8 Replies to “New Best Practice: Think”

  1. how about
    DO!

    All these people in security (consultants and practitioners alike) talk,talk,talk…. but rarely ever do. Screw best practice… got out and DO something.

  2. My fav:
    IT is always best practice to use best practices

    Yes, let’s use what everyone else is doing because everyone else is doing it. Best practice find what is required for your environment and follow nickerson’s advice DO!

  3. “Think”, indeed!

    When I was at a Big 4 consulting firm, I learned to cringe when I heard “best practices” from either my co-workers or when it was requested by clients. I came to realize that there was no vetting process what so ever for any “best practices” and that it was nearly always sought as a substitute for thinking, as if to say “Why should we think about this when we can just borrow/steal the thoughts of other people.”

    Plus, “best practices” give everyone involved a giant fig leaf to cover up their lack of insight, originality, or systematic understanding. It is especially attractive to upper management to cover up their lack of understanding of technical issues.

  4. My best practice:
    Use “effective practices” rather than so-called “best practices”.

    Of course, you will need proof to declare one “effective”.

  5. What? I am too busy implementing best practices to take on any more requirements like ‘Think’. Unless there is a compensating control for that, you’ll just have to come back later.

Navigation