A big company party is coming up and a scrap-booker asked me to write something about our ten year anniversary to put in the last page of her scrapbook. Ironically, she had said “just take ten minutes and write what comes to your mind about this milestone.”
What was only supposed to take me ten minutes ended up using a good part of my Sunday afternoon. Granted, I was thinking about it while gardening, but I could have been thinking about something else (such as why all my broccoli seedlings suddenly died).
Then this morning I once again run-up against the risk of keeping a blog (that you don’t add to it regularly). And woo-who! A topic for my blog!
But, as it turns out . . . . blogs and scrapbooks are not interchangeable. For one: What you put in a scrapbook refers to everything that was in the scrapbook. Secondly, what I put on this blog about our company making it to our ten year anniversary . . . . it needs to be profound. It needs to adequately express the gratitude that I and our team feels towards everybody who helped and helps make infotex a success.
So instead, I’m going to take this post into my thoughts on the “gestalt” theory as it applies to information security, risk management, and running a business. I imagine that most of my readers (as if there are already hundreds of them) are right now scratching their head. You vaguely remember learning about “the gestalt” while in some easy art or psychology class you took as an elective to get you through your senior year.
You can refresh your memory, if necessary, by knowing that what I’m referring to is “the principle of totality,” to the fact that a system is a group of parts which are combined in a manner to create a whole which is greater than the sum of the parts. The best way to illustrate this, in my opinion, is to look at the classic illustrations to the left. Each illustration is merely a set of parts, but the way the parts relate to each other creates a meaningful whole. It’s the relationship between the parts that does the work of turning them from squiggly black blotches into four distinct “systems.”
My point for bringing this up is that infotex has always worked off a “gestalt” approach to our business. We see your information security program as a gestalt. We see that when you change one simple policy, you change the entire system.
Backing up a bit further from the “system” called “information security,” we believe that we are a part of a greater team of professionals dedicated to the mission of managing technology risk. We firmly live and breathe this belief. We see “the four corners of the bank” as having equally important team members ranging from board members through management through the technical team to your users to your customers to your vendors. Academia, clubs, associations, and law enforcement are also members of this team.
You can see this philosophy permeates our approach to our clients. Heck, we even consider our competitors to be a very important and productive part of this team and thus we often recommend them.
If you remove the top circle in the figure to the right . . . . or if you even turn it clockwise a few degrees . . . . you completely change the system. It might make the system better, it might make it worse, but it does indeed completely change the system. That’s because to change a system, you can only change the relationship between the parts of that system. To improve a system, improve the relationships it has with other systems, and the relationships between its subsystems.
Whatever parts were in the system we call “infotex,” we made it ten years! And that is why we are grateful to ALL parties that helped us make it past “the critical first three years” into the rest of our history as a company.
Ten is simply a number. We hope to be here ten years from now. But what is important right now is to thank those who have helped us in the past, as well as those who are actively helping us now.
Dan Hadaway, CISA, CISM