Sermon - TLIS - 1.7.1 - Organizational Roles and Body Parts
Romans 12:4-5
For just as each of us has one body with many members, and these members do not all have the same function, so in Christ we, though many, form one body, and each member belongs to all the others.
1 Corinthians 12:14-22,27
Even so the body is not made up of one part but of many. Now if the foot should say, “Because I am not a hand, I do not belong to the body,” it would not for that reason stop being part of the body. And if the ear should say, “Because I am not an eye, I do not belong to the body,” it would not for that reason stop being part of the body. If the whole body were an eye, where would the sense of hearing be? If the whole body were an ear, where would the sense of smell be? But in fact God has placed the parts in the body, every one of them, just as he wanted them to be. If they were all one part, where would the body be? As it is, there are many parts, but one body. The eye cannot say to the hand, “I don’t need you!” And the head cannot say to the feet, “I don’t need you!” On the contrary, those parts of the body that seem to be weaker are indispensable ...
Now you are the body of Christ, and each one of you is a part of it.
Ephesians 4:14-16
Instead, speaking the truth in love, we will grow to become in every respect the mature body of him who is the head, that is, Christ. From him the whole body, joined and held together by every supporting ligament, grows and builds itself up in love, as each part does its work.
In discussing the gifts of the Spirit, Paul talks about the parts of the body. He draws an analogy from the parts of the body, the various limbs and organs, and the different members of the church. The different limbs and sensory organs, for example, have different functions that support the body's needs and operations. In the same way, the different gifts of the Spirit, given to different members of the church, support the church's needs and operations.
In the security world, we also tend to talk about different parts of the organisation and the different functions that different people have within the enterprise. Most would see this as rather generic: there is the management, particularly senior management, and then line management and supervisors, and then the direct line workers. Different levels of responsibility for overall operations are discussed in terms of strategic management, tactical planning, and operational functions.
But there are additional breakdowns that we, in security, see in regard to how businesses operate. This more detailed breakdown perhaps gives us some insight into the different responsibilities of individual Christians within the greater body of the church.
This is similar to the way that we can extend Paul's illustration of the various parts of the body, now that we know that the body is made up not merely of organs, but of tissues, and even down to individual cells. Which, in turn, have interesting and illustrative internal structures.
Using this more detailed breakdown, we can come to a finer examination of specifically what we might request, and require, in terms of an individual Christian's responsibilities within the church.
We'll start, as is traditional, with executive or senior management. This would be seen, generally speaking, as the role of the minister in the local church and possibly an area minister or bishop in the larger denominational structure, coming up to the archbishop, pope, or some senior moderator, at the very top of the denomination. The very top, as wording itself seems to imply, that these people have greater importance. As Paul points out, very correctly, "greater importance" is a pretty fluid concept. Your brain might be considered more important than the lining of your gut, but if you have celiac disease and have just eaten a piece of bread, the lining of your gut becomes much, much more important than your brain, given the pain that inflames your intestine, and your inability to do anything else until you have dealt with that pain.
And, of course, there is that business of servant leadership. Jesus gave us the illustration that the leader is to be one who serves. The minister, or ministers, in the local church are those who are supporting the members of the church. They are providing inspiration, direction, comfort, and support to the members of the church. They are the ministers, and that literally comes from a word meaning servants. They are ministering to the rest of the flock, the church.
My father very much liked to tell the story of a minister from a church in Quebec whom he met at a conference one time. This particular church was very involved with evangelism, not that the minister would be going out and doing evangelism. The illustration that the church used in this regard was that it is not the shepherd who makes more sheep. It is sheep who make more sheep. Therefore, the minister was the shepherd, caring for and supporting the flock. The individual sheep were the ones who were going out and doing the actual evangelism.
Okay, who's more important now?
The next step down in our discussion or structure of the corporate world in terms of information security is us. The information security professionals. There is a point that I tend to make when facilitating the preparation seminars that we tend to see ourselves as being the experts in information security. That is, in fact, the case, but that doesn't necessarily mean that we have the final say or decision when it comes to a policy or a given activity. Senior management hold the ultimate responsibility for the company. Therefore, while we have a better understanding of our field, of the risks, of the tools available to us, it is the responsibility of senior management to make the actual decision. It is our responsibility to give the best advice that we can, but we do not make the final determination.
