The dogmas for optimal IT risk management

Over the years, we have developed several dogmas that reflect our thinking and build on our experience. Time and time again, they have proven relevant, and they help us to remain sharp when we set the course for optimal risk management.

“We will try, and we will fail. We will learn from it, and then we will try again.”

Dogma no. 1

“Risk management with confidence in flawed methods is worse than intuition and dice rolling.”

Dogma no. 2

“All models are wrong. Some models are usable.”

Dogma no. 3

“Rhythms and checklists are fundamental to all development. Without them, it will be excentric and fun, but you get nowhere.”

Dogma no. 4

“Risk management requires the use of multiple models. Understand the organisation and the models – adapt and adjust continuously.”

Dogma no. 5

“Even a few measurements reduce the uncertainty in a risk analysis. What can be done with fewer elements is pointless to do with more elements.”

Dogma no. 6

“The most important questions of life, for the most part, really only problems of probability”

Dogma no. 7

“Information security in the organisation must be controlled by risk appetite and frequent fact-based risk analysis, not by fear and intimidation.”

Dogma no. 8

“3. Tool, 2. Development, 1. Design. Always pick the right order!”

Dogma no. 9

“If it matters, it can be observed. If it can be observed, it can be measured.”

Dogma no. 10

Dogmas put into practice