The general applicability of information warfare as an extension of information assurance seems prudent. CIO’s and CISO’s should be aware of correlating risks and act appropriately. The modern enterprise is dependent on an ever-growing need for information and automated information management systems. While information assurance offers a holistic approach to defending a business organization, the risks of all three classes of information warfare are not even brought into question in corporate-level information assurance policy management frameworks. The following model is an attempt to describe where information operations risk management could be implemented. Short-term damage can largely be applied to class 2 information warfare (corporate implications), while long-term damage can be applied to class 3 information warfare (regional or global implications).
This is another work in progress. I have a lot to add to this, so I will do so when I find the time.
The focal point is to provide choice in education as a stem from my previously stated notion, “what obligation do I have to information?” I presume that it’s feasible to design an edupunk system; a system that is open source, Internet-community designed and Internet-community maintained. This system could be used in addition to higher education institutions, and all other preceding education systems. This system would not be limited by how or from where information is obtained, as long as it satisfies the community-derived requirements. An edupunk system should also be completely anti-discriminatory. This includes placement based on age, experience, intelligence, and all of the other common attributes of a society—gender, sex, race, whatever. Information does not discriminate until we use information to discriminate.
What are the ways that people learn?
Direction
Completely directed
Partially directed
Self directed
Orientation
Completely base oriented
Partially base oriented
Not base oriented
Completely objective oriented
Partially objective oriented
Not objective oriented
Immersion
Completely integrated
Partially integrated
Not integrated
Information sharing
By a master all of the time
By a master some of the time
By a master none of the time
By a specific group of masters all of the time
By a specific group of masters some of the time
By a specific group of masters none of the time
By a master collective all of the time
By a master collective some of the time
By a master collective none of the time
By a student all of the time
By a student some of the time
By a student none of the time
By a specific group of students all of the time
By a specific group of students some of the time
By a specific group of students none of the time
By a student collective all of the time
By a student collective some of the time
By a student collective none of the time
(The text in red identifies how current mainstream education institutions predominantly operate. They can be, however rarely, “partially integrated” (into a specific community or environment). Internships and the like are “completely integrated.” Research degree programs would be “partially base oriented” and “partially objective oriented.”)
“Direction” entails a linear process of constructive knowledge gain. Completely linear systems with predefined objectives limit creativity, even when compounding such linearity with complexity.
A base-orientation entails a body of knowledge or an idea that can be explored with no limiting objective. This form of orientation entails the generation of a scope as you add more knowledge to that base, and that you will eventually conclude on a desired objective.
An objective-orientation entails using a predefined scope with a predefined objective that is based on expectations.
Do you have an objective? Are you objective-less? We cannot use one system that has to work for everyone without losing the minority and steering the majority. Everybody has different goals, and that diversity requires diverse education systems.
Curriculum requirements can either be static (predetermined) or dynamic (real-time). Both base-oriented curriculum and objective-oriented curriculum can be static or dynamic in their design.
Why should people use my edupunk system?
The dynamism of the evolution of information and behavior is increasing, and uncertainty of futures is indeterminately complex. Knowledge oriented education systems no longer support the needs of our present day problem solving systems with the advent of this information-integrated stage in our evolution. The Internet—the distributed, instant-information systems that span and connect the entire world—can help alleviate our education woes. Irrespective of laws on intellectual property, restriction of information slows the progress of the human race. And while modern day, mainstream education institutions take money in exchange for un-integrated, structured knowledge, the values that drive this inertia (linear, non-changing) need to be updated and expanded to become adaptive to real-world, current and future knowledge gaps.
Progress of the human race—using what objectives?
Why do we even have education systems? No educator has ever asked me. How can we continue to use a system that has no predefined goal? Do we simply expect that growth equates to happiness and happiness to satisfaction? Is this some perverted, collective super-position that is simply expected of every living human being?
I stand by the notion that things don’t happen for a reason until we give it reason. Sharing information appears to be an innate feature of a naturally-social group of organisms. From an evolutionary standpoint, sharing information allows you to gain information that you once did not have, possibly and probably increasing your chances for survival in the environment in which you live. This problem of needing information to thrive has not gone away. In fact, it would appear that education systems have been developed in order to both solve complex problems and to anticipate future problems. This is why we need progress—for the survival, and often times the vanity of the human race.
But why do we have to constantly be “updating” our knowledge if our goal were simply to survive? Is there a point where we can just stop learning about our shared world? In short, no. The human race still has problems that have evidently existed since the beginning of Earth’s history. And as our species evolves while in parallel we develop better and more complicated technologies, there will never be a time, as long as life exists, where problems will not exist as well.
There are some problems that are undeniable. Sustainability of resources is critical, in addition to maintaining the resources we have. Maintaining resources includes the avoidance, minimization or mitigation of disasters, both human caused and of natural consequences. Every bit of human knowledge can be given “reason” to amount to some portion of any notion that precludes to the avoidance, minimization or mitigation of disaster in some form or another.
How should my edupunk system work?
By capitalizing on the various ways that people learn. While all people have dominant learning styles, people must find balance with their non-dominant learning styles in order to maximize the reception of information in diverse ways. As I mentioned above, people learn by established direction, orientation, immersion, and with whom information is being shared.
As a society, we choose to apply metrics to individuals. This seems to be a natural choice—as if innate, we presume to be individuals. However, we are innately social.
After basic study of inertia in application to developing extrapolation scenarios, and to juxtapose the institution of academia, I feel as though all levels of formal education have undervalued the capabilities of technology to better integrate people and information.
I must point out that I will primarily be attacking higher education and their faults. After seven years of struggle as a gifted yet learning disabled student in higher education, toned down, I’m disappointed.
To preface, I claim to be an intellectual minority. I believe it gives me a unique perspective; and in retrospect, allows my objectivity to be useful. With what little research that is available concerning individuals that are gifted and learning disabled, there are many attributes of said students that offer insight into the faults, or perhaps areas where education systems should grow, of educational institutions.
“[Gifted and learning disabled students have] special talents or interests that were usually manifested in out-of-school or within-school extracurricular activities and that enabled them to ameliorate their negative school experiences. These talents and interests were recognized and often nurtured by parents and seemed to contribute to the positive sense of self eventually developed by some of the participants in this study despite their negative experiences in school.”
[Case Studies of High-Ability Students with Learning Disabilities Who Have Achieved, Journal article by Sally M. Reis, Terry W. Neu, Joan M. Mcguire; Exceptional Children, Vol. 63, 1997]
This notion signifies where education systems continue to not change, and in areas that would benefit all students, not just intellectual minorities. Without holistic support, these students might be forced to practice their identified strengths in non-constructive manners (hint: illegal manners). They are certainly not being used in the classroom. Where is the system to identify the unique strengths and weaknesses of each student? Do teachers or mentors know about these strengths? Why do student’s weaknesses get punished instead?
What is a weakness? Well my severe weakness is my learning disability. And this notion is complicated by the fact that disability support services in all grade levels only support the disability—that is, the attempted normalization of the weakness. This system is completely backwards for students who are gifted and learning disabled. But I digress. Thomas Jefferson once wrote, “There is nothing more unequal than the equal treatment of unequal people.” When it comes to personal learning styles, I do not believe in equality. Weakness is punished by awarding grades as metrics to academic failure, and I believe this act plays into the demolishment of natural creativity that students have.
Evidence: video
As Sir Ken Robinson states, “…if you’re not prepared to be wrong, you’ll never come up with anything original. If you’re not prepared to be wrong. And by the time they get to be adults, most kids have lost that capacity. They have become frightened of being wrong. And we run our companies like this, by the way, we stigmatize mistakes. And we’re now running national education systems where mistakes are the worst thing you can make. And the result is, we are educating people out of their creative capacities.”
Sir Ken Robinson continues, “…academic ability, which has really come to dominate our view of intelligence because the universities designed the system in their image. If you think of it, the whole system of public education around the world is a protracted process of university entrance. And the consequence is that many highly talented, brilliant, creative people think they’re not, because the thing they were good at at school wasn’t valued, or was actually stigmatized. And I think we can’t afford to go on that way.”
My argument here is this: the foundational metrics system which we use to measure the performance of individual students is antiquated. Mainstream education, and in retrospect, society, is suffering from academic inertia—a complete lack of change for the betterment of students. So—how should it change?
Fundamentally, the education system, worldwide, is flawed. It remains insensitive to individualistic needs and continues to degrade as short term funding cuts continue to inhibit its growth. Even while society at large is learning the value of sustainability, it’s education, in the public’s eye, that is open to budget cuts and therefore is less important to society than the roads that we drive on.
Even while society is learning how to embrace technological advancement at exponential levels, academic institutions do not. Yes, schools are taking advantage of online learning tools. But if it didn’t increase the amount of money they took in, they wouldn’t use it. Academic institutions are embracing technology, but for largely the wrong reasons.
Take, for example, the private sector. While interning at Microsoft, my deployment services team was successful for many reasons. However, two of those reasons had to do with information and technology. As a team, we were encouraged to remain from becoming information hogs—that is, individuals who kept crucial information to themselves. We prided ourselves on our unique attributes, such as being a subject matter expert (SME), but when specific information was needed to complete complicated tasks, it was our duty to share and help educate everyone involved. While this process was primarily performed face-to-face, we used Microsoft’s intranet to create an encyclopedia of relevant information that each of us was encouraged to contribute to. As SME’s we had a responsibility to educate everyone else, empowered by integrative technology.
This is not how academic institutions, in a classroom setting, are managed. The teacher is the SME, and if you don’t meet standardized requirements, you fail. Nowhere in the system of curriculum is there a means for students to become the teachers. Nowhere is there a means for students to be assessed based on their strengths, or develop according to their strengths.
What is a personal strength? Well my strengths are my gifts, including my tenacity and creativity. IQ testing identified areas of high intelligence, in contrast to my average IQ scores and my low (learning disability) scores. Stereotypically, people that are not learning disabled or not gifted fall into the “average” IQ range. Again, stereotypically, people tend to believe that they only have one IQ. That’s completely false. IQs are determined by a wide range of specific areas of intelligence. It’s perfectly feasible that everyone on Earth has varying (high and low) IQs—and it’s the higher ones that we should be capitalizing on.
But people are not simply their IQs. There’s also emotional intelligence (EQ) and there’s creative intelligence (CQ). People also tend to use either their right side of their brain or the left side of their brain. And there’s personality. Understanding one’s personality is invaluable when learning about one’s self, and thus, their world. Personality is directly tied to our capacities as learning individuals.
But none of this is measured when we instruct students in mainstream education. Unless, of course, you are identified as a gifted or learning disabled student. Why don’t we perform these tests at all levels of school on all students? Starting in primary school, kids should be tested. They should be tested so that, individually, they can come to terms with their strengths and weaknesses. This is critical for understanding one’s ability to perform in society. Kids should also be tested so that educators and mentors can track individual progress—not standardized progress. Allowing educators to engage with their students at these intimate levels will set the foundations of educational sustainment.
What I propose is this: The healthcare system is receiving a lot of funding to deploy a nationwide infrastructure of personal health information that is supposed to assist with improved health care. Why can’t we do that same for students? And we need to abolish the grading system. It’s arguable that the grade point system measures a student’s strengths and weaknesses. But GPA wraps that information into one clump of poop. And nowhere on a report card is there an educator’s note on why such a grade was received. Similarly, nowhere is there a response from the actual student receiving the grade. If we can implement feedback systems on e-commerce Web sites, we can do it for our students.
Another problem, which with identification could assist with turning education systems around for the better, includes sociability. At Microsoft, we worked in teams. Being an SME was one of my strengths. But as a collaborative team of SMEs, we were something much greater. Students are graded purely on individual “success” which reinforces their “success” on a completely individualized level. While students should understand their ability to contribute to a society in ways that are unique to their psyche, in order to be a part of a society, they need reinforcement that is determined by teamwork for which they are a crucial part.
Similarly, in this era of exponentially evolving information integration, why are we basing our tests on questions that can be Googled in 2 seconds? Why aren’t we asking questions that require problem solving and critical thinking? Why are we asking questions that only have one right answer? Through collaborative teamwork, people learn to think creatively. Through collaborative teamwork, people learn the value of diversity and opinion. In developed nations, having access to the Internet is commonplace. If we don’t teach students at a young age to embrace technology in ways that are meaningful to the society for which they are a part, we are denying OURSELFS the luxury of a self-empowered, socially-educated and technologically-empowered society.
Why is the sharing of information important? Here’s why:
Evidence: video
Matt Ridley states, “…what we’ve done in human society, through exchange in specialization, we’ve created the ability to do things that we don’t even understand.” He continues, “With technology we can actually do things that are beyond our capabilities. We’ve gone beyond the capacity of the human mind to an extraordinary degree. And by the way, that’s one of the reasons that I’m not interested in the debate about IQ–about whether some groups have IQs higher than other groups–It’s completely irrelevant. What’s relevant to a society is how well people are communicating their ideas, and how well their cooperating, not how clever the individuals are.”
What I propose is this: By engaging with others, sharing problems and sharing ideas, we learn about ourselves while simultaneously learning how to be a more intricate part of a community. Through foundational understanding of how we work individually, we can offer those strengths to our groups through interaction. Engagement is the pinnacle of education. Without engagement and without respectful, compassionate sharing, we reinforce our egos. Reinforcing our egos with what not to do—or with what to do but basing it on invisible expectations—is undermining our abilities as a global community. Our goal here should be to revolutionize our education system to encourage civic engagement at any level. Assignments should be replaced with engaging projects. Students should do these projects together. They should be tested on their abilities to understand themselves and how to best engage with their teams and their communities.
How can we develop student’s strengths, to bring success to their community, and in creative and non-threatening ways? Why would the latter be important?
Evidence: video
David Logan states, “So when individuals come together and find something that unites them that’s greater than their individual competence, then something very important happens. The group gels. And it changes from a group of highly motivated but fairly individually centric people, into something larger, into a tribe that becomes aware of its own existence.”
David continues, “Two percent are at Stage One. About 25 percent are at Stage Two, saying, in effect, “My life sucks.” 48 percent of working tribes say, these are employed tribes, say, “I’m great and you’re not.” And we have to duke it out every day. So we resort to politics. Only about 22 percent of tribes are at Stage Four, oriented by our values, saying “We’re great. And our values are beginning to unite us.” Only two percent, only two percent of tribes get to Stage Five. And those are the ones that change the world.”
“See, people who build world-changing tribes do that. They extend the reach of their tribes by connecting them, not just to myself, so that my following is greater. But I connect people who don’t know each other to something greater than themselves. And ultimately that adds to their values.”
The question begging to be asked: Why can’t we design education systems that empower students to value stage four and stage five tribes? If they could even acknowledge what tribe they were in, I presume that it would allow them to strive to a higher level of tribal leadership. Just think of the impacts that would have on our society even if it was a small increase. When we design education systems that teach students what is valued in society, and for all of their developmental years in life (K-12), what should we be striving for?
The goals of our education systems no longer serve us as a society. We are now connected in vastly superior ways from when our core education system values were established. We are no longer individual information carriers and processors. As our society becomes more and more complicated, we have to be raising children with an aptitude for individualized empowerment and value systems based on civic engagement, unafraid to take risks. “American creativity scores are falling.” I have yet to read a political argument battling for a nationwide increase in creativity.
“The potential consequences are sweeping. The necessity of human ingenuity is undisputed. A recent IBM poll of 1,500 CEOs identified creativity as the No. 1 “leadership competency” of the future. Yet it’s not just about sustaining our nation’s economic growth. All around us are matters of national and international importance that are crying out for creative solutions, from saving the Gulf of Mexico to bringing peace to Afghanistan to delivering health care. Such solutions emerge from a healthy marketplace of ideas, sustained by a populace constantly contributing original ideas and receptive to the ideas of others.”
The need for creativity is staggering in comparison to knowledge. With the Internet, fact-based information cramming is futile. Education strategy should demand systems that teach students how to solve problems, not simply the solutions to problems. With the Internet, individualistic problem solving is ludicrous. Education strategy should demand systems that reward constructive social behavior. And finally, designing education systems that provide structure for engaging with one’s community should be a requirement—how else are we going to teach the value of a connected society?
As a society, we choose to apply metrics to individuals. This seems to be a natural choice—as if innate, we presume to be individuals. However, we are innately social.
After basic study of inertia in application to developing extrapolation scenarios, and to juxtapose the institution of academia, I feel as though all levels of formal education have undervalued the capabilities of technology to better integrate people and information.
I must point out that I will primarily be attacking higher education and their faults. After seven years of struggle as a gifted yet learning disabled student in higher education, toned down, I’m disappointed.
To preface, I claim to be an intellectual minority. I believe it gives me a unique perspective; and in retrospect, allows my objectivity to be useful. With what little research that is available concerning individuals that are gifted and learning disabled, there are many attributes of said students that offer insight into the faults, or perhaps areas where education systems should grow, of educational institutions.
“[Gifted and learning disabled students have] special talents or interests that were usually manifested in out-of-school or within-school extracurricular activities and that enabled them to ameliorate their negative school experiences. These talents and interests were recognized and often nurtured by parents and seemed to contribute to the positive sense of self eventually developed by some of the participants in this study despite their negative experiences in school.”
[Case Studies of High-Ability Students with Learning Disabilities Who Have Achieved, Journal article by Sally M. Reis, Terry W. Neu, Joan M. Mcguire; Exceptional Children, Vol. 63, 1997]
This notion signifies where education systems continue to not change, and in areas that would benefit all students, not just intellectual minorities. Without holistic support, these students might be forced to practice their identified strengths in non-constructive manners (hint: illegal manners). They are certainly not being used in the classroom. Where is the system to identify the unique strengths and weaknesses of each student? Do teachers or mentors know about these strengths? Why do student’s weaknesses get punished instead?
What is a weakness? Well my severe weakness is my learning disability. And this notion is complicated by the fact that disability support services in all grade levels only support the disability—that is, the attempted normalization of the weakness. This system is completely backwards for students who are gifted and learning disabled. But I digress. Thomas Jefferson once wrote, “There is nothing more unequal than the equal treatment of unequal people.” When it comes to personal learning styles, I do not believe in equality. Weakness is punished by awarding grades as metrics to academic failure, and I believe this act plays into the demolishment of natural creativity that students have.
Evidence: video
As Sir Ken Robinson states, “…if you’re not prepared to be wrong, you’ll never come up with anything original. If you’re not prepared to be wrong. And by the time they get to be adults, most kids have lost that capacity. They have become frightened of being wrong. And we run our companies like this, by the way, we stigmatize mistakes. And we’re now running national education systems where mistakes are the worst thing you can make. And the result is, we are educating people out of their creative capacities.”
Sir Ken Robinson continues, “…academic ability, which has really come to dominate our view of intelligence because the universities designed the system in their image. If you think of it, the whole system of public education around the world is a protracted process of university entrance. And the consequence is that many highly talented, brilliant, creative people think they’re not, because the thing they were good at at school wasn’t valued, or was actually stigmatized. And I think we can’t afford to go on that way.”
My argument here is this: the foundational metrics system which we use to measure the performance of individual students is antiquated. Mainstream education, and in retrospect, society, is suffering from academic inertia—a complete lack of change for the betterment of students. So—how should it change?
Fundamentally, the education system, worldwide, is flawed. It remains insensitive to individualistic needs and continues to degrade as short term funding cuts continue to inhibit its growth. Even while society at large is learning the value of sustainability, it’s education, in the public’s eye, that is open to budget cuts and therefore is less important to society than the roads that we drive on.
Even while society is learning how to embrace technological advancement at exponential levels, academic institutions do not. Yes, schools are taking advantage of online learning tools. But if it didn’t increase the amount of money they took in, they wouldn’t use it. Academic institutions are embracing technology, but for largely the wrong reasons.
Take, for example, the private sector. While interning at Microsoft, my deployment services team was successful for many reasons. However, two of those reasons had to do with information and technology. As a team, we were encouraged to remain from becoming information hogs—that is, individuals who kept crucial information to themselves. We prided ourselves on our unique attributes, such as being a subject matter expert (SME), but when specific information was needed to complete complicated tasks, it was our duty to share and help educate everyone involved. While this process was primarily performed face-to-face, we used Microsoft’s intranet to create an encyclopedia of relevant information that each of us was encouraged to contribute to. As SME’s we had a responsibility to educate everyone else, empowered by integrative technology.
This is not how academic institutions, in a classroom setting, are managed. The teacher is the SME, and if you don’t meet standardized requirements, you fail. Nowhere in the system of curriculum is there a means for students to become the teachers. Nowhere is there a means for students to be assessed based on their strengths, and developed according to their strengths.
