Decision Making Not Analysis Paralysis

There’s been a lot of pushback against using Risk Management in Information Security because we don’t have enough information to make a good decision. Yet every security professional makes decisions despite a lack of information. If we didn’t we’d never get anything done. Hell we’d never get out of bed in the morning. There’s a great post by Ben Horowitz talking about how CEOs make decisions:

Courage is particularly important, because every decision that a CEO makes is based on incomplete information. In fact, at the time of the decision, the CEO will generally have less than 10% of the information typically present in the ensuing Harvard Business School case study.

Sound familiar? Sounds like my job every single day. Personally, I like to have some data based rationale for how those decisions get made. Don’t you?

[Hat Tip to @aneel]

2 Comments on "Decision Making Not Analysis Paralysis"


  1. Adam,
    I’ve made a similar analogy to marketing and advertising decisions…there is plenty of guess work there too, but executives make decisions (and are held accountable to them) everyday.
    -Dan


Comments are closed.