Now how does this apply to the Christian life? Well, one aspect of it is that, while we need to do everything in our power, and indeed have the responsibility to do everything in our power, to spread the word of the Gospel, to bring the good news, on an evangelical basis, to others in within the congregation, and particularly those outside the church, we cannot make the decision, for anyone else, to love or follow God. That decision is for each individual to make.
In my own home denomination, that of the Baptists, one of the distinctives that we hold very dear is called "the priesthood of all believers." That means that each individual Christian is responsibility for their ultimate decision: are they going to follow God or not? Each individual has the right, and the responsibility, to make that determination. And, therefore, it follows that each individual is, before God, responsible for all of their own actions.
In the case of the church, this division of responsibility works both ways. The senior minister or pastor does not have the right to determine specific actions and behaviors that are acceptable or not acceptable for individual members of the church. At the same time, an individual Christian who comes up with an insight or revelation has the duty to bring that to the leadership of the church, but does not hold the responsibility for ensuring that the church makes a collective decision about behavior or belief.
Within a corporate or company environment, there is a concept known as the data owner. The data owner is the position or office that holds responsibility for a particular chunk of data or information. For example, the data owner of the customer database is probably the sales or marketing department. The data owner for the employee database is probably the human resources department. The data owner can be a very individual thing. For example, the creator of an individual document or letter is, in terms of information security concepts, the data owner for that particular file holding an individual letter, or report, or essay on a particular topic.
In terms of ensuring that information is protected in the most appropriate way, the ultimate responsibility falls to the data owner.
And I am sure that you will see that, from my previous mention of the priesthood of all believers, there would be an obvious extension of the idea of the data owner to the individual believer. The individual believer has responsible responsibility for their own beliefs and the protection of them.
But there is an additional responsibility for the data owner and therefore for the individual believer. Each believer is responsible to determine the level of protection. A data owner is responsible to decide how sensitive this particular piece of data or information is. How important it is, and how sensitive it is, has a bearing on the way that the overall company protects that information. In the same way, the individual believer has a responsibility to educate themselves on various aspects of the Christian life. How important is this particular belief to an individual believer? And, as it is said, you should always be prepared to defend, to anyone who asks you, your belief in this particular aspect of the Christian faith. That is why we have these sermons on Sunday morning. Yes, to a certain extent, this Sunday morning service is to inspire you and support you, and sometimes even to comfort you. But it does also to educate the individual believer. To point out what we believe, and why we believe it. And then there is your own study in these areas of belief. Study of the Bible on your own. Study of the Bible with smaller groups of fellow believers. And of course individual and corporate prayer time to consider and meditate on the lessons you have learned out of your reading of scripture.
As the individual groups of people, with specific areas of operation and responsibility, support the overall enterprise, we note their specific provisions and responsibilities for the information that the company requires in order to operate. In the same way, there are different provisions and responsibilities, held by individual believers and members of the church, which are important to the function of the church in its overall mandate to love god, love your neighbor, and spread the good news to the ends of the Earth.
This is not to say that the leadership of the church does not have some responsibility to correct or at least attempt to correct errors. If one of your elders is using your church's Bible study time to tell people that the reference in Isaiah to an army from the north and attacking villages that live in peace means that the end times are coming because Russia is attacking Ukraine, and that people should sell all that they have and donate the money to his organization because the end times are upon us, then possibly you should have a word with that elder. (And possibly preach a sermon on how no man knows the hour or the day except God alone.)
Another group of people important to the information technology function in the corporate world is the technology providers. These are the vendors, the contractors, the support people of various types in support of our business systems. They are not really in the chain of command, but kind of come in from the side. But they do have an important role to play, of course, and an analogue in our Christian institutions as well.
These are the faculties of seminaries, the traveling evangelists, the authors of books on the Christian life. They are providing us with extra direction, and sometimes specific direction in a particular area, providing resources to enrich and extend our Christian life, and God's work in the world. And there are responsibilities in regard to them as well. As we find in frequent mentions in the Epistles, not everyone is allowed to speak in church. The local church leadership, and sometimes the denominational leadership as well, have a gatekeeping function in terms of protecting individual believers from those who might be preaching a gospel other than the one that was preached to you.
In information security, when we provide access for contractors, the contractors have a responsibility not to abuse the privileges that we provide to them. In the same way, in regard to the local church, those from outside our congregation are providing something of value to us, but they also bear responsibility in terms of the purity, accuracy, and value to the individual believer of what they are asserting to them.
I have mentioned, in regard to the business world, the data owner. There is an additional position and concept, which we refer to as the custodian. This is someone who has not necessarily created a piece of information, but is holding or managing it on behalf of the data owner. In the church, it is not reasonable to expect that any custodian is holding an individual believer's faith on their behalf. However, the concept of the custodian is one that we should keep in mind. Everything that is given to us is provided to us by God. It is provided to us on the basis that we are stewards of all the provisions and resources that God gives to us. We should always remember that we are the stewards. Whatever we have is not our own, but granted to us by God, on the basis that we will use it for His service.
Gloria was a soloist, a wonderful singer. She had a gorgeous and unique voice. She knew, at the age of twelve, that her voice was a gift from God, and that it was to be used for God's service. She kept this attitude throughout her life, despite many friends' insistence that she should use her gift, as well as in the church, in local community amateur dramatics and musicals. She did occasionally try, but she never felt good about the results. She was always most comfortable when her singing was directly in God's service.
In the corporate world, in terms of information security, another group is the users. The users are the ordinary employees and workers who are using the technology which we, in the person of the corporation, and also the information technology and security personnel, have provided to them. Sometimes those of us in specialized fields have the feeling that the ordinary workers are somewhat beneath us, and that we are the ones doing the actual work. In reality, of course, the ordinary employees and workers *are* the actual company. We are merely an adjunct providing a specialized service.
In the same way, there is no one in the church who is "merely" a member of the church. The church consists of all believers. No man is an island. The absence of any member diminishes everyone. In the same way that the absence of an organ, or even a single cell, from a human body diminishes that body.
And all of us have a responsibility when any single cell of the body is missing. In church, if someone isn't there one Sunday, it's quite possible you should check on why. If that person is not there for a number of Sundays, why would that be the case? It isn't necessary that you *not* contact another member of the church outside of the Sunday morning service. It's quite possible to find out where they live, or obtain their phone number or email address, and check on how they are doing during the week, rather than merely on Sunday morning.
In the corporate information security world, there is one entity that is feared above all others. This is the information systems auditor. The auditors are seen, if we are using Christian terminology here, as the devil. They are evil incarnate. They are the ones who go through the battlefield after the war and bayonet the wounded. Everyone hates the auditors.
And they are completely wrong to do so.
The reason that everyone hates the auditors is that the auditors are the people who point out your mistakes. They are the ones who cast a critical eye over your programs, and notice where you have failed to anticipate an attack.
And they are absolutely necessary.
I write books. I write sermons. I write series of articles on important topics. I write a lot of stuff. Is anybody else here an author? In the seminars, I always ask that question. I ask if they can edit their own stuff. Some people think that they can. They can't. I know.
I said that I write books. Actually, I was wrong. I *wrote* books. I don't write books any more. I have lost my editor.
Gloria was the world's best editor. She was not only the best copy editor I ever met, but was able to conduct editing at all seven levels of that operation. When I wrote my first book, she edited it seven times. At every stage of the publication process. I remember that when we got to the first galley proof stage, they sent me a copy of about a third of the book: 140 pages. I sweat blood over that manuscript for eight hours, studying it line by line and word by word. I identified twenty errors in that 140 pages of the document. Then Gloria took over. As I said, she was the world's best copy editor, but she also had another advantage. She wasn't me. She found four mistakes on the first *page*.
You can't edit your own stuff. You can't find your own mistakes.
It's the same in the Christian life. We need others. We have to have others, and we particularly have to have others who challenge us. We have to have the others that we find petty and boring. They point out to us how little patience we have. We have to have the needy. They point out to us how little compassion we have. We have to have those whose troubles are seemingly endless. They point out to us how inconstant is our concern for others.
We need others to point out our mistakes.
Hopefully so that we can improve, and be better.
Theological Lessons from Information Security
Sermon TLIS - 1.1.5 - "Footprints" and key performance indicators/metrics
Sermon - TLIS - 1.2.1 / 34 - Edit, Audit, Prophet
Sermon - TLIS - 1.5.1 - Manage Everything
Sermon - TLIS - 9.8.5 / 73 - Muster station, safe and secure
Sermon - TLIS - 10.3.1 - Intellectual Property
Sermon - TLIS - 10.5.1 - Privacy
Sermon TLIS - 10.6.1 / 54 - Liability and Negligence
No comments:
Post a Comment