When surrounded by chaos, plan and prioritise

It would be unusual to look at any IT or OT environment and not find a problem that has the potential to turn into a major headache. Whether it be unpatched systems, outdated software, poor system configuration or unresolved security issues, these issues plague even the biggest technology environments. They cause outages, security breaches, unplanned investment and general inefficiency from those maintaining and those consuming the services.

On the surface these seem like pretty simple and straight forward problems to deal with. But which one do you start with first? How do you know if you can resolve it yourself? Or if it needs a project? Or additional resources? How do you keep the momentum going if you list is long, or even growing? Here are some tried strategies to help you tackle a list of problems in your environment.

Build your framework

Building a framework to assess each problem that comes into your list is a must. This standardises the assessment so problems are ranked against each other, and you can assign your effort and resources to the highest priority problems.

The criteria for what is important and what is urgent are dependent on the types of problems you have and the organisational priorities. For example, for cyber security problems, urgency and importance are defined by the actual or perceived risk score and the location of the system (if it is edge facing or internal). A problem with a high-risk score and edge facing would rate highly as a priority due to the overall risk. Such ranking assists to quantify what problems pose the biggest risk and should be remediated first.

Another way to categorise your problems is by size and complexity. Problems may rate as a priority if they are technically simple to implement or take minimal time. Problems may rate lower as they become more complex, require more resources, different types of skillsets or take a long time to implement.

You can also build into your framework, criteria for accepting problems into your list. An example here is if it is of a size or complexity that requires a project, or if there is an identified strategic resolution that requires a project.

What are your foundations?

Does your organsiation have a strategy, technology roadmap, policies or baselines? These are guiding principles that tell you your desired state when uplifting technology. If these are not available, a new problem to address – or sub-task to the current problem – could be to define what the uplift state looks like, or the end secure state.

If your organisation does not have these in place yet, the Australian Centre for Cyber Security is an excellent source for information, guidelines and standards for cyber security.

Get your list together

Once you have your framework in place and you have an idea on what the environment should look like, it’s time to compile your list. What are all the issues you know about in your environment? These can come from problem tickets, tech debt, support tickets, incidents or risk registers. It is important that you have all this information in a list that you can use to both understand the nature of the problem and the probable solution.

Once you have your list, workshop any missing information or solutions with your team and other important stakeholders. Probable solutions or marking areas for further discovery will provide context and reliability into the prioritisation process.

Prioritise!

This is a team sport. Get your team and other important stakeholders together and run through the list. Using your framework, prioritise each problem using the criteria you had decided on. In the end, you should have an ordered list showing the most urgent and most important problems to give you the most return on your effort.

Remember, it is also important to regularly review your framework to ensure it is still fit for purpose. These are living things that evolve as you use them.

If you are looking for help putting together a framework, prioritise a set of difficult problems or work, or need a team to help you work through your problem list, reach out to sales@gsphereconsulting.com.au to learn more about how we can help you.