The following article was prompted by a gentleman's inquiry that went something
"My girlfriend wants some kinds of ASSURANCE that
I love her. I don't have a clue as to what ASSURANCE is."
Sometimes men can read an article about something mechanical and understand it
much easier than a description that relays information concerning a "relationship" factor. Assurance in the case below is
as clear as clear gets. I hope it's helpful for some of my male readers!
do you as a reader have that the information in this paper is reliable and that you can base your actions on it? Well, my
advice to you is to behave the same way most system users behave. That is, see whether you like the features in this paper.
If you like the features, who cares about assurance? If you don't like the features, who
cares about assurance?
That's just the problem
we face; users have not been convinced of the value of assurance. They care only about features
and are unwilling to weigh the underlying risks. Life offers many examples. While system managers carefully select and procure
applications, system users download freeware from the Internet. While parents advise children in appropriate dating partners,
children date the same rebels that their parents dated when they were children.
Okay, I'll admit
that not all people behave so irresponsibly. Some people are quite prudent and risk averse. You can spot them by their pocket
protectors. Nevertheless, there is an unhealthy tendency in our society towards instant gratification and the pursuit of happiness.
More calm sobriety and prudence are needed. People need to be protected from their baser instincts and from tradesmen who
would shamelessly exploit their naive trust.
This paper provides
guidance for those of us who really would like to do the right thing, and also for those of us who don't. After all, even
rebels need to know the rules, so they'll know which behavior to avoid. So, how do we judge assurance?
Is assurance a good idea that has been carried too far? Or is it a bad idea that has been
carried too far?
Definition and Historical Context
First of all, it's necessary
to make it clear what assurance is. After all, the word assurance
has been in the language for a long time and has accumulated many meanings, including self confidence, boldness, and audacity:
of his date's inclinations, the male Black Widow strode with great assurance.
Although that kind of assurance
would make a great discussion topic, this paper (unfortunately) is focused
on a much more, well, timid usage of the term. In this paper, assurance means:
measure of confidence that the security features and architecture of an AIS [Automated
Information System] accurately mediate and enforce the security policy" (National Computer Security Center (NCSC), 21 October 1988).
Or, to paraphrase the dictionary,
that which causes one to be sure or convinced.
The Information Technology Security Evaluation
Criteria (ITSEC) distinguishes two types of assurance: correctness and effectiveness
(Commission of the European Communities, June 1991).
Correctness is the type of
assurance provided by a proper aristocracy; it mainly has to do with etiquette. Effectiveness is the type of assurance provided by people who work for the
aristocracy; it mainly has to do with getting the job done.
It is appropriate that the
Europeans, with their tradition of aristocracy, had to remind us upstart Americans of this distinction. (Now if only someone would remind the British aristocracy of the difference between correctness and correcting
the public record.)
But although the Europeans
distinguish correctness and effectiveness, it is not clear whether they accept the possibility of being effective without
being correct. That is, the ITSEC allows ratings of effectiveness (basic, medium, and high);
but, regardless of how you score for effectiveness, it doesn't help you with your evaluation rating, which is based on correctness
measures. This is noteworthy, because, within the U.S., the concept of being effective without being correct lies central
to our culture.
We tend to place higher regard
on getting the job done than on getting all the forms and paperwork filled out properly. Furthermore, we even dress sloppier
than Europeans and don't expect this to reflect negatively on our abilities. Clearly, there is much we can learn from the
Europeans about proper assurance.
At a high level, the ultimate
objective of assurance is order. Humans are by nature uncivilized, barbaric, and overly
fond of salted snacks; we thus need to be inculcated with culture and values lest we fall prey to the excesses of pleasure.
In computer security, assurance imposes the culture and values that distinguish civilization
from chaos. Assurance finally lays down the law that there is a right way and a wrong way.
The foundation of
assurance is built upon the bedrock of criteria, sometimes called rules or mores. Life without criteria would
be like a society without laws or a street gang without an enemy gang to oppose. Without criteria, there is no basis for judgment
or even communication; there is no right and wrong. And, most importantly, without criteria, there are no jobs for criteria
Professional criteria writers
are not mere bureaucrats recruited from Federal regulatory agencies. They do not merely tinker with petty issues. They deal instead with universal truth. They engage the Universe itself in intellectual combat, wresting the
secrets of time from the primordial mist and revealing the secrets to us members of the laity. Criteria writers do not develop
commercial products, because that would undermine their objectivity.
