Category: ERM, GRC

Walking away from your desk

This, re yesterday’s post that was in some vincinity (though with quite some distance to spare…) of ranting about bureaucratic stupidity being a pleonasm.
By means of a pic, with:

  • A Bureacrat certainly designed this. The ejection seat would to a bureaucrat mean the danger of you escaping from the post you were supposed to hold no matter what — since in the bureacratic only thinkable scenario, nothing would ever happen or you’re unfortunate collateral loss but hey, the System continues to perform.
  • For all others (the handful, the few good men), the ejection seat is apparently surrounded by just that danger, and to be used to escape from from that immediate and urgent, life-threatening danger of death by utter boredom, by sitting still. Noting that the rig that the sign is on, invariably is one made for dangerous action, not for danger evasion… Ships are safe in harbour but that’s not what ships are for; kites [your check] so much, much less so!

Which side are you on; the sit-stillers’ or the Action Men’s ..?
danger-eject-svg

Two's a Charming Bureaucratic Voilence

First, two (yes) quotes:

To put it crudely: it is not so much that bureaucratic procedures are inherently stupid, or even that they tend to produce behaviour that they themselves define as stupid — though they do do that — but rather, that they are invariably ways of managing social situations that are already stupid because they are founded on structural voilence. (p.57) [ Where structural voilence is … look it up in your sociology study’s notes. Implicit or even explicit threats with disciplinary boards (however pastiche) and ostracism certainly gives you the right idea; ed. ]

At the same time, if one accepts Jean Piaget’s famous definition of mature intelligence as the ability to coordinate between multiple perspectives (or possible perspectives) one can see, here, precisely how bureaucratic power, at the moment it turns to violence, becomes literally a form of infantile stupidity. (pp. 80-81) [ Emphasis mine; ed. ]

This being from Graeber’s Utopia of Rules of course.

Now, apply this to the obviously receptive [what is the opposite side from ‘applicable’?] situation at some petty association that aggrandised itself and use the introduction of ‘quality control’ — not over itself but over parts of its member base — in a criminal way [since the legal and (self- and external) regulatory arguments were and are simply invalid, and procedures at points illegal outright] to force them into obedience to Kafkaesk procedures that wouldn’t and still don’t apply to those in power at the association. Gollum “the ring is mine!”.

My point being the conclusion of infantile stupidity. Charming for its tragicomedy. A disaster at many fronts for those affected by it…

Oh well:
DSC_0196
[To swat a completely imagined fly; Edinburgh]

Hoodies are off

Truly, we have arrived in a distopian world when crime fighters go after the petty ‘criminals’ only — if there were any bigger catches, the headlines would be flooded and as we hardly ever see that, this is the best for the fighters that they can brag about ..?
I mean, have a look at <link>; a real Cyberrr! (#ditchcyber) criminal was caught! How incredibly clever he was! Being traceable by his ‘own’ IP address and own bank account. So certain of his own greatness that he didn’t even seem to have worn a hoodie — you know, the device that keeps all ‘hackers’ [Dammit! Learn the difference between hacking and cracking!!! or remain a stool forever] completely anonymous. And in Russia. Or did I say R I meant China, when it’s about nation-state retaliation (sic!).

Where in Lucky Luke and Billy the Kid was it that the quote passes “Yes yes be silent dear little boy we do know you’re a really grow-up thug.” ..?
Time to hold this to the Police …?

Oh, and:
DSCN9971
[Surely, no-one would dare to attack here? Surely, this is just a decoy and nothing of value would be inside ..? — Well, the value’s not only in the hotel facilities but much more in the wine cellars … next door; Castello Gabbiano]

Two AI tipping point(er)s

You may have misread that title.

It’s about tips, being pointers, two to papers that give such a nice overview of the year ahead in AI-and-ethics (mostly) research. Like, this and this. With, of course, subsequent linkage to many other useful stuff that you’d almost miss even if you’d pay attention.

Be ware of quite a number of follow-up posts, that will delve into all sorts of issue listed in the papers, and will quiz or puzzle you depending on wether you did pay attention or not. OK, you’ll be puzzled, right?

And:
DSCN1441
[Self-learned AI question could be: “Why?” but to be honest and demonstrating some issues, that’s completely besides the point; Toronto]

No, you're hacked

OK, we have a couple of little things:

  • “It’s not if but when an organisation is hacked”
  • This leads to access to some of your personal data however innocious (or not)
  • Only a handful of your however innocious personal data is needed to identify you and/or take over your ID
  • Your personal data however innocious on the surface (sic) is with so many organisations.

Syllogically, ID theft will ruin your life, pretty soon.

Now you may counter that … blabla you’re not interesting enough (maybe, but how sure are you, and if you’re so clean your ID has value to the not-so-clean), it won’t happen to you because it hasn’t happened to you (yet, that’s the point) … et cetera.

But oh, you will be hit …

And with that positive reminder, this:

DSCN8391

[If life were as simple as at once major global city Edam…]

Electing Coke

Haven’t seen too many comparisons between Coke’s notorious botched A/B testing New Coke on the one hand, and the oh so similar (are they) recent US elections on the other.
If any of you would have a pointer to such an analysis, I’d be glad to hear.

That’s all. And:

[Which side you’d choose ..? Who cares about you / your choice ..? Zuid-As Amsterdam]

Four horsemen, with a badge

Now that ‘our failproof heroes of integrity’ (one of those five words is correct) have gained the right to hack and exploit each and every users’ device in their battle (huh) against the four horsemen, each, all and every proof of misconduct of however grave or minor import that anyone would conduct using any such ‘cyber’ device would not hold in court because no-one can prove it was the general user / suspect (sic) that put the data onto there or used it and the police would be implicated as well but cannot prove satisfactory it wasn’t them.

