I was talking to a client recently about a project we were working on and the term “Anti-Goal” popped up. We all know what goals are. The thing that we are trying to accomplish. Anti-goals are those things we are trying to avoid. As we discussed the goals of the project, my client said “And of course we do not want to get hacked.” A very clear anti-goal.
These types of anti-goals are most often unstated and left to be implied by the project owners. The problem is, cybersecurity ends up being “someone else’s problem” and can slip through the cracks. I have found that incorporating explicit cybersecurity anti-goals into our project planning has helped to clarify the overall project goals. Preventing something from happening takes effort. So our project plans now assign responsibility for anti-goals to make sure they are accomplished.
Let us know what you think: