Chapter 5. Moving Beyond “Fight or Flight”
Most of us have probably seen documentaries set in the African savannah that begin by focusing on a cluster of animals surrounding a key resource, such as a watering hole in the summer heat. This becomes the backdrop for a storyline introduced by the arrival of some visiting predator—wild dogs, a cheetah, perhaps a crocodile—with drama ensuing from there. Each animal at the watering hole is then faced with an instinctive decision: whether to stay and risk a fight, with the ensuing potential for injury, or to instead flee, at the cost of losing access to the precious water and expending energy in the process as well.
At one level, that storyline is an analogue for the cybersecurity position that many modern enterprises find themselves in today: as an enterprise seeks to gain business reward by providing business value to the outside world, it also necessarily exposes itself to risk.
We, however, being human, realize that our responses to threats should not be driven by raw instinct but rather be rooted in a more considered and nuanced decision-making process. We have the ability not only to understand our immediate position but also to postulate future scenarios and evaluate risk versus reward for the range of outcomes. We also have the capacity to plan ahead by taking appropriate proactive steps to reduce the likelihood of negative outcomes, and we can adapt based on the observed ...
Get Enterprise Architecture for Digital Business now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