What is a personal strength? Well my strengths are my gifts, including my tenacity and creativity. IQ testing identified areas of high intelligence, in contrast to my average IQ scores and my low (learning disability) scores. Stereotypically, people that are not learning disabled or not gifted fall into the “average” IQ range. Again, stereotypically, people tend to believe that they only have one IQ. That’s completely false. IQs are determined by a wide range of specific areas of intelligence. It’s perfectly feasible that everyone on Earth has varying (high and low) IQs—and it’s the higher ones that we should be capitalizing on.
But people are not simply their IQs. There’s also emotional intelligence (EQ) and there’s creative intelligence (CQ). People also tend to use either their right side of their brain or the left side of their brain. And there’s personality. Understanding one’s personality is invaluable when learning about one’s self, and thus, their world. Personality is directly tied to our capacities as learning individuals.
But none of this is measured when we instruct students in mainstream education. Unless, of course, you are identified as a gifted or learning disabled student. Why don’t we perform these tests at all levels of school on all students? Starting in primary school, kids should be tested. They should be tested so that, individually, they can come to terms with their strengths and weaknesses. This is critical for understanding one’s ability to perform in society. Kids should also be tested so that educators and mentors can track individual progress—not standardized progress. Allowing educators to engage with their students at these intimate levels will set the foundations of educational sustainment.
What I propose is this: The healthcare system is receiving a lot of funding to deploy a nationwide infrastructure of personal health information that is supposed to assist with improved health care. Why can’t we do that same for students? And we need to abolish the grading system. It’s arguable that the grade point system measures a student’s strengths and weaknesses. But GPA wraps that information into one clump of poop. And nowhere on a report card is there an educator’s note on why such a grade was received. Similarly, nowhere is there a response from the actual student receiving the grade. If we can implement feedback systems on e-commerce Web sites, we can do it for our students.
Another problem, which with identification could assist with turning education systems around for the better, includes sociability. At Microsoft, we worked in teams. Being an SME was one of my strengths. But as a collaborative team of SMEs, we were something much greater. Students are graded purely on individual “success” which reinforces their “success” on a completely individualized level. While students should understand their ability to contribute to a society in ways that are unique to their psyche, in order to be a part of a society, they need reinforcement that is determined by teamwork for which they are a crucial part.
Similarly, in this era of exponentially evolving information integration, why are we basing our tests on questions that can be Googled in 2 seconds? Why aren’t we asking questions that require problem solving and critical thinking? Why are we asking questions that only have one right answer? Through collaborative teamwork, people learn to think creatively. Through collaborative teamwork, people learn the value of diversity and opinion. In developed nations, having access to the Internet is commonplace. If we don’t teach students at a young age to embrace technology in ways that are meaningful to the society for which they are a part, we are denying OURSELFS the luxury of a self-empowered, socially-educated and technologically-empowered society.
Why is the sharing of information important? Here’s why:
Evidence: video
Matt Ridley states, “…what we’ve done in human society, through exchange in specialization, we’ve created the ability to do things that we don’t even understand.” He continues, “With technology we can actually do things that are beyond our capabilities. We’ve gone beyond the capacity of the human mind to an extraordinary degree. And by the way, that’s one of the reasons that I’m not interested in the debate about IQ–about whether some groups have IQs higher than other groups–It’s completely irrelevant. What’s relevant to a society is how well people are communicating their ideas, and how well their cooperating, not how clever the individuals are.”
What I propose is this: By engaging with others, sharing problems and sharing ideas, we learn about ourselves while simultaneously learning how to be a more intricate part of a community. Through foundational understanding of how we work individually, we can offer those strengths to our groups through interaction. Engagement is the pinnacle of education. Without engagement and without respectful, compassionate sharing, we reinforce our egos. Reinforcing our egos with what not to do—or with what to do but basing it on invisible expectations—is undermining our abilities as a global community. Our goal here should be to revolutionize our education system to encourage civic engagement at any level. Assignments should be replaced with engaging projects. Students should do these projects together. They should be tested on their abilities to understand themselves and how to best engage with their teams and their communities.
How can we develop student’s strengths, to bring success to their community, and in creative and non-threatening ways? Why would the latter be important?
Evidence: video
David Logan states, “So when individuals come together and find something that unites them that’s greater than their individual competence, then something very important happens. The group gels. And it changes from a group of highly motivated but fairly individually centric people, into something larger, into a tribe that becomes aware of its own existence.”
David continues, “Two percent are at Stage One. About 25 percent are at Stage Two, saying, in effect, “My life sucks.” 48 percent of working tribes say, these are employed tribes, say, “I’m great and you’re not.” And we have to duke it out every day. So we resort to politics. Only about 22 percent of tribes are at Stage Four, oriented by our values, saying “We’re great. And our values are beginning to unite us.” Only two percent, only two percent of tribes get to Stage Five. And those are the ones that change the world.”
“See, people who build world-changing tribes do that. They extend the reach of their tribes by connecting them, not just to myself, so that my following is greater. But I connect people who don’t know each other to something greater than themselves. And ultimately that adds to their values.”
The question begging to be asked: Why can’t we design education systems that empower students to value stage four and stage five tribes? If they could even acknowledge what tribe they were in, I presume that it would allow them to strive to a higher level of tribal leadership. Just think of the impacts that would have on our society even if it was a small increase. When we design education systems that teach students what is valued in society, and for all of their developmental years in life (K-12), what should we be striving for?
The goals of our education systems no longer serve us as a society. We are now connected in vastly superior ways from when our core education system values were established. We are no longer individual information carriers and processors. As our society becomes more and more complicated, we have to be raising children with an aptitude for individualized empowerment and value systems based on civic engagement, unafraid to take risks. “American creativity scores are falling.” I have yet to read a political argument battling for a nationwide increase in creativity.
“The potential consequences are sweeping. The necessity of human ingenuity is undisputed. A recent IBM poll of 1,500 CEOs identified creativity as the No. 1 “leadership competency” of the future. Yet it’s not just about sustaining our nation’s economic growth. All around us are matters of national and international importance that are crying out for creative solutions, from saving the Gulf of Mexico to bringing peace to Afghanistan to delivering health care. Such solutions emerge from a healthy marketplace of ideas, sustained by a populace constantly contributing original ideas and receptive to the ideas of others.”
The need for creativity is staggering in comparison to knowledge. With the Internet, fact-based information cramming is futile. Education strategy demands systems that teach students how to solve problems, not simply the solutions to problems. With the Internet, individualistic problem solving is ludicrous. Education systems demand systems that reward constructive social behavior. And finally, designing education systems that provide structure for engaging with one’s community should be a requirement—how else are we going to teach the value of a connected society?
A recent idea of mine includes the breakdown on information on a semantic level. It’s just one step of many, but this level-three breakdown shows how complicated language and the establishment of new ideas can be.
This is a copy of my National Cybersecurity Awareness Campaign Challenge proposal. I licensed it under the Creative Commons Public Domain license when I submitted it to DHS on 02010 April 30. Since its submittal, two updates have been made to the document:
The term “secondary education” has been replaced with the correct term “higher education.” I was misusing “secondary education” to include the college and university education level.
The term “America” has been replaced with “United States.” Again, I was misusing the term “America,” in the sense that an American public exists in all of North, Central and South America. While the aim of this project should include a global audience, to begin it should start in the United States.
The Big Picture
The problem: The United States public is an extremely large and diverse populous and is generally unaware of cyber risks.
The mission: To clearly and comprehensively communicate with the United States public about the issues concerning cyber security.
The vision: An informal network composed of various teams and communities organized to share and disseminate cyber security knowledge.
Bill Clinton, regarding health clinics in Rwanda, said that it’s not enough to create one, but that you’ve got to create a system that will work better and better. Public awareness concerning the safe use of the Internet and of the devices that connect us to the Internet requires a holistic strategy. The Department of Homeland Security (DHS) has a complex problem to address concerning the cyber education of residents in the United States. This complex problem is a common problem in every nation in the world, and it is going to take efforts from a global community, the Internet community, to minimize the dangers of using the Internet. The solution to this common problem has to be flexible in order to adapt to the dynamic nature of information and communication technologies that use the Internet. The solution to this common problem also has to be scalable to reach beyond mass-media outlets and be personable so that learning individuals can appreciate the need for Internet best-practices.
The Federal Bureau of Investigation (FBI) created InfraGard in 1996, a public-private partnership to assist the private sector with managing critical infrastructure. DHS needs to create a similar partnership to assist the public with becoming cyber literate—to understand the risks involved with uploading and downloading data and information via the Internet. DHS is in an ideal position to facilitate a cyber education movement in a very organized, informal and cost-effective way. The objective of this movement is to set the foundation for an international network of experts that will create and manage an education framework of solutions for all communities. The facilitation of this movement should entail an expansion of the National Cyber Security Alliance (NCSA) that would engage with colleges and universities to manage education programs tailored to their immediate and surrounding communities.
Richard McDermott and Douglas Archibald, in an article titled Harnessing Your Staff’s Informal Networks from the March 2010 edition of the Harvard Business Review magazine, describe the value of informal teams and communities to “share knowledge and attack common problems.”
“Consider the rise and fall of an informal group of experts at a large water-engineering company located just outside London. Starting in the early 1990s, they began meeting weekly to discuss strategies for designing new water-treatment facilities. The gatherings were so lively and informative that they actually drew crowds of onlookers. (The company can’t be named for reasons of confidentiality.)
The community initially thrived because it operated so informally. United by a common professional passion, participants would huddle around conference tables and compare data, trade insights, and argue over which designs would work best with local water systems. And the community achieved results: Participants found ways to significantly cut the time and cost involved in system design by increasing the pool of experience that they could draw upon, tapping insights from different disciplines, and recycling design ideas from other projects.”
[Harvard Business Review, March 2010, Reprint R1003F]
It is critical that any program designed to educate a population as large as the one inside of the United States do so with care that takes advantage of the uniqueness of individual communities. This program must approach each and every community within the United States with systems that are already available, thereby decreasing the overall cost to DHS while increasing outreach effectiveness. By expanding NCSA, DHS can interface with, at first, colleges and universities across the United States that have information technology related education programs.
The High-level Phases
The NCSA expansion should include several phases in order to build an infrastructure that can support the mission and vision previously outlined. An NCSA expansion must include network creation within the United States, but it must be done in a highly organized and targeted way in order for the network to propagate itself. This network self-propagation is necessary for the network to expand beyond the physical boarders of the United States. The second phase of the NCSA expansion must include an international audience. Cyber literacy is a matter of national security. Cyber literacy extends beyond the borders of the United States because cyber crime outside of the United States directly affects the state of national security. Therefore it is required that the cyber education movement includes an international audience to draw on resources beyond our own.
The Processes
Process #1
NCSA Expansion <–> Higher Education
In order to educate the people of the United States on such large scale, the NCSA expansion must utilize colleges and universities throughout the United States. These already established systems (college campuses) are critical because they are already integrated into their communities, and because they contain the people needed to help DHS with its new mission. The successful completion of this process entails finding students and faculty that are interested in the information assurance profession, and by providing these experts and to-be experts with an infrastructure that will allow them to interface with specific parts of their communities in order to grow and share information. NCSA would be responsible for disseminating the following to these higher education teams:
Step-by-step processes, goals and objectives in formats organized using systems analysis and design (SAD) models. By providing a common framework that is common among business organizations, SAD models will allow for future integration and the ability to increase the knowledge and experiences of the students involved.
Information packages with up-to-date, specific cybersecurity information. These information packages will be the primary resources for higher education teams, providing the main content that will be disseminated throughout the team’s community. Information packages will be supported by an online database and social network tailored to the needs of the larger community.
Communication tools that will bridge gaps between teams with the goal of creating stronger communities. The primary objective of teams will be the development of their communities. NCSA can conduct research that will find organizations that can support nearby higher education teams, or vice-versa, and act as a hand-shake intermediary.
The secondary objective of teams is the establishment and facilitation of cybersecurity information. The following processes will help explain how this will take place.
Process #2
Higher Education <–> Private Sector
The private sector is an important part of the United States public cyber learning effort. This is because the information assurance best-practices that need to be shared with the general United States public must interface, at some level, with private sector business practices. What people practice at home must make sense with the general practices carried out at work. Therefore it is important for NCSA to support symbiotic relationships with the private sector, through the higher education teams, in order to expand local communities. These symbiotic relationships should support the following goals:
Increase networking potential on all levels, for both students and business professionals, helping to satisfy the primary objective:
By connecting students to business professionals, students can ask questions and get answers based on experience. Students will also be in a position to ask for meaningful internships within their communities.
By connecting business professionals to students, business professionals can ask students to conduct specific research projects. Businesses will also be in a position to see how specific students perform in a business setting.
An NCSA expansion can support quarterly meetings between students and business professionals in pre-determined regions. These quarterly meetings can:
Provide direct networking opportunities, as outlined above
Provide opportunities for students to present to business professionals their findings from their research and teaching experiences
Support a regional community of information assurance professionals for sharing emerging threats and their expected impacts at work, at home and in school
It has been claimed that two thirds of all business organizations in the United States have no Internet security policies. Higher education teams in cooperation with NCSA can offer no-cost education programs specific to business organizations that need to better their information assurance programs, or to create them. This can be done via specific information packages provided by NCSA. These packages can include, but are not limited to, general employee training, general security auditing, and general policy development. The information packages provided by NCSA can include resources for local businesses that provide professional consulting services if it is found that these business organizations need to meet federal or state regulations.
Process #3
Higher Education <–> City Council
City councils generally have special projects or programs that can affect local business organizations, schools, or public facilities or events. Each of these entities/locations interface with the Internet on some level, which means the city council is a perfect place to increase cyber literacy. Higher education institutions in cooperation with NCSA can offer educational programs specific to the needs of city councils, either directly to city councils, or directly to entities that interface with city councils. Because there can often be multiple higher education institutions in any given region, this will present an opportunity for these higher education teams to strategically work together to accomplish their goals concerning the secondary objective.
Process #4
Higher Education <–> Community Centers
Community centers provide higher education teams a neutral location to offer no-cost public services for general cyber awareness events, helping satisfy the secondary objective. Adult attendees can take information packets to their workplace, spreading general cyber awareness, and by providing these workplaces contact information for the higher education teams for future awareness training. This will help satisfy the primary objective.
Process #5
Higher Education <–> Primary Education
Primary education institutions are the focal points for higher education teams concerning the secondary objective. Each year, primary education students increase their experiences with Internet facing devices. Primary education teachers are not thoroughly educated to teach cyber security topics to their students. The higher education teams can relieve primary education institutions by providing them with no-cost information packages, provided by the NCSA, and no-cost training services, provided by the higher education teams. Again, this interface with primary education institutions provides adults the opportunity to share the services provided by the higher education teams with their family and friends, helping satisfy the primary objective.
Process #6
NCAE <–> NCSA Expansion
The National Security Agency (NSA) National Centers of Academic Excellence (NCAE) generally have very large information assurance networks, either within their respective universities or in their professional communities. NCAE can support NCSA by:
Being the test-beds for the NCSA cyber literacy expansion
Expanding student-lead research opportunities, helping satisfy the primary objective
Process #7
InfraGard <–> NCSA Expansion
InfraGard can assist NCSA by helping develop the information packages designed for business organizations, helping satisfy the secondary objective. InfraGard can later integrate itself into regional communities, expanding the higher education team’s community, helping satisfy the primary objective.
Process #8
AmeriCorps <–> NCSA Expansion
AmeriCorps can work with NCSA by providing national community service opportunities to provide cyber security awareness training to regions of the United States with no nearby higher education teams. These opportunities could be team-based or individual-based. This extended service could then establish its network, helping satisfy the primary objective, by making new contacts in these isolated regions of the United States.
Conclusion
The opportunities presented in this paper are colossal for both DHS and for information assurance students in higher education. Each of these processes and experiences must be designed to be recorded in a privacy-conscious, systematic fashion. This documentation will then be integrated back into the NCSA developed social network and database for continued, sustainable growth.
The primary objective of teams will be the development of their communities. The secondary objective of teams is the establishment and facilitation of cybersecurity information. These distributed teams and communities will form an informal network of information assurance students, managers, community leaders, researchers, practitioners and educators. Combined, DHS will have access to plethora of talent and means to educate the United States public. This strategy will take time and careful planning, but once begun, it will be a system that will get better and better over time.
This is research project proposal that I hope to turn into a masters or doctoral thesis.
Problem
Understanding the threat spectrum when designing security policies to govern how businesses should share and use information by means of information and communication technologies (ICT) is a complex process. Every company in the world that uses ICTs as a means to conduct business needs some form of an information assurance program that orients proper handling of shared information from creation to destruction. Information is dependent on data, and both data and information can be used improperly to put any business at risk of damaging its customers or itself.
Internet-based social media platforms, in particular, have made it so easy to share information that their effectiveness in the business environment decreases time and money spent while increasing connectivity to a global audience. But the opportunities and risks of using social media platforms are not holistically clear. The mediums that store, transfer, and communicate the information to us dramatically affect our perceived consequences. All organizations must have a way of thoroughly understanding the risks involved with the evolution, emergence and integration of technologies that have the capability of distributing data and information.
Hypothesis
By using a multidisciplinary approach to canonicalize information sharing scenarios for a range of public sector and private sector organizations, a scalable framework can be developed in order to quantify risk and opportunity involved with the use of ICTs, with a focus on Internet-based social media platforms.
Similar work
Scenario planning
Mats Lindgren and Hans Bandhold, authors of Scenario Planning: The link between future and strategy, illustrate many process models that can be adapted to better understand the relationships between information. By using these models in various applications, the organization of the causes and effects of data, information, uses, and mediums will be defined clearly and effectively.
Philosophy of information
Dr. Luciano Floridi, author of Information – A Very Short Introduction, describes the implications of biological information. In application to information assurance, this conceptual analysis will allow for the development of specific information models that will help illustrate the security implications of humans and technology as information storing and sharing processors.
Information assurance
The United States Chief Information Officers Council, in a document entitled Guidelines for Secure Use of Social Media by Federal Departments and Agencies, outlines a model developed by Dr. Mark Drapeau and Dr. Linton Wells that describes the four functions of social software. However the current state of ICT relies heavily on visual and auditory stimulus. An expansion of this social-media model must include an analysis of the other three information receptors: touch, taste, and smell. This expansion must occur to develop scenarios that take into consideration the future trends of virtual reality and a deeper integration into a human-developed infosphere.
Proposed outcomes
Goal #1
This phase of the project entails graphical modeling of a wide range of information sharing scenarios utilizing ICTs. The scope of the information sharing scenarios will begin with Internet-based social media platforms and will expand to include various forms of telecommunication services. It is necessary to incorporate a comprehensive selection of scenarios in order to compile a large knowledge base for Goal #2. The knowledge base will be organized systematically according the complete life cycle of information processing concerning data, information, information stakeholders, and information transport mediums.
Goal #2
Using the knowledge base established in Goal #1, a critical analysis must take place utilizing Dr. Floridi’s work concerning the philosophy of information. This analysis should include applied concepts such as the information as, for and about reality. A better understanding of the relationships between people, ICTs, and a combination of people and ICTs (dependent on origin and destination) can be quantified in direct relation to our perception of the any given ICTs interface. Further research regarding human perceptions of ICTs can be applied using Dr. Sherry Turkle’s research in psychoanalysis and culture in relation to people’s relationship with technology. This exploration will expand the knowledge base for Goal #3.
Goal #3
I presume that following Goal #2, commonalities among ICT interfaces will become evident. This presumed manifestation should allow for the expanse of Dr. Mark Drapeau and Dr. Linton Wells’ four functions of social software model. This expanded model should be able to visually depict a more precise yet comprehensive representation of the utilization of ICTs. This representation will be able to quantify human-centric information control feasibility, impact, and residual risk depending on the source and destination of complete life cycle information dissemination.
Project Objective
The final phase of this project will include the development of system development life cycle processes to assist public sector and private sector organizations with establishing more coherent information assurance programs.
Firewalls, however unfortunately, are an essential part of connecting to the Internet. The devices that you use to connect to the Internet use complicated operating systems which are prone to security risks due to the nature of software engineering. Because of the consistent weaknesses in software on your personal computer and hand-held devices, installing firewalls is an inherently reactionary security measure–no amount of cryptography is going to completely protect you against buggy software.
In order to minimize risk and protect yourself from the potential threats that exist beyond your home/office local area network, it’s wise to implement, at the very least, a basic stand-alone firewall (such as a router). Firewalls are designed to monitor and/or prevent network intrusions and are programmed with much less code, therefore having a (proven) lower probability that they contain bugs/security holes.
