post things that you may not agree with and I may not agree with your positions. But hey, that is the beauty of discourse!
A good caddy gets to the course early, walks the course before his player arrives, and speaks only when he needs to make sure his player is on track. Herman Mitchell, Lee Trevino's long time caddy, used to say it did not matter how good a caddy you are, its all about "who you got". I will reverse this thinking on you and challenge you. It is not about how well you think things are going, do you have a caddy you can turn to for wisdom, thoughts and advice?
Clarence shot 67-67-71-74 that week and we finished tied for 43rd, the only cut he made that year (we were tied for 3rd place after the second round). It was the first cut I made as a professional caddy.
So how many golf balls can you fit into a hole? It doesn't matter, we have bigger phish to fry (pun intended).
Special thanks to the folks at Prominic, the cooks at OpenNTF (Rocky, Joe Litton, Duffbert), as well as Ben L. and others. More links on this site will come active in the days ahead. Note: I am working through some IE style issues and will have them worked out shortly. And do not even think about reading this is Netscape 4.7X. Your best bet? Firefox of course.