The start of the new school year. I loved that time when I was a child. Everything new: new teachers, books, notebooks and a fresh set of pens and pencils (you might remember I am a stationary fetishist, from this earlier post). This stayed with me: the nostalgia of the New Year starting in September. Even if it did not, for the past 35 years, but now it does again. Such a pity I have gone all digital. I toyed with the idea of getting some pens and paper just for the fun of it, but in the end I did not: I have so much stationary already. I did buy myself a scanmarker air, for scanning bits of text from non-digital books. With student-discount. The Dutch love their discounts and I am no exception.
The academic year started with lots of information and introductions and meetings for new Research Master students. I had missed out on that info when I started back in January. I found that by now I was fully up to date, but still, it was nice to check and make sure I had missed nothing. I was reminded we all have to write a study plan which has to be officially approved before you can complete your thesis. Also, it was fun to see all the new students. I bet they were not half as nervous as I was when I started, but still, I could tell they were. And I was not! Amazing how I have changed in just 6 months. Remember me being shaky on my first day, afraid they were all going to laugh at me and worrying if my memory would hold up? Anyway, I know all of them will turn into confident graduates soon, coz I have already seen it happen.
As I explained in my previous post, I will do two seminars and one position-paper this semester. I have spend all summer doing the background for the background for my position-paper (which is on speech acts, common ground intentionality). The background is “consciousness” and there are literally hundreds of different theories about what consciousness is and how it works. In my time at Oxford, Philosophy of mind was about Analytic Philosophy (is there any other kind:-)?) I talked about that in a previous post. At length, because the existence of continental philosophy had passed me by completely. Anyway, these days, Philosophy of Mind is all about consciousness, starting out with generic denial of Descartes mind-body theory . Descartes claimed that mind and body are essentially made out of different stuff). To be able to say anything about the deliberate use of language, particularly if understanding language is not about mind-reading or some such psychological notion, you need to be able to say what it means to express something deliberately. I think so, anyway. So I spent a lot of time sorting out these new theories. It is all on my wiki, have a look at the topic “consciousness”. if you like. The main taxonomy is in the pink bit; every line is a separate page. It is not finished by any means: I have now started to catalogue arguments which connect and separate theories. You might notice I sometimes copy in cartoons. This is to liven things up. It is dry stuff. So let’s be thankful for existential comics.
My seminars for this next half year are: the Skills course, which is compulsory , the first part (I did the second part before the summer). The other one is a seminar on the evolution of language. That is going to be great I think. I know most of the students there from previous seminars. We will look at communication in apes and other animals and see how that might translate to humans. The basis is a theory by my professor, which says that language is not about expressing ideas or mind-reading others, but about cooperation and getting other to cooperate. My professor seems to be in a good mood, much better than last semester. He has been publishing a lot, one paper after the other, and I think his new theory has reached a stage where it is becoming widely recognised. So all the academic work is new and shiny and interesting and very much “now”. Who needs the ancient Greek philosophers?
The Skills class is taught by the Dean of our department. It turns out he was also at Oxford, a few years after me. An amazing guy: he has so much energy, such a devoted teacher and interested in everything. The Dean reminds me a bit of myself before I got CFS. Energy wise. Academically there is no comparison, obviously. Because he is so dedicated, he uses every minute of the allotted lecture time. Gone are the days when we were given the last hour off. Which is hard on all of us, because this set of lectures runs late: from 15:30 to 19:15. Everybody is so tired at the end. Except for the Dean it seems 🙂 He even wants to know about me, where I work, why I am there, what I want to do. He keeps pushing me toward this new Security centre which the university now has. So I told him I had already written to the professor there but that he not replied to my email yet. (Which is understandable because in that letter I challenged a bit of not-so-sensible advice, on Open Source, which that professor he had given the Dutch Minister of Security). We will see what happens.
Anyway, the Skills class, like last time, is a mix of things I already know, things I don’t know and things I did not know existed. In the latter category: there is a Dutch protocol for the integrity of academic research. You can find it here. This protocol directly results from academic scandal, some professors inventing research data to fit their theories. Three prominent cases happened at the Social Sciences department at Tilburg University, and the whole academic world went pale and speechless. Because there was a general lack of assurance on this issue, this nation-wide protocol was set up. Attached to this protocol is a data management protocol, which I will have to look into if I want do empirical research – which I well might.