One of the greatest things to happen to the Internet is the popularity of wireless (802.11 a/b/g/n) devices. You may be skeptical because of the security risks that are inherent with unsecured wireless networks. But what this increase disbursement of wireless routers did was it directly, however unintentionally, put a hardware (stand-alone) firewall in front of millions, if not billions of home networks.
There are many different technologies used in various firewalls: packet filter, stateful, application proxy, unified threat management (UTM), intrusion detection and/or protection system (IDPS), and network address translation (NAT). There are big differences when it comes to the performance of the different types of firewalls; however, as a typical home user you will not notice the limitations of throughput.
Before we jump into the various firewall technologies, you should understand the difference between an appliance-based firewall and a server-based firewall. A typical Linksys home-network router is an appliance firewall because the hardware was designed around the needs of the firewalls software. There are exceptions of course, which include third-party firewall operating systems, such as DD-WRT, Open-WRT or Tomato. But using these operating systems in appliance-based firewalls does not make them server-based firewalls because they are static, unchangeable units. Server-based firewalls can be changed to adapt to the necessary requirements of any given local area network. Server-based firewalls include x86/64 computers that Linux-based firewalls can be installed to via CD, DVD, USB, or PXE.
Packet Filter
Packet filtering is the oldest and the most basic firewall technology. All firewalls have some level of packet filtering. Packet filtering simply allows or denies individual packets based on a set of rules–a set of rules that manages the inspection of the information in the packets header, such as the packets source or destination address, protocol, and/or port number. Packet filtering does not inspect the payload; nor does it monitor the sessions, which makes them vulnerable to spoofing attacks. Packet filtering works on layers 1, 2 and 3 of the OSI model making packet filter technology very efficient.
Stateful Packet Inspection (SPI)
Stateful firewalls are built into any modern firewall system. To be a “stateful” firewall, the “state” of all TCP sessions are monitored including the sequence numbers in packet headers. After the session has ended, the session-table is discarded. Stateful firewalls also do not monitor the payload of data packets. Stateful firewalls differ based on firewall vendor because with UDP and ICMP traffic, for example, there are no packet “states” for the firewall to monitor, unlike a classic TCP protocol where there is a well defined start and end of any given session. Connectionless “sessions” can be monitored, but the end of a session is ended via timeout.
SPI Examples
Appliance-based stateful firewalls include any typical home/small office router or wireless access point. Server-based stateful firewall operating systems include:
Some of these server-based stateful firewall distributions support basic intrusion detection and prevention system technologies (keep reading…).
NOTE: The reason why people like to change their appliance-based operating system from the default OS found in most routers, such as those by Linksys, is because the default operating systems are tailored to home users that typically do not know enough about firewall and/or routing systems to modify them. It would cost router vendors more money to increase the complexity of these firewall operating systems, not to mention the probable increase in tech support. By “upgrading” an appliance-based routers firmware with third-party firmware, such as DD-WRT, advanced users can have access to better router/firewall controls.
Application Proxy
Application-proxy firewalls are the most “in depth” and most secure firewall technology for specific network applications because these firewalls are the middle man between all communications across all seven layers of the OSI model. It is most commonly used in simple Web hosting or (non-time-sensitive) e-mail service environments, and are not used in high-bandwidth intensive environments (such as Web file servers). Each protocol that needs to be monitored and controlled requires a unique proxy application module, increasing the need for computation resources. Being bandwidth-sensitive, due to the dependency on computation resources, application proxy firewalls are susceptible to denial of service attacks. The advantages of an application proxy firewall over a packet filter firewall or a stateful firewall include advanced security monitoring functions. Application proxy firewalls can authenticate users directly, examine the payload of data packets and make decisions based on the payloads. Application proxy firewalls can also be deployed in redundant configurations and/or clusters.
(Specialized) Application Proxy Examples:
($$) Microsoft’s ISA server, a server-based firewall, which can run in server-core which is highly secure and less taxing on the servers limited resources. The best use of Microsoft ISA server is within the local area network and not at the network perimeter where an intrusion detection system (IDS) should go (keep reading…).
($$) One of the very best appliance-based application proxy firewall solutions is the (Formerly Secure Computing) Mcafee Sidewinder firewall.
(free) Zorp GPL is an less comprehensive application proxy that can be installed onto a *nix operating system by an advanced user.
Unified Threat Management (UTM)
UTM firewalls combine several firewall technologies, including stateful, intrusion detection and prevention, anti -virus, -spyware, -fishing, -adware, -spam and web content filtering. UTMs are also used primarily in low-throughput intensive environments, with low-user counts. UTMs are not limited to low-throughput networks however, because server-based firewalls are only limited by how much money you can put into its hardware. The IPS capabilities in UTM firewalls are typically subsets of full blown IPS features, meaning they only support protection for a small amount of protocols. Anti-virus functionality is generally limited to HTTP, SMTP, and POP3 protocols only.
Intrusion Detection and Prevention System (IDPS, IDS, IPS)
Intrusion detection systems (IDS) only monitor. Typically, IDS are used in conjunction with intrusion prevent systems (IPS) by monitoring and logging network traffic. This logged information is then shared with various IPS, both network-based and host-based.
In this above scenario, the IDS is able to monitor all traffic that enters and leaves the network. This is important because log analysis is crucial for proper care of a business environment’s network. The information that the IDS collects can be used to anticipate (IPS) incoming traffic. Having a leaner SPI firewall in front of the IPS decreases the amount of IPS processing so the IPS can have maximum resources available to tackle more complex traffic.
IDPS are commonly associated to network-based devices, meaning they are appliance- and server-based devices that support the network. IDPS can also support, monitor and protect the hosts on the network in the form of software. Host-based intrusion detection and prevention systems (HIDS/HIPS) also support the NIDS/NIPS by providing the complete IDPS with up-to-date information with needs and activity of the hosts on a network.
IDPS are different from UTMs because IDPS are much more feature-rich in terms of capability. UTMs support only a couple hundred signatures and only a dozen or so protocols, where as a full IDPS will utilize several thousand signatures and over 40 protocols. Of course this is dependent on the vendor and/or product. IDPS are capable of managing their own rule sets by “learning” and can update themselves either by downloading new content or sharing information with other IDPS on the network. Stand alone appliance-based IDPS can also support up to multi-gigabit speeds.
HIDS such as OSSEC (see below) are important to businesses that have to be PCI compliant because they monitor extremely detailed aspects of hosts. This information that OSSEC monitors is stored centrally on a local server for system administrators.
IDPS Examples:
Network Intrusion Prevention Systems (NIPS, a form of IPS)
($$) McAfee IntruShield
Host Intrusion Detection Systems (HIDS, a form of IDS)
(free) OSSEC
NOTE: Cisco, Juniper, and Check Point are the largest suppliers of business-class firewall devices. Be sure to do your research, and to ask questions, when shopping for IDPS. ICSA Labs is always a good place to start.
I believe that everything happens for a reason if you give it reason, that if you give anything educated-reason and leave that reason unchecked it will make you ignorant, and that if educated-reason is not attempted you have developed a comfort zone which is fundamentally ignorant.
