This is a draft of the book with the same title now available through Amazon:
The Fundamental Conceptions
In several places in this book I described the Four Security Perspectives, a model which guides my work in Security and Identity management. The fact there are four aspects may not be surprising for IT specialists, but it merits discussion from a philosophical perspective. Why are there four, and not two or six? When presenting these ideas to Management Consulting audiences and IT Managers in particular, after some smiles of complicity, nobody discusses the external aspect of the model even if people disagree with the details. After all, consultancies are always talking about “quadrants” and “dimensions.” The models may differ and the terminology is diverse, but we are familiar with this type of graphic classification, where we correlate some features against others.
Obviously, we take as a reference (sometimes unconsciously) the system of so-called Cartesian coordinates (x and y dimensions arranged on the geometrical plane), by which we can associate values on one dimension (e.g. “x”) against another (e.g. “y”). More ambitious models will add other dimensions: three, six or eight (for example in the “radar chart[i]”). What is noteworthy though is the underlying mechanism of such models. This is rarely discussed in technological milieus, but in fact every quadrant-based model and their variations are based on a “logic of distinctions.” So, for example, two dimensions will always determine four quadrants. The choice of dimensions used for the comparison is arbitrary, but obviously the consultant will try to make sense by choosing some close to the subject under discussion.
Assurance and Risk diagram by Arca Systems[ii]
Let us retain in mind when we see a four-quadrant model, that in reality we are seeing a two-dimensional logic, even if the perception is there are four modalities determined by such a model. Philosophically speaking, there is no reason to stop at two dimensions, and we could even say that no number should be privileged in this sense[iii]. There is nothing necessary or transcendent about “four” that should limit us to four quadrants or their derivatives, but it is also clear that for normal communications and professional discourse, this number of logical distinctions is easy to handle and to explain. Some researchers think that the human cognitive apparatus has some limits of the number of distinctions that can be compared simultaneously and this may be at the root of the sense of “convenience.”[iv]
A finer analysis tells us more about this class of “quadrant models.” While two dimensions always generate four quadrants it is also mathematically certain that each dimension (vector) must be graded itself, for the logic to function. The example shown before (comparing assurance to risk) in fact compares “low” and “high” risk with “low” and “high” assurance. In other words, on closer examination, we find that we are comparing two variables (for example risk and trust), but we are distinguishing two “states” within each of them. A more complex comparison is shown in the diagram below.
Diagram of Distinction and Relation[v]
It is worthwhile to say that this logic also works for continuous variables, i.e. for many distinguishable states for each of them. In this case though we see precisely that the number four occupies no special position in the logic even if it is a good “analytical” summary of what is happening. For example, an added level of distinctions for each variable will give not four quadrants but 16. It is difficult to see how effective this would be in our standard PowerPoint presentation in front of the proverbial 10-minute-attention-span executive.
So we settle for four quadrants, but are mindful that these are a summarisation and abstraction of a multitude of states and combinations that are logically possible. This is the point I want to stress here, so that the rest of this chapter is better understood. As the reader will see, in discussing the Security Perspectives, I developed a fourfold model, nevertheless always understanding that the number four does not have any particular meaning, and especially that it is not a supernatural value.[vi] In fact, when all aspects are considered, the model is not limited to two dimensions, as the complete Security model has to reflect the correlations between risk and trust.[vii]
Four Perspectives of Risk and Trust (© Carlos Trigoso 2011-2012)
This is a good place to suggest though, following the work by Professor Stephen Palmquist[viii], that while numbers are not privileged in a specific way, odd numbers, in particular 3 and 5, can be associated with “synthetic” models, while even numbers, like 2, 4 and 8 can be shown to be “analytic”[ix]. In fact, even numbers just show clearly in their geometrical structure the underlying distinction mechanism (dichotomic logic), while odd numbers and the figures they represent (triangles and “stars”) hide the underlying dichotomies and present an image of unity. For example, the logics of Georg W. Hegel[x] and Charles S. Peirce[xi] are synthetic in the sense that they propose a “mediation,” a third entity bridging the gap between the initial dichotomy (e.g. in Peirce “firstness” and “secondness”). In comparison with these, the logic of Immanuel Kant and Heidegger are “analytical” as they keep the dichotomic structure in view for example in Kant’s “four judgements[xii]” and in Heidegger’s “Geviert[xiii]”.
Understanding how human cognition is based on distinctions is not new and in fact has been useful in various areas of research. Notable examples of these applications are Chris Lofting’s work on neuro-cognitive roots of logic[xiv] and Anthony Judge’s discussion on conceptual polarities[xv], but before these authors we had also the work of Will McWhinney[xvi] on organisational change and the “personal construct” hypothesis of the American psychologist George A. Kelly.[xvii] Other relevant authors are listed in the extended bibliography at the end of this book.
As a general formulation of what is relevant here, the reader should therefore keep in mind the fourfold model, and the Security Perspectives in particular, constitutes a logical, cognitive model, whose roots are beyond the realm of Security or Information Technology itself. So its descriptive power and its relevance does not come from the classification of Security areas and sub-areas that is here suggested, but from the underlying logical framework that it generates.
Empirical Views in Business
While discussing technology choices and Security strategies in our business, we often agree that a “good” solution is one where all business points of view and “stakeholders” are considered adequately; one where every angle of “interest” and “reason” is represented. This is especially the case when we consider the points of view of the executive management levels making the “final decisions” about any projects or investment strategies. There is a consensus among management specialists there are four concerns that need to be satisfied:
a) The view of the Chief Executive Officer: When it comes to this view, it is often assumed the CEOs consider technology mostly as an enabler for organisational change and strategic advance. It coincides with the CFO’s view in looking for the overall reduction of production and operational costs, but the main concern seems to be the growth of the business with an eye on “shareholder value.”[xviii]
b) The view of the Chief Information Officer: It is often said that this view focuses on the delivery of technical change to the business, while keeping the capital and operational costs under control. It is assumed that this view cares for the benefits gained from efficiency and employee productivity, within the expectations set by business strategies.
c) The view of the Programme Managers: It is assumed that this view focuses on the minimisation of technical risks, and the delivery of technical solutions within assigned times and resources. Therefore, the Programme (and project) managers will think about the fitness of the solution and the compliance with established standards.
d) The view of the Chief Financial Officer: This view seems to be centred on “rational” and managed control of investment and expenses, on extracting value of previous investment. The CFO puts much less emphasis on the technologies employed, and more on process control and confirmation. This –people think–is also the view that underlines strategic alliances with partners and suppliers to optimise the “value chain.”
While these seemingly standard descriptions of typical “points of view” in the business are articulated around technology, we should not think that these are fundamentally about IT or related areas. In fact, many of the difficulties IT managers and departments have in their work in the enterprise stem from C-level executives addressing matters of technology from their own concerns and unilateral views.[xix]
The four concerns roughly map to four logical positions that are visible in any IT or Security programme:
a) The perspective of Direction, linked to strategy and leadership of the business as a whole, subordinating everything else to shareholder value and profit-making
b) The perspective of Selection, focused on gaining benefits drawn from increased productivity and account management
c) The perspective of Protection, centred on the effectiveness of the technical solution
d) The perspective of Verification, focused on ensuring the auditability and validation of the processes and operations
It may seem arbitrary to “align” the C-level executive perspectives (even if we find this consistently in our experience) with the four orientations. On closer analysis though, these eight categories or classes can in fact be associated clearly. Let us return for a moment to the point I made in the previous section, to remark the essence of the matter is not the exact catalogue of issues and events that can be classified under each perspective. It is obvious there will be overlap across the C-Level stances; for example, if the CEO does have strong knowledge and opinions about financial strategies, it will not be difficult to see his concerns overlapping with those of the CFO. Often the CEO also has direct influence over the CIO operational space. What matters is the division of labour between the C-level roles and that this division of labour is not arbitrary but the product of organisational evolution and differentiation.
So what I am saying here is the C-level categories in fact are expressions of a deeper, more generic logical model of action, whereby organisational actors correlate to others within a model. For example, the CEO correlates to the CIO as the discourse of Direction correlates to the discourse of Selection, i.e. as the upper-left quadrant is related to the upper-right quadrant in the Four Perspectives model.
The basic diagram of the Four Perspectives © Carlos Trigoso 2006-2012
It would not be excessive to underline again that a fourfold or “quadrant” model is a compression and abstraction of a multi-faceted reality comprising many more variables and distinctions, so the “quaternity” appears only as a logical summary of a very complex underlying reality.
When considering the Four Perspectives of IT and Security management, it is useful to think how these frame our solution and project work. We often find, for example, that an organisation’s project needs are primarily related to Sarbanes-Oxley[xx] compliance, and therefore to the Verification disciplines. This regulatory compliance needs the certification of business documents (accounting and audit documents), by certifying –among other aspects—which user accounts are enabled on each of the “information and communication systems,” which individuals are associated with these accounts, who approved those accounts, and what is the status of the accounts and the users (active, inactive, suspended, terminated, etc.). In the present climate of increased regulatory pressure, especially since the Enron scandal in the USA, these are fundamental obligations that affect all the participants and “points of view” in the organisation.
At the same time, each of the participants and their teams will interpret the compliance requirements in a specific way, derived from their logical positions in the organisation, highlighting different aspects of the IT and Security management processes and systems. The IT Department and the teams under the Programme managers (the implementers) will focus on the access control aspects of the systems (the Protection aspects). The upper management teams around the CIO will focus on the account “life-cycle” aspects, for example on role-based controls and account approval processes (the Selection disciplines). On the side of the CFO and related functions, we will see instead an emphasis on audit efforts, account recertification and report production for external authorities. Finally, on the side of the CEO and related officials, there will be an emphasis on regulatory compliance as subordinate to the overall strategy of the organisation. This description comes from my practical experience, especially in the Financial Sector, but I am sure that it matches what Security professionals find everywhere.
These differences in emphasis and detail are somewhat compensated by overlaps and coincidences. When the discrepancies are deep –for whatever reason– the organisation will have difficulty in executing its plans, and IT and Security management projects will be ineffective, compliance will be lacking and failures will be frequent. It is important to remark here that an organisation can be compliant even without technology, but technology cannot be successful without the convergent, coherent interplay of all the areas in the business. So, in the short term, the misalignment of the IT and Security perspectives is not a serious problem for the CEO, the CIO and the CFO if and when Sarbanes-Oxley obligations and other conditions can be addressed with or without the IT programmes and teams. I have to remark on this because my position is not that the private or public organisation “must” use technology for these purposes.
IT and Business Conflicts
The oppositions and correlations between the Four Perspectives are mostly evident in the conflicts between “the business side” and the IT departments and experts. This, as put by Aki Iskandar in an article published in 2011, “is nothing personal… but it’s getting worse.”[xxi] Iskandar describes the case of many companies that write their software solutions, where the IT Department and the non-technical managers and senior executives do not get along and are in permanent conflict.
The author explains these conflicts as derived from the “business” and the “software” life-cycle, two processes that “are out of synch,” according to him. He says that these life-cycles were not misaligned a decade ago, but the situation is deteriorating. His definition of the business life-cycle is “the period of time during which a company undertakes activities around the development of a product or service offering,” while the software life-cycle would be “a period of time during which a company undertakes certain activities around the development of a software product.”
Iskandar seems to think that while in the 1980s and 1990s the business life-cycle was 7 years long and the software life-cycle was three years in duration, the situation has changed. In his account, since 2001 the duration of the business life-cycle is only 1.5 years, while the software development cycle is 2.5 years long. Iskandar remarks: “The problem is evident and getting worse. People on the business side are upset because they simply don’t trust that IT can deliver the software on time.” On the IT side, Iskandar describes a parallel sentiment: “[…] the situation is equally dismal. ‘Those managers – they want everything yesterday! Worse, they want their software built inexpensively and quickly, and they want it to be perfect. And they change the requirements every day!’ retorts the IT project manager.”
While this account is limited to the software aspect of IT and only to companies that “produce” their own programs, experienced observers of the IT world will concur the conflict of opinions described by Iskandar is actually the general situation across all areas in our professions. On the other hand, the change the author describes is not only related to the shortening of the business cycle (while the software cycle almost remains the same), but to other factors to which he does not pay attention. He points out that global competition is hastening the pace of business, changing the time that business leaders are willing and able to wait for new products, as they need to adapt constantly to new challenges. What is not clear though is why the software production cycle has not “kept pace”—as Iskandar puts it—with the business cycle.
Let us leave now the constrained frame of companies writing their own software and look at the wider panorama. Instead of a choice of two or three languages for software development twenty-thirty years ago, we have now dozens of languages, and instead of one or two “platforms” to run those applications we have also many. Simultaneously, organisations find it increasingly beneficial not to write their own software and use “off the shelf” products instead. In fact, the widening and accelerating competition that is the main characteristic of this situation comes from organisations that do not follow the traditional “write your software” model. This change is parallel and supported by the trend of newer, faster organisations not to have an IT department at all.[xxii] So the primary, relevant cause of the conflict is not the software development cycle being too long but the absence of need or reason on the side of the business teams for keeping an IT department and software development as part of the organisation. This trend is obviously accelerated if the IT teams are perceived as slow or ineffective.
In trying to address this conflict, it is essential not to see it as the product of two opposed camps (“the business” and “IT”) that do not understand each other or just have “different interests,” but instead as the inevitable fragmentation of the unity of organisations subjected to social and economic transformation. These pressures are external and internal to the organisation, leading to a wider range of opinions and choices, ending with a diminished role for the IT departments and its disappearance. Let us retain from this discussion the idea that conflicts are symptomatic of organizational change, and not the product of “misunderstandings.” Let us also keep present the idea that while in the past doing “your own” software and “your own” IT infrastructure seemed sensible, and nobody asked if business organisations had to have by definition an IT department and “technology” functions, today it is becoming evident that most technological functions are in reality external to the business models.
Four Root Metaphors
The techno-centric view, centred about IT infrastructure “availability” and Security “Protection” disciplines will always exist, although not as a part of the business organisations of the present and the future. This is what I mean by “persistence of techno-centrism,” and is one of the fundamental aspects of my philosophy. The persistence of the perspective is different from the need of IT as an internal organisational function.
In this philosophy, the fundamental perspectives are as Richard Jung[xxiii] would say, “mutually conceptually exclusive,” and we could add too that there are several relationships of contradiction and entailment between them[xxiv]. Although opposed or contradictory, these metaphors depend on each other and are correlated so that each one cannot exist by itself. It is important to keep in mind that these are cognitive and logical modalities and do not need to be equally represented in an organisation. Their roots are much deeper than group or organisational structures and depend on principles that are common to all human activities.
Richard Jung’s Four Metaphors and the Security Perspectives
In this sense, as a fundamental “hermeneutic metaphor” –in R. Jung’s terminology—techno-centrism will persist and cannot disappear as it forms an essential facet of human effort. To understand this it is useful to see the Four Perspectives also as manifestations of the World Hypotheses or Root Metaphors studied by the American philosopher Stephen C. Pepper[xxv]. Following Pepper’s model, we can immediately point to these Four Perspectives as world-views with deeply-rooted philosophical meanings. Here is how the Four Perspectives map to Pepper’s root metaphors:
- Formism: Direction, i.e. definition of Trust, Risk-taking
- Organicism: Selection, i.e. allocation of Trust, Risk sharing
- Mechanism: Protection, i.e. enforcement of Trust, Risk avoidance
- Contextualism: Verification, i.e. verification of Trust, Risk monitoring
S. C. Pepper’s Four Root Metaphors and the Security Perspectives
While the Mechanist metaphor stresses the disciplines of Protection against “objective” threats, the Contextualist paradigm underlines the disciplines of Verification and therefore the need for rules and processes. From its side, the Organicism will highlight the disciplines of Selection as the key to Security, and consequently the ideas of authorisation, delegation, membership and roles. Complementing the model proposed by John Arnold[xxvi], I introduced a fourth Perspective in Security, under the Formist metaphor. It should be called the discipline of Direction and remain focused on the ideas of definition of Trust Definition and Risk-Taking.
Arnold’s “trust life-cycle” is a model of how an organisation gains trust in the objects it manages. The model says that an organisation needs some level of trust in every object, and that trust must be established, protected and maintained. The three steps of trust establishment, protection and maintenance match the three security service types described by Arnold in the cited paper. In my view, the circle needs to be completed with the Definition of Trust. While the “establishment of trust” can be mapped to the identity management processes, the protection of trust is associated with traditional Security measures at the level of the infrastructure. Maintenance of trust is then logically associated with the processes and rules used to ensure the access rights that were allocated initially are effectively monitored.
The definition of Trust complements these three, and constitutes the “missing Discourse” in the whole of IT (as explained in chapter 1). Where the Security professions in the past took for granted the validity and even the existence of a Direction perspective, under which they were expected to operate, this is now an area that demands attention and action. In the present social and economic context, it is not guaranteed at all that the representatives of the business –including the nominal owners of capital– will necessarily or naturally discharge the duties of their social and organisational roles. I have in mind the Financial Crisis whose last phase started in 2008, and its consequences in the business and professional spheres. Precisely because ownership and leadership are not guaranteed, and indeed because these are often absent from business organisations, there is no reason to assume that the organisation has defined, open and documented Information Security strategy, and therefore a defined Trust model. Enquiring the reasons for the absence of a Master discourse (see chapter 1) does not lead to some form of “rejection” of its social role, but instead to a deeper understanding of its place in a capitalist society, of the loss of Direction and its effects.
The techno-centric perspective (Mechanism) takes for granted the existence and effectiveness of the Master discourse. In other words, Mechanism assumes logically and socially the Information Trust boundary in an organisation is a given. That is the root of the impotent and desperate position of the IT technologists forever condemned to act in what they perceive a vacuum of strategy, an unending “misunderstanding” of what IT is about.
I am aware that this fourfold model of Security Perspectives does not match neatly the present and conventional understanding about our profession. It is difficult to see how logic models underpin our actions, because day by day we are involved in these ideologies and world-views as fish are surrounded by water. Also, in our work we do not see clear distinctions between the tendencies that operate in every organisation, but degrees and combinations of these, and “overlaps” between the underlying metaphors. At the same time, even limited experience in the IT field shows there is an order of dominance among the Four Perspectives or discourses. For example, it is obvious the dominant paradigm in IT and Security management is the one focused on Protection (Mechanism). The second paradigm in order of strength is Verification (or Contextualism, in Pepper’s model).
When we see the organisation as a whole, as an object of study, it becomes clear the different paradigms arise from deeper roots that are not related to individual preferences or personal inclinations. They are collective phenomena present in every organisation, as Magoroh Maruyama showed in his decades-long research programme[xxvii]. This differentiation and opposition structure is universal and it would be wrong to confuse it with interpersonal conflicts or accidental issues that appear in business and organisational life. How the competing paradigms influence information security investment is clear once we consider the higher relative weight given to Protection and Verification in Security projects. This counts at least as indirect evidence of their action in organisational processes.
At a more general level, though, the oppositional structure here considered has much wider implications. Indeed, the most common presence of the Root Metaphors occurs in person-to-person conversations and in group discussions. When making a statement (uttering a proposition) the individual presupposes an opposite statement that remains unspoken. When we say “A” we necessarily hold in the background the concept of “not A”– i.e. the negation of the spoken statement. Further, opposition is not limited to negation, but also to entailment (implication) and contradiction, as has been exhaustively shown by Alessio Moretti’s work[xxviii] with other logicians and philosophers: Fabien Schang[xxix], Régis Pellissier[xxx] and Hans Smessaert[xxxi]. For the purposes of this book, I suggest keeping in mind that any statement is inevitably and logically linked with its negation, its contradiction and the correlated implications. Moretti has pointed to the fact that this logical structure may have an even deeper model fundamentally equivalent to Jean Piaget’s “logical capacities” square[xxxii] and Walter Helbig Gottschalk’s “theory of quaternality.[xxxiii]” In other words, a statement is inevitably and logically linked with its negation, its contradiction and its implications. The oppositions occur in the unconscious, in a “zone” of the mind that could be described as a “verbal unconscious” for lack of a better term. Although this is not orthodox Lacanian theory, I think the French psychoanalyst probably was pointing to such a relation when he said the unconscious is “structured like a language.”[xxxiv]
Moretti and the N-Opposition theoretical circle (led by the researchers quoted above[xxxv]), start from the foundations of modal logic, in particular the so-called Square of Oppositions. This “square” representing negation, contradiction and entailment of logical statements, originated with Aristotle and took its definitive classical form with Apuleius. I won’t summarise here the vast research that exists on this subject, but it is important to know that the immense interest that this has in philosophy, logic, mathematics and other sciences cannot be exaggerated. The N-Opposition theory website has many references to researchers working on the implications of the Logic Square in their own areas.
For my own research it was decisive to be able to match Moretti’s insights into this matter with the medieval logic of St. Anselm of Canterbury[xxxvi], brilliantly analysed by Sara Uckelman and Douglas Walton.[xxxvii] Anselm develops the logic of action, a modal logic articulated around the verb “to do” (“facere” in Latin)[xxxviii]. As explained in particular by S. Uckelman, St. Anselm had a unique approach to modal logic which can be compared with advantage to modern modal logic of action. In this logic, there are four main modalities:
- Facere esse (to cause to be)
- Facere non esse (to cause not to be)
- Non Facere esse (not to cause to be)
- Non Facere non esse (not to cause not to be)
Using simple logical symbolism, these formulae may also be written as:
And a diagram may clarify the relationships between the logical terms:
Anselm of Canterbury’s “Logic of Action” according to S. Uckelman
The studies by S. Uckelman are in themselves interesting as they unfold a Medieval Logic which sheds a powerful light both on history and the nature of modal logic itself. Modern logic does not seem so “modern” after reading her analysis of Anselm’s logic of action. For my own purposes, though, I find it particularly useful linking the logic of the verb “to do” –as proposed by Anselm hundreds of years ago, with modern deontic logic, or the logic of obligation.
We can use modal logic symbols to depict a simple logic of obligation in the square of opposition as follows:
A simple deontic logic in the square of opposition
The reader probably will see that a logic of the verb “to do” maps neatly to a logic of obligation and permission, so “Facere esse” is compatible with Obligation (OA), and “Facere non esse” is compatible with Prohibition (O~A). The other two quadrants have similar equivalences. The most interesting point here is that through this translation, we can also reach a logical square that is immediately applicable to Security concerns, i.e. the concerns of reading and writing (as explained in previous chapters). A diagram shows this derivation:
A simplified logic of access control on the square of opposition
I suggest to the reader that this simple model contains the essence of the Four Perspectives in Security and Identity management. This can be seen from the fact the Obligation to give access can be only associated with the Definition of the Trust boundary of the organisation. Indeed, the business leader will set the context and limit of the population (market) he or she is addressing. Setting the trust boundary is a logical and economic operation that sets the frame for other complementary actions. Then, the Prohibition stance (“must not give access”) is evidently the allocation of trust; that is, the distinction of at least two groups (two memberships): those who have access and those who have no access. In sequence, the third stance, that of No-Obligation (which is diametrically opposed to the Obligation position), is associated with the notion of Trust enforcement, i.e. those actions by which access is given or taken (even to those in the group which has been allocated trust). Finally, the position of Permission (“may give access”) is the ex-post, contextual logic, where access may be given depending on evaluation of events.
