"The whole movement of life is learning" (Krishnamurti). "To be an act of knowing, then, the adult literacy process must engage the learners in the constant problematizing of their existential situations" (Freire). "Once you learn to read, you will be forever free" (Douglass). "I can learn anything I have the desire to learn" (White, S.G.).

Thursday, January 30, 2014

Security Risk Assessment - Example Literacy Event

Based on our discussion from class I wanted to use my profession as an example literacy event.  I look forward to or discussions.

Literacy Event: Information Security Risk Assessment

Text Related Practice:  Risk assessment report highlighting areas of non-compliance

Tensions:  Citations for non-compliance/Marinating Compliance

Professional Development:  Certified Information Security Assessor

Historical Content:  Fines, Major data breaches such as Sony and Target

Policies and Procedures:  Vendor management, Information Security and Compliance policies, Legal Guidance

Personal Content:  Ensuring security controls are adequate to prevent unauthorized data exposure or negative impact to critical services

Power:  Regulators, OCC, HIPPA, GLBA, PCI, Official Contracts

Resistance:  Vendors/Business fails to meet compliance due to personal experience and jeopardize organization security

Identity and Belonging:  Audit is on one side and the auditee is on the other.   

Side note – My goal as auditor is to always help the business succeed.  J


  1. Shannon, your generative term "Security Risk Assessment (SRA)" triggered my recall of reading about another "literacy practice," the "Non-Conformance Report (NCR)." When Sue Folinsbee was discussing the NCR in chapter two of the Reading Work book, she spoke about the contradictions and different local meanings it had. I see the same potential for the SRA in my work environment or discourse. Although leadership and management may consider it a useful tool to ensure regulatory compliance, the "workers" could view it as a threat to their business practices and perhaps even their employment. This would explain why some of my fellow workers were never anxious to participate in, or support, a SRA. After reading Folinsbee's article, and reflecting on your generative term, I can better understand Folinsbee's emphasis for workplace educator's (et al) to understand the underlying reasons for why people choose not to engage in a particular literacy practice - and in her words - "the need to obtain knowledge and understanding about the cycle of risk, opportunity and blame that workers could be exposed to through a workplace literacy practice."

  2. Hi Bob and Shannon - first, Bob, I am glad you made it home safely to Suffolk last Tuesday. And I agree with your parallels to Folinsbee...Shannon - I look forward to you unpacking this in class on Tuesday. For instance, when you say, "Vendors/Business fails to meet compliance due to personal experience..." I wonder how you approach the idea of personal experience: as, for example, "past" experience or as "living" experience..... And "marinating compliance" ?? did you write this at dinner time? :)


Thank you for taking the time to share your thoughts on this post. Diverse opinions are welcomed.