Solomon's paradox and information security

Have you ever met people who can give wise and insightful advice to others - but who find it difficult to apply the same wisdom when they find themselves in difficult situations? Or noticed that you are often better at giving advice to friends than dealing with your own problems? You're in good company. Even King Solomon, renowned for his wisdom, fell victim to this very human pattern.

The phenomenon is called ”Solomon's paradox”. It describes how we tend to lose our capacity for rational thinking and good judgment when we ourselves are in the middle of a challenge - while often being able to reason wisely and balanced when helping someone else in the same situation.

Here we discuss how Solomon's paradox can affect work with information security, and how we can reduce its impact by making more thoughtful decisions - even when we ourselves are in the middle of the pressure.

Solomon's paradox in information security

Lee, Choi and Hu (2023) showed that people tend to be more optimistic - and thus less realistic - about information security related to themselves (private goals) than when assessing public goals. This suggests that we often overestimate our own ability to maintain security and underestimate the risks that actually exist.

We are much more likely to detect risks, mistakes or opportunities for improvement in other people's systems, departments or organizations than in our own.
Just as individuals can become blind to their personal weaknesses, businesses and organizations risk underestimating or overlooking vulnerabilities in their own solutions and processes.

Strategies for to reduce the effect of Solomon's paradox

By understanding the phenomenon, organizations can take conscious action to reduce its impact. Below is our advice to help your organization manage the negative impact of Solomon's Paradox.

• Psychological distance

People tend to think more abstractly and objectively when viewing a situation from a distance, but become more emotionally attached and short-sighted when they are directly involved. Grossman and Kross (2014) showed that this form of asymmetric reasoning can be reduced by so-called self-distancing - viewing a situation from a third-person perspective (distance) instead of a first-person (close perspective).

Research also shows that the greater the psychological distance we experience, the less the areas of the brain linked to self-reflection are activated, while the parts dealing with abstract and strategic thinking become more active (Davis, 2015). Consciously creating this type of distance can therefore facilitate more rational and balanced decision-making.

A practical way to practice this is to simulate attacks or incidents where participants are asked to advise another team or a fictitious organization. Afterwards, they can reflect together on how their own organization would handle a similar situation. Such exercises strengthen both strategic thinking and the ability to see problems from an outside perspective.

• Get help from another ”Solomon”!

Asking for help and taking advice from colleagues or consultants is not a weakness - it is a strength.

Consultants bring an independent and objective perspective, and their experience in different organizations can be invaluable when assessing an organization's security capabilities and resilience. They can also provide support in designing security measures and suggest improvements that their own organization might otherwise overlook. Such a ”fresh eyes” perspective promotes more objective and informed decisions.

• Clear division of responsibilities

As a proactive measure, organizations should allocate tasks and responsibilities in a clear and structured way. Conflicting tasks should be assigned to different people to avoid unreasonable and risky decisions. Examples of this are the 4-eyes principle and rolling schedules. Such a structure strengthens control and reduces the risk of misjudgments (ISO/IEC 27001).

• Structured thinking in decision making

Writing down your thoughts and using decision templates makes your reasoning visible. When you then read your notes, you can see the situation from a more objective perspective, making it easier to make informed decisions and reducing the risk of being guided by gut feelings or simply ”guessing”.

In conclusion

Solomon's paradox reminds us that it is easy to see the mistakes of others - but harder to spot our own. When we dare to look beyond our own judgments, create some self-distance, invite a few extra eyes, keep a touch of humility and work in a structured way, our ability to make wise and informed decisions increases. Because at the end of the day, strong security relies not only on technology, but on people - their ability to act wisely, make sober judgments and dare to question the situation at hand.

–

Article writer:
Sahar Safaei
Information Security Consultant, Omegapoint

–

Source reference

• Lee, R. W., Choi, J., & Hu, Q. (2023). Effect of temporal distance and goal type on predictions of future information security: Focus on moderation of self-efficacy and social responsibility. Acta Psychologica, 238, 103990. https://doi.org/10.1016/j.actpsy.2023.103990
• Grossmann, I., & Kross, E. (2014) Exploring Solomon's paradox: Self-distancing eliminates the self-other asymmetry in wise reasoning. Psychological Science, 25(8), 1571-1580. https://doi.org/10.1177/0956797614535400
• Davis, J. (2015, March 12). Teach someone to prioritize using psychological distance. Harvard Business Review. https://hbr.org/2015/03/teach-someone-to-prioritize-using-psychological-distance
• ISO/IEC. (2022). ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection - Information security management systems - Requirements. International Organization for Standardization.