2
I’m writing this because it would seem that I have developed a certain understanding and comfort level for how Facebook fits into my life. The main idea that I want to cover is about how I, and other peers who use Facebook, might consider what a friend is. I think that my idea about what a friend is, and how much influence I give them, has changed since I started using social networking sites. Because of the increased awareness over security concerns relating to what should and should not be publically available to people using the Internet, I feel compelled to write about what a friend is to me, and how it has changed.
3
To start, I would like to make the assumption that when I add a friend, giving them access to my Facebook profile, that I am giving them equal access to all of my information and means to communicate with me as every other friend on Facebook. This assumed equality is unlike friend-management, pre- social networking. I am not claiming that my best friends are now the same as my acquaintances on every level. But on some levels they are, primarily because of everyone’s ability to communicate with me and my other friends via my Facebook profile.
4
Part of this dispersion of access is not without a psychological motivator. It’s evident that what some people say via the Internet is not what would be said in a physical, person-to-person discussion. I feel as though with my 6 years of social networking experience that my perception of what I say online and what I say offline is becoming more the same, at least for their desired effects. But even when it comes to emotionally-weighted messages, people prefer to do it via SMS or via the Internet, because it relieves them of an immediate uncertainty, and because communicating in this fashion has become a norm for many.
5
These arguments when applied are not how the large majority of the world works. Yes, Facebook is the largest social networking site available with roughly 350,000,000 users. That’s (a not-so-staggering) 5% of the world’s population, presuming that there are 6,800,000,000 people on Earth. Because of the fact that these psychological implications concerning social networking sites are limited to such a small percentage of the world’s population, it’s evident that these are emerging issues. But as more and more people begin to use social networking sites, the impact of having to relearn how to communicate with this new medium will not change.
6
So I beg the question, how does one learn how to use the granted permissions when given access to a friend’s information? To begin a new line of thought, stemming off paragraph three, sometimes I feel out-of-place when I comment on a picture that I had absolutely nothing to do with. But I have to remind myself that the person posting this picture should also understand that s/he is making it accessible to anyone with permission to access it. Is this an acceptable norm? This notion of commenting on a picture not directly given to me is contrary to the act of handing someone a physical photo book to make comments on. But is this access via social networking sites direct access, even though the author or owner may not have explicitly handed it to me? Do automatic permissions make this a moot point? Is this the emerging norm?
7
Another example stemming from paragraph three: Every one granted to view my Facebook profile has direct access to sending me a textual message. As of this morning, messaging access is limited to those able to view my profile, either limited or full, which includes my friends and my friends-of-friends. This also includes the Facebook members of groups and fan pages for which I am part of. This issue fits into both the old way of communication, and the new way of utilizing social networking Web sites. Because friends-of-friends (and etcetera) can access my limited profile and send me a message, this is similar to how one could act in the physical world. But what if a friend-of-a-friend lives a large distance away from where I live? Obviously this is an expected or presumed implication of using the Internet in general, but as I mentioned earlier, a Facebook friend doesn’t necessarily mean that they are indeed a trusted friend, but instead, a trusted acquaintance. But the effect and extension of trust becomes exponentially weaker, because an acquaintance’s acquaintance now has the same access to me as my best, close, and well trusted friends. Is this an emerging norm?
8
To take the presented ideas in paragraph seven further, and to (possibly unbearably) complicate them, I’m going to explore what happens when I am contacted by someone I don’t know, and what the possible emerging norms might be.
9
Scenario one: I am given a friend request by a friend-of-a-friend, and I have never met this person. I recognize them because I’ve seen this person in photos posted by the friend which links the two of us, but that’s the extent of my knowledge of them. What do I do?
10
There are four options: (1) I can accept the request, giving them access to my Facebook profile, and the extended access to all of my Facebook friends. (2) I can deny the request. (3) I can send a message and do a number of things, including asking who they are and why they are sending me a friend request. Or (4) I could do nothing. Each one of these reactions to the friend request would obviously have their own respective reactions. And each action may not be given due diligence, because there may be factors that would weigh whichever decision that would prompt for one of four actions. But what is the norm here? What would even cause someone to send a friend request to someone they haven’t had previous communications with? I do not deny that these issues are highly subjective and dependent on a case-by-case scenario. But are there any fundamental norms that are different from how one would operate prior to the existence of social networking sites?
11
Following scenario one in paragraph nine, I would be inclined to react depending on the circumstances and known reasons behind my perceived experience with the information available to determine the identity of the person sending me a friend request. A mouth full, I know, but there really are a lot of things happening even with this seemingly simple circumstance. Personally, my norm is to react in a security-minded manner, which would include the prior identification of the individual that has sent me the friend request. This act in itself is a popular, emerging norm. Previous to social networking sites, to become a known friend, people would have to interact with me in a like-minded manner, depending on physical circumstances. But the act of sending a friend request is severely different—it’s a black-and-white response which communicates: “yes, you can have access to my online identity, and to the online identities of my other Facebook friends.”
12
Exploring the notion of an online identity is a slippery-slope topic in and of itself, but in retrospect of paragraph eleven, this identity is a creation of mine and of my friends, which is an extension of my perceived identity, and an extension of my identity in the perception of my friends. My Facebook profile is truly a composite-personality. The act of creating an online profile, a digital representation and extension of me, is a foundational norm. The act of granting permissions to all of my information presented on my Facebook profile is a foundational norm. Yes, I may be able to configure privacy permissions, but these privacy permissions should never be thought of as a guaranteed security measure. All that has to happen is for someone to look over the shoulder of one of your Facebook friends for that unidentified individual to be given access to your Facebook profile. Or if any one of your Facebook friends gives his or her password to someone you didn’t directly give access to, or if any one of your Facebook friends’ computer or phone with Facebook access with a stored password gets stolen. You cannot guarantee the privacy of your personal information. Is this an emerging norm?
This is an ongoing project of mine that will entail a lot of updating. I am presuming that I can establish a common framework using the highly-adaptable systems analysis and design framework, a systems development life cycle, to break down common attributes of various IT security frameworks such as the NIST-800 series and PCI-DSS. After my model is complete, a user could plug in the various sub-processes of said IT security frameworks, which would help make clear which aspects of various frameworks are complete, incomplete, or missing. This framework could also be used to integrate multiple IT security frameworks, and by using scores for each sub-processes, the user could generate a “most-effective” or “most-cost-effective” information assurance plan.
Imagine walking by a blue house on a warm June day. There’s a woman working in her garden this wonderful, breezy afternoon, and this woman looks up at you to give you a hospitable smile. You don’t know this woman. Though you do know that she’s a woman and that she loves her garden so.
Let us suppose that in this very instance of interaction that we know each other entirely.
I am proposing that to interact with a stranger on this basic level entails complete knowledge of the other — that everything there is to know about such a person is known and that nothing else is necessary. I am proposing that if and when you communicate further with an individual do you only complicate their identities, degrading the amount in which you actually know a fellow human being.
