Mostly on wine. Also: IRM/InfoSec/I-Advisory and -Audit services. Positive contrarian, inspirator, loosen-upper.
[Easy to get in. Valencia]
Suddenly, an uproar over this Mask APT that appears to have been around for seven years. Oh. Not much of an uproar. Also not over this.
Some may remember my prediction, from way back i.e. two months ago [not even going to put in links; just browse the Predictions category of posts], that 2014 would be the year of APTs, among others. Now, I almost feel that it isn’t 2014 but just January. Too bad!
Or, if you would want to shed light on this, do comment.
[Meant as gateway, not closure]
Earlier, as in here, here and here, and other places apart from these, I floated the idea of redesigning the way we tackle the core of Information security. Unfortunately, I don’t have sufficient time (yet!) in lunch breaks to get it all together in one big white paper hence I’ll drop some elements here, again.
I’ll keep working on collecting loose ends, so when I find time, I can integrate it all, including your comments, of which I have received so much. Not so much. As one. Single. Comment.
Herewith, then, to start off, a picture I took from … somewhere, probably the ISACA site somewhere. I’ll work from this, structuring the story line from top to bottom, first how we do it now (kindergarten level, with the pretense, pomp and circumstance of high priests doing high art), next, how it should be done ndash; qualitatively, vaguely, massaging off the rough edges and not being able to do much more except for the hardest cores of security (Remember the pyramid I presented? Read up via the above links).
Also, I’ll drill down a bit on the design of controls, according the lines sketched earlier (yup, see links again) and using an augmented [By me; disclaimer [Huh? When it’s by me: Why …!?]: *value may not be included] anti-fraud matrix à la:
Which will have an advice that visually is something like this, of course:
which is very different from the usual “Uhhhh, dunno, do we have a Motivation or Rationalisation here, dude..? Can’t progress until we figure out.” i.e. is design and action oriented.
But then, this matrix will be overlaid (third dimension) on the SABSA matrix I guess. Though I’ll make it very clear that SABSA is all very well, but very much focused on the bottom layers of itself only, the bottom layers of the InfoSec pyramid I sketched. And, upwards, there’s much methodological confusion. In particular re its Information and Conceptual / Context / Wisdom definitions and placements.
And of course I’ll throw in a bit of ABAC referring to this.
OK. Time’s up!
Which means I welcome your comments. One may dream, right …?
[Bank towering over daily affairs? Nopes!]
OK, a final (?) note then on Bitcoin et al.
Because we haven’t discussed the non[?]-currency equivalents yet. Austrian Freigeld, Swiss (very succesful, still very much operational) WIR and Dutch Noppes (nothingnadas), that sort of stuff. And now, there’s Qoin, working internationally. Because Noppes “… didn’t deliver the required result. By linking noppes to the guilder [now euro], there was no market efficiency. With noppes, the rich still got richer. A lawyer could hire a cleaner very cheaply, whilst people with little talent and a greater demand for care, were left out.” OK …
Why then, link up with the community currency Makkies (‘hendies’), where the unit of calculation is someone’s hour of performance regardless of any-currency going rate ..?
And why not drop all the stuff altogether, and move to the full digital currency schemes? [Suddenly realise how ominous that can read.]
But I may repeat myself from that post, and others.
Conclusion: Crisis makes creative; let so many ‘genetic’ variants spring up in ‘richer’ times (rich of need, in a surprising evolution theory plot twist), and all but a few be weeded out once the real pressure comes on. And we’ll end up in Singularity armageddon.
[Baroque ideas of yours]
Yes, it’s bias time again. The sixt of the series of biases that you, yes you, have. Even if you are aware of these, and even if you consciously try to correct for them to be, heh, ‘objective’, as in what e.g. auditors pursue, you will fail.
Formal fallacies are arguments that are fallacious due to an error in their form or technical structure. All formal fallacies are specific types of non sequiturs.
[Hundertwasser questioning your presumptions]
Yes, it’s bias time again. The fifth of the series of biases that you, yes you, have. (Previous one, here) Even if you are aware of these, and even if you consciously try to correct for them to be, heh, ‘objective’, as in what e.g. auditors pursue, you will fail.
[Or a mess, when addressed too formally]
Yet another ‘Book By Quote’ then (An attempt to subjectively summarise a book by the quotes I found worthwhile to mark, to remember. Be aware that the quotes as such, aren’t a real unbiased ‘objective’ summary; most often I heartily advise to read the book yourself..!)
So, this time: Henry Mintzberg’s Managing, Pearson Books, 2011, ISBN 9780273745624.
