What if? What if instead of business people being told to justify their plans to security, security had to advise the business regarding the operational impact of their new patches, firewall rules, badging policies, etc?

What if instead of a security audit for operations, there were an operations audit for security?

What if the business people had the last word?  Security would make their case for new restrictions on information flow, advising on the risk rather than deciding to avoid it.  Business then, advised of the risk, can decide upon avoidance, mitigation, or acceptance based on the effect on operations. 

What if the relationship between Operations and Security were reversed? 

I’d like to see what would happen…

Crosby Stills & Nash in the DC Suburbs

So the Crosby Stills & Nash tour rolled into Wolf Trap last night.  Perfect weather, white wine kiosks, seats under the canopy – a perfect night.  Gentle times, listening to legends (this is their 40th year playing together) and grooving to nostalgia.

Until Graham Nash decided to play Joel Rafael’s “This is My Country.”  Seems talk of jackasses in public office and lyrics that include “And I know when I say these words that I am not alone/It’s time to stop them in their tracks/it’s time to take our country back” were not expected by this boomer crowd who seems to have forgotten the muddy field in New York where the boys got their big break.  

Cries of “music not politics” and “nobody cares” came from some (a minority) in the audience, prompting Nash to point an accusing finger and yell “we care!”  Crosby came over to rest a hand on his shoulder, and Nash sat at the keyboard, with some energy lost.

Crosby walked to the microphone to begin telling a story, obviously trying to regain the audience, but a few jeers continued.  ”Well, ok.  I was going to tell a joke, but you wouldn’t get it anyway.  We’ll just sing, that’s all you want.”

Most of the audience was either thrilled with their political statements, or just respectful of them.  If you go to hear CSN, you may hear anti-war politics.  During a war, count on it.  I am curious about the people who were offended, but more sad that the legends realized some considered them curios.  Pleasant aging museum pieces, who shouldn’t upset anyone anymore.  Their audience has jobs, 401ks (many appeared to be drawing rather than depositing into these retirement accounts), and in the case of this audience – government positions and security clearances.  

Amidst the pinot grigio, the single defiant whiff of herb outside the men’s room, and the shuffling of former revolutionaries – Crosby Stills & Nash have not changed.  Everyone should be ok with that.

Years from now, I hope to play their songs for my grandchildren and tell them of the one night I was finally able to see them live.  I won’t leave anything out.

My brother-in-law is an economist by training, and imparted the following wisdom to me last week:  “Every bottle of wine costs no more than $2.50 to produce, the rest is just a lot of hands picking your pocket.” Which got me to thinking: – how do you account for the delta between $2.50 and $40, $60, and higher prices for wine?  I certainly accept the costs, and do not -– as my brother-in-law does -– seek out wine bargains with cost as my only driver. 

  This gap is the marketplace of intangibles, enabled by knowledge.  Value network analysis (http://www.value-networks.com/) is the latest business methodology to help firms understand what truly brings value to the enterprise, by capturing the relationships across which these intangibles move.  Knowledge management (KM) is a related discipline, in that it recognizes the intangible nature of knowledge, both individual and organizational. Rather than believing that organizational knowledge dwells in documents or policies; KM, properly applied, extends to encompass the networks across which knowledge flows.

  Prusak, one of the fathers of the KM business field, points to three origins for KM:  ubiquitous computing, globalization, and a knowledge-centric view of the firm.  It has both intellectual and practice antecedents.  Intellectual areas include economics, sociology, philosophy, and psychology.  Practice areas include information management, quality movement, and human capital movements.  The coming together of these practice areas, informed by these intellectual disciplines, is termed – unfortunately – “knowledge management.”

  Snowden, another of these fathers, writes of three generations of KM over the past decade or so: 
1. Information for decision support (spurred on by the technology revolution, which was dominated by perceived efficiencies of process engineering);

2. The “SECI” model (popularized in a book by Nonaka, and purported to show the movement of knowledge from tacit to explicit – Socialization to Externalization to Combination to Internalization).  This led to many unfortunate attempts to “capture tacit knowledge” or “make tacit knowledge explicit through technology,” etc.  A field day for IT vendors, and a black eye for the KM profession through frustrated objectives;

3. A recognition that knowledge is paradoxical – a flow (context) as well as a thing (content).  context is highly dependent upon individual and group cognitive processes, which cannot be captured in a computer (for one: we are pattern processors, computers are information processors). 

  There are voices who disagree with these two gentlemen to some degree, particularly Snowden who is a delightfully confrontational Welshman who is trying to bring the insights regarding complexity into the KM field.  Others believe knowledge is all flow, there is no knowledge in static artifacts; while still others believe the task is to enhance “knowledge processing” to produce more and better “knowledge.”

  A shaky foundation, for which I apologize, but I want to illuminate discord as well as agreement as we go along. 

  To close this first episode, I had a conversation yesterday with a former DoD SESer, who observed that with computing, the Pentagon moved the job of information management from secretaries to individuals – and the results were less than satisfactory with regards to storing and retrieving information.  This observation is critical, as we did believe at one point (or at least behaved as if we did) that staff assistants shuffling and filing papers could be replaced by information technology alone.  The system of papers and filing cabinets included the knowledge of the secretarial profession, which was not reproduced by giving everyone a word processor and email.  The need for effective knowledge management is obvious to all, but the implications remain murky for most organizations.

A debate is underway, or should I say continues, regarding the nature of knowledge. If this sounds like an obscure debate regarding philosophy, cognitive science, and complexity, well, it is. But it also drives management behaviors if you are to tackle KM.

Either knowledge is inherently personal, inextricably connected to experience, unarticulated brain functions, culture – that is, a process that is impossible to deconstruct or replicate – or it is a product that can be subjected to evaluation if not proof. Or perhaps it is both. Or perhaps it is many things, the beloved trinity of tacit, implicit, and explicit.

I haven’t fully cast my lot in with the process folks (Ralph Stacey, etc), but neither am I comfortable with the product view. Joe Firestone is a friend, but I just can’t square his views with any useful practice. Lambe recently observed off-handedly that data is not a primitive of information in a rant against the mindless DIKW pyramid, and I realized: of course. Data is the product of a decision to capture and represent something, a knowledge product or a product of a knowledge process.

I’ll need to resolve thus for myself soon if I am to be of use, but first need to convey the landscape fairly as a first conversation regarding the discipline.