Obliterating any chance of ever proving actual foul horsemen…

But hey, they seem to have wanted that. For a reason? E.g., the above suspects were in majority already among the pursuers ..?

Why would I care… and:
DSCN8626cut
[Your ‘straight’ thinking…; Zuid-As Amsterdam]

Integrity it is / ain't the quote

Given the recent upswing in attention for integrity, it is not strange but unfortunate to see the phrase and concept being so warped it has become a newspeak pastiche.

Integrity … taken as zealously chasing the company’s apparent only purpose… Integrity, taken as the ‘more than compliance’ ideal, then (almost exclusively) pursued in ways that seek only meek compliance with integrity rules [note the irony of ‘integrity’ and ‘rules’ other than in opposition] to get rid of the Dutch Uncles that without fail (yes) fail their own lessons.

Stemming of course from the misconception or more straighforward, lie that employees are only as integer as they align their efforts with the company’s objectives (when push comes to shove, profit being the only one that matters, don’t lie to me or to yourself or to the world ..!).

But then, you miss the mark. Even those that pursue their bizarre political aims through shooting up / blowing up as many totally innocent and irrelevant strangers, claim their integrity … not with the things you’d consider defensible but they do; in their warped-beyond-repair mind they act sincerely and with integrity to their (idiotic) ideas and morale, ethics.

On a less damaging note, re-study Bruce, e.g., as holiday present to ask for (from yourself ;-), and see that integrity may not be what you’re after after all. Integrity being on the side of, and of, the employees individually, for themselves. If they sell their expertise to some company, it’s only that that they can reasonably be expected to deliver, not all and their soul …!

All this, combined with the ridicule in:

“Integrity is a muscle you have to train every day”.

Which points out that apparently, every day you have to separately train (how?) integrity whereas the pool of metrics to determine the efficacy of the training is a vast desert (as it should; all that is of value, is immeasurable and vice versa) — and do you really need that much training; apparently people will daily find so many more detractors …!?

Plus, those that still cling to the above illogic (mult.) about integrity, may need to train their lung muscles every day in similar vein. Or not. Yes, if you’d really understand integrity, you’d see that it is a similar body function.

Oh well, plus:
DSCN7008
[The aeons old fight of Order versus Chaos, often mistaken as Good versus Evil; Sevilla]

The year of IT is no more Department

Or, once upon a long, long time ago in a land far, far away, there was IT, the hero department that ruled over all of information processing. Because information processing was a strange and dangerous thing and if you chopped off one security flaw, seven others would be introduced. So, the IT department was well-trained in keeping the architecture-and-infrastructure beast alive, with all its fresh new and old legacy body parts, fed every now and then with a fair maiden project.

Oh how things evolved. Lately (being the past couple of decades), the department was split, incompletely, between Development/Maintenance, and Operations. Things were run with ITIL and CobIT — as In Name Only as PINO was to the Prince, II.

The INO part being audited throughout (see previous post) but without anyone really caring about the outcomes of that. NO not even regulators or so, so devoid of truly understanding that the qualification ‘parasite’ isn’t too far off, even.

And now, there’s a slow but steady breakthrough of bands of liberators. Deperimetrisation, socmed, cloud, Big Data, flex work(place), hackers-contra-cyber (#ditchcyber), … the many-headed Central Scrutiniser is sprayed wth acid from all sides and is slowly shrunk. Softly wailing for mercy, some do but to not much avail. Maybe an embrace of Sloterdijk’s Part III foams may help.

Ah, I’m not positive but can be — at least, life will remain in the body that is infrastructure management (-coordination) and incident management, etc.

First, this:
6c38c8af-0c9f-406c-a57b-e892c7ee37f5-original

Then, this:
DSCN8135

[Outsourcing basic shopping to the experts at Milan]

Low standards

The compliance check-box approach is an atrocious thing for and to many things and reasons, but has been induced by the very growth of the industry. Since all margin calls at all controls and controls objectives achievement have been whipped out — and no-one dares to or has the experience for margins calls anymore. How low can your standards of professionalism dive.

Sic transit gloria mundi; the trade once was a veritable gentleman’s (M/F/~) affair, for one put up one’s honour and good name (and standing including life, liberty, welfare and happiness) for the value of the second opinion over the full width of the (opinion about subject matter) playing field.
But one’s good name is no more. Men are no longer honorable, virtue isn’t a thing anymore; pluto reigns, in particular at 1600 Penn Ave — the demise of humanity. In the coming years, the standards will follow; having deteriorated from standards to hold Men to, to straight jackets most easily escaped from by surreptitiously gaming the system, making the system the mockery of men. I repeat myself.

But ideals, values, virtue and all things principle-based will resurface; if only trivially since the now resurgent risk-management approach would not work otherwise. The value is already returning to the dare of the expert to call it not to fold on details.
Hence, new standards will emerge. Pure-principles lists, no nitty-gritty stuff. To be audited on, by knowledgeable advisors that can relate sample controls / -frameworks to the principles and back. The 27k1/2 divide, but strengthened, widened.

About the latter; the renewed gap between principles and samples, will also allow auditors more flex when determining their audit approach as in next week’s post ;-|

By the way, the Dutch may read a bit on the same issue, au fond, and some pointers to solutions, if they’d work (put hypothetically for a reason), in this here piece, released after my draft of the above.

Oh, and:
DSC_0595
[A winery, of course; Douro valley]

Maverisk / Étoiles du Nord