The 17th Installment
“Partial Knowledge and Comprehensive Knowledge”

by Yoichi Seto,
Professor, Master Program of Information Systems Architecture

There is a story called the “Blind Men and the Elephant.” I think it is an Indian fable in which blind men touch an elephant and describe what it was like.

The men surround the elephant and start to touch it. One man touches its ear. Gently stroking the large ear, the man thinks, “The elephant is like a large fan.” Another man touches the leg and thinks, “The elephant is like a thick pillar.” A third man who touches its trunk thinks, “The elephant is like a thick club.” The man feeling the belly thinks, “The elephant is like a huge pot.”

Their teacher asks them, “What kind of animal is an elephant?” The men started to tell how each of them felt. The first says, “The elephant is like a large fan.” The second man said, “No, it isn’t. You’re wrong. The elephant is like a thick pillar.” The third man interrupts the two boys, laughing and saying “Don’t be so stupid. The elephant is neither like a fan nor like a pillar. It is like a thick, long club.” Still another man breaks in, saying “None of you are right. The elephant is like a huge pot.” The argument among the men intensifies and finally turns into a quarrel.

Their teacher says, “I will tell you what an elephant is like. All of you are right, and all of you are wrong. What each of you touched is only one part of the animal known as an elephant. If you try to describe a whole elephant from one part, you can’t do it accurately. An elephant is like a fan, like a pillar, like a club, and like a pot, too. And it is something more than the sum of these. You understand it only when you see the whole.”

I think the world of information technology (IT) and the IT business is just like this fable. More than ten years after I became fully involved in the business of information security, I always feel that the same idea applies to information security.

When asked what information security is, one person says, “It is a code language based on mathematical theories.” Another person says, “It is risk management, or IT governance.” Another person says “Laws and standards are important.” Still another says “It is a computer virus with the greatest impact on the society.” All of these answers are right, but none are appropriate.

To use the words of the teacher in the above fable, “I will tell you what the information security is like. All of you are right, and all of you are wrong. What each of you came up with is only one part of the knowledge known as information security. If you try to describe the whole knowledge from one part, you cannot do it accurately. Information security is like mathematics, like laws, like risks, and like computer programs, too. And it is something more than the sum of these. You will understand it only when you see the whole.”

In university lectures, there has been a segmentation of knowledge in specialized fields. I think the reality is that specialization and segmentation have led to a reliance on localized technical theories, and teaching of comprehensive knowledge, which pursues correlations of the whole and comprehensive solutions, is not practiced sufficiently. The many problems that are occurring in society are frequently solved with comprehensive knowledge. In other words, it is difficult in IT to shed light on the true nature of matters only with partial knowledge, and I believe that efforts to acquire comprehensive knowledge about particular issues must not be neglected.

I think few people will oppose the idea that IT is an important key technology for society. This does not mean, however, that mastering and utilizing IT-related expertise will enable you to establish a superior, useful technology or system. The speed and synchronism of current technical innovations are faster and broader than ever before. In addition, we cannot deny that specialized knowledge in IT is being segmented and deepened. However, the application of specialized, segmented, and localized optimality will not enable you to pursue purposeful or comprehensive solutions in society. To do so, it is necessary to understand and use comprehensive knowledge.

The information security education at the Advanced Institute of Industrial Technology is based on an educational policy of obtaining comprehensive knowledge to enable the use of partial knowledge. We are also striving to base our education on this policy. We approach research and education by giving highest priority to providing the latest and most effective place of learning, to enable students to view the cutting-edge elephant in its entirety.