July 12, 2019
You may have heard an exasperated parent yell a negative phrase like: “No! No! No!”, “Don’t touch!”, “Stop that!”, “Never do this again!”, or “Let go!” Signs often function in this same negative way too: “No Trespassing.”, “Keep Out”, “Wrong Way”, “Danger!”, “Do not pick up hitchhikers” or my favourite: “Caution, this sign has sharp edges”.
Negative messaging doesn’t seem effective, and child psychologists - while agreeing “No” is sometimes a necessary response - often suggest alternatives: “Yes, if you do it this way …”, “No, but how about this other activity …”, “Yes, if you also do this …”. I think signs, too, have become a bit more positive. “Two hour parking”, “Right turn on Red allowed”, “Maximum 40km/h when flashing” etc. In this way a dispiriting “No” can turn into a “Yes”, a “Maybe”, or an alternative.
In any team negative reinforcement reduces team effectiveness. A Harvard Business Review article [1] quotes research that High Performance teams have 5.6 positive comments for every criticism. This reduces to 1.9 positive to negative ratio for medium performance teams. Low performance teams have almost three times (2.8 times) as many criticisms as positive comments!
In Information Security, we consider ourselves to be part of the University of Guelph team, dedicated to Improving Life. We resist the temptation to say “No” to any service or request which could increase risk or reduce security or privacy. Instead we work to understand your needs, present secure alternatives, identify workarounds, or identify the level of risk so that it can possibly be accepted. Then as part of the Security Operations Centre, we monitor for attacks or other anomalous events and keep abreast of applicable external events.
Here are some examples on how we protect as well as enable you as a member of the University community while you use our information technology:
- Permission for limited personal use of information resources, but sensible restrictions on commercial activity, sharing passwords or viewing offensive material. (https://www.uoguelph.ca/ccs/infosec/aup [2])
- Restrictions on storing the most sensitive information (S4) in the cloud, but approving authorized cloud offerings, such as Qualtrics and Office365 for S2 and S3 data. (See Data Storage Guidelines [3])
- Encouraging freedom of inquiry, while mandating Secure Office Data Protection (https://www.uoguelph.ca/ccs/infosec/aup [2] See Appendix A)
- Allowing broad internet and social media participation, while protecting the U of G brand [4] and blocking network traffic on some specific, and often abused, ports. (See the login protected document at https://www.uoguelph.ca/ccs/infosec/blockedports [5] )
- A central solution for encrypted USBs: https://www.uoguelph.ca/ccs/infosec/encryptedusb [6]
- Offering a VPN solution [7] to access some services restricted to on-campus access only. This and other advice is useful when you travel [8].
These are just some examples on how we say “Yes” and “Maybe”! For more, see https://www.uoguelph.ca/ccs/infosec [9]! We are also open to your suggestions and feedback. Please feel free to engage with us.
Written by: Gerrit Bos (Information Security Officer)