Summary: The text discusses using the flywheel concept to enhance security programs by implementing cost-effective controls and fostering collaboration across teams. It emphasizes the importance of threat intelligence and continuous control monitoring to improve security measures and reduce risks. By embedding security into business processes and capturing benefits, organizations can create a sustainable cycle of improvement in their security initiatives.
Applied to business situations this is about putting in place a chain of complementary activities that feedforward on each other, mutually reinforcing, to increase the desired outcomes. (View Highlight)
For every control, constantly look at the total cost of ownership of that control. This needs a very broad lens to include software, hardware, licenses, operational costs, end user / IT costs, opportunity costs, performance or productivity impacts and so on. Then look for (using 80/20 analysis typically) the means to reduce the cost of that control. (View Highlight)
Creating an initial inventory where people didn’t think there was a problem is an example of you appearing to make a problem worse. (View Highlight)