Next Module: Threat Modeling & Bounding Risk Assessments
Effective problem diagnosis and reframing is integral to developing appropriate risk mitigations for the security of civil society organizations. When cybersecurity consultants focus on solving the immediate or obvious problems, sometimes the more important problems go unaddressed – consider the difference between patching a vulnerability and maintaining a security program that will ensure patches are quickly and regularly applied. This module will introduce practices for reframing problems such that higher objectives such as improving organizational effectiveness can be achieved.
- Diagnose problems and solutions to determine whether the “right” problem is being addressed.
- Learn how to reframe problems so that higher consulting objectives can be achieved.
- Introduce the reframing of complex problems to the client or others.
- See Course Readings for “Problem Diagnosis and Reframing”
Discuss the seven practices for effective reframing described in the “Are You Solving the Right Problems?” article. Consider the Slow Elevator problem or the Dog Adoption problem.
- In your own experience, have you encountered times where the “right problem” was missed?
- Did you use any of the practices or do you think any of the practices would have helped you in that situation?
- What resistance or obstacles did you or might you encounter when reframing problems that your partner organization might present to you?
- Providing information to a client.
- Solving a client’s problems.
- Making a diagnosis, which may necessitate redefinition of the problem.
- Making recommendations based on the diagnosis.
- Assisting with implementation of recommended solutions.
- Building a consensus and commitment around corrective action.
- Facilitating client learning—that is, teaching clients how to resolve similar problems in the future.
- Permanently improving organizational effectiveness.
- Confirmation Bias
- Mental Rigidity / “Paradigm Paralysis”
- Unnecessary Constraints
- Irrelevant Information
- Broaden the focus. Explore the more general problems that your problem may be a part of.
- Narrow the focus. Break down your problem and focus on its component parts.
- Reverse the focus. Take on the opposite view of your problem statement. This technique may challenge the underlying premise.
- Rephrase the issue. Rephrase or paraphrase the words in your problem statement. What parts of your problem are highly defined? What parts are ambiguous? Replace any value-laden words.
- Pros and cons. What do you like about your problem statement? What do you not like? Improve the parts that you’re not satisfied with.
- Validate your thinking. Have you validated that you are working on the real problem? If so, how? (Example, Socratic questioning)
Validate your thinking (from https://hbr.org/2017/01/are-you-solving-the-right-problems).
- Question the objective
- Consult outsiders
- Gather individual definitions of the root cause of the problem
- Explicitly define what might be missing in the problem statement
- Have multiple people identify what type/category of problem you are trying to solve (ex: “resources” “incentives” “values” “systemic”)
- Identify positive exceptions. (When the problem does not occur, what was different about those circumstances?)
- Broaden the focus.
- Narrow the focus.
- Reverse the focus.
- Rephrase the issue. What parts are highly defined?
- Ambiguous? Value-laden?
- Pros and cons.
- Validate your thinking.
- Deep Listening
- Framing Trade offs
- Finding some no-brainers and quick wins
- Low cost experiments and incremental steps
- It was their idea not yours
Develop your communications plan for working with your partner organization:
- Define / Validate the Problem
- Conduct Mini-PESTLE
- Determine Threat Model
- Select Options
- Consider Security, Usability, Reliability, Familiarity, Cost, Backup
- Test Options & Reassess.