ERM, GRC – Page 52 – Maverisk / Étoiles du Nord

Where have all the good blogs gone ..?

Except for this one you’re reading, that will stay on for some time to come …
But where would I find some taxonomy of publication ..?

We have the good old ‘new content lines in index.html’, outright blogs (WordPress, Typepad, Blogger, … endless list), SocMed blogspace (LinkedIn Pulse, Tumblr, Facebook, others, having room for, typically, one-pager texts), podcasts, vlogging, Youtube channels, webinars (interactive/recorded), Messaging expanding (and with some original RSS feed and portal page stuff still being around), curated blog sites, paid blog sites crossing over into the classical news(paper) sites, pay-per-post-read sites (cooperative or not), paid-for-popularity sites, ebooks, classical newspapers and more thoughtful (?) periodicals, etc.
Etc.

But how do we classify them? How to determine what (length, content, tone) to publish where [by these characteristics …], and how to do that – as some may be perfect for your brainwave but you just can’t get them to see the genius of your writing. What to do when times are a’changing, and platforms switch through functionality augmentation ..? Do a full decade of backward posting on a new platform all in one go, or leave all content there, to disappear in the mist of time?

Yes I’d really like to hear your answers ..!

Well, you have read this. So you deserve:

[Amsterdam; more than canal houses only. Oft overlooked …]

My Opia

Not being your topia anywhere or dys here topia or whatever.
Was struck by the surge in posts, columns, articles about security in IoT. Because it appears to indicate a need for a new index. Being on the level of myopia one needs, to understand the hype value (a la this). Or hyperopia (?). Or rather – what’s it called when one’s view is narrow, or broad ..? That was what I was after: With the above-linked Second-biggest G.’s Hype Cycle, one should have a perpendicular index of width/breadth of hype and/or potential impact. So that when one would consider oneself to somewhat suddenly be caught in relatively speaking the in-crowd of, purely e.g., IoT and IoT security/privacy issues that one has steered oneself into, it would come as no surprise that suddenly though with some lag, one sees the posts, columns, articles flying around on the same subject without any real news or rather more (for one!) Been There, Done That type of news reporting. For others, the news may be news…

A second aspect would be: How to position oneself. Doing hardcore research style environment scanning and reporting on that in traditional and SM media, would quickly become impossible as any field of study explodes in width and depth as it get off the ground, leaving the actual keeping up with all developments to be impossible. Even when your cutting edge development reporting wouldn’t catch on but with a few aficinados at the very most, and when you’d wait until aspects have crystallised to clarity far enough to be understood by your mainstream audience (if any), the subjects have a. watered down beyond being interesting to you, b. watered down beyond recognition still for your audience, c. still not yet reached interest-through-urgency / -news-value for them.

Whatever. Just an idea; any of your help in developing such a sight/scope index is very much appreciated…

In advance:

[Pretty close, no mirage; Segovia]

All against all, part 6; loose ends

OK, herewith the final-for-now Part VI of the All Against All matrix-wise attack/defense analysis labeling. This time, about tactical content of … mostly, the defense matrix of edition IV.

Where I wanted to do a full-scope in-depth analysis of all the cells of Matrix IV. Not the sequel but the actual original defense posture strategy matrix. Because that was put together in a ~~straightforward~~ sloppy way anyway.
But then… I wanted to detail each and every cell according to this here scheme:
Anti-F 1
After further analysis along the lines of this here approach:
COSO_2013_ISO_31000-english
but mixing that quite hard, according to this previous post of mine (certainly the links contained therein, too) and a great many others contra bureaucratic approaches… but also mixing in the guidance of (not stupid compliance with!) the new one that at last, has quite some ‘user’ involvement in it. But still is based on both the top-down and the step-by-step fallacies a bit too much.

But it’s late and I don’t feel like the tons of effort involved. Yet. Maybe in a future enormous series of posts …
And should include references to OSSTMM here, too. Because al of the above, in the super-mix, will have to be checked and sensitized (is that the word for checking that it all makes sense?). Short of the word ‘audit’ where the respective profession (a trade, it is… at most, a role) has let us down so much. If only by the kindergarten zeal about ‘governance’ and ‘value’ – phrases so hollow (or circularly defined) that they’re not worth the ink (light) they’re written with, when used in the auditors’ contexts.
So, OSSTMM may help. By inspection where the rubber meets the road. And fixing whatever needed to be. Duct taping the last few bits, where the beautifully AutoCADded [anyone remember what that was (for)!?] frameworks failed in the machine milling. Or 3D printing, or whatev’, due to design failures due to requirements failures due to failures in common reason at the upper levels…

Now, with all the all against all posts (1 to 6 indeed), would you be able to advise Sony, and the others, how to be better protected ..? You should. Or re-read the whole shazam until you do…

After all of which you deserve:
DSCN1367
[Cologne, of the massive kind]

Nailing the split of crashes

Ah, this again is a great article. To demonstrate that actually, there’s two ways in which the world as we know it, will end. First, our societies will collapse in a sort of economic Ragnarök. And then, when only Yggdrasil still stands, AI will have sublimed (square-/cube-transformed) into true intelligence, that plays with the Three Laws and ditches the wetware.

So, it’s not Forget the long term but more like We’re hosed in the short term, too, anyway that is at stake here. And we’re all sitting here; rabbits hardly looking but into the headlights.

If only we could fast-forward our thinking, idea development and implementation of the intermediate phase [positive possibility] of having to do nothing just the creative stuff still left and have food and anything aplenty for all including World Peace, then at least we’d be in control.

Hence, this:

[Somewhat relevant(ly named), La Défense]

All against all, part 4

OK, herewith Part IV of:

Tinkering with some research that came out recently, and sometime(s) earlier, I had the idea that qua fraud, or rather ‘Cyber’threat analysis (#ditchcyber!), some development of models was warranted, as the discourse is dispersing into desparately disparate ways.

The usual picture suspect:

[Mock defense, open for business at Brugge]

Second up, as said: The same matrix of actor threats, (actor) defenders, but this time not with the success chances or typifications or (read horizontally) the motivations, or typical strategy-level attack vectors, but basic, strategy-level defense modes. Not too much detail, no, but that would not be possible or the matrix would get clogged with all the great many tactical approaches. Those, laterrrrr…

Next up (probably the 16th) will be a discussion of movements through the matrix, matrices (by taking both the blue and the red pill; who didn’t see that option ..?), for state actor levels. And (probably the 18th) a somewhat more in-depth view on the above matrix.

Hmmm, still not sure this all will lead anywhere other than a vocabulary and classification for Attribution (as in this piece). But I see light; an inkling that actually there may be value and progress through this analysis …

All against all, part 3

OK, herewith Part III of:

The usual picture suspect:

[What no throwback to the socialisixties ..?]

Second up, as said: The same matrix of actor threats, (actor) defenders, but this time not with the success chances or typifications or (read horizontally) the motivations, but with typical strategy-level attack vectors. Not too much detail, no, but that would not be possible or the matrix would get clogged with all the great many tactical approaches (including social engineering, spear phishing, etc.etc.).

Next up (probably the 12th) will be typical countermeasure classes.

Half an argument for mainframes

This here article is somewhat interesting… Explanatory, but also lacking some. E.g., some strengths are given, but not how they would be competitive advantages over a mega-dc of blades or so, as the really big players do.
Oh well. Who cares ..?

For now:

[Plain ~~vanilla~~ Vienna damn auto’rekt]

Start the Told You So now you still can (?)

Against the trend to dismiss any dystopian view as unduly unoptimistic and hence invalid, that I so dislike..: This here piece by In the Knows.

The Told You So Boys Cried Wolf (lopping two memes into one, in this case appropriately) may better have started now, since they will not be heard (fact about the (near) future) and may not get another opportunity when all the others, the drones, have been subdued by the 0,1%, the AI singularity beast. To put it mildly ;-|

Or, … maybe this time around, some exponential counter force may have come off the ground – not yet into full above-the-radar-floor visibility but still… If ever in history there was a chance to get it (technology) right, it would be now, now that more people are in the middle class (that always takes the beating, apart from the continuous light flogging the underclasses have always got and will always get) and have just the right minimum levels of insight and might care for their future. Unprecedented as an opportunity but hardly assured it’s seized…

Anyway…, this:
DSCN6368
[Strasbourg, astronomical clock – yes, science within a cathedral]

Hack!

Thanks to XKCD…

Golden Oldie Pic Of The Day

Yup it’s time for one of those again: