Decision analysis

Labouring under false deadlines and banging away for new development projects is already hurting creative output like hell (and overall security). Now, a lot of organisations are banging away at tagging on security projects, while “leadership” teams want more (as simple as possible) dashboards with more functions to steer the runaway illusionary UFO (avoiding gaining the prerequisite grounded knowledge for clarity in decision making at all cost).

  • What if we stop mopping with the tap open and close the tap? Unlikely.
  • What if we stop increasing the attack surface (IoT, smart cities, …) for a bit? Takes a huge alliance (and common sense). Highly unlikely.
  • What if we add security from the beginning? Unlikely. Seemingly not enough profit in it.

Aikido move: Support a next silver bullet, a next *automated* and *automating* tool that actually produces some clarity for effective decision making.

Graphical representation of decision analysis problems commonly use framing tools, influence diagrams and decision trees. Such tools are used to represent the alternatives available to the decision maker, the uncertainty they involve, and evaluation measures representing how well security objectives would be achieved in the final outcome. Uncertainties are represented through probabilities.