These reflections do not exhaust the implications of oppositional logic for Security and Identity. My goal here is to explain that in addressing the structural constraints of human action (as manifested in logical modalities) we are throwing light on “alignments” and “conflicts” of opinion and practice that are pervasive in organisational life and professional work.
I want to close this section by briefly pointing to the fact that individuals act out these logical positions and move or “take turns” across the various perspectives, depending on their effective roles in the organization and each of the teams or levels they participate in. So people are not robots, but the communication systems they build in and outside of the organisation have their own laws and tendencies. People (the natural persons or individuals) are in the periphery of the organisations and only partially integrated into the “system.” We participate as “personas” (masks) or role players, but not as persons. In other words, persons are not sub-systems in the organization in any conceivable way; hence the oppositional logic of the organization, by which we see the Four Perspectives in action are not a choice of the individuals, but the contingent result of their interaction.
In this book I defend an idea of “system” that is not mechanistic. In fact, I think –following the work of Richard Jung and Stephen Pepper—there are four system metaphors which form an oppositional structure. Jung’s work on these matters brings philosophy into cybernetics. Not by accident, his main essay on this matter is titled “A Quaternion of Metaphors for the Hermeneutics of Life.” Again, the fourfold structure of this model should not distract us from the underlying logic of the proposal. For Jung, the core metaphors are those of Mind, Organism, Machine and Template.
Richard Jung’s System Metaphors
I have translated this model to what I call “systemic action metaphors” which can then be represented by using the typical “boxes and arrows” diagrams of the technology-orientated professions. By boxes, I mean the objects that we are considering, while the arrows represent their relationships. It will become clear to the reader that I don’t think of these modalities of logic as isolated or standing each one by itself.
- Systemic action as distinction (value function)
- Systemic action as membership (relationship function)
- Systemic action as object (material flow)
- Systemic action as context (process flow)
The four metaphors of “systemic action”
Following R. Jung’s Quaternion of Metaphors
This approach will serve to describe what I said in previous chapters about the fundamental conceptions of information. The key to this understanding is to start from the idea that information cannot be reduced to a unidirectional “flow of data,” and much less to an object. Only one metaphorical perspective or paradigm allows for such a reduction, which is the Mechanistic metaphor. Within this paradigm information is a material flow, and the “system” under consideration is a machine. Data “flows” from machine to machine in the world of the IT practitioner and this data flow can be conceived as “information.” In this sense we speak of a notion of “systemic action” where all activities in the system under consideration are conceived as “objects.” Within the mechanistic paradigm there is no action that is not an object.
Under a different systemic metaphor though, where the system corresponds to Jung’s metaphor of Mind, systemic action is a “distinction” (making distinctions or distinguishing what has value from what does not). Within this stance, information is an intangible entity, better described as “knowledge” about the world. Further, in thinking from the idea of systemic action as membership, borne by the Organism metaphor, information becomes a relationship, an association, instead of a distinction. And finally, in the lower left quadrant, where the Template metaphor is the key, information is a tangible process where the value is in the process, but information can equally be valuable or valueless. The following diagram summarises these relationships.
Modalities of tangible and intangible information
My work on these matters owes a lot to Gurpreet Singh Dhillon[xxxix]. Dhillon maintains that “The management of negative events within organisations has become an issue commanding ever more attention from the various professions attending to the information needs of computer using organisations. However, the basic need for developing secure information systems has remained unfulfilled. This is because the focus has been on the means of delivery of information, i.e. the technology, rather than on the various contextual factors related to information processing[…] Although information system security is increasingly being considered as an organisational issue, the effort to prevent negative events has been aimed at protecting the technical infrastructure. This is largely because of the functionalist orientation of those responsible for managing information systems security. As a result the security professionals have been unable to address the social attributes of organisations.”
In his approach, Dhillon largely uses the Morgan-Burrell model for sociological theory analysis, which consists of a fourfold classification: functionalism, interpretivism, radical humanism and structuralism.[xl] Despite the criticisms addressed to this model, Dhillon adopts the “four paradigms as a means to classify the literature in information systems and to interpret the intellectual origins of the respective approaches.” Dhillon concludes his study saying that “With respect to information systems researchers, there is a growing disillusionment with the narrow, one-dimensional viewpoint afforded by functionalist thinking. Although the importance of social issues related to computer-based information systems has been recognised, researchers are still locked into conventional thinking. In reality computer based systems dynamically interact with the formal and informal environments in which they are used. Hence it is important to understand human interactions, patterns of behaviour and meanings associated with the actions of individuals. Even ‘modern’ functionalists have recognised the importance of such issues.” And later adds: “By contrast to mainstream information systems work, the majority of the information systems researchers are still locked in a functionalist way of thinking. […]The concern therefore has been on maintaining a security perimeter around information processing activities.” [xli]
Perhaps Dhillon’s most important point, though, is this: “Security therefore is seen as means to protect something tangible and hard. However, occurring negative events, for which security is provided, cannot be viewed as discrete events. The prevention of such events therefore means more than just ‘locks and keys.’ It has to relate to social groupings and behaviour.” In this way, Dhillon opens the way to a multi-paradigmatic view of IT and Security Management, as before him Hirshheim and Klein[xlii] did with their analysis of Information Systems design. I claim to continue their lead in thinking that, when considering paradigms and metaphors both in organisational theory and information systems analysis, we should not stop at these aspects as given phenomena of organisational life, but as manifestations of deeper logical structure.
More specifically, we need to look at how Information is conceived and represented by each of the “root metaphors” or “paradigms.” At the same time, in looking into the dominance of a model which relies on a concept of information as an object (a concrete-tangible entity) we must guard ourselves from the flat opposition or simple negation of that perspective. In the Morgan-Burrell model, this is the “functionalist” paradigm; in the Jung-Pepper model this corresponds to the “mechanism” metaphor. For example, aside of a polemical statement, it would be false to state that “Information has no value, that it cannot be stored and that it does not flow.” For sure, each of these assertions would be “true” within “organism” metaphor, for which not information, but the process of information transfer, is valuable.
