Why do we need Information Management

    I am guessing most of the readers of this blog are in the University of Washington’s Masters of Science in Information Management (MSIM) program.  For those that aren’t, the MSIM program focuses on connecting Technology, People and Information.  I am sure you have heard the statistics about how much information is out there.  With the advancement of the internet, we have caused the amount of information in the world to explode.  All of this is well and good but the problem arises when you try to make sense of the information.  I was watching a TED talk recently that was basically an overview of what the MSIM program is without meaning to.  The talk is given by Thomas Goetz and it focuses on two things, first the use of fear to accomplish things and secondly the idea that more medical problems could be solved not by better medicine but by better information presentation. 

     As a security professional the  idea that fear wasn’t the best way to relay information was something that I hadn’t considered before.  If you have heard any sort of talk in regards to Computer Security you have heard that a hacker can steal you identity, your bank account and with a little effort your first-born.  Okay so I am exaggerating a little but every talk I have given or heard about Computer Security has been about the negative effects of not securing your network.  Then after giving presentations about how there is never a secure system they wonder why executives haven’t approved their expanded budgets.  I believe we, as security  professionals, are going about this all wrong.  Instead of focusing on how impossible security is, we need to start focusing on how we can make the network better overall with the enhancements that security brings.  In this realm I have found that UX people do a good job for the most part.  When they make a presentation about a new website design they don’t sit there and say how little traffic and how confusing the current User Interface (UI) is and then sit down. They quickly go over part of the problems the current UI and then go on to show how well their UI will work and what it can bring to the table.  Now this might just be an issue for Security professionals but I have a feeling it isn’t.  Overall, as professionals, we need to focus on the idea that has been thrown around this blog, and that is the Value Added principle.  Focus on what value you are going to add to the company and how much it will help in the short and long-term. 

     Now as a final statement, this doesn’t only apply to people working.  If you are looking for a job focus on what you can do for the company.  If you can get the other person even a little bit excited about what you could do for them or the potential you have to help their company you will stay in their mind.  And believe me the more good things you give the interviewer to remember you by the better. 

     Now I realize that this may not be new to most  of you but I found the talk incredibly interesting.  I have a link to it below in case anyone is interested.  What are you thoughts?  Is it better to go all positive?  Are there any drawbacks of only focusing on the Positive? Or is it better to talk about a combination of fear and potential?


Putting the Organization in Info Management

Cheeky screenshot of text exchange with a big, uncaring bank
You know this is a dramatization of the event because Big Bank doesn't answer texts after 5pm

Information management can be described using a couple of different but fairly similar models. The University of Washington’s iSchool depicts a triangle-shaped model of Information, People, and Technology. However, our readers might notice this blog examines the intersection of People, Information, Technology and Organizations (this model is explained in greater detail by Ping Zhang and Robert I. Benjamin in a paper titled “Understanding information related fields: a conceptual framework”).

We’re square rather than triangular, if you will.

Why do we add organizations? Because gathering and acting on information changes fundamentally in an organizational context. And sometimes, information behavior within an organization can be downright bizarre or frustrating.

Here’s an example: I went out to dinner a few weeks ago with friends, and my debit card was declined (happily, the waiter did his best to not treat me like a deadbeat). Since the card was declined for no obvious reason, I had a mystery on my hands. Unfortunately, customer service representatives (CSRs) at the national bank where I have my checking account were stumped as well.

Eventually, two weeks later – after three calls to the 1-800 customer service line, two trips to the local branch, and a dozen fact-finding missions through the online banking portal – my debit card was still not operational and I had been told it might be because the number had been stolen.

Think about all the failures in my interaction with the bank: I had several types of contact with different outlets of the organization, and none of them were satisfactory.  At least three CSRs were unable to access my account because I had opened my account in a different state (each of the representatives did sheepishly suggest I could open another account at the branch and then they could help me; I declined those offers).

I can do without naming the bank because this isn’t meant to be a Consumerist-type rant. But I think the episode does bring to light the irrational and haphazard information strategies organizations seem to employ. As a person and a consumer, I scratch my head when representatives of the bank cannot answer my questions or help me understand what is happening with my account access. But the madness of the situation also affects the bank employees: imagine the exasperation of working a front-line CSR job and having one’s hands tied routinely in a significant number of common issues.

But for the organization, this information strategy is working on some level. I imagine – the finance industry being particularly yoked by multiple layers of regulation – this national bank has designed its policies and procedures to serve up a savory dish of compliant operational spaghetti. Somewhere, a satisfied auditor completes an X on a checklist when a CSR in Washington cannot access my account, what with its Massachusetts provenance.

