Category: ERM, GRC

"This is impossible!"

‘tWas not long ago, when all that knew their way in Infosecland (when the land had not expanded and complexified beyond grasp of mere mortals and AI was not yet needed to have taken over) would point at the stupidity of any claim like “That can’t happen here because our security beats every threat till Kingdom come”.
And the claimants would have it, by sheer power play. When dinosaurs roamed, it was in your interest to move over when they’d want to pass.

Now, the dino’s are on the way out (well, the current stock of them; new ones in the wings), and this of course happens.
Where the complete ignorance of the dino’s is displayed by their response, as if something new happened.
Where we haven’t heard enough calls for claw-backs of even standard salaries for, give or take, a decade or two back due to willful and (should-have-)self-knowing incompetence, especially at C-level and up.
But then, justice is served cold, by history making a fool of the true culprits (the authoritarian dino’s) at best, or forgetting them in old Greeks’ second hell as deserved.

Can we be friends now; you being the entry-level kindergarten ‘students’ and the rest of the world you scoffed, as your nannies …? For that:
20160820_151302
[At least they acted as proper Night Watchmen; at the Rijks, Amsterdam]

Popular; now (not) bring it to prep schools

Just for your info: this here overview of programming languages popularity.
Not an endorsement in any way nor the opposite. But … would we want to endorse this list RE kids learning to program in prep/elementary schools, or at middle / high school levels and up ..? Because the list changes so much … before they finish their school, some languages may hardly exist at all (contra: COBOL’s #41 on the list…).

What then ..? At least:
20160820_162507
[Like programming, both Art and Craft; Stedelijk, Amsterdam]

Weird infosec science

Who would have thought — that total surveillance would reach into the house, no / hardly any backdoors need to be built in even.
As explained here, and here in closer-to-humanly-readable form.

If such are the Tempest inroads, who needs the newest-of-highest-tech solutions as they all will all succumb to either trivial complexity-induced-unavoidable sloppiness of implementation, or to circumvention in the above way…?

Of course all of it is an atrocity in ethics but … I won’t be utterly negative about humanity’s future so I’ll stop now. With:
20160820_120127
[Art imitating life; Stedelijk Amsterdam]

Metaphoric company / politics

… Is the political scene of the, still…, figurehead corporatist (or would you know a more pejorative term?) country (hey, check global capita per country and weep) reflected in the developments of the business world; like, a bunch of weirdos (qua hairstyle and behavior) versus ‘governance’-oriented totalitarian bureaucrats,
or is it the other way around ..?

Just struck me. And beware that the former category would not be where the Silly Valley bunch would fit in, as if by association-through-closeness to ’60s SF. Contrarily, they fit perfectly in the latter category. As was exepelainifyed already here.

Also, both categories are so far apart that when one wins, the other will be separate and free enough to maybe not even care. Though I doubt that Latter would not at least give it a try. And possibly succeed.
Both sides really, really should be ware of Pyrrhus. Like, China or even India taking over. The Bear, not so much; internal control is the stretch to the edge already, shot-in-the-dark break-outs will be just that. Oh, and Europe will of course (? … !) be split in an East-of-Centre, Southern (sub-Rhine/Danube) and Northern (trans-Rhine) parts. That will move at very, very different speeds in very different directions…

But then, in the longer run we’ll all not be dead but this.

But then, I’d best leave you with:
DSC_0627
[Wine not whine bunker; Quinta do Vallado]

Plusquote: Qua Quantification

Qua quantification, maximal isn’t the optimal that minimal is.

If quantification were good, or worth pursuing even anything more than a bit or minimally, Yoda would talk about hidden Markow chains not The Force.
Not all that can be counted, counts, and not all that counts, can be counted. Where ‘not all’ is to be read different than latter-day simpletonian, but as antediluvian ‘none’. Capice ..?

Many more arguments might go here. Suffice to say that ‘evidence-based’ science is a scam. Only those that are too stupid (let’s put it like it is) to ‘get’ the value of philosophy (and ethics etc.etc. as part of it), may not understand it. But as the vast masses don’t have a clue how their car works — chemical reactions within the pistons, anyone? how ’bout the programming of the cabling that controls it all? — but still use it, NO you not understanding does NOT mean it’s nonsense, in your case to the contrary.