Criteria give us a yardstick
that can be used to discipline product developers just as parents use yardsticks to discipline children. Yet criteria do not
of themselves tell us what is good or bad, only what are the elements of goodness and badness. To put criteria to use, we
need ratings. Some people balk at ratings, but we rate beef, tires, safes, and movies. Why not also computers?
A particular advantage of
ratings is that they simplify the process of making judgments. The value of this simplification is readily apparent from the
widespread use of ratings in society. For example, say you are trying to fill a position on your staff. You can make possession
of a Masters degree (a form of rating) a criterion for the position, so
that you need not waste time considering the qualifications or accomplishments of job candidates who do not have a Masters
degree. You can also make up other criteria. Such criteria will reduce the number of job candidates and might even free up
enough time for you to get in a round of golf after your lunch break.
As another example, consider
the task of defining security requirements for a system. Since ratings are a high-level codification of requirements, they
enable us to state our requirements succinctly and cleanly without wallowing in detail. So rather than write a novel on your
requirements, you simply cite the required rating. Now you'll surely have time for that round of golf. Clearly, life with
ratings is much simpler and straightforward.
Ratings for assurance
are especially interesting because they help us to assess products by assessing the process by which the products were developed.
In other words, to assess the product, you have to read a report written about the product by someone who didn't write the
product. This provides an objectivity that the product itself cannot. Despite the inherently obvious merit of this approach,
some product developers just don't understand it. They naively say, "What are you reading that for? Here's the product. Why
don't you just try it out?" How pathetic.
Of course, the ideal product
assurance process is one that completely eliminates any need to assess actual products.
This can be done by requiring documents such as formal models that are so sophisticated that mere product developers are not
even qualified to prepare them. Such documents require the services of security mathematicians, who were beamed into our Universe
just for this task from another Universe that runs parallel to ours. It's clearly a very generous Universe, because they told
us we could keep these mathematicians as long as we like.
In the dark ages Before Criteria (BC), there was no clear sense of right and wrong. Criteria
tell us what is right. But it is not enough just to know. Knowing, we have a moral responsibility to see that the right path
is taken. For people concerned with the welfare of society, there is no other honorable choice. These missionaries of the
right path are known as evaluators.
people specially chosen for their character and conviction in staunchly enforcing what they know to be right. Society owes
much to these people, who faithfully toil in anonymity. Fortunately, there are some small rewards. There is a sense of satisfaction
that comes from catching miscreant developers who brazenly develop products in ignorance or even defiance of the criteria,
just to make a fast buck. Someone has to care about what's right. The role model of evaluators is the criteria enforcer who
would say, "I don't care if you've only got ten minutes, you're not shooting down that incoming missile until I get an environmental
Jean Girandoux once said, "The secret of success is sincerity.
Once you can fake that you've got it made." Well, we assurance gladiators were not born yesterday. We are wise to such tricks.
In seeing that assurance requirements are met, we insist that developers promise to play fair. For example, we clarify that
it's not fair to try to make it look as though the assurance work has been done without actually doing it.
There are also legal considerations. For example, just as lawyers
find legal loopholes in laws, so assurance lawyers will interpret assurance rules to their advantage. The only solution to
this is to have our own assurance lawyers contest the interpretations. The resultant quasi-judicial process is in the best
tradition of American justice and ensures that disagreements are not resolved prematurely. This might cause some slight increase
in product cost, but our assurance lawyers have assured us that it best serves the public interest in the long run.
Some developers think of formal specifications as no different
from a bureaucratic requirement to fill out extra forms. They don't understand that every one of those forms serves a valuable
purpose. Furthermore, they don't understand the value of logic. That's understandable, of course, since they are only developers.
Even Lord Dunsany didn't understand. In 1938, he wrote that "logic, like whiskey, loses its beneficial effect when taken in
too large quantities." Since then, Lord Dunsany has died, but logic still exists and continues to outlast its naysayers.
Most users make the mistake of narrowly basing their judgments
on personal experiences. For example, if they know and trust product developers, the process the developers follow is less
important. If they know and don't trust the developers, no process will convince them that the developers' product is of high
quality. So, logically, it follows that they might trust developers they don't know, as long as the developers have name recognition.
This is how one knows, for example, that a sprite done by Chagall for a cathedral window is better than an identical sprite
done by a grammar-school class for a school window.
