Posted by: David Harley | July 14, 2010

Standards, Guidelines, and User Engagement

First of all, a link to another thoughtful commentary by Kurt Wismer, about whether AMTSO is a “standards” organization, in which he makes an important distinction between creating standards (in the sense in which AMTSO tends to use the term) and enforcing them. In that context, I agree that the use of the term in the AMTSO name is not necessarily inappropriate.

Nevertheless, most of the discussion I’ve seen in the past week or two seems to centre on the idea that what AMTSO actually does is partly or totally compromised (depending on whose blog you read) by what people think it does. That’s discouraging, but it is, as they say, what it is.

In a subsequent comment he says that “i don’t think AMTSO is wasting it’s time, but do think there’s some obvious room for improvement.” There, at least, I suspect that all parties can agree. I happen to think that AMTSO has accomplished a great deal in the two years of its (formal) existence, but clearly some of the issues that have preoccupied us (interesting technical output and deadly dull but utterly necessary administrative processes in order to comply with legal and other requirements) are of no interest to most of the world, and some of the other issues flagged here have made less conspicuous headway, though that doesn’t mean that progress hasn’t been made.

Let’s return to the issue of user engagement, an issue on which one of our critics persistently accuses AMTSO of not commenting. Well, I’m not the voice of AMTSO, but when Kevin Townsend asked for my comments on the organization for his first article on the topic, here’s something I said in my response that he didn’t quote.

AMTSO runs on a not-for-profit model, but it isn’t cheap to run (and even then it relies mostly on the hard work of a few volunteers and the good will of some of the member organizations in helping out with resources). The subscription fee is going to be too high for most individuals (there are a couple of individual members at the moment, though). The AMTSO blog is partly an attempt to give non-members a voice, but it’s too low-profile right now to get much input. Personally, I’d like to see a two-tier (or more) model, with something like the Anti-Phishing Working Group’s $50 basic membership, which doesn’t give a subscriber voting rights or access to all available resources, but certainly meets that need.

However, I personally think that the need that AMTSO needs to address, sooner or later, is output: that is, to impart information and give the community at large a better understanding of a difficult technical area. Input -from- large user groups might be valuable, and I think we should work on that, but input from too many individuals would inevitably degrade the signal-to-noise ratio. (A fee would go some way towards ameliorating that, though.)

Does that address all of Kevin Townsend’s concerns? Probably not. Is AMTSO going to do something about user engagement? I would imagine so. The topic has been on the table for a while, and since there’s been an upswell of interest in individual applications in the past few weeks, it needs to be addressed sooner rather than later, I guess. As I also said here:

…I don’t think giving Joe User a voice is the same as giving him a vote – I can’t think of a surer way for a voluntary organization to bog down both procedurally and in debate. But I don’t think a dialogue, perhaps on the basis of a second-tier, cheap basic membership fee, is too much to ask…

But that’s not an issue I can resolve all by myself. So, pending further internal discussion, if no-one minds, I’m going to spend some time on my day job…

David Harley CITP FBCS CISSP
Not claiming to speak for AMTSO or for ESET

 

Advertisements

Responses

  1. Dear David,

    I do software repair work for individuals and very small businesses–the “Common Man” for lack of a better term. Your mom, your sister, your grandmother. My soon-to-go-live website will be a a computer education resource with a strong emphasis on practical security measures for this group, one which is rather heavily targeted by cybercriminals.

    I think it important that AMSTO, vb100, and other such organizations have low or no cost memberships available for those of us out in the trenches who do not have the financial means to spend thousands of dollars a year on society memberships that are priced for corporations.

    File this in whatever mental folder you use to store such input.

    Regards,

    –Gene Fisher

    Principal
    Arete Digital Research
    Santa Cruz, California, USA

  2. Thanks for your input, Gene. I’d be interested in knowing your reasons for wanting some form of membership. That would tell me quite a lot about perception of the organization’s aims and give me a better idea of how to suggest going about getting better engagement with people outside the industry.

    (I’ll probably come back to this in a full blog.)

  3. […] and “The Common Man” By David Harley Gene commented on my previous post here, stressing the importance of having a low or no-cost membership option for “those of us out […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: