Knowledge comes with the desire to explore it !!

Can I apply six sigma to Information Security? January 6, 2010

Six Sigma is a compilation of world’s best management practices. It is a concept which say’s if say we have y = F(x), your processes should be so efficient that there is no need to check the final y. There are many tools like FMEA analysis (Risk analysis), Cause & Effect analysis (Can be used for vulnerability assessment), VA/NVA analysis, 7 types of wastes etc etc.

Six sigma was invented by Motorola in 1987 and was pioneered by GE. This is a management practice. It develops your brain. You start managing your process jobs in refined manner. You start recording the deviations from ideal results. You document properly your understanding. You take your decisions on Standard deviations instead of means.

While we implement controls (pick and drop) from Cobit. Many of the matrix mentioned are on similar line tools in six sigma. I have recently learned tools like 9 window, TRIZ and Zachman Framework. Again these might not be present in Six Sigma, but I have developed a understanding on how can I refine the process I work by getting into the insights, noting the facts, becoming a devils advocate, playing with emotions, Implementing controls, bringing creativity.