I have always been a “fan” of words. Meaning: I read a lot and I write a lot. I have this notion that “if” is the most powerful word pound for pound. For only two letters, “if” sure packs a lot of punch. “If” has fueled exploration (“if the world isn’t flat…”). “If” has driven innovation (“if I put this filament in a vacuum…”). “If” opens the imagination (“what if…”). So many positive things come from the word. But, we all know, with great power comes great responsibility. “If” has its dark side – feeding regret (“if only I had…”), suspicion (“If they are doing…”) and fear (“what if this happens…”). I think the silver medal in the pound for pound battle of words would be “and”. You have some other contenders – “yes”, “no”, “why”, “but”... but none of them can compete with “and” when it only takes 3 letters to unleash such power.
- used to connect grammatically coordinate words, phrases, or clauses; along or together with; as well as; in addition to; besides; also; moreover: pens and pencils.
- added to; plus: 2 and 2 are 4.
- then: He read for an hour and went to bed
- also, at the same time: to sleep and dream.
- then again; repeatedly: He coughed and coughed.
“And” represents the union of two things binding together and becoming one - the combination of two verbs, two nouns, two actions…Think of all the great combinations – milk AND cookies, Abbott AND Costello, username AND password… Each element on its own has value but combine the right things and BOOM! Magic happens. “And” even has a cool symbol - &. It is almost like the Prince of words. (& - The Word Formerly Known as And)
Ok – I may be taking it a bit far waxing poetic on all of the positive virtues of “And”. It goes without saying if you take two bad things and slap an “and” between them, you have an even worse situation…cold AND flu, hacker AND open telnet port, shark AND tornado… Just like “If”, “and” has great power – and great responsibility.
Now you know I must lead these thoughts into why my blog exists in the first place. In Security and GRC, amazing things can happen when you leverage “AND” properly. GRC in some ways is a world of “ands” – or strives to be. When good controls development and implementation meets efficient testing and measurement – you get the great combination of Policy AND Compliance. When Policy AND Compliance is coupled with good risk management, you get an even more return on your investment in “ands”. Combining disciplines is an important tenet to keep in mind when planning your risk and compliance strategy. When you begin bridging the gap between parts of the organization, the “AND” factor brings additive value when data is leveraged and processes are streamlined.
Operational Risk Management is an absolute world of "Ands". Risk within an organization can only be understood by layering multiple perspectives together. An organization that can leverage the power of AND empowers the executive team to have the conversations they need to have to understand, manage and reduce risk. Executives need relevant, up-to-date information on business risks to drive the right decisions. Building that picture is dependent on harnessing the Power of AND.
Our video "Managing Operational Risk with RSA Archer" paints of picture of how this conversation can unfold. Watch it and you will see the Power of And at work.