risk

For example: if you can pick 20 metrics that encapsulate a number of the CIS Critical Controls and work like crazy to keep your environment to those then you will likely get more benefit than spending your time on more sophisticated approaches.

There’s a powerful urge to think risk is something that happens to other people. Other people get unlucky, other people make dumb decisions, other people get swayed by the seduction of greed and fear. But you ? Me ? No, never us. False confidence makes the eventual reality all the more shocking.

The AI-risk community has also learned that novel corporate-governance structures cannot constrain executives who are hell-bent on acceleration. That was the big lesson of OpenAI's boardroom fiasco. “The governance model at OpenAI was supposed to prevent financial pressures from overrunning things,” Ord said. “It didn't work. The people who were

Addressing key business risks: Every business faces risks, but when you write them off as inconsequential or irrelevant, they become more dangerous. The Steel Man forces you to conduct a pre-mortem of each key business risk to understand how it creates a significant business disruption. In doing so, you are better prepared for managing these risks.

“So when a CISO or anybody comes into a board room and says, ‘if we don’t do this, this is going to happen,’ it makes them all feel anxious and they start to close down their thought processes around it.”

If you don’t research why new mild anomalies happen, you deserve all the upcoming incidents.

The social default makes us fear being snubbed, ridiculed, and treated like an idiot. In most people’s minds, this fear of losing social capital outweighs any potential upsides of deviating from the social norm and disposes them to accept it.[3] Fear holds us back from taking risks and reaching our potential.