One thing I learned through crafting this analogy … I’m not a novel writer, and I often forgot the ideas I had in the car. But taking this into account, it was the start of the below comparison.
I came up with stories and analogies of how Information Security can be compared to elements of our daily life, such as building a house, buying groceries, swimming, gardening … but I didn’t finish anyone of them. Basically, I just tried too hard, and didn’t listen to the good-old gut feeling.
When practicing Information Security, I’ve seen a lot of companies and individuals trying hard, and often too hard. They spend an awful amount of time in analyzing their risks, composing uncontrollable control frameworks, making fancy senior management reports and in the end lose control, focus and results.
I’m convinced that in making risk-based choices to protect your information, the informed gut feeling influences a vast amount of the decision, in spite of the perfect methodologies present to be applied. The main advantage with the gut feeling approach is the velocity of moving forward. Current technology and market evolutions often don’t allow us to over-engineer our choices. Decide early in the morning and see results in late afternoon, or even faster. One can defend and motivate gut feeling choices better than those inspired on complex calculations and analyses, so another time gain in reporting.
Don’t try too hard, make informed decisions fast and execute them.
When the time is right, I’ll probably finish the above-mentioned analogies in another post.