The Training Company CERT - Essay Example

The Training Company CERT The CERT Company is in the business of training individuals to deal effectively with information systems and network security systems. The training programs offered by the Company include handling of security incidents, survivability and information assurance, secure coding and resiliency management, among others (www.cert.org). These programs are directed at managers, executives, educators and software managers. This report offers an assessment of CERT as an organizational system. Analysis: Scott has defined an organization as “systems of independent activities linking shifting coalitions of participants........ dependent on continuing exchanges with and constituted by....the environments in which they operate.” (Scott, 2002: 25). A system is comprised of several different processes that are self contained and function independently and yet mesh with each other in order to create a coordinated whole. Hence, a system is akin to several different modules working in tandem with each other. In the social context, Katz and Kahn have stated: “all social systems, including organizations, consist of the patterned activities of a number of individuals. Moreover, these patterned activities are complementary or independent with respect to some common output or outcome: they are repeated, relatively enduring, and bounded in space and time." (Katz and Kahn, 1966: 20). In an organizational context, these different modules could be, for example, accounting, payroll, human resource management, inventory management, etc; however all of these modules would function together in a coordinated manner in furthering the goals of the organization as a whole. Applying these aspects of systems to CERT, it may be noted that the company offers different training modules, hence each functions as a separate unit, but they are all components of a coordinated whole, because each of these training modules is concerned overall with information and security systems and there could be elements that two or more training modules may have in common with each other. An organization can also be classed as a system if a relationship can be established between the system and its environment, whereby the environment itself consists of four sub-systems: (a) economic system (b) technological system (c) socio-cultural system and (d) politico-legal system (www.accel-team.com). CERT offers its training courses to a variety of individuals in coordination with academic institutions, network administrators and the use of a Virtual Training Environment, all of which demonstrate a high level of interaction with the environment. The nature and content of the training programs offered by CERT are also likely to be modified and adapted in accordance with changes in the environment. For example, training on responses related to security incidents would involve political and social aspects as well, because terrorist incidents are politically motivated. CERT as a system can be graphically in terms of input, process, output and outcome represented as below: Curricula Virtual Training Environment Trained executives, managers, educators, software engineers, network administrators Improved Security outcomes CERT fits best into the mould of an open systems kind of organization. In explaining what an open systems organization is, Scott states that they are “multi-cephalous: many heads are present to receive information, make decisions, direct action.” (Scott, 2002:92). This applies in the case of CERT, because each training module functions fairly independently, on the basis of curricula that are determined on a module by module basis, after interacting with other elements in the environment. Katz and Kahn (1996:23-30) have also noted different characteristics of open systems and several of these apply in the case of CERT. One is the importance ascribed to external elements in the environment and in CERT, the training program curricula needs modification according to the situational context and must be sensitive to the needs of students. Secondly, open systems transform the resources available to them and export some resources to the environment; also systems are viewed as cycles of events. In CERT’s case, it is the imparting of training using a visual training environment whereby available curriculum materials are transformed and each module goes through several repetitions as new students are inducted into each course. In an open system, there is differentiation and specialization, but at the same time, there is also integration and coordination. This is applicable in CERT’s case, because each individual module is tailored to incorporate the special needs emerging as a result of the environmental context, but at the same time, all the courses are administered under the umbrella of one organization with some elements common among different modules. CERT is a sub system of a much larger system, which is terrorism preparedness, coordinated by different Government agencies at State and Central levels. Training in handling incidents related to security threats are an integral part of the operations of these organizations, which are in charge of responding appropriately to control the threat arising from such incidents. The boundary of a system is a figurative line that can be drawn to divide the cases which are the internal elements of the system from the actors within the system who are external to it. This can be clearly established in the case of CERT, wherein the study materials and the computer hardware and software used to simulate the security threat and learning situations would qualify as the internal elements of the system, while the students who are trained, as well as the teachers who train them will qualify as the external elements of the system. The notion of input-process-output also applies to CERT, wherein the input is the human capital in the form of individuals who want to receive training, while the process is the actual training they receive, especially the simulated real-life situational responses they can practice within a virtual environment and the output is trained individuals capable of responding successfully to security threats. Once the process is complete, the organization receives feedback mainly from the related security enforcement organizations that tend to employ these trained individuals. Their improved performance would be the basis to determine that the system is functioning well, while negative feedback from organizations using these individuals would illuminate the areas of weaknesses and lack that need to be addressed. References: “CERT Training”, Retrieved December 23, 2009 from: http://www.cert.org/work/training.html Katz D and Kahn R L, 1966. “The social psychology of organizations”, New York: Wiley. Scott, Richard W, 2002. “Organizations: Rational, natural and open systems”, Prentice Hall Read More