First, let’s remember why we called this article Dan’s New Leaf.  Back in 2004 or so, we decided it would be a good idea to blog about Information Security, so that people would benefit from our thoughts and opinions. It was to fight the noise that we were all getting from vulnerability news sites, as well as the early version of ISACA.

Everything was new back then, and there wasn’t a lot of writing about Information Security. By 2008, I was so busy auditing banks that I had to turn over a New Leaf – blog more regularly. Thus, the birth of DNL.

Fast-forward 15 years (to now), and blogs about cybersecurity are one in 10,000. I tried to distinguish myself by raising philosophical ideas, but we are also realizing that in the age of ChatGPT we need to focus on quality rather than quantity.

It’s always about fighting the noise.

While most can still accuse me of just adding more noise into the blogosphere. I write gratefully for those people, mainly long-time Clients, who strongly encourage me to keep blogging. And in response to their feedback, I now try to center the blog on understanding why risk arises. For years I have taught that “the why” is what motivates us to enforce non-technical controls. If our blogging can empower our Clients to help their management and users understand “the why,” it is no longer just part of the noise.

We’re running into this same noise phenomenon with our boilerplates. Our library, once a distinguishing factor in engaging with infotex, is now one in a thousand. Great organizations have popped up with the ability to evolve and disseminate policy boilerplates. And that was before OpenAI.

We are now left, in 2023, asking ourselves this simple question – why would you use our boilerplate when you could just use ChatGPT?

The answer is actually another new leaf. The answer, beyond accuracy and the fact that we don’t hallucinate, will be one small, but powerful, word.

 Why.

We are almost ready to publish our new Artificial Intelligence Policy Boilerplate. When we do, we will invite our Clients and friends to tell us if we’ve properly addressed the question – why?