Fri Apr 8 06:47:17 PDT 2016
Management: Knowledge: How is the knowledge program integrated with information protection?
Options:
Option 1: The knowledge program assures people with proper knowledge work on information protection issues.
Option 2: Educational requirements are defined appropriate to the positions and responsibilities involved.
Option 3: Experience requirements are defined appropriate to the positions and responsibilities involved.
Option 4: Training in appropriate areas and technologies is kept up to date with requirements for work done.
Option 5: People with more advanced degrees from accredited institutions are favored over others - all other things being equal.
Basis:
The knowledge program assures people with proper knowledge work on information protection issues.
Knowledge is particularly important as it applies to the
specialized expertise required for the information protection. Special
information protection education, skills, mindset, and experience form
critical parts of the knowledge base required to make good decisions
about information protection at the design and operational level.
Educational requirements are defined appropriate to the positions and responsibilities involved.
Education in information protection suitable to making high
quality technical decisions is highly specialized and typically
associated with graduate degrees in specialty fields from accredited
universities. Unfortunately there are relatively few such graduate
programs and too few graduates to fill the available positions, so
highly experienced professionals with proper backgrounds may be used
in their place.
Experience requirements are defined appropriate to the positions and responsibilities involved.
Experience is the best teacher in terms of not making the same
mistake twice, but experience has its limits. Typical experience
levels required for information protection involve 1-2 years per
specialty area to become competent to make judgments and have broad
understanding of everyday issues. With a proper educational
background, the same experience is put in the context of that
education, linking theory with reality, and this creates a far more
effective individual more capable of understanding the implications of
events and more able to think "out of the box". Given that there are
something like 25 major issues in information protection at the
enterprise level, at 1-2 years each, the IP Lead should have from 25 to
50 years of relevant work experience in order to have the knowledge
base to understand all of these issues at an operational level. But
technologies change over time so while experience of 25 years ago is
helpful in understanding the issues from a management perspective, it
is not technically relevant at a detailed level today in most cases.
Training in appropriate areas and technologies is kept up to date with requirements for work done.
Training is particularly effective for getting an individual
prepared for specific tasking. The training will typically be
effective at giving them the information they need for a 6-month to
2-year period. Once they start in the task they will adapt to changes
if they desire to and be effective for several years. If it is good
training it will also provide some of the educational background that
will help them understand issues over longer time frames. But training
is not a substitute for education and should not be incorrectly
treated as if it were.
People with more advanced degrees from accredited institutions are favored over others - all other things being equal.
Degrees are often associated with expertise, but you don't need a
degree to be an expert and just because you have a degree doesn't make
you an expert. There is of course a strong correlation between degrees
and expertise in most fields, but not necessarily in the information
protection field at this time.
Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved
|