Decision Making Not Analysis Paralysis

by David Mortman on June 1, 2010

There’s been a lot of pushback against using Risk Management in Information Security because we don’t have enough information to make a good decision. Yet every security professional makes decisions despite a lack of information. If we didn’t we’d never get anything done. Hell we’d never get out of bed in the morning. There’s a great post by Ben Horowitz talking about how CEOs make decisions:

Courage is particularly important, because every decision that a CEO makes is based on incomplete information. In fact, at the time of the decision, the CEO will generally have less than 10% of the information typically present in the ensuing Harvard Business School case study.

Sound familiar? Sounds like my job every single day. Personally, I like to have some data based rationale for how those decisions get made. Don’t you?

[Hat Tip to @aneel]


I’ve made a similar analogy to marketing and advertising decisions…there is plenty of guess work there too, but executives make decisions (and are held accountable to them) everyday.

by Dan Arista on June 1, 2010 at 2:28 pm. Reply #

[…] the cynics, but I think I can boil this down to 2 quick points: 1) Go read David Mortman's post "Decision Making Not Analysis Paralysis". 2) If you're criticizing without contributing, then you're not really helping […]

by It’s Your Methods, Not Your Madness — Security Bloggers Network on June 1, 2010 at 9:01 pm. Reply #

Leave your comment

Not published.

If you have one.