Category: ERM, GRC

A footnote to theses

Not to Theseus, however close.
But on the superfluence of latter-day (PhD- in particular) theses in printed form. Wouldn’t they be much better on-line, in a format with clickable hyperlinks ..? Wasn’t that what hyperlinking was ‘invented’ for ..!?
Why then still rely on the old ‘footnote’ reference system… If only b/c some geriatric referees still want to see their own name printed and care less or not at all about hits. With the democratization of even science, wouldn’t hit scores (Errm, weighted by the authority of the visitors …! How? We’ll figure something out) be a better validity measure?

Yes, of course this would require a backlog of old printed articles to be put on-line, including linking their reference lists. But this effort should (sic) be minute, compared to today’s paper production — I mean, the production of papers. And, in the end, needed anyway.
Oh, another inhibitor for the oldies: their references can now be checked automatically (I guess (appropriately)) and their assumed notoriety will be disclosed exposed for what it is — which may not be liked by all.

But then, on-line theses would be much better readable since the Definitions and Research Description parts might be separate html docs, split away from the core science content.

Many more advantages, and this:
DSC_0031
[No longer dungeoned but in Church, still stalactitic; Edinburg]

Information does(n’t) Matter

Another consequence of the analysis mentioned before about answers flowing upward through infosystems and command and inquiries/questions flowing down: When the latter get viewed as anti-data or even anti-information, we see Information Theory in action.

Where without the creation of potential (difference) by an inquiry standing ready at, say, a sensor [abstracting for a tiny moment away from the complexity that could be in any sensor, assuming it a math point] to capture some data it may produce, the potential may not pull away the data created by a Heisenbergian creation (-by-measurement ..!?) of the data/anti-data pair. Leaving the anti-data, the uncertainty behind. Is this the creation, the maintenance, or the destruction of a Schrödinger’s measurement ..?

More operationally: In what way does this interpretation induce metaphoric (?) insight into the connection between physical world, ‘signals’ (as in Shannon and other Info Theory), and continuous (!?)/discretised sensor-data streams..?
[For once skipping the bullying of those not understanding the fundamental nature of the continuous/(math-)discrete divide]

Well, there’s also this:
DSC_0478
[The gift of far-sightedness. SE Sicily you recognize of course]

A horse needn’t be a horse off course

Maybe @DARPA can elucidate … Why would anyone need four-legged soldier-helpers ..? First there was robodog, then LS3 that failed so may end up in your next indeterminableoriginmeat-burger. Next, maybe, a fully armoured full exoskeleton.
Which might do away with the humanoid innards in the near future (after that), losing some great many pounds of ballast (similarly, are drone pilots as physically fit as the bunch out there in the air on their weapons platforms ..?) and also losing a great deal in time- and otherwise (situational-closeness hence -fine-granularity) challenged ethical perspective. I.e., no weak knees anymore just shoot whatever moves.

But, back to the Helper idea: Why ..!? Why four legs, or even two ..? Instability assured… And Nature has donned animals with legs to get over tree trunks and boulders and the like yes, but maybe only because natural evolution only happens from the happenstantial last known good configuration not the clean slate ‘we’ now have when designing <anything that may silently carry some possibly superhuman load over rough terrain>.
Which is to say: Aren’t hugely more simple (contradictio semantics intended) machines possible with … even yesterday’s technology, that can do the same with no legs or completely different configurations of them? E.g., have ‘spurious’ legs on the back to be able to roll over (on purpose!) and still walk on? Tracks ..? Number Five is Alive! Silent ops can be achieved easily, just ‘invite’ some Rolls-Royce experts…
One only needs to add a gun of whatever size, and some Autonomous in the ops, and hey presto! A possibly much lighter than average soldier (easily stacked even more uncomfortably (possible?) in some freight plane for transport to the theatre) carrying possibly more, and a bigger gun a piece. No weak knees, or remotely operated — wouldn’t limited-autonomy ‘soldiers’ be able to be steered in platoons at a time from far away (and far away from anything officer-like or mayhem may ensue [disclaimer: once briefly was one]) and have an easy development of ‘grounded-drone’ armies.

After which, the Singularity takes over these all. Or just a bunch of the most capable.
Or, nearer future, some party being more than average removed from the artificial intelligence of the S i.e., some rogue general. How to stop such a guy (F/M) ..?

OK, you know where to drop the Challenge prize money, thanks. … … Or, the whole thing’s just a hoax to throw researchers of the too democratic inclination, off path since the research into the above is already progressing impressively… And:
DSC_0991
[Hung from not hang over though that might (??) still apply to the operator; DC of course]

KVZP’ers

Euhm, er is nog steeds de grote waterscheiding tussen enerzijds ‘vaste’ dienstverbanden en anderzijds per-uur inhuurbare/dumpbare ZP’ers, lijkt het wel. Ja, er zijn wat moeizame tussenvormen gevonden; het tijdelijk contract (vast tot het niet vast meer is), de urenopdracht (ingeschatte inzet — waar de opdrachtgever met een …smoes wel onderuitkruipt), etc., maar echt zoden aan de dijk zet het niet. Problemen te over; pensioen’verplicht’ingen, sociale zekerheid(sopbouw, -rechten en –solidariteit), inkomenszekerheid (waar een ‘vast’ dienstverband, hoewel absoluut even snel op de tocht staand als een vaste opdracht, wél een hypotheekzekerheid is en een grotere financiële reserve niet), enzovoorts enzoverder.
Vraag is nu of er al eens is bestudeerd hoe het idee van kort-verbandvrijwilliger uit defensiekringen zou kunnen worden vertaald buiten de sector. Want het lijkt alsof ondanks het trage imago juist defensiekringen organisatiekundig alwéér mijlenver voorlopen op de rest, de oh zo veel flitsender verklaarde kwijlebabbelzelfverdedigingshulpelozen.

Arme KMKTDOs (KanslozenMetKuddesTeDrijvenOndergeschikten) … en:
DSC_0151
[Uitkijkend over, zonder grip; Noto]

Meldt uzelve, out of control

Met al die seminars en cursussen over de Wet meldplicht datalekken lijkt het wel of het meldplichtprocedurenaarbinnenrammen dé oplossing is voor al uw privacy-problemen.
Terwijl het natuurlijk niet meer is dan het perfect regelen van het naar buiten toe rondroepen van de totaal transparante schuld zodra (niet als) er iets misgaat.

Over het voorkomen dat beter is dan genezen (en dat is implementatie van de meldplicht-procedures nog verre van), horen we een stuk minder. Hooguit bij degenen die nu én zometeen de kous op de kop krijgen; dat alles anders moet terwijl het a. nu vaak al best prima geregeld is, b. zometeen niet beter zal zijn (feit bij voorbaat), c. a en b gelden binnen de kaders van de nu en dan geldende organisatorische belemmeringen van budget, tijd en wil van boven, om de zaken beter te regelen.
Het kan ook anders anders: preventief. Leest en ziet.

En ook:
DSCN8603b
[Zonder privacy, een saaie wereld …; Zuid-As maar da’s duidelijk]

Bow the Stork Tie

When analyzing the Stork methodology for EU-wide federated eID- and authentication methods and technology, again one stumbles (rather, ‘ they’ do) over the bow tie of CIA, mostly C, controls. Too bad. Usually, ENISA(-involved) stuff is Great quality. Now, quite too much less so.
Which is too bad. To note, we already commented on the classical CIA rating (incl the bow tie fallacy) before. Now, the CIA seems to have something to bring to bear on CIA as well. Better study hard …!

Oh well …:
DSCN9668
[Weaving transparency and stability, Cala at Hoofddorp again]

SocMed usage trends

FYI, some overview of SocMed platform usage, for your study and divertissement — did you already know them all, and what would this all mean for your strategy and 2016 tactics ..?
Plain from Aurelie Valtat, a very good read in its own right:
social-media-users-nov2015

So, … No Medium in the list, also no WordPress et al ..?
One would expect that, according to this:
Social-media-landscape-2015

So, … again … There’s no overview available for all media combined. You’ll have to puzzle and guess forward into 2016 … Good luck.

More valid today than in 2008

Because everyone and their dog noted the Good Ol’ Days of housing price ridiculousness have returned and the bwankers’ moronity has never gone away, the following vids are of more import than ever:
Part 1: here;
part 2: here;
part 3: here;
part 4: here.

That’ll be all for now; recovering from my Abrams birthday party still. And:
DSCN8626cut
[Trend’s just a matter of perspective. Mo’ money, no problem equals Zuid-As Amsterdam]

RCSA is close to BAU

Close, as in no cigar yet (has the US ban on Cuban import been lifted already?).
But definitely, Risk Control Self-Assessments would, if carried out properly, be that major part of management’s daily (sic) chores that wouldn’t need annual get-togethers coaxed by outsiders (sic) but would be Business As Usual in operational practice. Maybe needing some periodic (weekly? monthly? certainly more than as now weakly annually) departmental review gathering but not a stage show as if this is the holy grail of business information flow. After which the ‘second line’ (as the back not even middle office function) receives the (right) info and acknowledges that the ‘first’ line has so much better sensors since they’re the first line par excellence, integrates the info into the upward report flow and reverts to fine-tuning the tools they provide to first-liners, and furthermore does … nothing. Second line is helpers, not dictators-by-soft-smothering. When it would turn out that all the high-quality hence qualitative (the reverse for quantitative) risk pics cannot be easily integrated into one pic, that’s too bad for the integrators but an appropriate (!) reflection of reality.

And if, on the other hand, first-liners need to be taken away from their actual productive work to sit in some song-and-dance by second-liners because it was so decreed by ‘governance’ levels (emperor’s clothes!), the very objectives will not be achieved. Since the ‘do something’ by deep-lying incompetence has lead to the wrong turn into a blind alley whereas the broad avenue (something like Younge Street) between wilderness and high (?) culture.

[I scheduled this post a couple of weeks ago for release in a couple of weeks but new developments seem to speed things up. For my many posts against Form over Substance … just search this blog for ‘TLD’ or bureaucracy …]
Won’t rant (too much) on; keep it to RCSA = BAU + quite some ε still, and:
DSC_0015
[Distorted? Only your picture is, here for a change, by standing too close; true reality is  not at the Edinburg Royal Mile!]

One IoTA FYI

To close off [almost, since @KPN fraud themselves away from bankruptcy by series of outright lies to customers and tort] the year with a wild shot, ahead:
There is value in the information analysis in IoT, as described in Gelernter and many since, of the two-way flow of information. One, flowing up are information in the form of answers as aggregations or pattern matched tuples(ets); the other going down, being both commands and inquiries/questions.

This fits the IoT world snugly, and should be taken into account when developing IoTAuditing frameworks:
What we’re after of course in all of auditing — and this we consider self-evident or else go back to study auditing fundamentals, from agency theory! — is the controls that keep the quality of the back/forth i.e. down/up information flows within (client-!)required margins. No more! But be aware of who the client really is, not the one doing the actual paying. So, we may focus on the integrity of the information flows first and foremost, then the continuity (availability), and then confidentiality as an afterthought.
With neat break-downs to isolation, appropriate input/output buffering (anyone still aware of the difference between an interrupt and a trap? If not, take a hike and learn, and weep), integrity controls above all. And some thing on (establishing) the quality of aggregation and of the questions being pushed down — when the wrong questions get asked e.g. by lack of understanding of the subject matter (sic), as is so very commonplace in the vast majority of organisations today, the wrong results will turn up from within the data pool (reporting ‘up’wards).

And of course there’s the divide between
the operational world where actual business is done (either administratively in offices though one could argue (i.e. proof beyond recovery) that this isn’t actually doing anything worthwhile, or producing stuff), and
the busybodies world ‘above’ (quod non) that, which thinks (wrongly) to be able to ‘control’ and ‘steer’ the productive body, sometimes rising itself into the thin air levels of absolute ridicule (by) branding itself ‘governance’.
But do re-read all of last year’s posts and weep. But do also see the implications for variance in the integrity, availability, and confidentiality needs at various (sub)levels.

And:
DSCN2229
[The 2016 way is up; Cala at Barça]

Maverisk / Étoiles du Nord