Gerry Gebel of Burton Group wrote an excellent post last week called “Moving Beyond Command and Control.” It’s the kind of thing I’d like to have written. It’s the kind of post everyone who cares about Internet security should read.

Gerry’s referring to the prevailing style of computer security, in which an administrator creates IDs and manages access to the system. The phrase “command and control” comes from a militaristic style of management with centralized or hierarchical authority. There’s nothing inherently wrong with the command/control model; the issue is that it’s a horrible fit for Internet security, where authority is unavoidably distributed.

Here are some simple shibboleths to detect a person’s managerial orientation:

If you hear frequent repetition of the words identification card, identity assurance, encryption, rights, management, access control, and policy …

BINGO! This person is a command and control disciple.

If instead you hear frequent repetition of words like reputation, reciprocity, empathy, signaling, collaborative action, recognition, shared experience, social interactions, ceremony, and connection …

Then they’re talking about social trust — and that person needs to SPEAK UP and start blogging about it!