We have already been set a small paper in the Skills class. This time, I tried to use all the big and small insights I gleaned from the feedback from my own professor back in July. I felt happy with it and it got a “very nice essay” (no grades as yet). There was just one time where I did not speak my mind because I could not “prove” it – this was about two philosophers who would probably hate each other but I did not say so. I got a remark on this, why I had not said so. So next time I will write out my intuitions too, stating that they are intuitions if necessary.
So, back on track. I have taken the whole of December off, so hopefully this will give me enough time to finish all the papers I have to write this semester. Already I am back in the flow. Lovin’ it! Husband is still driving me back and forth, which is a great time-saver. Plus, it is nice to have a partner-in- crime to talk to about all the things I learn and that happen. Sometimes I think his ears must ring with all my ravings. But he is unperturbed, as always. Also, he found himself a cosy little setup in the Hortus tea garden which apparently is full of female volunteers who love to give him tea. Dozens of them, he tells me with twinkling eyes. Adventurous times ahead!
Yesterday I had my long awaited meeting with my supervising professor. You know, the grumpy one that I regard as mine. There were several things that needed discussing. Obviously my paper, which got a good but not an excellent grade; the past and the future. And some human stuff.
We had arranged to meet at a café at Utrecht Central Station rather than at the university. Husband travelled up there with me, the idea being that we would meet up later. At the station I ran into several colleagues. They were on their way to a team meeting which I should have attended too had I not been on study leave for the afternoon. I was glad I had not booked a meeting room at the Utrecht office: in my head, academic and work worlds don’t mix well. I had half an hour to spare though so enough time to get back into the academic spirit.
There was a bit of an awkward issue that I needed to discuss with him. I told you about it in previous posts: he and I are fine in a one-to-one meeting, but in a class setting where I have to take the floor, his feedback becomes rather too vicious for my taste. Particularly compared to the very careful way he handles the other students. I did not quite know how to bring this up. Fortunately, a chance opened up to address this issue right at the beginning, and it went fine. He apologised, saying that he had heard this about himself before. He had just been matching my directness which he found pleasant (as it livened up an otherwise rather unresponsive class). So I pointed out that I was just as vulnerable as the other students in academic matters; and we agreed; and that was that. Good. Relief.
My paper was next. I had reread it, and his review of it the night before, and I was glad I had left it for a while. I could now see that he had judged my paper on a different basis than I had intended the paper to be read. Which a priori means that I had not been clear. You see, it was a difficult topic, on collective speech acts, on which there is almost no research. The papers that I did review, I found to be of meagre quality. The problem was, that I had not said so explicitly. This because I felt I was not sufficiently knowledgeable on the subject to do a “deconstruction” of the work that these philosophers had done. So I had been a bit vague in my approach to compensate for not saying what I really thought. Which put the reader (the professor or anyone else) on the wrong foot. It was not so much that I should have a highly critical or argumentative stance, but rather, that there was no good story-line to my paper. That was mistake number 1.
The 2nd point was about my not being sufficiently critical. Now this is not something I hear very often! It took me a while to understand, but what I need to do, is to question every concept, approach, idea that I review and explain why I put it in the paper OR explain why I don’t question it. So my simple idea of reviewing papers and going along with the argument to see where we might end up, would have been fine, IF I had explained that was what I was doing. Which I had not. Because again I had been too shy.
The 3rd problem was that the paper was too big in scope. In retrospect, the professor said, scope-wise it would have been fit for a Master Thesis. This is because I left so many concepts and ideas to investigate. For practical reasons, I had simply accepted concepts without question, i.e. as given in literature. Had I done otherwise, my paper would have exploded, and it was only supposed to be 6000 words. So yes, I could see he was right, the scope I had chosen was much too ambitious to do well. It is either quantity or quality. There is also a style difference, I think. He works inside-out, and I work outside-in. Which means I have to read much more but that is not the worst of it. Here the difference between audiences comes alive. If I write something as a civil servant, I must avoid being too detailed for fear of losing my audience. The general consensus is that details can always be given later, in a separate paper, in a presentation, during a talk, whatever; but later. The same is not true for a philosophy paper. That paper has to be complete in itself; there is no “later”.