Rhetorically we could still ask: If information has no value, why protect it? This would nevertheless be without meaning for the Organism metaphor itself, which is not centred on protection of informational assets, but on the idea of risk sharing and trust allocation (Selection). With good reasons we could say that information is not an object but an activity (informing or communicating), and we could affirm that information cannot be stored because it comes into existence only when it is read or used or interpreted. On the same lines, it is true that information only comes into being when there is a receiver, and therefore it is not clear if information “flows” from the source to the receiver or from the second to the first.
For actions and thoughts regulated by the mechanistic metaphor, information can be stored and can flow. The IT industry relies on this paradigmatic approach. All the IT technology is predicated on the storing and flowing of data! A simplistic negation of it would be at most polemical, but fruitless in the face of the deeper necessary roots of the four correlated metaphors.
The problem is not then that a mechanistic worldview exists. We know it exists and we know it is resilient and persistent. Its existence is not in question. The problem is that all IT disciplines are uncritically focused on Protection and only laterally pay attention to the other three perspectives. The Security market, including most products and service offerings, is focused on the “protection of informational assets.”
It is far from established what information is, but within the Mechanistic paradigm we ignore these questions and settle for the common view that information “is” an object, that it has value and that it can be stored. Thinking within other paradigms can be unsettling or even impractical, because the Technologist and Security practitioner will not see the utility of such change. Despite this, I hope that opening new perspectives can help at least to see what we are doing and how we are doing it in a wider context. My goal is above all to show that we are dedicated to “information protection” not because this is the only possible way to look at information, but because we work within a specific world-view that dictates an ideology of information as an object.
If professionals were able to discuss what information is, and how to assess its value, without ideologies, we would arrive at surprising conclusions. Different parts of an organisation will have different measures and even definitions of information and the “value of information,” trying to link the idea and the “being” of information to some Perspective or metaphor. In this process, for example, the levels of attributed value will be different according to the Perspective or Root Metaphor regulating the view.
David Sholle, writing about the dominant beliefs about Information Technology[xliii], questions “An economic philosophy that posits information as the source of value in a global economy; a business logic that focuses on the accumulation, production and management of data; media claims that availability and access to information technologies represent an increase in choice and freedom; political projections that computer-mediated communication networks can solve the problems of democracy in the US; and a quasi-religious hope that technology can save us from our own excesses.” Sholle asks how is it that we have come to be so dominated by the idea of Information in the West. His answer goes to great lengths into a fundamental clarification of the problem but is limited when he arrives at the conclusion that “Information does not have a semantic context. Information has no meaning in the current context. The term information is applied metaphorically to processes that involve flow, storage, impulse. Information also conceived as a process, and knowledge as a stock.” With this evidently Sholle is working within the Mechanistic metaphor, searching for an answer, but unable to overcome one-sided beliefs.
I think though that Sholle’s approach, by linking Information theory and sociological thinking, is valid and inspiring. We should analyse Information not only beyond the techno-centric and mechanistic view, but also beyond the other unilateral fixations. For example, within the Mind metaphor (the Direction perspective) there often is an attempt to claim that all Information exchanges can be explained as economic processes. Neoclassical economics, for example, is used to explain information as a set of economic phenomena[xliv]. In the mind of the neoclassical economist, all human activities employing any type of “scarce resources” can be addressed within a “price theory.”
Finally this means that all information activity is transactional, similar to commodity exchange, but if information is reduced to exchange, we are clearly moving within the Mind metaphor. Should we stop and reflect before if this is the only valid perspective on information? An extreme formula of this is to say that information is that which reduces uncertainty for the firm (i.e. knowledge capital), and we often participate in discussions where the “business side” will recognise as information only that which reduces uncertainty from their point of view. Every other interpretation, including the one governing the Mechanism metaphor, does not make sense. So in business, in academy, in technology and in corporate teams, we find these unceasing oppositions, sometimes in dialogue, sometimes in conflict with each other, but always without an insight of what is driving these differences, only to be resolved by accident or sheer power.
More than People, Process, Technology
I want to elaborate now how I think that we need to evolve beyond one-sided views in IT and Security management. In techno-centric environments it is not rare to find a strong emphasis on the idea of combining “people, process and technology.” These are three aspects consistently covered by presentations, papers, books, proposals and reference materials, and these are considered the mark of a “good” approach to information technology.
This emphasis is shared by the major consulting firms and market research organisations. Business management wants to hear this approach when addressed, as a good signal of the knowledge of the consultant. All of this is true, but it is important to remark the emphasis on the three aspects is a late development in the IT world. Before that, a change that started around the mid-1980s, IT technologists did not use this discourse. The new emphasis represents progress in relation to a period when IT disciplines ignored “people” and “processes” and when system analysis and design happened almost only in technique.
It is good to see an extended coverage of “people” and “process” in addition to technology. This amounts to some “moderation” of the mechanistic paradigm. In large organisations, deeply influenced by consulting services and market analysts, this “triad” of people, process and technology is also a given, something that managers will demand from their subordinates as if it were a sufficient condition of completeness and good practice.
So, complying with this, almost everybody in the industry works out carefully what the “people,” “process,” and “technology” factors are in any situation. Neat diagrams show how the advisor/consultant is covering “all the bases.” Is this satisfactory? Is it “complete”? My view about IT and Security management is that we need to cover at least four aspects, and not only three. Perhaps this will be facilitated if we show that there is after all a certain approximation of the people-process-technology “triad” to the more complete model of the Four Perspectives:
- The “People” concern maps to the disciplines of Verification and Selection
- The “Process” concern maps to the disciplines of Selection and Verification
- The “Technology” concern maps to the disciplines of Protection
The concept of “People” is generally understood to cover the roles and rights needed for the users of an information system, but also the issues associated with people training and compliance. The concept of “Process” covers compliance with permission models, but also the authorisation mechanisms implemented in the organisation. And finally the concept of “Technology” addresses the hardware and software that provide access control, data storage, and networking and transaction capabilities.