This is operational reality in the modern banking industry, and I mostly understand why my encounter with the bank was so dissatisfactory. However, I think such encounters are at the very least opportunities for learning in organizations. Holistic customer experience (a process of design that includes all touch points in dealing with customers, or even vendors, of organizations) should focus on tasks vital to customers at all service delivery points.

Here at infoscussion, we believe information management model has four facets – and that an organization’s needs can be separate from, but equal to, those of the people involved with the organization.

Schooling customers in sustainable consumption

Schooling by Benson Kua

new development in the way Whole Foods displays its seafood has me thinking about how consumers use information in their decisions. The supermarket chain recently started labeling the seafood in its fresh cases with a color-coded system to indicate the sustainability of fishing practices for each type of fish offered. (For example, fish in danger of being over-harvested, or caught using ecologically damaging practices, are labeled Red or “Avoid.”)

Initially, I thought this was an odd move: why carry “Avoid” fish at all? But if I consider the Whole Foods tactic as an information strategy, there seem to be some advantages to giving consumers more data related to their purchases, rather than simply adjusting prices or changing the variety of products offered. I have tried to identify and outline the important components of the Whole Foods information strategy in my analysis below.

Consumers act in a social setting in a supermarket. A consumer may be less likely to order an “Avoid” species in front of other customers, even if she does not personally worry about collapsing fisheries. The social pressure to responsibly consume could impact on the overall demand for certain species.

Perhaps more importantly, consumers gain lasting information from a single transaction. The next time a consumer purchases fish – even if it is not at Whole Foods – he may likely remember certain species labeled “Avoid.” In this way, the labeling tactic could inspire a shift in demand throughout the marketplace, or at the very least cause consumers to ask more questions about the origin of their seafood.

Prices are point-in-time data, and may inaccurately reflect the sustainability of consumption. We suspect many fisheries may be close to collapse, and the negative impact of fishing practices worldwide will affect all points of the food chain. We are not able to price a salmon fillet to capture the opportunity cost of fisheries collapse (the 1992 collapse of the Northern Cod fishery demonstrates some of the complexities of gauging the health of a fishery). Consumers need more information than price alone to make sustainable choices.

Whole Foods sends a powerful message about its perceived role as a corporate citizen. Corporations are supposed to care about the profits in this period or this year. However, sustainable practices require a longer view than quarterly (or even annual) earnings statements can offer. By giving consumers more information, Whole Foods takes the long view on the seafood market, the importance of ocean ecology, and its place as a food retailer, while continuing to give consumers optimum choice.

We are surrounded by information constantly. Curiously, though, the information available to us as consumers in the grocery store is truncated by federal regulations, and in some cases, state laws. The seafood labeling practice at Whole Foods demonstrates the possibilities of giving consumers clear, salient information to encourage sustainable and healthy choices in the supermarket.

(You don’t have to go to Whole Foods Market to refer to the Seafood Watch guidelines. Downloadable guides are available through the Monterey Bay Aquarium.)

Photo by bensonkua. Available under a Creative Commons Attribution-Noncommercial license.

Priority Inbox = Awesome, but why did it take so long?

Google recently launched a new feature in Gmail called “Priority Inbox”.  It’s an amazingly simple but powerful concept for dealing with email overload, and I’m surprised that this is the first time I’m seeing it.  Basically, Google’s using some predictive software to analyze your email use behavior and use that data to present you with the emails that should be most important to you.  Their explanation is better than mine, so check it out.

What I’m interested in, is why is this happening now instead of 2-to-4 years ago?  People have been suffering from email overload for a long time now, and while there are strategies for coping with it, none of the ones I’m familiar with have really been smart solutions until now.  Folders and filters give users some control over how to deal with deal with incoming email, but they rely on static rules that can’t adapt to change and require active effort on behalf of the user to set up.  Conversely, Priority Inbox adapts to users actual email reading habits to build dynamic rules that change along with the user’s behavior and email content and requires no more effort than turning the feature on.  For me, this is great leap forward in email.

So, why the heck did it take so long?  I can think of two reasons why this development may have taken so long to emerge.  First, the email market has been lacking in strategic innovation for quite a while.  Email is email.  It’s a well known space and email providers and designers have become complacent, offering a constant series of small improvements aimed at moving unwanted content out of view rather than bringing wanted content to forefront.  Second, this is a space where people are pretty sensitive concerning their privacy.  Many people would be pretty appalled at the idea of Google or another email provider reading all of there messages.  Nevermind that it already happens to provide targeted advertising.  So, privacy concerns may have previously prevented email providers from implementing such a feature.

