Comments on: Lindstrom’s Razor is not about security spending http://spiresecurity.com/?p=1052 Risk and Cybersecurity Analysis Wed, 21 Aug 2013 23:28:51 +0000 hourly 1 http://wordpress.org/?v=3.5.1 By: Pete http://spiresecurity.com/?p=1052&cpage=1#comment-944 Pete Mon, 26 Oct 2009 03:41:41 +0000 http://spiresecurity.com/?p=1052#comment-944 @Russell -

I think you are making this too complicated. I stipulate that there are big question marks about value and made a handful of points in this arena in my previous post here: http://spiresecurity.com/?p=1046. But these are non-market goods and value is determined by the stakeholders willingness to pay. There are many reasons that value can change over time and vary from person to person, but at the time a decision to buy is being made I am hard-pressed to believe that any stakeholder a moment after having made a major purchase would say it wasn’t worth it. This is the rule of thumb.

Thanks,

Pete

]]> By: Russell Thomas http://spiresecurity.com/?p=1052&cpage=1#comment-941 Russell Thomas Sat, 24 Oct 2009 05:45:56 +0000 http://spiresecurity.com/?p=1052#comment-941 Ah…. thanks for the clarification.

So “Lindstrom’s Razor” is just a rule of thumb to estimate the MINIMUM value of a digital asset, is it?

If so, then I don’t support even this simple rule. It may seem dumb to invest more in an asset than it’s worth, but plenty of people who have studied IT carefully (in an enterprise context) believe it happens all the time. (I’m thinking of Nicholas Carr and Paul Strassman, as the most vocal proponents of this view.)

Going back to the 1960s, Peter Drucker observed that cost streams are only loosely related to revenue streams, and that unless there was active management and discipline (a.k.a. metrics, learning), costs tend to increase due to wasteful or misdirected activities — the same way that committees spawn yet more committees.

So it is with IT systems and digital assets of various kinds. Systems and complexity tend to spawn yet more systems and complexity, with out any necessary connection to the drivers of business value. How much this happens and where it shows up all depends on the nature of the organization, it’s relationships with customers, competitors, and other market forces, etc. Without much “selective pressure” from outside forces, IT systems can bloat all out of proportion and yield negative returns in aggregate and even on average.

I’m all in favor of good rules of thumb, but I don’t think that “spending on an asset” is a good rule of thumb for a minimum asset value.

Thanks for the debate!

Russell Cameron Thomas

]]>