Coverage in the media helping IA’s cause?

OR: another pointless survey tells us what we already knew in a less than helpful manner

One of the staples of our industry is the vast amounts of coverage we get these days in the ‘regular’ media. This is both good and bad.

As the eagle-eyed amongst you will note, I’m a passionate believer that solving the IA conundrum involves everyone at work, in a similar manner to the way in which we dealt with the Health and Safety issue a few decades ago. There are a number of tranches to this process, and part of it is about senior management buying into the process because they understand it’s good for business. Rather than the fact that they will go to prison and get fined if they don’t. Carrot vs. stick if you will.

With this in mind, I scoured the news for things to help my cause. Some of the reports were useful, and some came under the heading of (using Scottish accent) “we’re all doomed”.

The first was this report in which McAfee helpfully tells us that Hackers are trying to steal our business secrets. Oh really? Industrial espionage eh? Bit of a shock there? C’mon chaps we can do better than that. Just to show I’m not just having a go at one competitor, I saw that the annual PGP Data Breach survey had been published recently despite having had a coat of Symantec paint applied to it. This is one of the best reports of its kind. At first glance the figures look so high you decide they must be made up marketing guff. But on closer inspection it turns out there is lots of detail which backs up the assertions, and contains some startling stuff.

It’s clearly the season for this sort of thing, as Websense released one the other day, and assorted reports have come out from Panda, Kaspersky and of course there is the stream of high quality stuff from Sophos including our very famous Threat Report 2011, and the musings of the naked security team

So, what does it all mean? There are two lines of discussion here to my mind. The first line is that there so much stuff out there you have to break it down into parts. There is the recycling of ‘oooo isn’t the internet bad’ stories. Facebook is bad. Twitter is bad. Microsoft and Apple are evil. Everyone but you is using Cloud and is laughing at your backward ways, you big luddite. Yawn. There is also useful stuff like the PGP Ponemon Breach report or the Sophos Threat Report. But hang on a minute. Have another look at all of the reports. They consist mainly of techies talking to techies. If you aren’t familiar with the work of the Gobbledygook Manifesto, then I suggesting making a nice cup of tea and googling it, spending the next few hours sneering at how our contemporaries across IT describe the market. David Meerman Scott has spent many years looking at this issue and is less than complimentary.

Scott underlines my second observation: we are still talking in geeky speak, even when we are trying hard not to. And referring back to my last blog post, we need to get this ingrained into people’s heads like Health and Safety did in the 70s and 80s. H&S didn’t talk to us in long white papers about the need for fire extinguishers or not to carry boiling water around in kitchens with slippy floors. They showed us hammy videos of women with Dynasty-esque shoulder pads flailing about in burning offices, or chaps with mullets keeling over and scolding themselves. The messages were short, sweet and badly acted. Get this wrong, this happens. And it’s because you were stupid and ignored the warnings you were given. Not because you couldn’t fathom what the message was and were too scared at being laughed at by some pointy-shoed IT sales guy talking about Cloud-something. Don’t be scared, pointy-shoed guy doesn’t understand it either. So who’s fault is it?

Answer: yours and ours

You there in customer land have not demanded stuff in English, and we’ve not written it, because it served both our causes to ‘sex up’ matters. However, it’s time to stop and hand it to the people who do understand: IA Practitioners and Legal. It’s time for the IA and Legal professions to get blunt on this topic. It is an approach taken by Stewart Room and FFW, but it seems sensible for this approach to be more widespread. Both professions benefit if the method works (and hence have a financial incentive to work together), but we MUST get away from burying people in geek stuff in the hope that they can translate it into English as it goes up the tree.

IA doesn’t make for great safety videos, so let’s use English please.


About Graeme Stewart, McAfee

I work for McAfee as Director of Public Sector Strategy and Relations, UK&I
This entry was posted in Efficiency, Facebook security, Information Security, Legal, Security, Sophos. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s