Those are my two cents on why this is a great leap forward for the inbox and why this innovation has taken so long.  Please feel free to comment and let me know if you think this is as great an idea as I do, and why you think it may have taken this long.

A reflection on the power of UX

“The user is not like you.”

This is an essential mantra when designing user experience (UX) for technology-based tools, marketing strategies, and information retrieval systems. As students of information management, my iSchool cohort members and I have had to unlearn our own instincts for the purpose of better listening to users. Unless we do so, any new system or tool we design may not add sufficient value for the intended users.

In an important contribution to thinking about UX strategy, Samantha Starmer (a lecturer at the UW iSchool and senior manager at REI for information architecture and customer experience) has Tweetedblogged, and presented about offering a holistic user experience. Since an enterprise may reach users through online, mobile, and in-person delivery systems, Ms. Starmer urges designers to think about all of the touch points in user experience. From my own experience, and from what I have so far learned about content strategy and UX, the standard processes for configuring a comprehensive UX strategy include:

  • Understanding the enterprise business model and customer service objectives;
  • Discovering how users find and interact with existing services (each platform is different!);
  • Formulating and delivering a consistent message and level of service for each platform;
  • Analyzing transaction data to grasp weak points in each delivery model.

Coupling good UX with a strong service model can lead to an undeniably powerful experience: I was fascinated by a friend’s blog post to this effect. My friend, Mary, works at a community library to assist job seekers in the Boston area. She spends a great deal of time helping people with online job applications, most often for entry-level positions. Many of the people Mary assists are not native English speakers and few have advanced computer skills. One of her recent blog entries told the story of an online application that was more user-friendly than any she had previously encountered (I would encourage reading the entire post here).

In purely heuristic terms, Mary liked the plain language of the application questions. In addition, she appreciated the feedback from the system, informing the job applicant how much further he had to go with the questions. Small details – an encouraging system-generated message, a friendly take on the drudgery that is an online form – inspired Mary to deem the experience “thoughtful, humane, [and] generous.” These are impressive adjectives. They are also a compelling reminder that designing and implementing UX strategies successfully can garner the trust, and even loyalty, of target users.

Given that UX can have such a powerful effect on a user’s perception of an enterprise, I began to wonder whether there are situations in which offering a “humane” experience is more important than others, depending on the enterprise or user task  at hand. Although a seamless, well-executed UX strategy should be the goal of every user interaction tool, the reality is that most service delivery teams are forced to prioritize projects and enhancements based on limited resources.

How should an organization’s management determine its hierarchy of UX needs? And are there customer service situations where UX is more critical than others (such as complaints in service errors or product recalls)? Is UX more critical to certain organizational missions (e.g., disaster relief, child welfare organizations)? I welcome any insights on these questions – or any other thoughts on UX – in the comments.

Security Vs. Usability ?

In the security blogs and conversations I have watched most security people are constantly fighting usability or trying to get people to focus on security rather than usability.  I believe this is idea is holding back security from progressing farther and faster than it could.  This is also stopping some very impressive security controls from being developed and in many cases may stop companies from implementing the necessary security controls.

I was speaking with someone who had recently presented at a security conference.  He told me that there were multiple presentations where the first 5 slides were purely theory and 90% text. In that atmosphere you are going to lose a vast majority of your audience, even if they were originally interested in the project.  In contrast, tonight I was at a Masters Thesis presentation.  These presentations were about things ranging from User Experience, Supply Chain Management, Security and other Information Management topics.  Having previously heard presentations about all of these projects I was amazed at how each project brought it down to the user level and why it was important.  After thinking about it, I realized that is what is missing from Security and Usability.  People spend all their time trying to do more with security or usability at the expense of the other.  I believe that if Security people spent more time thinking about how to make security usable as well as secure companies would buy into security faster than they do now.

While I believe that much of the problem does lie with the security professionals, I also believe that this problem could be made easier if more User Design/User Experience people could help with this problem by actively incorporated security people while designing things.  If security and design work together more you would have better applications/networks and less applications like one I have to use that requires a 21 character password with at least 2 uppercase characters and 2 numbers and 2 non-alphanumeric characters.

As I am not a full-time security person and I don’t pretend to be a User Design/UX person I early await your thoughts.  Do you think that applications, or other computer related things can be made secure and usable or is it a hopeless cause?