Problem nr. 4 took me a while. I have developed, in my working life, a habit of writing authoritatively. Because I am an authority on certain matters. Husband taught me how to do this. I cannot remember how many times I got my texts back with remarks like: you use too many words, explain too much, go into too much detail etc. Which is all very well when you are writing government or company policy, but is not a good idea when you are writing a philosophical article. A philosopher needs to explain and explain well. My professor spends a lot of time on doing just this, and it has also been a issue in the other seminars I attended, so I might have known. But I think there is more to it than that. Because Philosophia is not very well charted, a philosopher constantly needs to ring a bell, so that others may understand where he is. Think of a cow in an Alpine meadow 🙂 That means that as a philosopher, you must allow other philosophers to understand exactly what concepts you are using in what context and why. Otherwise they get lost. Or you do. Depending on your point of view.
So: a good philosopher knows the precise context in which she is putting forward her ideas (by the way, this is an example of “correct” writing, sometime during my absence from academia, they all started writing in terms of “she” rather than “he”). The problem of course is that I don’t. I am still an amateur. Which brings me to the research paper which I will be writing next term. Apparently this paper is not for a grade (it is pass or fall), but intended to allow to you prepare for the Master Thesis which has to written in the second half next year. This gives me a chance to consolidate my knowledge on a couple of topics which at the moment is only wafer-thin. The topic(s) will be: speech acts, collective acts and common ground. Right. I will enjoy getting my teeth into that. I promise you, my next paper will be like an embroidery: pretty, intricate, beautiful and state-of-the-art.
The professor and I, we parted on most amicable terms after nearly 3 hours. I was really pleased that I had been able to pick up some new insights. Also, the luxury of someone spending hours on you to improve your thinking! When does that ever happen in Real Life, I ask you?
Now came the task of finding Husband. In spite of our shared-location app, I failed. Seriously, I walked around Utrecht CS with Google Maps displayed on my phone, and kept going in circles, from one entrance to the other, up and down the escalators. After quarter of an hour, I had to call Husband and admit total failure. He had to come and get me. Yes, you may laugh. Of course, he should have foreseen this (I get disoriented very very easily), so we agreed it was his really fault. Off we went, back to the Utrecht canals to have a drink and something to eat at the waterside. Very pleasant. It was a bit like a celebration. We had a nice meal and 3 Belgium beers each. Alas, it turned out that we can no longer handle this the way we once did. Walking back from Apeldoorn station was slow; and someone we could not keep our eyes open after 10:30. Very amusing. Nice memory though.
Today was the last seminar of term. Though I still have to write some papers, it felt as if
Certainly, thingswill be easier at the office now. I won’t have to switch meetings around, or catch up on work at awkward hours. At least not until September.
The best thing was how wonderful this class was, compared to the very first one. Remember me being worried that someone would laugh at me? Granny going back to uni? Well, today was light years away from that worry. For the past few weeks we had been giving each other feedback on our oral and written work. I suppose that helped in getting to know each other a little better, especially for me who is only there during classes – I am a live-at-home student :
Anyway, today’s class was fun. I
found myself joking, commenting, being drawn into discussions – really being part of things. Very nice. Pity I will not see most of them again. Or maybe I will. You never know.
Husband has been transporting me back and forth since Februari.
Plushaving to put up with me studying in the evening. Every evening. But he seems undaunted and has put his time to fruitful use. So, on a sunday where I do not venture outside and hide behind my computer screen, he ventures into the Royal woods we live close to, and makes this wonderful little movie creations. Have look at this and be sure to turn up the sound!
I really should to get back to my paper writing now, but I have also completed two, which I want to tell you about. One of them I will not include here, because it is very technical – the one about collective speech acts that my temporarily-not-so-beloved professor was being overly critical about in an earlier version. I am keeping my fingers crossed about that one.
The other one is on “language in cyberspace”, really, about why I am back at uni in the first place. The presentation went fine, and now the article was received well by my contempories and the skills-class professor. I am including it as an attachment, because if I publish the text here, my article won’t get through the plagarism check they do at the uni.
Click here if you want to read it. It is the only way you will find out why this post is called “the emperor and the elephant”. The article is aimed at an audience like you, so if you have any comments, let me know. It is still the draft version, I will be handing in the final version in a couple of weeks.
I just heard that the new time-tables will be up on the first of july, rather than the first of september. Which gives me lots of time to plan things out. Looking forward to next term. But first, finish this one .. I am buried up to my neck conceptualizing the “extended mind”. More about that in some other post.
