IT Governance, Risk, and Compliance » Management by Objectives

Developing Objectives – Part IV

Robert Davis — Tue, 12 May 2009 15:25:10 +0000

MBO is a participative behavioral approach to managing employees. One of the primary MBO assumptions is that employees prefer to work hard once they are provided with employer expectations. Intuitively, sustaining accepted expectations necessitates employees believe stated intentions are achievable. Therefore, MBO imposes consideration and incorporation of employee views concerning objectives to enable effective and efficient information assets protection processes.

“View Part I of the Developing Objectives series here“

Developing Objectives – Part III

Robert Davis — Thu, 07 May 2009 23:14:01 +0000

A system for disseminating information security management objectives is considered fundamental to obtain employee commitment. One way to communicate entity-centric information security objectives is clear and concise policies. Information security management‘s role in policy formulation includes considering the control environment, risk assessments, information, communication, and activities. Though policies are an important means to convey expected behavior, even more critical is determining the effectiveness of adopted IT safeguarding objectives. Effectiveness evaluation requires measurement against established information security standards. Consequently, ratiocinative information security standards must be designed and implemented.

“View Part I of the Developing Objectives series here“

Developing Objectives – Part II

Robert Davis — Mon, 04 May 2009 18:32:09 +0000

Within behavioral management theory, entity leaders have alternative approaches available to accomplish information assets safeguarding objectives development — including participative, consultative, free rein, and autocratic models. Participative behavioral management emphasizes consideration and incorporation of employee views in decisions, while maintaining managerial decision authority. Consultative behavioral management stresses consideration of employee views, without incorporation, while maintaining managerial decision authority. Free rein management allows employees to make their own decisions concerning subject matters. Lastly, autocratic management underscores dictating decisions to employees. Based on empirical evidence, most entities currently prefer deploying a participative approach to managing entity-centric objectives development.

Setting objectives and establishing processes to accomplish designed objectives is a managerial responsibility. Tactically, the manager responsible for a plan’s implementation should set objectives with advice obtained from the entity’s planning committee, top-level executives and line subordinates. To this end, the Management by Objectives (MBO) methodology normally drives employee consensus building. However, an entity’s planning committee and top-level executives may be too removed from daily information security operations to yield reasonable objectives. Furthermore, line subordinates may have limited knowledge concerning organizational intricacies to permit adopting recommended information security objectives. Therefore, a security manager may have to rely on evaluating generally accepted information security frameworks to develop entity-centric objectives.

“View Part I of the Developing Objectives series here“

Developing Objectives – Part I

Robert Davis — Thu, 30 Apr 2009 19:20:53 +0000

There exist various theories regarding managing employees. Behavioral management theorists believe leadership traits are not genetic. Thus, leaders assume distinct behaviors that can be studied and applied according to individual perceptions of assigned responsibility. When an individual is consigned leadership, managerial responsibility for the assignment’s duration is implied, if not explicitly stated.