There is obvious merit to these judgments, but they also carry
subtle dangers. The main danger is that companies with name recognition, who have a track record of developing products that
are well liked by users, will become so arrogant in this success that they question the authority of the criteria. They might
even come to consider criteria compliance less important than product sales. Such heresy cannot be tolerated. Strong government
control is crucial in enforcing use of only those products that play by the rules.
When you go shopping for assurance, do not be fooled by cheap
substitutes. As you reach out to take a bottle of assurance from the shelf, your eye might be caught by several imitation
assurance products sitting nearby. All of these imitation products are less expensive than assurance and some are very attractively
packaged. They are targeted towards different personality types.
Caring people often find themselves settling for reassurance:
"There, there; it could have been worse." Macho types inevitably prefer cock-sure-ance: "It won't happen here." The classic
example of cock-sure-ance is that of the civil war general: "They couldn't hit an elephant at this dist ..." Even risk averse,
prudent people sometimes buy related products. The most popular is insurance. Users must not be fooled by these imitation
products but must seek out genuine assurance.
Let us conclude with an example
of an assurance substitute that illustrates the need for constant vigilance in defending
our assurance Highest-Order Notions Of Rectitude (HONOR).
The example shows a particularly pernicious form of imitation assurance.
Assurance is usually thought
of in terms of a single, benevolent, high-assurance system, smiling protectively down at us. But we assurance
advocates are reasonable and acknowledge that nothing is perfect. We heed the wisdom of centuries, which concludes that, "Two
heads are better than one," and warns, "Don't put all your eggs into one basket."
Obviously, if you really want
to be sure of doing something right, you have to do it twice. Shakespeare subscribed to this belief:
"I'll make assurance
(Macbeth, IV c, 1605).
It also has been used to explain
the practice of polygamy (though true assurance advocates find
more security in celibacy). In some cases (e.g., dual exhaust pipes),
it is considered a matter of style to have dual systems (though true assurance
advocates are mistrustful of style).
With respect to computer security,
dual control has long been axiomatic and manifests itself in the principles of separation of duties and two-man control. But
this computer security double check has been misinterpreted in some quarters. It is obvious to any reasoning person that the
idea behind this double check is to add two high-assurance checks and thereby gain better
assurance than from either check alone.
However, heretics have twisted
the concept to say that two low-assurance checks can substitute for a high-assurance check! They say that 1+1=1.5. We say that 0+0=0. In a sense, they would sell us assurance via features. Oh, foul and heinous treachery! See what temptations await to seduce the unwary.
But let us reaffirm the need
for double checks. After all, redundancy and the distribution of control are fundamental to the very construction of our government;
it is called the balance of power. Of course, the government interpretation of balance of power is for each side to impede
the efforts of the other side, with the effect that government is not as effective and efficient as it might be. But then
this does protect us from government excess.
Basically, the government
structure itself restrains our more extreme impulses. Perhaps that is why some vehicles have governors to keep them from going
too fast. In a larger sense, what we are doing here is sacrificing performance for security.
And is this not as it should be?
Even if you cannot reason it through, surely you must feel that such sacrifices are needed to purge from our natures the imprudent
desires for unharnessed performance and capability?
Surely you must sense that
the hedonistic pursuit of features feeds primitive hungers that are best kept in check. The Puritans knew the pitfalls of
such indulgences and knew also the rewards of abstinence. So must we learn that less is more, that self denial gives birth
to self control, and that pain becomes pleasure.
Commission of the European Communities, June 1991, Information Technology Security Evaluation Criteria (ITSEC), Provisional
Harmonized Criteria, Brussels, Belgium.
NCSC, 21 October 1988, Glossary of Computer Security Terms, Fort Meade, Maryland.
source site: click here
Now I can see why people are writing to me concerning, "assurance
of love." This was an abstract I found of someone's research paper. It's good for defining the sense of assurance in the situation of love.
This study examines three variables of a romantic relationship.
It focuses on the communication variable of assurances, or expressions of love, and compares assurances to the level of the
non-communication variable of commitment. It also focuses on the quantitative relationship between assurances and sex roles.
This study examines the idea that more assurances within a romantic relationship will lead to more commitment, or a stronger
commitment for the couple. It also examines whether males or females use more assurances to increase commitment. In order
to develop data for this study, students were each given fifteen surveys to distribute among people who are in different stages
of relationships. For example, the surveys were given to people who were married, seriously dating, casually dating, and even
couples that had just broken up. These surveys had questions pertaining to all aspects of a relationship, including the topics
of assurances, sex roles, and commitment. Therefore, by analyzing the data received from the surveys, one can draw conclusions
about the interconnectedness between assurances, sex roles, and commitment.
