Today was a thinking day - time away from the office doing Other Stuff meant my reluctant separation from the keyboard and a chance to mull over the awareness materials for April, free of distractions.
I returned sufficiently refreshed to catch up with emails and press ahead with the writing, and inspired enough to come up with this little gem:
I say 'gem' because that single (albeit convoluted) statement helps us explain and focus the awareness module. We will explain assurance in terms of confidence, integrity, trust, proof etc. and discuss the activities that get us to that happy place, or not as the case may be.
Discovering any problems that need to be addressed is an important and obvious part of various forms of testing, but so too is giving the all-clear. Gaining assurance, either way, is the real goal, supporting information risk management: if you discover, later, that the testing was inept, inadequate, biased, skipped or otherwise lame, the whole thing is devalued, and worse still the practice of testing is undermined as an assurance measure.
Take for example dieselgate - the diesel emissions-testing scandal involving Volkwagen vehicles: in essence, some bright spark at VW allegedly came up with a cunning scheme to defeat the emissions testing lab by switching the vehicle's computer control unit to a special mode when it detected the conditions indicating a test in progress, reverting to a less environmentally-friendly mode for normal driving. Ethics and legality aside, the scandal brought a measure of doubt onto the testing regime, and yet the trick was (eventually) discovered and the perpetrators uncloaked, bringing greater disrepute to VW.
Hmmm, that little story might make an interesting case study scenario for the module. If it makes people think and talk animatedly about the information risk aspects arising (assurance in particular but there are other relevant issues too), that's a big awareness win right there. Job's a good 'un. Thank you and good night.