The dissemination of information is something we often take for granted but it hasn’t always been like that. A long time ago, long before computers, the internet and 24-hour interconnectivity, in a pre-digital age, information used to belong to a small group of individuals. Whatever doctrines or ideas they spoke of were held to be the truth – though this didn’t necessarily imply it was accepted as such. History has always had its rebels after all. Nevertheless, large swathes of the population, through illiteracy or poverty, didn’t know any better. And that remained the model for quite a long time.
Today, however, that’s a whole different story – we have more freedom to obtain information than ever before (well, in democracies we do). This greater access to content has been further amplified by the coming together of highly sophisticated digital technologies and the fruition of the internet as a useful medium through which to do, well, everything.
In the security business, how we go about disseminating information – whether it is to do with developments in the industry, job opportunities, networking opportunities – and accessing that information has been a bone of contention for quite a while now.
Remember a few blogs ago we mentioned the security industry and the lack of definition it can afford, for example, job titles, well, similar problems can occur in broadcasting, sharing and receiving information. This is something one of our RANTers recognises and spoke about at the last Risk and Network Threat Forum.
“The problem is the mode in which we communicate security awareness to our users is generally very poor,” says Javvad Malik. “We need to be a bit more creative, engaging and genuine in our security awareness efforts,” said Javvad during his 2 minute RANT where we had a Christmas Special of ‘Who’s RANT is it Anyway?’
He’s onto a very good point. Perhaps this information isn’t so much deficient as it is not properly communicated or accessed. The fault can be two ways – either employees, both longstanding and new, are not aware of where to go to find content and/or those security professionals holding, for example, training sessions, are not putting out details via the correct channels.
What this creates is ambiguity, ignorance – by way of being denied information – and a culture which is far from collaborative, but fractured. Everyone operates within the industry, but in their own hubs, like disparate planets in a solar system with no means of connecting.
It doesn’t have to be this way – in our next blog, we’ll discuss how to foster a communicative culture. Our industry might be predicated on tightening security, but we could do with being more open about how this can be achieved.