Category: ERM, GRC

Be-four you turn enthousiastic

[Warning: Long-read. Opiniated, and structurally your recommendations may be are needed, too]

About all of the banking industry, and other financials in their wake, have had to deal with loads of regulatory requirements. Justified, some say, for ‘they’ cause(d) so much misery beyond mere most temporary loss of bonuses that the ‘un’ should be (have been long before) detached from bridled. So, Basel II and -III regulations swooped in requiring much more explicit and detailed handling of financial business than ever before. The move from laissez-faire to regulation, to regulation with sanction schemes, to sanctions (possibly interpreted as ‘token’…), was extended with provability and then complete proof-demonstration as minimum requirement.

This all, however, has created a large, and in general even I would say quite overpaid [disclaimer: am profiting too] industry of consultants, quants, ‘risk managers’, reviewers, assessors, auditors, and scores of Toms, Dicks1 and Harries of the GRC kind. That are all very likeable nice lads and lassies, but maybe not quite worth their salt, certainly not their bonuses, or even be sure to be worth much lending one’s ear to.

Since March, suddenly, there’s news. The Basel Committee on Banking Supervision has released a consultative paper on ideas for (much-needed, many know) simplification of the operational risk management part of regulations. For Basel-IV forthcoming.
Continue reading “Be-four you turn enthousiastic”

Watson’s ID

Does Watson have an identity? Because, when it (sic; why not ‘she’ ..?) is intelligent enough to make its own decisions, it may want to, or know ways to obtain, or be bestowed with, personhood of some sorts. To which it may need an identity, and according ID.
But that all hinges on the construct of a single, identifyable instance of <something>. And all sorts of fancy dancy press announcements — where one might ask ‘Where you’ve been to come to the show only now’ — regarding deploying ‘Watson’ in some confined business context seem to start to fly around; mostly with corporates having a dire need to blow over the news of their atrocious lack of morals — but what is it they use?
Most probably only a time share (think S/36 style) or copied-instance or copied-engine of the concept / most elaborately trained instance available.
Do we have a criminal / misdemeanour system in place already for such non-human persons? No, I don’t mean the sorely failed ‘corporate’ personhood approach as that’s a hoax. People still are in charge of corporates, and are punishable per (Board!) capita for anything that anyone does on behalf of their employer XOR they are fundamentally not allowed to act independently in any society.

Only now do we have new entities coming aboard that behave like individuals but have none behind them to cover for accountability … or they aren’t individual operators. So, no choice. But as yet, no legal system to operate in. Conundrum!

On a somewhat tangential (is it?) node: Yes, AlphaGo has beaten a human a couple of times, and the other way around now, too, but that doesn’t mean the game is lost (its interest); see Chess. And, ‘who’ has beaten the human player? Is it a ‘who’ or is it (not only) an ‘it’ or not even that, is it too abstract to say that a ‘robot’ that is in fact an ‘information system somewhere out there dispersed in place, maybe even in time’ has beaten a human..? AGI has no power plug, people!

Also,
The Church
[“The” Church, Ronchamps]

Security so(m)bering

There’s this discussion going down on the merits of privacy versus security. Whether the one is part of the other, or the other way around, or both. Whereas the smarts are with considering privacy enhanced by good confidentiality settings ’cause they see that privacy is an issue of higher (abstraction) order than mere confi; achieved by it but only as infosec are the bricks and mortar when all you wanted is not bricks or so but a wall.
Through which you may reflect on compliance in infosec. Because hardly ever, is that taken to include compliance with the principles and business objectives and conditions that include being sparse with hinder to the business. Really, those that truly set only guiding rails not enforcement rails, are the unicorns of the trade. No, not those unicorns, those are just frauds anyway.
You may try to do better; really. It starts with risk … when properly applied, you would not get the remarks about ‘why, it has never happened to us before / what are the odds?’ but might even get better support for some slightly hindering process changes and better (but less end user detectable) ‘infra’ i.e., everything under the users’ level of visibility.
So, I’m not sombering or if, about the eager beaver pervasive prevalence. Because sobering up, wising up, may win the day and may be due…

