Enterprise Amnesia

From Socology.org - The Study of Security Operations
Jump to: navigation, search

The Mayo Clinic defines Amnesia as

"Amnesia refers to the loss of memories, such as facts, information and experiences. Though forgetting your identity is a common plot device in movies and television, that's not generally the case in real-life amnesia.[1]"

Types of Enterprise Amnesia

While not a scientific classification, there seems to be some prior observations which are similar. The types of Enterprise Amnesia appear to be:

Making changes in a Cyclical Fashion that are regressive

This may be due to not tracking decisions in a linear fashion over time.

In observations, organizations that lack continuity over time in access to their decision making may make the same decisions cyclically. Without mitigations, the same error occur ultimately resulting in rebooting the maturity curve and regressing the enterprise.

Our team of contributors has seen this occur in the Security Operations Insource-Outsource cycle. Without the success criteria established and measured, experience and observations shows that if the SOC fails to meet expectations, the organization will resort to (insourcing|outsourcing) it again.

This is likely because of a combination of unrealistic expectations and timescales married with a lack of continuity in the decision making across time. Again, in observations the organization wastes resources and reboots the maturity curve. This appears to be ultimately regressive.


Experiencing Information Overload due to massive increase in information without the interpretive capabilities to make sense of it

The concept of Enterprise Amnesia of this type was written about in 2013 from a SOC perspective by RSA's Peter Tran[2], all be it from a slightly more tactical perspective.

IBM's Fellow Jeff Jonas follows this logic in his Youtube video from 2013 IBM Fellow Jeff Jonas talks about Enterprise Amnesia vs. Enterprise Intelligence.

We have also observed Enterprise Amnesia as described by Jeff Jonas and Peter Tran.

Impact

Enterprise Amnesia, like human Amnesia, is a concept whereby an organization looses access to information which it had previously learned, procured, developed or matured. That information may have come through, for example, investments in consultants, costly lessons learned or training provided to associates.

Enterprise Amnesia results in the loss of value to the organization. Therefore, it appears to be better for the long term health of the organization to protect against this risk through investments in retaining that information at the cost of velocity.

Process - Processes experience similar failures from the past or road blocks in implementation repeatedly.

Budget - Investment dollars are lost as the enterprise moves in a cyclical motion.

Staffing - Staff can become frustrated or experience Burnout.

Retrieved from "https://socology.org/wiki/index.php?title=Enterprise_Amnesia&oldid=97"