Industry View
How What You Know Can Hurt You
Some sage said, ’The trouble with people is not that they don’t know, but that they know so much that ain’t so.’ That can be a killer in risk management. Guest columnist Mark Chussil offers tips for testing what you know.
By Jen McCarthy
Were it not for the senior executive who saw the brewing crisis, who understood the impact of decisions-not-made and who brought in the simulation process, the attack would have come and probably succeeded. By preparing for the crisis, the company learned how to prevent the crisis. They protected their prosperity and careers, and they protected numerous jobs in their community.
Think about the company before the business crisis simulation. Most people would say it had every right to think it knew what to do. Its people had plans, they had budgets, they had forecasts, they had market research. They had talent, they had experience, they had brains, they had motivation. So do the companies that fail when competitors attack. What made this company succeed is that it had one uncommon benefit: a senior leader who questioned what he and his colleagues knew.
Leadership and drills
Note that preventing the crisis was about leadership and preparedness, not about data and drills. Getting more-accurate data about the competitor’s date of entry wouldn’t address the company’s real vulnerability any more than getting a more precise wind-speed reading would save a city from a hurricane. Only a senior leader could have the perspective and authority to identify the problem and implement a solution. In fact, that’s exactly what a senior leader is supposed to do.
Business executives and government officials don’t invest time or money in data, training or preparedness that they think they don’t need. Why would they? Spending time or money to get an answer they already know would be irresponsible and wasteful. However, if what they know ain’t so, then they (and the rest of us who depend on them) are in trouble.
Unfortunately, often what we know ain’t so. Over and over again, my colleagues and I have watched smart, dedicated managers get stunning insights when they see a problem in a new way in a crisis simulation.
The same is true in the public sector. We know that police and firefighters can talk on the radio. In some communities, that ain’t so because they use different radio frequencies. We know that hospitals can treat victims of a pandemic or terrorist bomb. But that ain’t so if fuel or roads are cut off, because hospitals need a constant stream of supplies. We know our emergency plans will work. As we’ve seen, tragically often, that ain’t so.
The moral of the story
We have two options to discover what we know that ain’t so. One is to wait for a crisis and see what’s so and what ain’t. That’s the very expensive way. The other is to proactively uncover it before a crisis hits. In other words, preparedness.
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