This people-process-technology approach, although better than previous stances, is incomplete as it does not encompass the disciplines of Direction, i.e. it does not cover organisational factors which can be described and addressed only in terms of purpose, strategy, intention, ownership, authority, business model and risk-taking. This is noticeable when we speak about Security and Identity management. In this space, if we limit ourselves to analysing factors related to “people, process and technology,” we will be unable to determine the goal of the Identity solutions. We may still cover the mechanical aspects of “provisioning” people, “controlling access” to systems, and “ensuring compliance,” but we will be unable to explain why data ownership, business model and enterprise architecture are so important. Above all, we will be unable to answer the simple question: Why do we need Identity management at all?
If we adopt a techno-centric Identity management model, we could perhaps map every possible activity and workflow by using diagrams and models, perhaps with the help of some software tool capable of simulating human workflows. This certainly looks impressive on the screen and on paper, but the approach fails as the implementers do not realise that a technical solution does not represent the totality of the Identity management space. All processes around role management and role-centric policies have at their core “business functions,” “ownership constraints,” and “authority factors” (here I use my own terminology), which cannot be described as process flows (for example in standard languages like Business Process Execution Language or BPEL). Organisational functions that correspond to the Direction and Selection perspectives, therefore, remain disconnected from the Security and Identity architecture, devoid of governance and are effectively abandoned by the business teams.
In 2010 I published a diagram showing how the different layers of Identity management relate to each other and especially highlighting the fundamental roles around data ownership and governance[xlv].
I&AM Programme Layers © Carlos Trigoso 2010
The four Layers are aligned to the four Perspectives: Identity Data Governance represents the Direction Perspective, while Identity and Role Management, Identity Data Services and Identity Data Control represent the other three Security Perspectives: Selection, Protection and Verification. In this way I showed how the logic of opposition can serve in fact to design and carry out a coherent organisational Security strategy avoiding one-sided choices.
The extended model, then, represents the integrated view of the disciplines of Direction, Selection, Protection and Verification. A detailed application to Security management as a whole is shown in the Annex to this chapter. There I show the Perspectives of Direction (Formism or the Mind metaphor) as articulated with Trust Definition; Selection (i.e. Organism) supporting the concerns of enablement, adaptation, decentralisation, membership and participation, also encompassed by the notion of Trust allocation; Protection (i.e. Mechanism) leading the search for resiliency, performance, fault-tolerance, redundancy, replication, perimeter security, and related efforts; and Verification (i.e. Contextualism or the Template metaphor) associated with the detection of illegitimate/legitimate access and use, and compliance with laws and policies.
The goal here is not a simple match of the categories but using the root metaphors to clarify the specific points of view that are at play in the IT and Security professions so these may change and achieve higher purposes.
Annex to Chapter 9: The Security Perspectives
Summary of the Four Security Perspectives[xlvi]
[i] A radar chart or spider chart plots the values of each category along separate dimensions that start in the centre of the chart.
[ii] J.R. Williams, G. F. Jelen, ”A Framework For Reasoning About Assurance”- Arca Systems, Inc., 1998
[iii] Following Rudolf Kaehr’s interpretation of Gotthard Gunther, “Each single value and each single logical function is entitled to have a logical meaning.” See: http://www.thinkartlab.com/pkl/lola/Transjunctional%20Semiotics/Transjunctional%20Semiotics.html
It is absurd to chase for the meaning of logical values and functions for arbitrary many-valued systems. Special value classes of some interest had been studied by logicians for 2, 3, 4, and infinite.
Hence, a method, like the arithmetic position system which is able to determine arbitrary numbers on a finite base system, has to be invented. This was Gunther’s approach to many-valued place-value systems (Stellenwertlogik).
[iv] The Wallace Hypothesis: “…The hypothesis, which we shall call the “26 rule”, is, then, that irrespective of race, culture, or evolutionary level, culturally institutionalized folk taxonomies will not contain more than 26 entities and consequently will not require more than six orthogonally related binary dimensions for the definitions of all of the terms. …In the area of cultural semantics, we are suggesting that a somewhat similar principle applies…the evolution of cultural complexity is limited, in so far as folk taxonomies are concerned, by the two-to-the-sixth-power rule. …What is limited is the complexity of the taxonomies which are components of the various cultural sub-systems” A.F.C. Wallace “On Being Just Complicated Enough”, 1961
[v] “It all depends upon where the consciousness places itself and concentrates itself. If the consciousness places or concentrates itself within the ego, you are identified with the ego — if in the mind, it is identified with the mind and its activities and so on. If the consciousness puts its stress outside, it is said to live in the external being and becomes oblivious of its inner mind and vital and inmost psychic; if it goes inside, puts its centralising stress there, then it knows itself as the inner being or, still deeper, as the psychic being; if it ascends out of the body to the planes where self is naturally conscious of its wideness and freedom it knows itself as the Self and not the mind, life or body. It is this stress of consciousness that makes all the difference. That is why one has to concentrate the consciousness in heart or mind in order to go within or go above. It is the disposition of the consciousness that determines everything, makes one predominantly mental, vital, physical or psychic, bound or free, separate in the Purusha or involved in the Prakriti.” Sri Aurobindo, Letters on Yoga, pp. 235-36
[vi] Carlos Trigoso, “Security Perspectives” – http://carlos-trigoso.com/public/security-perspectives/
[vii] Carlos Trigoso, “Four Perspectives on Risk and Trust” – http://carlos-trigoso.com/public/four-perspectives-on-risk-and-trust/
[viii] Steven Palmquist, “The Combination Of Analysis And Synthesis In Numerical Symbolism”, http://staffweb.hkbu.edu.hk/ppp/gl/GL5.html, and “The Geometry of Logic”, http://staffweb.hkbu.edu.hk/ppp/gl/toc.html
[ix] S. Palmquist presents the following classification:
1 = end point of synthetic integration
2 = first level of analytic division
3 = number of steps in the process of simple synthetic integration
4 = number of elements in the second level of analytic division
5 = combination of 2 and 3 as found in natural organisms (addition)
6 = combination of 2 and 3 (multiplication) as found in inorganic systems
7 = logical systemisation on a higher level as a dynamic combination of 3 and 4
8 = number of elements in the third level analytic division
9 = number of steps and elements in the operation of second level synthetic integration
10= perfection of the number system
11= symbol of imperfect system
12= perfection of logical systemisation on the level of a single system (3 x 4)
[x] G.W.F Hegel, “Wissenschaft der Logik“, 1812,
[xi] C.S. Peirce, “The Categories”, 1893
[xii] I. Kant, “Critique of Pure Reason”, 1781
Kant’s table of judgments lists of the possible logical forms of propositions:
1.Quantity: Universal, Particular, Singular.
2.Quality: Affirmative, Negative, Infinite
3.Relation: Categorical, Hypothetical, Disjunctive
4.Modality: Problematic, Assertoric, Apodictic
[xiii] Martin Heidegger, “The Thing”, 1950
[xiv] Chris Lofting, “The Neurocognitive Roots of Logic”, 2003 – http://www.emotionaliching.com/myweb/logic.html
[xv] Anthony Judge, “Laetus in praesens” – Website: http://www.laetusinpraesens.org/bio/faq_laet.php#A5
[xvi] W. McWhinney, “Paths of Change: Strategic Choices for Organizations and Society”, 1992
[xvii] George A. Kelly, “The Psychology of Personal Constructs”, 1955
[xviii] See: Adi Masli, Vernon J. Richardson, Marcia Weidenmier Watson and Robert W. Zmud, “CEO, CFO & CIO Engagement in Information Technology Management: The Disciplinary Effects of Sarbanes-Oxley Information Technology Material Weaknesses”, 2009
[xix] See: Natalia Mintchik, Jennifer Blaskovich, “The Role of Politics and Institutional Isomorphism in the Decision to Outsource in the Post-SOX Environment”, 2008
[xx] The Sarbanes–Oxley Act, ‘Public Company Accounting Reform and Investor Protection Act’ and ‘Corporate and Auditing Accountability and Responsibility Act’, 2002
[xxi] Aki Iskandar, “Butting Heads: Why IT and Business Don’t Get Along” www.LambdaSoftware.com
[xxii] In his book “Does IT Matter?”, Nicholas Carr quotes Richard Veryard: “Thanks to the plug-and-play business approach, a new business can be rapidly assembled as a loosely coupled set of partnerships and services […] even a substantial company can now be viewed as a component of a much larger system, rather than as a self-contained business operation”, R. Veryard, “The Component Based Business: Plug and Play”, 2000
[xxiii] Richard Jung, “A Quaternion of Metaphors for the Hermeneutics of Life”, 1985
[xxiv] R. Jung writes: “My second thesis is that although the four metaphors seem to be contradictory if treated as ontological statements about the nature of living systems (and thus the opposition of any two of them gives rise to an unsolvable paradox) — the paradoxes are dissolved when each metaphor is treated as a different matrix for expressing different epistemic attitudes.” – “A Quaternion of Metaphors for the Hermeneutics of Life”, 1985
[xxv] S. C. Pepper, “World Hypotheses: A study of evidence”, 1942
[xxvi] John Arnold, “Security Services Model”, 2006
[xxvii] Magoroh Maruyama, “Mindscapes, Individuals and Cultures in Management”, 1993
[xxviii] Alessio Moretti, “The Geometry of Logical Opposition”, 2009 – http://alessiomoretti.perso.sfr.fr/NOTMorettiPhD2009GeometryLogicalOpposition.pdf
[xxxii] Jean Piaget, “Traité de logique. Essai de logistique opératoire”, 1972
[xxxiii] Walter Helbig Gottschalk, “Theory of Quaternality”, 1953
[xxxiv] “You see that by still preserving this “like” (comme), I am staying within the bounds of what I put forward when I say that the unconscious is structured like a language. I say like so as not to say-and I come back to this all the time-that the unconscious is structured by a language.” Jacques Lacan, “The Seminar, Book XX: Encore, On Feminine Sexuality, The Limits of Love and Knowledge”, 1998
[xxxvi] Anselm was born in Aosta, in the kingdom of Burgundy. In 1033, at the age of 27, he joined the Abbey of Bec, where he served as abbot from 1078 to 1093. In 1093 he was made Archbishop of Canterbury.
[xxxvii] Sara L. Uckelman, “Anselm’s logic of agency” Institute for Logic, Language, and Computation, 2009 and
Douglas Walton, “St. Anselm And The Logical Syntax Of Agency”, Franciscan Studies, Vol. 36, 1976
[xxxviii] Anselm’s work on logic can be found in the “Complete Philosophical and Theological Treatises of Anselm of Canterbury”, translated by Jasper Hopkins and Herbert Richardson, The Arthur J. Banning Press, Minneapolis
[xxxix] Gurpreet Singh Dhillon, PhD Dissertation, Department of Information Systems, London School of Economics and Political Science, December 1995
[xl] Gareth Morgan, Gibson Burrell, “Sociological Paradigms and Organisational Analysis”, 1979
[xli] Gurpreet Singh Dhillon, PhD Dissertation, Department of Information Systems, London School of Economics and Political Science, December 1995
[xlii] R. Hirschheim, H.K. Klein, “Four paradigms of information systems development” , 1989
[xliii] D. Sholle, “What is Information? The Flow of Bits and the Control of Chaos” – http://web.mit.edu/comm-forum/papers/sholle.html
[xliv] Joseph Stiglitz, “Information and the Change in the Paradigm in Economics”, 2001.
[xlv] Carlos Trigoso, “I&AM Programme Layers”, 2010 – http://carlos-trigoso.com/2010/09/12/iam-more-than-people-process-and-technology/
[xlvi] Carlos Trigoso, “Security Perspectives 2012”- http://carlos-trigoso.com/public/security-perspectives-2012/