Tuesday, July 16, 2013

Proactive Decision Making

When leaders need to make decisions, as expected, they endeavor to make good ones.  Unfortunately, without good data at hand, decisions can end up being unintentionally bad.

One of the major tasks for leaders is to ask the right questions.  These questions should be the starting point for the generation of metrics that are required for coherent answers.  If the right questions aren’t being asked, or more likely, no questions at all, then any analyst will fall back to submit the data they have on hand.  This is a dangerous precedent to set because when leaders rely only on what data is already available, the existing data gathering will likely distract the leader from asking the right questions. 

For example, these are bad questions for decision making:
  1. How many incidents did we have over the last 24 hours?
  2. When is unit ‘X’ going to recover from problem ‘Y’?
  3. How many users are affected by outage ‘Z’?
These questions are not terrible for the tactical operator who is trying to manage getting units and their users back online, but these are poor questions to be briefed to senior leaders.  The biggest reason these are poor questions is because this is past data with little context to the goals of the organization.  Decisions based on this data result in a reactive posture, rather than the desired proactive posture. 

So, why is this information being briefed?  What does a senior leader learn from this information?  Not much, really, but, a smart individual will be able to put together some trends in their mind after being briefed this information for an extended period of time.  But, is that really what you want your leadership to be doing?  Isn’t that a much better task for an analyst, or even better, a statistical program?

So, what questions should the senior leader be asking?  These are a few good ones:
  1. What systems/networks/operations are most at risk over the next 2 weeks?  What is our mitigation strategy?
  2. What is the latest threat intelligence and where are our systems/networks most vulnerable to their most likely and most dangerous course of action?  What are we doing to adapt to their tactics?
  3. What are the lessons learned from the last 90 days of incidents and what is our plan for implementing the changes to prevent them from happening in the future?
The theme of these questions is that they are not asking about metrics, but every question, in order to be answered, requires metrics.  This is how metrics should be used.  While answering these types of questions is much more challenging, the end result is more informed, proactive decisions.

How are you endeavoring on a regular basis to make proactive decisions instead of reactive decisions?
How are you using data to help your decision making? 
What are some other “good” questions for leaders to ask?

No comments:

Post a Comment