The Turkey Techie and the CIFAC Report
So, before Thanksgiving I had told myself that I would read the CIFAC Project
report and write about it. A quick glance had told me that it contained useful
results from research of computer "incidents" and was probably not
yet getting the attention it deserved.
I did read it over those holidays, and found myself reflecting on the practical
aspects of the report as I served as the "Turkey Techie." You may
have been one yourself over last weekend. Everyone brings their "expertise"
to the Thanksgiving gathering: Susie has the French bean casserole recipe, Sheila
can make that Finnish cranberry sauce, and you - well, you bring your IT experience.
You are the Turkey Techie. I am sure you have your own stories.
||||
Yep. While male relatives spent most of the day sociably watching football
games on the boob tube, and my female relatives assembled in the kitchen to
work their magic together, I was on my back, under my 79-year-old mother's computer
workstation trying to undo the inevitable damage that occurs when a computer
area can be accessed by up to seven great-grandchildren. (My mom, Artis Calhoun,
is still writing 'Chef Talk' regularly for The Evening Review in east-central
Ohio.)
All of which made for interesting background actions while I read and contemplated
the Final
Report of the Computer Incident Factor Analysis and Categorization (CIFAC) Project..
Really, there were a lot of similarities. For example, I was flat-out experiencing the fact
that users create a lot more incidents than do faulty hardware and software.
Oh, sure, when I tilted Artis' printer in order to move it closer to her couch,
a large pool of ink that had collected inside, probably for months, dripped
all over and it's probably fifty-fifty whether that was due to a bad ink cartridge (hardware)
or to a small child (user) incorrectly inserting said cartridge. However, you can only
imagine the vagaries of which cord was plugged in to which port, or not.
But, I'm not a college or a university staffer when I go home, just a Turkey Techie. Where you and I work,
the report finds that "Policies, education, and training need to be placed
at the top of resource priorities. Policies, user training, configuration requirements,
and clear expectations for technology use, need to be recognized as critically
important elements in reducing enterprise risks and saving resources in the
long term." And there are statistics to back that statement up. But there is slow
movement toward improvement, some of which is due to a confusion about who's responsible.
When a Turkey Techie has a relatively uninformed constituency, as I do when
I go home for a holiday, it's also possible that the Turkey Techie will be blamed
for a lot of the problems. "Oh, you made that work for me the last time
you were home, but a week later the problem was back . . . and it was worse!"
are not welcomed words to me. Oh, if I could only have my relatives 'trained'
and get them to follow my 'policies!' Even worse, as you work on maybe your
uncle's laptop, you are constantly hearing about how "John tried to fix
that the week before last, but he really didn't." And you gotta wonder
how your work on this weekend is going to go down in history.
The CIFAC study found that as result of the evolution of campus computer usage,
a situation currently exists where system administrators and other IT personnel
are seen by everyone else as responsible for all of the bad things that happen,
while rarely being recognized when things are running well.
As the report says, "IT security, like any type of security, is a negative
deliverable."
Yet, those same people don't have the resources to do the "user-end"
kinds of things that are apparently those things that can have the biggest impact
toward better security. Where's your budget going to come from to really educate
all your IT staff, other staff, faculty, administrators, and students, about
the best way to be secure?
So, I've only hit a few tiny points about the CIFAC study. You should download
it and read it over in depth. There are so many useful parts that it would take
6-8 of these weekly columns to cover them all. Maybe the best part of the study,
and a point central to what the researchers are trying to do, was its use of
a new "categorization system" for incidents; not "taxonomy,"
and the report will tell you why not!
For me, the best part of being my family's Turkey Techie this year was helping
my brother, Randy, absolutely not a techie of any kind, who had just the week
before gotten a new laptop. His techie hadn't had time to do much with it yet,
and he wanted to play. I helped him get Outlook going, showed him some of my
favorite online toys like Backpackit, and helped him download and install Google
Desktop.
Whether he tells his techie that I helped him or not is up to him! But I hope he d'esn't let his techie know how to get ahold of me. :)