nCircle.com >> 360 Security

« Quality thoughts on Beta | Main | SCADAGard SIG To Be Established »

Fallacies suck

In my role as CTO for nCircle, I spend a lot of time at tradeshows. I always make time to visit the vendor booths. Sometimes I am greeted with friendly faces and other times they don't want to interact with me either because I am not a potential customer or because they view me as a competitor. No biggy. An observation that I have made recently is that our security market is so primitive when it comes to articulating the value proposition that it falls back to an 'appeal to emotions' technique that can be classified in 5 categories. These are just traditional categories of human reasoning. It is important to know what technique is in play so that your parser can quickly qualify in or more likely, qualify out the noise. :-) They are as follows:

Appeal to Tradition: This is the claim that appeals to the status quo. It is the assertion that the idea or solution is 'good' because it is traditional, comfortable, or the way that things have always been done. The reality of this tactic is that even if it is not logical, old ideas, old beliefs, and old policies are not intimidating and 'comfortable' to people.
Example: "We have been doing it this way for 20 years, and we don't fix what isn’t broken."

Appeal to Fear: The is the grand daddy of all security vendors and security professionals that just can't help themselves. The appeal to fear is the notion that if some course of action is not pursued, terrible consequences will occur. This is your traditional 'scare tactics'. Yawn.
Example: "If you don't buy my product, your information systems will be compromised and you will be left homeless and live a life of suffering."

Appeal to Force: The appeal to force is simply the assertion that you should do what we say or what we believe, if you do not, we will do something unpleasant to you. This may seem like the same as the appeal to fear but it is a more specialized case since the negative consequence is a direct or indirect threat by the person or organization making the claim to the audience.
Example: "If the private industry does not get their act together on security, they will not be able to join our organization" or "People not compliant with X will not be allowed in to our organization"

Ad Misseracordium (appeal to pity): This is exactly what it appears to be: the assertion that somebody should do something out of a sense of pity or compassion. So what? It is often abused when a vendor or sales person is trying to make a case by using emotional images or rhetoric to support their argument and is targeting pity for their cause. I'm going to spare you the example on this one.

Appeal to Popularity (bandwagoning): It is the assertion that ou should believe something or do something because everybody else believes it or does it. In some text books it is called "Ad populum". The fact is that in a highly dynamic, not well understood fields (ie Information Security), the predator will prey on the victims deep insecurities and get them to see emotional security in doing and thinking like everyone else.
Example: "No one gets fired for buying IBM"

Everyone is guilty of these charges to some degree. Being the person that I am, I like to see them in neat little boxes with labels. Fallacies suck. I'm a reasonable person so present your information in a way that I can use my own reasoning and if we are lucky, we may even have a good debate with both of us learning a thing or two. :-)

I now return you to your regularly scheduled programming.

-- Tim "TK" Keanini

Posted on April 5, 2005 7:38 PM |

Search


About

This page contains a single entry from the blog posted on April 5, 2005 7:38 PM.

The previous post in this blog was Quality thoughts on Beta.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]