Sadly many CISOs have yet to discover the existence, or power, of mapping, as described by LEF's Simon Wardley. So what is mapping and what has it got to do with a CISO? Happily Simon has made gaining an understanding of mapping a trivial activity, as those who follow his Blog already know.
Firstly do not assume that trivial always equates to quick, for to fully grasp the intricacies and power of Simon Wardley's mapping tool is the work of a lifetime.
While attempting to describe Simon's Mapping Tool in a single paragraph brings the danger of over simplification and trivialization, I will attempt it in order to whet your appetites. After running companies and developing strategy for others, and much else besides, Simon saw the light. More correctly he derived the mapping tool after much research and data gathering and analysis. The tool helps map the flow of things business related through four phases shown in his graphic below. It allows the development of a unique awareness of your business and its competitive environment, allowing the development of strategic and defensive plays, that will strengthen any organisation. As Simon implies "No military commander would consider going into battle without a map, so why should business leaders attempt to do business without a map?"
Used under Creative Commons License with no changes made.
Mapping has many benefits but one that will appeal to CISOs is that it helps identify the changing flows of information across organizational boundaries, as well as identifying services that are candidates for outsourcing.
In truth, there are many valuable benefits of Mapping, to numerous to enumerate here.
So, find out if your organisation is Mapping and if they are; get involved. If they are not, start Mapping yourself and bring the tool and your findings to the attention of the strategy planners in your organisation.
In either case you win!