Preamble

  • Skepticism is not a philosophy of disbelief. Rather it is a philosophy that suggests that there is merit in examing beliefs. A skeptical view of the world allows for faith, in fact recognises that 'faith' at some level often underlies so-called scientific theory. Skepticism does not lead us to the 'entire truth' of the universe, but it is discipline that allows us to better understand small parts of it. And for those parts that we want to grow or progress, skepticism is a tool to open the hood, check the hoses, replace the worn out parts, and lubricate the engine.
  • So why is the focus of this Blog on Skepticism and Technology, and Computer Technology particularly? Because Computer Technology (like every new science struggling for respectability) has surrounded itself with beliefs, an aura which resembles an old style religion where the priests have all the knowledge and know what's best for the humble, confused and worshipfull users of the technology. While the Computer people might enjoy the adulation and their 'special status' and while the computer users (and their managers) retreat comfortably into their 'I don't know what I'm doing and can't be held responsible for anything' attitude, the field of computing technology will largely stagnate. In such an environment we can only extend computer technology by replacing more and more manual processes. That is to say that we can use technology to replace jobs, but we have largely failed to empower the users of the technology to use technology to find creative ways of enhancing their existing jobs.

Skeptic Links

  • Stranger in a Strange Land - Robert Heinlein
    "You know how Fair Witnesses behave." "Well no I don't, I've never met one." "So? Anne!" Anne was on the springboard; she turned her head. Jubal called out, "That house on the hilltop-can you see what color they've painted it?" Anne looked, then answered. "It's white on this side." Jubal went on to Jill, "You see? It doesn't occur to Anne to infer that the other side is white, too. All the King's horses couldn't force her to commit herself ... unless she went there and looked-and even then she wouldn't assume that it stayed white after she left."
  • New Scientist Magazine and Website
    Opinions are best informed by facts - and other (especially differing) opinions. New Scientist has plenty of both, or if you believe a fact is just an opinion wrapped up in a prejudice, plenty of those as well. The best - the easiest - way to keep up to date with just about anything in the life, physical or technological sciences. If you see it on television or hear it on the radio, you probably read it here the day before.
  • David Hume, Philosopher 1711-1776
    "If I ask you why you believe any particular matter of fact, which you relate, you must tell me some reason; and this reason will be some other fact, connected with it. But as you cannot proceed after this manner, in infinitum, you must at last terminate in some fact, which is present to your memory or senses; or must allow that your belief is entirely without foundation." (David Hume, 1737)
  • Massimo Pigliucci. On reasonable skepticism
    I'd recommend his article on Monty Python for anyone who believes skeptics don't have a sense of humour, and his article on the difference between skepticism and cynicism for anyone who ever wondered.
Subscribe to this blog's feed

« Using customers to drive innovation in service provider organisations | Main | Liability for Security Breaches in an Outsourced Arrangement »

Effective security in a dispirited organisation

I am wrestling with an interesting concept.  To what extent does the 'effective' technology security in an organisation depend upon the degree of motivation and morale of the workforce.  A traditional view would have it that Security has an independent existence' and that it is founded in 'absolutes' - so that there are no shades of grey and no capacity for individuals to make it work better or less well.

Of course this is nonsense.  At the very least a resentful or unhappy workforce is likely to take less care which will - if the security system is 'robust' generate more exceptions and lock-outs.  While the Security Manager is dealing with this workload he or she has less time to look for 'real' mischief.  If the security system is not as robust as you'd hope it was, the 'pressure' on it will eventually reveal holes, which the workforce is more likely to ignore than exploit, but certainly won't bring to your attention.   We are not talking about 'actively' malicious activity, simply the consequences of the organisation failing to build a 'productive open-ended alliance' with their workforce (as opposed to the very un-open-ended relationship defined simply by "I work - you pay me").

If we factor in the possibility of malicious activity by disgruntled employees the significance of employee 'attitude' starts to move to centre stage.  And it doesn't have to be employee initiated mischief, but simply collusive behavior where someone on the inside helps someone on the outside.  We tend to discount the possibility that internal staff will be able to really do any damage on the basis that they (generally) aren't computer experts.  In fact this attitude can lead us seriously astray - while we concentrate our suspicions on the guy in cubicle E13 who is displaying uncharacteristic aptitude with the equipment, we fail to notice the 'computer illiterate' guy at G11 is walking out the door with printouts.

Which gets back to the Security Manager saying, well I can't do anything about 'attitude' but I can make sure that my controls are the best they can be and we'll just have to rely on that (and furthermore even in the 'happiest' workplace there are a few bad apples, so I'll always have to design the systems to take account of the 'worst possible scenario'.)  Which is perfectly correct, but the implication for Security Managers is this:  If you have the opportunity to make observations about how the design or operation of the organisation is contributing to, or detracting from, morale which in turn is effecting compliance with the technology security protocols, should you speak up?

November 22, 2005 in Technology Security and Audit |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341f725753ef00d835584b7769e2

Listed below are links to weblogs that reference Effective security in a dispirited organisation:

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

My Photo

About

Skeptic meets Cynic

Recent Posts

Categories

Blog powered by TypePad

Legal Notices


  • The following terms and conditions apply to your use of this web site. By accessing, browsing, using or downloading materials from this web site you agree to follow and be bound by these terms and conditions. I reserve the right to modify or amend the terms and conditions of this agreement without notice at any time and you agree to be bound by such changes. If you do not agree to be bound by these terms and conditions, please do not use this web site or download any materials from it
  • Copyright
    Creative Commons License
    Except as noted below, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.1 Australia License. Copyright materials from other sources that are quoted or referenced in this work, and material added to this work by persons other than the primary author of this work retain their original rights, unaffected by the Creative Commons license that otherwise applies to this work
  • General Disclaimer
    The contents of this site are provided for informational purposes only. This web site is not the authoritative source of information on any matter. All information and opinions are provided "as is" and I do not make any representations, warranties or guarantees, express or implied, regarding the accuracy, completeness, timeliness, non-infringement or merchantability or fitness for any particular purpose or use of any information, opinions, products or services contained in this web site or of any information, opinions, products or services available on web sites that are accessible by links found on this web site. While the information contained on this web site is believed to be accurate, it may include errors or inaccuracies. Your use of this web site is at your own risk. I am under no obligation to monitor this web site and assume no liability or responsibility for content added to this work by other persons, or for content originally authored by me but subsequently changed by other persons without my direct consent. The information, opinions, products and services available on this web site, and the links to other web sites contained in this web site, are made available on the express conditions that no obligation, responsibility or liability, based in contract, tort (including, without limitation, negligence) or otherwise, will be incurred by me for any loss or damage whatsoever, whether incidental, special, indirect, consequential, punitive, exemplary, or for lost profits in connection with, caused by or arising from any delays, inaccuracies, errors or omissions in or infringement by, or from any use of, or reliance on such information, opinions, products or services available on this web site, the links to other web sites contained in this web site or any information, opinions, products or services available on such web sites. I assume no responsibility or liability for any damages to, or viruses that may infect your computer equipment or other property in connection with your access to or use of this web site or your downloading of any data, text, images or other material from this web site.