Decision Making Not Analysis Paralysis

by David Mortman on June 1, 2010

There’s been a lot of pushback against using Risk Management in Information Security because we don’t have enough information to make a good decision. Yet every security professional makes decisions despite a lack of information. If we didn’t we’d never get anything done. Hell we’d never get out of bed in the morning. There’s a great post by Ben Horowitz talking about how CEOs make decisions:

Courage is particularly important, because every decision that a CEO makes is based on incomplete information. In fact, at the time of the decision, the CEO will generally have less than 10% of the information typically present in the ensuing Harvard Business School case study.

Sound familiar? Sounds like my job every single day. Personally, I like to have some data based rationale for how those decisions get made. Don’t you?

[Hat Tip to @aneel]

2 comments

Adam,
I’ve made a similar analogy to marketing and advertising decisions…there is plenty of guess work there too, but executives make decisions (and are held accountable to them) everyday.
-Dan

by Dan Arista on June 1, 2010 at 2:28 pm. Reply #

[…] the cynics, but I think I can boil this down to 2 quick points: 1) Go read David Mortman's post "Decision Making Not Analysis Paralysis". 2) If you're criticizing without contributing, then you're not really helping […]

by It’s Your Methods, Not Your Madness — Security Bloggers Network on June 1, 2010 at 9:01 pm. Reply #

Leave your comment

Not published.

If you have one.