Forwarded from: Kurt Seifried <kurtat_private> This is interesting as it poses the potential to be a VERY good thing. But I doubt it will be a very good thing. Quick background: Kurt got a book on knowledge management (buzzword bingo score: 4 points). One of the big themes is that complex systems need to be adaptive and evolve. This requires there to be some sort of learning mechanism(s). Most often these mechanisms must be present at multiple levels and can be quite different. A university for example: students learn, students fill out course evaluation forms, teachers research and publish articles, research in conducted at personal, group, departmental and other levels. There are processes in place to create new courses, and even new faculties should something new arise (Computer Science being a recent example). Universities are (generally speaking) VERY well equipped to meet the future, because they have sunch ingrained learning processes and the support to implement what is learned. Computer and Information Security, in almost all settings and organizations (Vendors, Users, etc.) has shown time and time again that these learning processes are not in place. Consequently the industry is in a complete shambles, with no real hope in the near future. Bills like this one can potentially get people to start implementing learning processes, i.e. establish within the company a group to identify IT related problems and then solve them, I'm talking much higher level then "viruses are a problem, let's educate users and do foo bar and baz to block viruses". Things like "We see security challenges, let's set up a forum where people can bring concerns, let's make a list of people internally and what their skills are so we can form groups of appropriately skilled people to deal with these concerns, let's list managers so we know who to contact with respect to concerns, etc, etc". ========== The funny thing is I sent the above email, exactly as is with respect to a completely different topic, but same issue. We have to get learning processes in place, and the meta processes that manage these learning processes. Kurt Seifried, kurtat_private A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 11:39:08 PST