Month: February 2009

Rational Decision Making

Gregg Dippold Enterprise Risk Management Leave a comment

Poor decisions are expensive and their damage cumulative. Companies invest in training in enhancing personal creativity, productivity and the like but decision analysis is given short shrift except at the higher levels of the organization or in very technical areas, like R&D or quantitative finance. On one hand it is understandable why many decision models whether deterministic or probabilistic are not used. The modeling requires a strong mathematical foundation. This is anathema for some managers who instead rely on their instincts, “their gut” to make critical decisions. So in decision making we have the two methods which cognitive psychologists call system 1 (intuitive) and system 2 (rational) thinking. In system 1 we use heuristics that have served us well in surviving uncertain environments. In system 2 we build models both formal and informal to assist us. There are weakness with each. One problem with intuitive thinking is that although it is fast,  the first information we receive on any subject, we tend to treat as the most valid. In model building there is the risk of over optimization and waste of precious time. We do not need to build maps so detailed (Del rigor en la ciencia) that when opened become the country.

With this in mind, I set out to build a unified selection model to aid decision making whether for IT project comparison, product comparison, or make or buy analysis  that attempts to leverage the strength of both systems, reduce their weaknesses and thereby lead to better decision making. The next several blog posts will discuss the elements of the model and in March (2009) I will release a whitepaper.

IDM Scripting – tip

matthewpollicove Best Practices, IAM General, Netweaver IdM General Leave a comment

When creating scripts (Javascript or VB Script) to be used within Netweaver Identity Management, make it a point to create and refer to global Constants/Variables rather than direct references to values that might change with time or an environment. This simple tip just makes it easier to manage and maintain scripts within your IDM configuration. Without global constants/variables, you would have to comb through each and every script that might possibly use or directly refer to a value that needs to be modified and then change it accordingly within each script. Instead, when you start using a global constant/variable that’s referenced within multiple scripts, you will be able to make the necessary modifications to just one central location and be done with the change; It greatly simplifies script maintenance.

System Shock

Gregg Dippold Enterprise Risk Management, information security Tags: , 1 Comment

The negative sell is always the hardest to make, ”Do this to prevent this horrible outcome”. You rarely know if you were successful or not. The great leader stands on the rubble of the collapse with his call to action, inspiring the people to pull together, however, the man that prevents the collapse to begin with is never known.

It is a well worn cliché that crisis is the best opportunity. Preventing crisis, however, is no opportunity at all. Often, whether the crisis is prevented or not becomes a game of speculation. Claims of success are frequently met with incredulity; it was never a threat to begin with, it was a matter of chance, fate, you got lucky. As long as quotidian affairs continue there is very little recognition to be found in prevention.

Despite the foregoing which is all painfully obvious, many still focus on ill conceived notions like ROI for security. One should focus instead on what the true by product of information security and risk management is, to wit, survivability. A well executed risk management program permits a company to survive situations like the current one or specific freak accidents. One cannot predict the event or its magnitude, but it will arrive and those whose sole focus is growth invariably fail. The world is unpredictable and unforgiving.