Be intentional about how you spend your time. I believe that every person can incrementally improve their security program by being intentional about how they spend their time. One method is to check several items for compliance every month intentionally. While not intended to replace the value of an auditor, this approach can generate incremental value from the overall compliance process.

If you have the requirement to comply with PCI, you are in luck! You could easily create a table that pairs one of the 12 categories with one of the 12 months in a calendar year. Inside each month, you could list several essential items to verify. When printed out and kept nearby, it can serve as a reminder to track progress over time diligently. Compare this table year over year and look for trends that will help identify the sometimes small areas to focus on that can make a significant impact.

I have used this approach to expect more of myself and set the bar a bit higher. I successfully showed this matrix to outside auditors and received positive feedback. Nothing was magic about this table; it forced me to be intentional every month.

This approach can identify and remediate unexpected “compliance drift” more quickly. This approach can be used inside several of the regulatory compliance requirements. If you do not have one, ask friends and colleagues who do to learn what they find beneficial in their respective environments. As always, a great place to start is with the 20 Security Controls.

Can you make it easier on yourself to do the right thing by being intentional? I believe it is possible to leverage systems like this to make it easier to do the right thing.

What systems do you use to force you to be intentional? Please use the comments section to share what works for you.

I recently posted this on the SANS Internet Storm Center.