Bright Stove

Reflecting information risk journey

Hard and soft bacon

leave a comment »

Last week at the 14th RAISE Forum meeting in Bangkok, the hotel served breakfast every morning. Among the wonderful selection of western and eastern dishes were two choices of bacon, crispy (hard), or soft, arranged in a specially shaped Yin-Yang Taoist design plate (see picture below). As shown in the picture below, the crispy bacon looks hard and slightly burnt, whereas the soft bacon looks tender and seems delicious. Most hotels serve crispy bacon but not the soft ones as part of the breakfast buffet menu. I took two slices of each, which perhaps nullified the five kilometer run I just had early that morning. I have not taken soft bacon for quite some time now so I went for it first, thinking that it would be more delicious and an easy start, since it must be soft and tender. On first bite, I then realized that it was actually neither tender nor soft. It’s texture was rather rubbery, and kind of hard to chew. Strange. It was a bit more salty than I liked as well. Not a good experience after all. On the other hand, the crispy bacon was neither hard nor tough to eat. A soft bite and it cracked in the mouth, releasing the juiciness of the bacon, and the slight burnt was indeed fragrant. The verdict – crispy bacon was delicious.


At that moment, it reminded me of the notion of “hard” versus “soft” problems. Hard problems are such as those technical or engineering problems. They often seemed hard in the sense of difficult, or complicated, but normally can be solved if one put in the time, thinking, and efforts to work on them. On the other hand, soft problems are often not straight forward or as tender as they may sound like. Soft problems are problems relating to people, and group, the so-called “Human Activity Systems” (HAS). Every human being is different, and sees problems and challenges differently. Many personal and psychological factors could influence an individual’s decision, non-decision, action, non-action, and related behaviors, and often time a solution cannot be guaranteed. When people comes together forming groups, large or small, the problems become even “softer”, more complex to navigate, dissect and understand.

As I discussed in chapter 2 of “Responsive Security“, “information security risk management problems are considered ‘hard’ (difficult and complex) but are not ‘hard’ from a research perspective. Instead, information security risk management systems are essentially parts of human activities systems (HAS) and therefore classified as “soft” problems.” Just like the soft bacon, such problems are often harder to chew than the crispy ones, requiring more research efforts to understand the complexity and devise suitable solutions that address them. As the nature of our information environment are very much embedded and integrated with technology these days, we must also consider two other critical aspects of information risk that fall under the technical research paradigm: (a) the close relationship of information risks and information technology; and (b) the constantly changing nature of the technology, business systems, and environment. These two aspects, social-technical aspects in short, are but two of the many facets that we need to consider and address. For a more in-depth discussion on how we may approach this in the practice environment, and the issues and dilemmas that were surfaced as part of the research, check out chapter 3 of the book on “Responsive Security“.

Meanwhile, enjoy the good taste of the bacon, whichever you prefer 🙂

Written by mengchow

August 9, 2014 at 10:00 am

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: