I was reading this CSM summary of this year's Warren Buffett shareholder meeting and loved the closing comment about working hard to avoid stupidity. This sounds like an excellent goal for infosec, too. In fact, I'd go so far as to say that, if ever we should have a goal, it should be this.
Specifically, this goal of "working hard to avoid stupidity" seems to tab very nicely with the legal defensibility doctrine in that one of the stupid things we see time and again throughout the enterprise is decision-making that does everything but avoid stupidity, putting our respective organizations into a world of hurt.
For more thoughts on legal defensibility, check out David Navetta's recent blog post "The Legal Defensibility Era is Upon Us" as well as his feature story in this month's The ISSA Journal. May we all work to avoid stupidity toward building a defensible set of practices for our organizations.