We shouldn’t somber too much… Isn’t this a perfect opportunity to finally demonstrate how we do (… can …) link up information security to real business issues at the highest GRC levels. Since we shouldn’t be passive, and leave ‘privacy’ to be taken over by lawyers jumping into the current Privacy Officer void. Since we can translate all the operational and tactical work that we do on privacy, all the way up to strategic levels and still be very concrete. And not have to wait till ill-understandable “guidelines” (shackles) keep us from achieving something.
No more wannabe whining about ‘deserving’ a seat at the Board table or at least be heard; not asking to be allowed but matter-of-factly showing ‘Done.’ … if, not when, you did informtion security right all the way…

Just like that:

[“Na na nanana can’t hear you!”; Porto]

Miss Quote: Your way. Or ..?

In the series of unfortunate misquotes, a famous one:

Anything that can go wrong, will (Murphy)

As a secondary quote from somewhere:
But Edward Murphy did not say this. What he most likely did say is something along the lines of:

‘If there’s more than one way to do a job, and one of those ways will result in disaster, then somebody will do it that way’.

Which only by you with the way you do things, does indeed result in disaster, without fail. So, if you use the misquote, you should add “when I do it”…?

That was a short and easy one … so, for you:
DSCN7697
[You picked its current spot; deep into the harbour…; Baltimore]

De nieuwe KvK-registratie

Voor velen is het een klusje dat lastig is, maar er nu eenmaal bijhoort als onderdeel van ‘being in business’.
De registratie bij de Kamer van Koophandel. De basics, bij de enthousiaste start van bijvoorbeeld een zelfstandig bestaan. Het onderhoud, bij wisselingen in het verenigingsbestuur — en dan blijkt de KvK dermate relevant, dat men nog een natte handtekening vereist maar dan wel in het bekende veel te kleine rechthoekje te plaatsen waardoor de gezette handtekening welhaast per definitie niet klopt…! Hoe diep in het vorige millennium kan je achtergebleven zijn; dit toont wel aan dat de KvK welhaast niet nuttig meer kan zijn…

Maar nu is er in tijden van ‘cyber’ (#ditchcyber!) een alternatief of eerder, een vergelijkbare registratie: Bij de AP.
Jawel, de Autoriteit Persoonsgegevens, zo genoemd omdat de verwarring met het begrip ‘privacy’ nog niet groot genoeg was wellicht, en hernoemd om weer een decennium opstarttijd te geven voordat effectiviteit kan worden verwacht en alsdan weer een nieuwe tijd aangebroken is die vraagt om een ‘andere’ instantie ..?
Want we hebben immers de Wet meldplicht datalekken… Met 700 registraties in de eerste twee maanden (rekening houdend met een volle eerste maand nieuwjaarsborrels, dus een week of vier) is wel duidelijk dat het een kwestie is van (aan)melden en verder gelukkig niets — tenzij men pech heeft niet politiek relevant te zijn en ‘dus’ najaagbaar …

Ach, overheid; leuker kunnen ze het niet maken, wel onmogelijker…?
DSCN1834
[En daar komt nou ook niet echt tegenwind vandaan…]

Yup, there it is …

… What took us (?) so long …?

Hybrid war

Yes, the phrase we all were waiting for, or might have predicted but hardly anyone did. But now, out there for all the FUD and fear mongering (to profit from ..!). May this be the avenue of submersion of cyber (#ditchcyber !), like a U-boat trolling and unexpectedly blowing you out of the water?
What will be, will be. Grab the money trucks!

On a side (?) note:
DSCN7602
[Transport for the consultants /-cy fees for you, required to tackle it all; Baltimore]

Plusquote: R&R

Never let a good opportunity for R&R go to waste

Which goes on the back of ‘never let a good crisis go to waste’ which s true, but negative as it relies on crises to turn up as the best (not the only …) opportunities to get change done. But now, tries to turn it to the positive, (truly hedonistic with an epicurean twist) enjoyable by way of the proper mix of carpe diem due to memento mori. As one doesn’t know when one will die; a great many being caught short of having lived as they postponed all purpose of life by ‘saving’ that for later, always for later. Hence the balance will need to be tried, not wasting, not spending it all but also not shirking from opportunities to enjoy.
Hence a side remark that the plusquote is quite absolute whereas its application needs some ‘risk management’ balancing (including personal quality perception/prediction) but hey, that takes the fun out of the shorthand.

