Dan Morrill posted the “top ten information security issues to tackle now” which I find extremely cool. I’ve jotted some reactions below.

Get an Evangelist– I just wanted to highlight this option as an alternative to the misguided efforts to “make IT more business savvy” and the vice-versa option. A liaison is truly what is needed. You don’t tell Accountants to be able to throw down a sales pitch to a client, nor ask Sales to troubleshoot their own PCs (oh christ do they try though!). You get people to interface across the boundaries, not try to get everyone able to do everything. Sure, IT people do need to come out of their shells a bit and yes, be a bit more business savvy, but lets not turn that into the savior of “IT vs business side” heartaches like I’ve seen attempted.

Train IT– YES! And remember that training can also include self-training. Give us some time during our days to properly self-train on new technology. This can save a new hire or formal (spendy) training. Most of us are in IT for various reasons, the most common I bet would be our joy at solving problems and puzzles. Yes, we also do get depressed when we can’t tackle the new VOIP system properly because we just don’t have the free time in our schedules…

Develop a defense in depth program for the company…Listen to your IT department; they know where the bodies are buried.– Amen! Talk to IT, and have them list their pet projects or things that just have never gotten done but they’d like to get done. I bet a lot of those projects are solid projects that would fit into a defense in depth strategy. Keep that master list and start ranking and evaluating the options. Then start knocking some of them away! Sure, the list may be a depressing list at times, but we all need roadmaps and IT workers have their fingers down on the pulse of the company’s technology and information.