This was the week I had to
do a presentationfor the Philosophy of Mind seminar. I had assumed that it would be ok, because the paper was by an author we had read before. Things were also going well in the other seminars. I had written the survey article for the Skills & Methods class. This time I had asked “my” professor for recommended reading (remember my fiasco with the fundamentalist book review), and I even plucked up the courage to ask him to review my effort. It turned out I had drawn an overhasty conclusion. Sloppiness, really. I still have to get used to checking wording en phrasing really carefully. Anyway, my professor also gave me feedback on the structure of my article, so by the time I handed it in, I was happy with it.
A little too relaxed
So maybe I was relaxing a little too much. I
wasn’t even botheredwhen the article I had to present was changedjust a week beforehand. Only 13 pages, that would be a doddle, I thought. Hubris! Then everything happened at once. At work, a situation which had been smouldering for a while, suddenly exploded, causing all kinds of havoc. Also, I had taken a fall at the sauna a week before, causing a bad knee scrape. Suddenly this wound got inflamed so badly I had to go to the first aid post on a sunday morning. They gave me a shitload of penicillin, which made me feel so sleepy I had to take time of work, plus I had to miss one of my classes. And then there was the normal study workload plus this presentation to do. I already felt sorry for myself before I even started to dothe actual prepartion.
So, the article. It was by a guy called Di Paolo, who specialises in the “enacted mind”. The great mystery to
be explainedis how cognition develops. I made a wordle out of the text for your amusement.
Now this is not a simple subject, and the way this Di Paolo guy writes about it is a nightmare. He doesn’t really explain much, he refers to other papers, by himself, and by other philosophers.
Plusit is all jargon, meant for an in-crowd which I certainlydon’t belong to. I had to go through his source material, and read up on lots of reviews to help me understand what his theory was all about. Because the article did not have a helpful structure, I constructed “conceptual Lego” as the basis for my presentation. See below. Colourful, eh?
Thanks to my husband who is still (!) driving me to university, I was well in time to set up my presentation. I really was nervous. Fortunately, the professor-duo teaching this class apologised for the horrendous text as soon as they saw me. That took the edge of my nerves! The conceptual Lego worked even better than I had hoped. I felt I really liked this theory I was presenting. Maybe a good topic for the end-of-term paper I am to write soon.
It is all so very interesting, and I am learning so much! None of these theories were around when I first went to university.
Back then, –)
If you are an Alice-in-Wonderland fan, you will have recognised the quote immediately. It is from a conversation between the Cheshire cat and the King. It goes like this.
The White Rabbit put on his spectacles.
“Where shall I begin, please your Majesty ? ”he asked.
“Begin at the beginning, ”the King said, verygravely, “and go on till you come to the end :then stop. ”
Sound advice, eh? Well, I think so. I live by it. Except that the end may take a very long time. Treebeard-style for fellow Lord-of-the-Ring fans.
In my earlier post on “the right words” I told you about how difficult I found it to get into my subject. I even had to take days off work for extra reading. I had put this down to general stupidity on my part (that is, faulty memory and old age). But tonight, as I prepared for yet another article I have to write for the Skills & Methods seminar, I opened the Oxford Handbook of Philosophy of Mind, which is a collection of essays. The introduction opens with the following observation:
Philosophy of language is usually presented as a deep‐end subject. One is expected to jump in and eventually get the hang of it. And yet it can be a very technically demanding area of philosophy for the beginner. It is surely not special in this regard. However, it seems to us that it has lagged behind other sub‐areas of philosophy in presenting its key concerns in accessible form, with the result that there is a considerable gap between the professional literature and understanding of the novice. Professional philosophers often advise students to read classic papers in the area such as ‘On Sense and Reference’, ‘On Denoting’, ‘Meaning’, ‘Truth and Meaning’, the second chapter of Word and Object, ‘General Semantics’, ‘The Logic of Demonstratives’, ‘The Meaning of “Meaning”’, any chapter of Naming and Necessity. However, in each of these readings students will encounter aspects of the discussion that are opaque and that presuppose detailed knowledge of other parts of philosophy of language. This is by no means a criticism. These articles were not written for novices. But this is a problem if it deters the interested student from pursuing these topics further. It is all the more unfortunate for there is much about the philosophy of language that is deeply engaging and can be made accessible to every philosophy student. One gains the best understanding by first getting to grips with some of the fundamental debates in philosophy of language. By focusing on a particular debate and acquiring a thorough and detailed mastery of it one is able to extend that understanding to other areas, gradually working one’s way into the field as a whole.
Wow! There must be lots and lots of frustrated Philosophy of Language students out there. If things are this bad, that even the top professors and researchers worry about it, the problem must be huge. Academic professors and researchers
ar e not commonly knownfor their empathy with lesser mortals. Let alone writing a whole book to make things better for their unhappy students. Plus, I very much doubt my ownProfessor has read this introduction. I see him watching me struggling at the deep end. Will she, will she not… drown. Yes, I love you too : –)
Which makes me wonder, perhaps it is worthwhile or even profitable to set up a “Confused Philosophy of Language Support Centre”? Well, food for thought. It would be amusing. But at least I now can be sure I am not alone.
My struggle has been acknowledged. Before I even started on this adventure, they had already written the Oxford Handbook of Philosophy of Language, back in 2009. The answer to all my problems. I will read it and let you know …
Four weeks into my new academic life and the moment of truth arrived. Well, a moment of truth. The issue being, can I do this? Do the reading, understand the concepts – will my brain to expand to fit it all in? One thing is clear. I thought my mental faculties were fine, well, rusty perhaps, but not in significantly worse shape than, say 30 years ago. Ha! Dreaming!
Learning to read again
out,I have to learn to read again. You see, Istopped reading for pleasure around 40. I had always been a big reader, up to five books a week, every week, from when I was a little girl. Suddenly, from one day to the next, I could read only one or two pages. As if they suddenly switched a part of my brain off. I missed reading terribly, but life was disrupted anyway. These were the years of being a single working mother, with a scared little boy to take care of, in a strange place and no one to help me. Perhaps the universe wanted me to concentrate on getting through that in one piece. Unfortunately, the ability to read for pleasure has never returned. A few years later my later-to-be husband hit on a solution: audio books! I must confess: I am addicted. My little black Mp3 player is clippedon my shirt all day long, and I listen as I cook, bath, walk, cycle, wait, iron, you name it.
Non-fiction I read all the time, but for never for pleasure. I am efficient. I speed-read, and I can scan a document, read “diagonally” as we say at the office, in just the time one takes to turn the pages. Useful skills – for a civil servant. In my new academic life, this ability is worse than useless. The papers I have to read are so dense with information, I can only read 3 or 4 pages an hour. So I have to force myself to read word for word, line by line. On tired days, the only way I can manage this, is by reading the document on screen, and then have the computer read out the text simultaneously.
Reading, reading, reading
Apart from the skills class, I take a seminar on Philosophy of Mind and another seminar on Philosophy of Language, which is my main subject. Both seminars set around 50 pages reading every week; the Skills class around 20 pages. Around 120 pages per week, i.e. 30 hours. I don’t know how I do this reading given the demands of a working week, but I do it. More, because sometimes I don’t understand what the article says, and go in search of another text. Or have to look up references.
Anyway, I quite enjoy the process. I have my electronic commenting system with highlights and meaningful stamps. I had developed this when I was studying for the ISACA CISM exam in my other life. Sample below.
Creative, don’t you think? Well, it helps. I started out making mind maps, thinking that would be a memory aid. It is not. I found myself looking back at intricate mind maps I created weeks ago, and thinking “who did this?”.
Last week I was the first of my class to do a presentation on
Griceanpragmatics, for the Philosophy of Language seminar. Griceanpragmatics is about how meaning is not confinedto the words themselves, i.e. the direct opposite of referential theory. I volunteered, because I could see the workload piling up at the end of the semester. The paper was to be followedby a short paper in the week after the seminar.
I did my best, but I could not see what central issue was being addressed in the articles. Actually, that had also been the case in the first and second week: I did not understand where the seminar was going. So I was getting worried. Every time I asked a question (which virtually no one else does), the professor (whom I regard as “mine” because he is my mentor), looked at me as if
I had been flownin from Mars. Once or twice I even seemed to confuse him. Not good .
Having to do this presentation without feeling comfortable with the topic, felt weird. I never ever do any public speaking when I am not the expert, and I get to decide the timing, the format, etc. So this was a novel situation. It went well enough because the students were very nice and smiled at all of my little jokes. I suspected them of having
evenless of a clue where the seminar was going, which was a comfort. The professor was grumpy, because I had not quite stuck to the format, so he was pointing out all the little problems this caused. Yes, yes. It is difficult to lose a lifetime of professional habits I was not aware I possessed. Such as trying to get response during the presentation. Apparently that does not work with students. Well, live and learn.
Content-wise I was still in trouble: I did not understand where the seminar was going. I blamed this partly on the professor, for experimenting too much with the course. He has said
to me since,that perhaps the topic was more difficult than he thought. Right. But the course is gearedat MA students, and I am a ReMa student supposed to be specializing in this stuff. I really, really had to find a way in. Fast.
It so happened that the guy I work most with at the office, was on holiday, plus I had been working overtime in the weeks before. So I took two days off work and hunted day and night for books and articles that would give me a general overview. Finally, a frame appeared in my head and understanding dawned. I wrote a paper. My husband helped me to find the fault lines where my writing became unclear or incomprehensible (he has done that for me ever since he corrected my policy statements when we first worked together, an age ago). I felt I was getting to grips with the issue. Yes. Maybe. Hopefully.
I handed the paper in last Saturday night, and I have been checking my mail from then until the next seminar. No reaction. All of this time, there was me thinking: if it is not at least ok, I am in trouble. I really cannot do much better at this moment. A mail appeared on Tuesday stating that he (the professor) would be sure to have read it by Thursday. Relief. At least the paper was not already a write off.
The best words – or not
The first thing the professor said during the seminar break, was: “it is a good paper”. And then he continued to point out every sentence where I had used unnecessary vague langue. 5 instances in 3 pages, or had taken too long to come to the point. I have been wondering why he did that. I think he wants me to write like an expert, not to care too much about the audience. His own texts are like that,
clear and concise yet readable. Something else to learn, so different from what I am used to in my business life where communication is all about persuasion. We ended up arguing pleasantly about the correct translation of “true”. I came away overjoyed. I will do this, I thought. Yes, I can. I can only improve.
Perhaps not the very best words then, but the paper was good. I will sleep well tonight. Time for some light relief. The professor has been quipping regularly about Trump and whether what he does, might be deemed “communication”. Today it was about how good Trump is with words. Have a look below. Hilarious, particularly if you have just turned in your first paper on the theory of speaker meaning.
I have been talking in this blog about my journey back into academia. But I have said little about why. There is a reason for this reticence. Well, several. First, I am not at all sure I will complete this quest, so the less said, the better. Second, I might change my mind. Seriously, after just 3 weeks I am already so filled up with new thoughts that anything might happen. And finally, well, you might laugh. But never mind all that. I will explain.
In my day job I am a security architect. That is someone who thinks out a web of strategic and actual safety measures which will protect a company from bad people or natural disaster. There is a lot of IT involved.
One might ask how a philosophy & psychology graduate ever ended up as a security architect. Well, I am not sure. It happened. And it involves being in a world of very serious, conscientious people who argue about …. words. It is almost impossible to get any work done because of these arguments.
It is not about ordinary words. It is about words in regulations and contracts, even laws. Anyway, you can read it all in the paper below. It is the one I wrote for “my” professor during the university acceptance process. I have also included the mind map I created before writing the actual paper. I was nervous, I had written nothing academic in 30+ years. Mind mapping is always a good idea. This one is colourful.
Meeting expectations: the language of governance and compliance
Organisations are expected to take care of their assets. This is especially true when damage or misuse has negative consequences for the public or the state. In this digital age, information is widely regarded as a major asset. It needs protection against many threats. Threats may range from common theft to a disgruntled employee bent on revenge; from industrial espionage to natural disaster; from human error to terrorist attack. In general terms, protecting information means ensuring its availability, integrity and confidentiality up to a pre-agreed level.
On the subject of information security, in the past 20 years a multitude of (inter)national regulations and standards have emerged, and more appear every day. These regulations and standards guide, direct or impel companies to institute good information security governance and to report on the level of compliance achieved. Failing to comply may be punished in various ways: a formal warning, a fine, a revoked licence, or public shaming; and may result in the loss of a job, bankruptcy or even a prison sentence.
Because of the value of information assets, its many threats, and consequences of failing to institute proper protection, governmental and business organisations actually want to comply with regulations and standards.
However, there is a problem. These texts are hard to understand, and their meaning is often open to different interpretations. This negatively influences the quality of information security that can be achieved.
Regulations and standards on information security
Let us first identify common characteristics of relevant regulations and standards. As we will see later, some of these characteristics may be tied to interpretation problems within the texts themselves.
Regulations and standards on information security always are:
- in written form only, typically containing a mix of persuasive, informative, descriptive and instructive texts.
- intended for a specific purpose (a topic within the field of information security)
- intended to regulate behaviour (should, could, must)
- issued by a high-level body, such as a government, a board of directors of an (inter) national organisation
- produced as a group effort, usually involving stakeholders, experts and policy makers. Typically, there is no mention of the author(s) in the regulation or standard.
- created and maintained through a formal process
- available to a large audience, usually the public, but may require payment
- authoritative, either as an official directive or regarded as a de facto standard
Examples of such regulations and standards, are:
- Beveiligingsvoorschrift Rijksdienst, Voorschrift Informatiebeveiliging Rijksdienst, Voorschrift Informatiebeveiliging Rijksdienst – s informatie, and Baseline Informatiebeveiliging Rijksdienst; all published by the Dutch Government
- General Data Protection Act (published by the European Commission) and its Dutch add-on, the Uitvoeringswet Algemene verordening gegevensbescherming
- ISO/IEC 2727K family of standards on information security, published by the ISO/IEC Joint Technical Committee, Subcommittee 27, particularly the ISO27001 and the ISO27002; both European standards.
Organisations tend to treat regulations and standards as a single point of truth, taking texts as literally as possible. This is because of the need to demonstrate compliance. For the same reason, implementation is usually achieved through a top-down chain of command.
Texts and meanings
The text of these regulations and standards are riddled with meaning problems. Why should that fact be a problem? General wisdom dictates that if you don’t understand something, you should go and ask. Why does that not work here?
- One reason is that there is no one to ask. There is no author to ask for clarification, nor is there an easily accessible expert group. An additional problem is that reaching out to the publisher of the regulation or standard in question, must be done through proper channels, i.e. not something just any employee can do. Usually, the best that may be achieved is to send in a formal request for clarification – which may or may not be processed during a future maintenance window.
- Another reason is that readers tend not te be aware of the different meanings of a particular bit of text, because they assume that there is only one meaning, namely the meaning they have assigned themselves. Only when one happens to be confronted with a different interpretation by someone else, will there be cause to wonder.
- Yet another reason is in the field of regulations and standards: no one likes to admit to a lack of understanding or knowledge. It is associated with losing face, particularly when the particular regulation or standard is implemented from the top-down. Power and knowledge of important matters is supposed to live at the top, rather than in the workplace.
The nett result is that texts get interpreted in different ways by different people who all believe they are right even when they are working at cross purposes. This generally results in a confused implementation of the regulation or standard, and ultimately, in compliance failure.
The art of misunderstanding
There are many causes which contribute to interpretation problems in these texts. However, let us begin with what, contrary to popular opinion, is not a cause. It is not the case that the authors of these texts are unable or unwilling to use plain language. Rather, they arrive at the final wording through a group effort. To achieve consensus, the outcome of a negotiation process, is much more important than clarity. Meaning problems which arise from this cause take the form of obfuscation and generally over-complicated text containing (too) many qualifiers.
The same effect may be produced deliberately. Organisations that issue regulations and standards are usually funded by public money and derive their status at least in part from their authority of being accepted by all parties involved. To keep that status and funding, they try to avoid any big confrontation with the intended audience. For that reason, expectations on compliance tend to be worded softly, so they won’t chafe too much, allowing for an escape. One way to do this is by introducing intentional vagueness into the text, for instance, by not being specific on whether something must, should or could be done.
Context is another issue. The same words will mean different things in different contexts, or to different people, and these meanings may even be contradictory. Some examples:
- the term special data (“bijzondere gegevens”) might be taken to mean data that need special care, or to data that are for some reason special. Yet the term also refers to data which it is the special duty of the government to secure. Within the context of the GDPR it means something completely different again, namely data describing very particular human characteristics such as DNA, creed, race or political inclination.
- the use of the word value (“belang”). In Dutch governmental regulations the term refers to anything which, when compromised, will negatively affect the Dutch state or its partners. To security professionals, the term signifies the value of a company asset, expressed in either quantitative (money) or qualitative terms. In a business context the term usually refers to the interest of an important stakeholder. In everyday speech, the term just means that the issue is deemed to be of some importance.
Last but not least, there are knowledge problems. These take various forms.
- There may be a lack of knowledge at the level of the intended audience. The committee or group composing the regulation or standard may also have knowledge gaps. A knowledge gap may have an underlying cause, such as a belief about the extent to which it is possible or desirable to regulate behaviour, or an opinion about whether information security threats are real or may be countered.
- Another area is the definition of knowledge itself. Within the field of information processing various modelling languages have been developed, ranging from formal, mathematical models to more descriptive languages such as UML, BPMN and Archimate which have the added advantage of being designed to produce strong visualisations which can be shared with a less specialised audience. The problem with these ‘descriptive’ languages, though popular, is that the concepts they are built on, have been arrived at through trial-and-error and common sense. Inevitably concepts overlap, leave gaps, are overloaded or simply are not sufficiently clear for the use of capturing knowledge.
- Within the field of computing, much interest has centred on the possibility of capturing information within an ontology in a formal language (such as OWL or WSDL) that can be processed by a standardised computer program or interface (semantic web service). In principle, this idea works for all kinds of information, including security, and may be used to construct theories, harmonise concepts or create computer-based applications. Some real progress has been made in highly specialised sub-topics such as automatic threat detection in cyberspace. Yet that progress seems to have been possible only because there exists a straightforward cause-and-effect relation between a cyberthreat and the way to respond to it. Overall, security ontologies for sub-topics are developed independently from each other. In a recent survey eight different families of security ontologies were identified. Despite considerable work, these efforts do not converge. There exists general agreement on the lack of a common body of knowledge, but this conclusion tends to be presented both as a cause and as a solution.
The above presents a general overview of problems encountered when interpreting regulations and standards on information security and points to some possible causes. These causes may exist simultaneously and may interact. Much more work needs to be done on this to achieve a true identification of relevant causes and underlying factors. It might be possible to construct a diagnostic framework which may be used to identify specific semantic problems in regulations and standards on information security, such that agreement may emerge on how to avoid current interpretation problems. At the very least, a deeper insight into the art of misunderstanding may be achieved.
Europees Parlement, Algemene Verordening Gegevensbescherming (AVG). (2016, 04 27). https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/avg-nieuwe-europese-privacywetgeving. Retrieved from Autoriteit Persoonsgegevens: https://autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/verordening_2016_-_679_definitief.pdf
Figay, N. (2017, 8 8). Linked Enterprises: from ArchiMate language to ArchiMate Web Ontology? Retrieved from https://www.linkedin.com/pulse/from-archimate-language-web-ontology-dr-nicolas-figay/
Gomes, H., Zúquete, A., & Dias, G. P. (2009). An overview of security ontologies. 9ª Conferência da Associação Portuguesa de Sistemas de Informação . Viseu, Portugal. Retrieved from https://www.researchgate.net/publication/228692638_An_Overview_of_Security_Ontologies/references
Mast, N. v. (2006). De zin van ambtelijk taalgebruik. In Rijksvoorlichtingsdienst, De taal van de overheid (Vol. 5). Den Haag, Netherlands: SDU uitgeverij. Retrieved from https://www.communicatierijk.nl/documenten/publicaties/2006/04/01/platform-5
Minister van Algemene Zaken, BVR-2013. (2013, 06 01). Beveiligingsvoorschrift Rijksdienst 2013. Rijksoverheid. Retrieved from http://wetten.overheid.nl/BWBR0033512/2013-06-01
NEN, NEN-EN-ISO/IEC 27001:2017. (2017, 03 1). NEN. Retrieved from https://www.nen.nl/NEN-Shop/Norm/NENENISOIEC-270012017-en.htm
Soug, A., Salinesi, C., & Comyn-Wattiau, I. (2012). Ontologies for Security Requirements: A Literature Survey and Classification. In E. Bayro-Corrochano, & E. Hancock (Eds.), Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications (Vol. 8827, pp. 61-69). Cham: Springer International Publishing. doi:10.1007/978-3-642-31069-0_5
The Open Group. (2012). TOGAF 9.1. Zaltbommel, Netherlands: Van Haren Publishing. doi:isbn: 978-90-8753-679-4
 (Mast, 2006)
 (Minister van Algemene Zaken, BVR-2013, 2013)
 (Europees Parlement, Algemene Verordening Gegevensbescherming (AVG), 2016)
 (Minister van Algemene Zaken, BVR-2013, 2013)
 (NEN, NEN-EN-ISO/IEC 27001:2017, 2017)
 (The Open Group, 2012)
 (Figay, 2017)
 (Gomes, Zúquete, & Dias, 2009)
Soug, Salinesi, & Comyn-Wattiau, 2012)