jspωiki
Organization Layer

Overview#

Organization Layer

Organizations are complex entities, and few people indeed have a handle on just how complex they are. As they get larger, organizational complexity increases exponentially against linear organization growth, because the number of linkages, data flows and relationships exponentially multiply.

Policy is an organization-level control. When policy works, it is a very powerful tool. When it doesn’t, it is ignored, or worse, becomes a cost.

Many years ago I worked for a major Unix workstation and server vendor. This company had an IT policy which forbade the connection of any Microsoft Windows system to the company’s network, without approval from the corporate vice president

At the same time, this company had a finance policy of encouraging employees to use their personally owned PCs for work purposes, and even provided company-paid anti-virus and firewall software to install to mitigate the risk of malware, which was a requirement of the finance policy. All of these PCs ran Windows.

Policy schizophrenia. So what was the end-result? People used their PC’s without VP approval, but didn’t bother to install the software provided. The first policy was stupid, and people ignored both it and the second actually sensible policy. It was a terrible outcome, because the security team burned resources every malware attack, when those people without AV software caused problems around the company.

More Information#

There might be more information for this subject on one of the following: