It’s best to reframe thinking

It’s best to reframe thinking about sharing from “Who needs to know?” – which is hard to define — to “Who’s not permitted to know this information?” This way, people eligible to know certain information can access it, even if we didn’t know they need it.

Shelley Drabik, Information Management, Honeywell

(No, this quote didn’t make a lot of sense to PG either.)

4 thoughts on “It’s best to reframe thinking”

  1. From the perspective of classified information it makes a lot of sense. Siloed information happens when you specify that only certain users can access the information. That siloed information may just what the person at the next desk needs but if he is not part of the limited list of users he can’t access it even if he has the necessary clearances to see and use it. If you define it the other way if he isn’t specifically forbidden from seeing the information he can access and use it. The bigger problem is him (the next desk) knowing that it exists in the first place. See the information about the 911 attackers not getting to where it was needed to stop the attack.

  2. Pretty clear BUT not good practice if it means someone with high clearance/ privileges can access or worse still update anything. Hence “need to know”. If this is difficult good recording of accesses is vital, so eg the use of official databases to identify and pickup girls can be detected.

    https://en.m.wikipedia.org/wiki/Need_to_know

  3. it’s known in security circles as ‘default allow’ vs ‘default deny’

    From a security point of view, Default Deny is far better.

    from a government transparency point of view, Default Allow is better.

    It’s far easier to make a list of the legitimate things to do than it is to try and list all the possible bad things that can be done (people keep inventing more ways to abuse things)

    • That’s the rub. And, while fluffy statements like this sound “enlightened,” one can assume that this policy was not applied to people not employed by Honeywell – and not to the payroll system even for Honeywell employees.

Comments are closed.