Decision Making Not Analysis Paralysis

There’s been a lot of pushback against using Risk Management in Information Security because we don’t have enough information to make a good decision. Yet every security professional makes decisions despite a lack of information. If we didn’t we’d never get anything done. Hell we’d never get out of bed in the morning. There’s a great post by Ben Horowitz talking about how CEOs make decisions:

Courage is particularly important, because every decision that a CEO makes is based on incomplete information. In fact, at the time of the decision, the CEO will generally have less than 10% of the information typically present in the ensuing Harvard Business School case study.

Sound familiar? Sounds like my job every single day. Personally, I like to have some data based rationale for how those decisions get made. Don’t you?

[Hat Tip to @aneel]

Filed under: Uncategorized by David Mortman on Tuesday, June 1, 2010

2 Responses to “Decision Making Not Analysis Paralysis”

  1. Dan Arista, on June 1st, 2010 at 2:28 pm Said:

    Adam,
    I’ve made a similar analogy to marketing and advertising decisions…there is plenty of guess work there too, but executives make decisions (and are held accountable to them) everyday.
    -Dan

  2. It’s Your Methods, Not Your Madness — Security Bloggers Network, on June 1st, 2010 at 9:01 pm Said:

    [...] the cynics, but I think I can boil this down to 2 quick points: 1) Go read David Mortman's post "Decision Making Not Analysis Paralysis". 2) If you're criticizing without contributing, then you're not really helping [...]

Leave a Comment

« «