Keep It Simple STUPID is often used by managers to tell their subordinates to get to the point. When in reality they are just lazy, terrible, lousy managers that will never be leaders.
Definition of stupid. (Entry 1 of 2) 1a : slow of mind : obtuse. b : given to unintelligent decisions or acts : acting in an unintelligent or careless manner. c : lacking intelligence or reason : brutish. 2 : dulled in feeling or sensation : torpid still stupid from the sedative.
Keep It Simple Stupid – People who use this acronym are calling you stupid if you want more detail, ask for a complete explanation or look deeply into something. I don’t call that stupid, I call it informed!
Keeping it simple is tough to apply to one business process and not another. When it comes to protecting your information and cyber security, keeping it simple can mean giving access to cyber-attacks. Cyber is defined as relating to or characteristic of the culture of computers, information technology, and virtual reality, protecting this is not simple and substitution theory.
All warfare is based on deception
Sun Tzu
In business this translates to the acquisition of data, denial and use of information as a weapon of the cyber criminal. It is not time to keep it simple, can it can be efficient.
The future of business demands us to re-think our goals, processes, systems, policies, and view of the end-state. We need a new approach that is based on collaboration and mutual benefit, where we are all guarantors of each others well-being. The successful business of the future will have everyone, from the CEO to the part-time clerk resolve problems through deliberation, consideration and mutual guarantee. When a majority of people within the organization stop pointing fingers at who is at fault and understand that our interdependence is such that we do better when others do better as well, we will find ways to help them do better and look at ourselves to see how we can be better as well.
There’s a shared responsibility, not just across government agencies but across the private sector and even the average American.”
FBI Firector Christopher Wray
The answer is NOT SIMPLE. The pirates were only stopped when the countries that benefited by their efforts entered into agreements with their opponents. For example, England and France made the decision not to support the pirates efforts by offering protection or by turning a blind eye to their efforts (in essence a proxy for the super power).
While the countries have changed the concept is the same. Until the super powers stop benefitting from cyber criminals it will continue. This will not happen for a long time, so a different approach is needed.
The companies (merchant ships) depended on the government to protect their ships… Today, companies must be prepared to invest in their own protection as a supplement to what the government offers. This means conduct more exercises to identify gaps; train employees with more than just some videos; put resources into monitoring; and get leadership to agree that it is a real issue and therefore get more involved in the decision making process.
But this is NOT Just One Mans Opinion! The government has warned companies to step up cyber security and advised they test incident response plans using third parties to test the security teams work… are doing this!
No NOT SIMPLE! Corporate Entrepreneurial Leadership understands they can use the RACI Matrix to help everyone understand their responsibility with regards to Cyber Security.
Good leaders know that job descriptions and performance expectations must be clearly defined. In most companies, a clearly defined communication path as well as escalation processes are established understood by all levels of employee within the company or organization.
“Fingerpointerosis” is a disease that infects most organizations when something like a cyber security breach happens. Nobody wants to be held accountable and most times it falls on the IT or CISO because people wrongly believe it is only a technical issue.
The RACI Matrix is normally used in project management as a means of understanding roles and maintain a balance of activity vs productivity. We have modified this matrix for use in regard to cyber security resiliency. No this is not just for the IT/OT/CIO/CISO, it is for the functional leadership and executive leadership as well. Responsible…Accountable…Consulted…Informed (RACI). Starting to make sense? The goal is to utilize this matrix as a formal or casual discussion format, when developing training for leadership and the line personnel
If you made it this far in the blog, then you probably don’t follow a k.i.s.s. philosophy. It is not easy taking an abstract concept like creating a Mutual Benefit culture and making it real and concreate.
Hopefully, when people realize that cyber crime can affect the very fabric of how we live our lives they will invest the time and effort needed protect our society. All you need to do as a leader is acknowledge that it is not simple and keep in mind what the last S in the acronym stands for…STUPID!
Leave a Reply