Oh; some may not have gotten the memo that R&R (R ‘n R) isn’t about rock and roll or so, but about Rest and Recreation. Or Rest and Restoration, whatever floats your boat.

Talking about boats … (??):
DSCN7753
[Ship not boat! Not too much for pleasure, originally …; Baltimore again]

Watson’s place to be

Two points re Watson here, one poignant, one solved:

  • Where is Watson? Because, it must run on some (i.e., enormous number of) core processors that physically are, somewheres (multiple). Would anyone actually know or otherwise, wouldn’t that be scary for all the idol-worshippers of individualised-robotlike AI ..?
  • The name, the motto. After Thomas J.’s … Think. Name, sole purpose. Nomen est omen. Capice ..?

So there you have it. The question remains Open. Until you provide me with some answer, possibly..?

Also:
000010
[Cogite, citius altius fortius! of the 1928 kind; Amsterdam of course]

Mayans leaving the US

Would anyone have a pointer to the research that compares the Mayans’ demise with latter-day developments in the first world ..?

As one hears not too much lately, about that grand theory about the sudden disappearance of the Maya culture that suggested that one-percenter total disconnect with the other 99%, lead to the latter leaving the, no more capable of sustaining themselves in the least, überbureaucrats to litterally starve in their palaces.

Which might very well happen if the Powers That Be, e.g., the 1% of business and congress and the sycophants/lobbyists around those, would continue their disconnect now so amply demonstrated in, e.g., primaries on both sides of some spectrum (both actually being far right, maybe?), to name just an acute symptom.

So, are there any anthropologists out there studying that odd primitive (here, without the ”…) tribe of white men (sometimes, very sometimes, caught in the body of technically a woman) and comparing the parallells with said sad Untergang des Maya-landes ..?

Even when I wouldn’t know what the results could be. Do count on the ‘Now is different’ error of which the size cannot be overestimated. But also, very maybe, detect the slightest of pointers towards betterment of current-day societies. And ways to make us see the latter their value, hopefully — hope being what’s left when arguments are lacking.

On the positive side:
DSCN9971
[Similar not same: small-time onepercenterville now a tourist attraction (hotel); Gabbiano, Toscane]

Miss Quotes: Free Hegel

The quotes, of motivational nature or other, that you meet every time again — but aren’t, since they are garbled versions of the original. And the original had much more profound wisdom, or was even true where the misquote isn’t.

Yet another one in a series, a rather old one:
There’s nothing sure in life except death and taxes.

… …

For one, “The only thing you can be sure of, so the saying goes, are death and taxes — but don’t be too sure about death.” (Joseph Strout) — before but on the Kurzweillian strain of thought (more on that elsewhere on this blog) that ‘humans’ may leave their biological medium (‘substrate’) and live forever — probably on tape or 5″ floppy disks though that angle Ray discusses [satisfactory, for once] too. But whether Ray’s scenario turns out to be true (where would religion go …? Betraying his/his father’s roots?), or the Spinozaic or anthropomorphic deity would allow to be overruled in v1.1 of the Design, it would be short-sighted to take dying as inescapable.

For another, [skipping lazy evaluation of the And clause that would already render the quote a miss] David Graeber already proved that in the history of humanity, almost no-one ever paid taxes, the above is just an order by the receiving end put onto the paying end to suppress any even the slightest inkling of an idea for revolt. Whereas the Dutch started their war of independence officially because of an income tax levy of 10% — the outrage! and practice was ‘slightly’ different, very probably. So, no score here, either.

QED.

And the Hegel of the title: Search my earlier posts on that.
And:
DSC_0384
[This beauty however may not last forever ..? Bibliothèque Vanderbilt, Reims]

Maverisk / Étoiles du Nord