“Your paradigm is so intrinsic to your mental process that you are hardly aware of its existence, until you try to communicate with someone with a different paradigm.”
--Donella Meadows
For some of us, security is realized through physical and network controls that address the risks in a given environment. Others view techniques aimed at education and user empowerment as critical to organizational security. Then there are those who march onto the risk landscape under the banner of effective governance and oversight. Each of these groups employ strategies informed by their paradigm. But what if myopic passion gave way to a dialogue between these views?
Through this forum I will discuss information security from varying perspectives. Below is a preview of future discussions.
- The perspectives of small to midsized nonprofit organizations.
- What do psychologists have to say about information security?
- What are the implications of game theory to our field?
- What can we learn from social network analysis?
I hope to stimulate queries and discussions borne from the aftermath of shattered paradigms. As we brush aside the detritus, we may view security through the eyes of others. After all, isn't that the beginning of discovery?
What? What does this have to do with IT Security?
As I alluded to in my introductory posting, a person's paradigm, or world view, frames their perspective of their environment. Their personal and professional interactions, their understanding of risk; these are all influenced by that framework.
The goal of this blog is to discuss information security from varying perspectives. Why do this?
1) By understanding the concerns and needs of others, we open new markets in need of enlightened professionals.
2) By opening ourselves to new ways of synthesizing and applying the tools and frameworks of our trade, we open the door to innovation.
Thank you for your comment.
Steve I think this could be an excellent topic.
Example: The Information Security department has different responsibilities and requirements if they were a Health Provider then if they were a Bank.
However, since they both deal with personal client data such as SS#, home address, and such they could easily relate to each other.
Rules and regulations always come first in IS, but knowing how to implement them in a cost effective and efficient way is always a challenge.
I think a collaboration of ideas from IS professionals at a Senior or Beginner level would hold a lot of value. People tend to overlook that.
I still do not understand what this has to do with IT Security.
Steven - What type of experience do you have in information security?
What? I guess I am missing something. What does this have to do with IT security?