You should put more padding where it hurts the most to get hit, especially if you're short on padding.
In supporting effective risk management we're used to employing a rational approach, or at least we're used to trying to do so. We've come to understand that while simply applying some portfolio of standards or lathering on some best practices can improve the status quo for many organizations, it's not enough. Understanding your unique risk profile and addressing those risks based on projected impacts will dramatically outperform such a blanket approach, given a fixed set of resources.
How many of us take the same approach when giving to charity?
It's one thing to take something you'd be spending time doing in any case and adding a charitable twist; that's certainly a praiseworthy approach, squeezing more good out of our decided activities instead of squandering the opportunity. However, if our standard is to do the most good, I'm not sure most of us ever consider the true opportunity cost of walking our chosen path.
I found this blog posting recently, and it struck me in a powerful way:
Depending on your disposition you may be inclined to take some of the examples as judgemental, but they're really not. They're aimed at encouraging more honesty with ourselves about where we allocate our time and effort, and why.
Having done so, we can make sure that whatever our goals, we're actually moving toward them instead of veering off in some random direction and thinking we'll end up where we expect. If that means fixing the ills of the world, having some fun, or doing a little of both, great. However, if we honestly consider the paths we didn't chose and find in them a better way to reach the outcomes we call our goals, perhaps we should choose that different path. Or admit a different goal.
UK Admitting "Offensive Cyber" Against ISIS/Daesh
13 hours ago