I’m listening to a dry run for a webinar that I will be a panelist on in a few days and I’m fascinated by how misinformation becomes information.  Some of the work that I do is extremely technical, and very detailed.  Specifically, the standard we work with has 242 unique control points that must be addressed to see if you meet the standard.  Definitely not a generic “Due Care” clause or 2 paragraphs of text in a finance bill.

While listening to the dry run, it’s interesting how small tidbits of information that are not 100% accurate, become common knowledge and somewhat accurate to the lay person.  This came full circle yesterday when an information security manager pointed out clear inaccuracies in a paper that I collaborated on.  After apologizing for getting super defensive, we reviewed some of the points.

At that point in dawned on me that inaccuracy can be accuracy depending on the audience.  If the audience is someone who knows very little about a security standard and what to look for, maybe starting with some slightly inaccurate terms is what is required to get their attention.  If I say “CVV data is a string of numbers used to validate your card and storing it is bad,” you will gloss over with acronym fever and not really know what you are looking for.  But if I say that “The data read off the back of a credit card is called a Track, and you don’t want to store it, and this is what a track looks like,” at least you have something to look for.  Tracks have easy to spot patterns that random-like strings of numbers don’t.

Anyway….

Time to head back to the grind.