The irony of romantic
relationships is that although the average person has a desire to be in one, most of the time in an actual romantic relationship
is spent trying to fix it, rather than to move further or even end it (Duck, 1988, as cited in Canary & Stafford, 1991).
The behaviors and actions in which the couples try to save or improve the relationship are called relational maintenance strategies
(Dainton & Stafford, 1993, as cited in Dainton, Haas, & Stafford, 2000). One of the main strategies used in relational
maintenance is the idea of interpersonal communication. In fact, interpersonal communication and relationship development
go hand in hand so that one can not have one concept without the other (Miller, 1976, as cited in Canary & Zelley, 2000).
The type of interpersonal communication discussed within this study of relationships is some sort of emotional expression.
Burleson, Hatfield, Metts, Sprecher, and Thompson (1995) explain that, "…the expressive dimension is often considered
the heart of a relationship" (p. 203). They go on to say that, "Several therapists and writers have suggested that good communication
is the essence of a good relationship" (p. 204). Good communication in relationships is considered to be supportive communication
that makes one feel good about himself or herself or the relationship (Burleson, et al., 1995). This supportive communication
is called assurance, and it adds satisfaction to a relationship (Canary & Stafford, 1991). Thus, when one adds satisfaction
to a relationship, one is attempting to develop the relationship or make it better. This is a way to prolong the relationship,
or in other words, to increase commitment.
Theorists have studied several types of maintenance strategies used to improve
relationships (e.g. Canary & Stafford, 1991), and one particular focus is on assurances. Relationship strategies are used
daily with couples in order to keep the satisfaction of the relationship. Therefore, maintenance is a huge part of relationships.
The purpose of this study is to further evaluate how the maintenance strategy of assurance can lead to an increase in commitment
within the relationship. It also examines the impact sex roles have on distributing the assurances.
Assurances, or expressions
of love are one way to maintain the relationship. Assurances are usually used through interpersonal communication between
the two people involved in the relationship. Hecht, Marston, and Robers (1987) say that, "'…communication is the fundamental
action which both expresses and determines the subjective experience of romantic love'" (Hecht, Marston, & Robers, 1987,
p. 392, as cited in Hendrick & Hendrick, 2000, p. 208). Therefore, they suggest that communication is necessary in order
for the expression of love to take place. Some assurances mentioned by Hendrick & Hendrick (2000) are ones that express
the partners love by saying "I love you." Other assurances they give are actions, such as doing things for the other person
and being supportive and understanding. Assurances also include when the partner directly or indirectly mentions to the other
partner about the future of the relationship (Canary & Stafford, 1992, as cited in Dainton et al., 2000). Dainton et al.,
(2000) gave out surveys as a means of collecting data in one of their studies. On the surveys were certain factors of assurances.
Some of these were as follows: showing love for the partner, implying the relationship has a future, telling how much the
partner means to the other partner, stressing the commitment, and showing how much the partner means to the other partner.
Ballard-Reisch & Weigel (2002) developed a questionnaire to find out what behavioral indicators people used to show commitment
towards each other. Among the list of behavioral indicators were assurances such as, providing affection, stating love, showing
affection, showing feelings, providing support, and giving emotional support. The main point is that in order for a relationship
to be satisfying and to be maintained, an expression of love is important. These assurances are expressed through verbal and
non-verbal communication. They are necessary for relationships because after all, "Without expression, even the greatest of
loves can die" (Sternberg, 1988, p. 136). Most importantly, assurances are ways to persuade one of another's love, and they
provide commitment and comfort when needed (Canary & Zelley, 2000). They "assure" the partner of one's feelings, and help
to further develop the relationship. This further development often leads to more commitment in the relationship.
on the other hand, generally refers to a long-term orientation toward continuity of a relationship stemming from assessments
of satisfaction, quality of alternatives to the relationship (dependence), and level of investments in the relationship" (Burleson
et al., 1995, p. 204). Commitment then is the desire to continue a relationship based on rewards one is receiving from the
relationship. It also refers to the extent to which a person wants to remain in a relationship due to feelings of attachment
(Canary & Zelley, 2000). According to Fehr (1988, 1999), some features of commitment include, loyalty, responsibility,
living up to one's word, faithfulness and trust" (Fehr, 1988, 1999, as cited in Harvey & Weber, 2002). Therefore, the
ways in which one shows commitment towards his/her partner is through actions, verbal, and non-verbal communication. Commitment
is not something that each individual person decides on his/her own in the relationship. Instead, commitment comes from interactions
and communication with one's partner (Knapp & Taylor, 1994, as cited in Ballard-Reisch & Weigel, 2002). Ballard-Reisch
and Weigel (2002) continue to say that the level of commitment within a relationship can be found by what people do and say.
The more a partner shows or says to his/her partner about one's feelings, the more the level of commitment increases. These
behaviors of commitment can be called assurances, hence, the more assurances one gives, the more the level of commitment will
Assurance Leads to Commitment
of this study is to further examine how assurance leads to commitment in relationships. Much research has been written which
exhibits this connection between assurance and commitment. For example, Canary and Stafford (1991) found that fifty-six percent
of the different varieties of commitment could be predicted by the maintenance strategies of assurances, networks, and sharing
tasks (Dainton et al., 2000). Dainton et al. (1994) also found that assurances and positivity helped predict satisfaction
in relationships for husbands and wives (Dainton et al., 2000). The studies performed by Dainton et al. (2000) showed that
assurances were the highest maintenance behavior related to commitment with a .51. Canary and Stafford (1991) also found similar
results directly relating assurances and commitment. Assurances were most strongly associated with commitment with a .53 (Canary
& Stafford, 1991). Ballard-Reisch & Weigel (2002) also found information on assurance and commitment. Their study
identified the types of behaviors people used to show their commitment level in the relationship. As predicted, the most detected
indicator of commitment was giving affection (2002). The type of affection given was assurance, in which partners actually
said, "I love you, " and how much they care about their other partner (2002).
These studies indicate that assurance does
in fact lead to commitment because assurances stand for a belief in a lasting relationship (Canary & Stafford, 1991).
Assurances are relational maintenance strategies with a common goal to improve the relationship (Booth-Butterfield & Trotta,
1994). By expressing assurances, one is using relational maintenance strategies to improve the relationship, and attempting
to become more satisfied (Burleson et al., 1995). This satisfaction increases the desire to develop the relationship deeper
and further, thus increasing the level of commitment. Therefore, research has shown that assurances lead to commitment. From
this information the first hypothesis is proposed:
H1: More assurances will lead to more commitment in romantic
Sex Roles Within Assurance and Commitment
concepts of assurance and commitment are handled in different ways amongst males and females. Throughout the research, there
have been conflicting views over who uses more assurances and signs of commitment between males and females. However, there
are several more studies that conclude that women use assurances more than men. For example, Dainton et al. (2000) examines
how Ragsdale (1996) found that females used positivitiy, openness, assurances, network, and tasks more often than males. Although,
Canary and Stafford's (1991) study shows that females perceive males to use these strategies more often than males perceive
females to use these strategies (Canary & Stafford, 1991, as cited in Dainton et al., 2000). This is probably because
"Women are more likely to think about, talk about, and worry about a relationship" (Ballard-Reisch & Weigel, 2002). Ballard-Reisch
and Weigel (2002) discuss how females tend to talk more, analyze, discuss their feelings and the relationship, and perform
more relationship tasks than males. From this information, Ballard-Reisch and Weigel (2002) hypothesize that females will
have more indicators of commitment than men. Needless to say, they were correct. Females did report greater use of maintenance
strategies than males (2002). Fitzpatrick and Sollie (1999) conclude that females are more dedicated to their romantic relationships,
thus they reported greater commitment than males. Fitzpatrick and Sollie (1999) believe the reason for this is because females
usually take responsibility for relationships and care for the relationship. Simon and Baxter (1993) also found that females
were more likely than males to use assurances.
However, there were studies performed that had opposite results. Canary
and Stafford (1991) found that males were perceived as using more strategies such as positivity, assurances, and social networks
than females. They go on to say that females may notice when males try to maintain the relationship and may appreciate it
more than males do. Males, on the other hand do not usually notice female attempts to maintain the relationship. Finally,
Booth-Butterfield and Trotta (1994) found that males were using assurances more because they were usually the first ones to
express their love in a relationship. They presume that men are usually the leadership role in relationships; therefore, they
are responsible for assurances such as saying "I love you." Based on these opposing sides, the research questions ask:
R1: Do men or women use more assurances in romantic relationships?
Do men or women express more commitment in romantic relationships
source: click here