We've all heard that, when everything is important, nothing is
important.
And yet we keep creating ever more important sounding labels
to what should just be “most important”. The problem isn’t just with security issues, but also bug
prioritization, tickets, and everything else.
When there are too many Priority 1s, we create Priority 0
which are higher priority.
That works for a while.
When there are too many Priority 0s, perhaps we create a “Critical
Situation” which are higher priority.
What’s broken isn’t in the name or label. The names worked fine
before. CritSits are still really just Pri 1s and what are now P1s will likely
be handled the same as P3s were before.
Partly what’s broken is the definition of the criteria.
The other part that is broken is the lack of willingness to either
ruthlessly prioritize with the resources that are available or, if that’s
impossible, add more resources to handle the additional workload.
You can only have one first priority, one second priority,
and so on.
Follow me on Twitter for discussion and the latest blog
updates: @Opinionatedsec1. Or, start your own discussion using
#crazygoodcyberteams on twitter or Linkedin and I'll read it.
SEE ALSO
No comments:
Post a Comment