Going the way of Pluto?
In August 2006, astronomers at the meeting of the International Astronomical Union in Prague voted to adopt a new definition of the term "planet" that reduced the number of planets in the solar system to eight. Pluto was reclassified as a "dwarf planet," much to the dismay of many astronomers and much of the general public. The trend of "convergence," in which information security becomes integrated into corporate risk management organizations, may soon result in a similar type of reclassification of the discipline.
There are valid scientific reasons to support the new definition of a planet. Pluto is more similar to the icy bodies that form the Kuiper belt, the large disk-shaped region past Neptune that is home to many such objects, than to the other planets. Many people, however, find this distinction somewhat arbitrary, and have argued that Pluto should remain a planet. Some have even started a campaign to have its place as one of the nine planets restored. Only time will tell whether or not they are successful.
There have two main reasons advanced for reclassifying Pluto as a planet again: nostalgia and politics. The argument based on nostalgia is essentially that everyone knows that Pluto is a planet, so it should remain a planet. Six billion people cannot be wrong, can they?
The argument based on politics is essentially that it is easier for scientists to get funding for research on planets than on dwarf planets, trans-Neptunian objects or Plutonian objects, other terms for bodies that do not qualify as being planets in some way. It is no secret that there are lots of small, icy bodies in the Kuiper belt, making it hard to justify funding for research that tries to find more of them. Any why would NASA spend $675 million on the New Horizons spacecraft if it is just going to visit one of these many icy rocks? On the other hand, the goal of finding another planet sounds much more important and worth of funding.
The field of information security may be due for a similar reclassification soon, as the trend towards combining information security and other risk management operations moves information security away from its roots in information technology and into the business world. The reasons for justifying the merging of security organizations seems to make sense from the business point of view, but not everyone agrees that such a change is the right thing to do. The arguments against doing this are eerily similar to the arguments for keeping Pluto classified as a planet.
One obvious argument against merging security organizations can be summarized as nostalgia, or the fact that information security practitioners have grown accustomed to not having to justify investments in information security technologies like others might have to do in their business. This has even been institutionalized in using different metrics to justify investments.
The return on security investment (ROSI) concept seems to have been created to overcome the obstacles that information security practitioners face because it is often difficult to justify investments in information security by using the conventional ROI metric. Some industry analysts have even argued that information security should be exempt from traditional risk analysis and management methodologies because the traditional methodologies do not work well in information security. Such special treatment might disappear if information security merges with other risk management disciplines.
Another argument against merging information security into a business-wide risk management organization can be summarized as politics. Many information security organizations now have the attention of upper management due to the recent increased focus on regulatory compliance. If information security becomes part of a corporate-wide risk management organization, the political influence that comes with the attention of upper management maybe reduced. If such convergence happens, many information security investments will probably be questioned if they competing for funding with other risk management projects. Can you really justify the TCO of PKI-based encrypted e-mail if the same investment can be used to reduce slips, trips and falls?
The business forces that are pushing for the convergence of information security and other risk management functions seem to be fairly strong, which may lead to the eventual disappearance of information security as a separate discipline. For many information security professionals, it seems that understanding the business where they work has already become as important as understanding information security technology. As the trend of convergence continues, understanding the business aspects of their jobs will probably become even more important. And unlike the possibility that exists of reinstating Pluto as a planet, there seems to be little chance for this trend to be reversed. So information security professionals should note the trend of convergence and try to understand what it can mean for them in the future.
There are also valid scientific reasons for keeping Pluto as a planet. The vote taken in Prague was done by only four percent of the IAU, most of whom are not planetary scientists. They did not follow proper IAU procedure of vetting the resolution in committee before bringing it to the floor for a vote. No electronic voting was allowed. The new planet definition was immediately opposed in a petition by 300 professional astronomers who described it as sloppy, saying they will refuse to use it. Here are several of the problems with the IAU definition. First it defines an object solely by where it is rather than what it is. If Earth were placed in Pluto's orbit, it would not be a planet according to the IAU definition. Second, the definition makes no linguistic sense by stating that dwarf planets are not planets at all. Third, Pluto is not more like most icy objects in the Kuiper Belt than like the major planets for a crucial reason: it is spherical, meaning it is in a state of hydrostatic equilibrium. This means it has enough self gravity to have pulled itself into a round shape. When that happens, differentiation and geological processes akin to those on the major planets begin to occur. These processes do not occur on inert, shapeless asteroids or icy bodies. Therefore, one could argue that any object, including Pluto, that is large enough to be in hydrostatic equilibrium, is a planet. That gives us, for now, 13 planets: Mercury, Venus, Earth, Mars, Ceres, Jupiter, Saturn, Uranus, Neptune, Pluto, Haumea, Makemake, and Eris. In the long run, the chances are this broader planet definition will be adopted, stating simply that a planet is a non-self-luminous spheroidal body in orbit around a star."
Posted by: Raven | Monday, 13 October 2008 at 10:14 AM