To return to the positive of the Plusquote…: All may have a say in matters of society and the ‘control’ (quod non) of its infrastructure including all ‘critical’ sectors like energy, security and finance…

Oh that may be too much of a stretch but still…:
20160805_143215[1]
[OK, … quantify this … NO not even the qualifier Amsterdam is correct, it’s Dordrecht and even that doesn’t capture the picture…]

Own rules

When ‘Compliance’ are the Spanish Inquisition, keep them to their own rules. Leviticus, in particular; 19:19, 19:27, 24:10-16 and others (note :4 for the commoners outside the C department), and Deuteronomy, e.g., 22:11. Exodus 21:7, too.

We’re looking at a lot of pink slips, and clawbacks, if we’d be too (sic) lenient.

Oh well:
20160805_160230[1]
[Compliance through the looking glass; GlassFever Dordrecht]

Risk Chagrins

It’s just a matter of Karma

As long as ‘risk’ ‘managers’ deal with negativity (admit it; focusing on the negative is even written into quite a number of definitions involved ..!), they’ll become the sourpusses they want to see all around (remember, the “passing back risk management to the ‘first’ line” ..?), and according to which they’ll behave ever more, finding evidence everywhere they’re on the ‘right’ track.
Quod non, but conspiracy theorists as they are, they will not listen

Oh, and this:
20150109_145912
[Your ‘risk’ ‘heat map’, accurate picture]

Plusquote: Materiality

Discussions about materiality are not material.

This, after realizing that all too often, the discussions about materiality were/are either by Eager Beavers (not having grown above box checking zealots), or by outsiders qua experience and expertise, e.g., lawyers (q.q.) and ‘governance’ bubbletypes.
Whereas, when ‘materiality’ (or its twin-at-a-right-angle, ‘significance’) its pass-or-fail boundary is discussed, not the precise measure (and hence, rigorous definition) counts, but the very fact that there is a discussion in the first place. That is material, that points at an issue. Wise minds (q.q. probably not directly involved ..!) understand this point and will not want to join the discussion, leaving the latter to the nonderstandables.

Think about it — when the discussion arises for whatever reason, that mere fact already is a signal, which can simply be reported as such, together with all its glorious detail. Must. For it is material significant oh whatever…

Leaving you for the weekend with:
20150109_150127[1]
[“It’s only a model” it aint ..! in Rotterdam — oh wait that’s a scaled re-build…]

ChainWASP

… With all the blockchain app(lication)s, in all senses, sizes and seriousnesses if that is a word, growing (expo of course) everywhere,
wouldn’t it be time to think about some form of OWASP-style programming quality upgrading initiative,

now that the ‘chain world is still young, hasn’t yet encountered its full-blown sobering-up trust crash through sloppy implementation. But, with Ethereum‘ and others’ efforts to spread the API / Word (no, no, not the linear-text app…) as fast and far and wide as possible, chances of such a sloppy implem leading to distrust in the whole concept, may rise significantly.

Which might, possibly, hypothetically, be mitigated by an early adoption of … central … Oh No! control mechanism of e.g., code reviews by trusted (huh?) third parties (swarms!) where the code might still remain proprietary and copyrighted.
Or at least, the very least, have some enforceable set of coding quality standards. Is that too much asked …??

I know; that’s a Yes. So I’ll leave you with the thought of a better near-future, and:
20150109_145839
[Horizontal until compile-time errors made adjustments necessary (pic); beautiful concept — other than Clean Code, actually executed to marvelous effect]

Fintech: Babble-fork

Coining (pun not even intended as I wrote this — lame non-landing anyway) a new phrase: Babble-fork.
Which is what happens now in the financial industry with fintech:

Banks et al. think they have a role to play in the applications of blockchain technology in the financial industry of the future.
As bc is just a distributed ledger technology [ref. Tapscott the Elder & the Younger], right?
Obviously, dead wrong. Or, ‘the Internet’ is just phone lines between mainframes.

Otherhandly, the start-ups that have no role or place for the incumbents. The start-ups that expect the old ones to die [1:03 of the linked]… and then, it is already a mockery of a flattery to relate the financial industry-that-was with that commander that never made it to captain (Navy); an outright self-delusion of the grandest scale when such industrialists think they’ll still be able to catch up with the innovation tidal waves already rushing to their shores (unseen, over still deep seas until reaching their shallow tropical beach sides ..!).
Since bc is the very counterpoint of centralized (‘trusted third party’-, quod non par excellence!) trust, being the utter distribution of it hence contra anything however remotely approaching the delusion of importance that may still be with the traditionalists.

So, fintech forks ferociously for the financial future as a tenable alliteration runs only so long. But you get it. Time again to ask for the entry password — with the wrong answer leading to …?

Well then, I also have for you:
20160408_151402
[Dear Lord. In the Attick; Ams]

Maverisk / Étoiles du Nord