Bramwell Tovey of the Winnipeg Symphony Orchestra stepped off his podium to talk about the job. “The hard part,” he said, “is the rehearsal process,” not the performance. (p.5)
The more we obsess about leadership, the less we seem to get. (p.9)
After years of seeking Holy Grails, it is time to recognise that managing is neither a science nor a profession; it is a practice, learned primarily through experience, and rooted in context. (p.9)
But effective managing is more dependent on art, and is especially rooted in craft. (p.10)
Most of the work that can be programmed in an organization need not concern its managers directly; specialists can do it. That leaves the managers with much of the messy stuff – the intractable problems, the complicated connections. (p.10)
The Internet may be driving much management practice over the edge, making it so frenetic that it has become dysfunctional: too superficial, too disconnected, too conformist. (p.40)
… depicting management as taking place on three planes: information, people, and action, inside the unit and beyond it. (p.43)
Let me consider two possible explanations. The first is that, as in other primitive societies, we live in mortal fear of our own gods, or at least our own myths, and management/leadership is surely one of them. Perhaps we fear the consequences of revealing their nakedness, or our own. Of course, we write about “leadership,” ad nauseam, but little of that touches on the everyday realities of managing. (p.46)
A good part of the work of managing involves doing what specialists do, but in particular ways that make use of the manager’s special contacts, status, and information. (p.47)
As Whitley put it, managing is “not so much focused on ‘solving’ discreet, well bounded individual problems as in dealing with a continuing series of internally related and fluid tasks”… (p.51)
Imagine biology with no vocabulary to discuss species: how to distinguish, for example, beavers from bears without any word beyond mammal? This is the state we are in when it comes to organizations, in practice as well as in research: we have little vocabulary beyond the word organization. (p.106)
• The Entrepreneurial Organization: centralized around a single leader, who engages in considerable doing and dealing as well as strategic visioning
• The Machine Organization: formally structured, with simple repetitive operational tasks (classic bureaucracy), its managers functioning in clearly delineated hierarchies of authority and engaging in a considerable amount of controlling
• The Professional Organization: comprising professionals who do the operating work largely on their own, while the managers focus more externally, on linking and dealing, to support and protect the professionals
• The Project Organization (Adhocracy): built around project teams of experts that innovate, while the senior managers engage in linking and dealing to secure the projects, and the project managers concentrate on leading for teamwork, doing for execution, and linking to connect the different teams together
• The Missionary Organization: dominated by a strong culture, with the managers emphasizing leading to enhance and sustain that culture
• The Political Organization: dominated by conflict, with the managers sometimes having to emphasize doing and dealing in the form of firefighting (pp.106-107)
… “downsizings.” This looks to be a contemporary form of bloodletting – the cure for every corporate disease. (p.111)
In other words, pressure in this job is business as usual – … managing is “one damn thing after another”. Brian Adams of Bombardier was not in a classical job of “managing by exception”; his was a job of the management of exceptions. (p. 116)
If one factor stood out in these days of observation, it was proactiveness : the extent to which the managers used whatever degrees of freedom available for the benefit of their units or organizations, even if that was to reinforce stability. (p.122)
This assumption, that we can change our behaviours the way we change our golf clubs – a long-standing one in much of applied psychology and management development – needs to be scrutinized. (p.131)
The effective manager may more usually be the one whose natural style fits the context, rather than the one who changes style to fit context, or context to fit style (let alone being a so-called professional manager whose style is supposed to fit all contexts). (p.132)
If such questions could be resolved simply, they would go away. They remain because they are rooted in a set of conundrums that are basic to managing – concerns that cannot be resolved. In the words of Chester Barnard: “It is precisely the function of the executive … to reconcile conflicting forces, instincts, interests, conditions, positions and ideals”(1938:21). Notice his use of the word reconcile, not resolve. (p.158)
Hence … the job of managing does not develop reflective planners; rather it breeds adaptive information manipulators who prefer a stimulus-response milieu. (Mintzberg 1973:5) (p.160)
Given the dynamic nature of their job, managers have to find time to step back and out; this has to become intrinsic to their work. Reflection without action may be passive, but action without reflection is thoughtless. (p.160)
When Michael Porter wrote in The Economist that “I favour a set of analytic techniques to develop strategy” (1987), he was dead wrong: Nobody ever developed a strategy through a technique. (p.162)
Strategies are not tablets carved atop mountains, to be carried down for execution; they are learned on the ground by anyone who has the experience and capacity to see the general beyond the specifics. Remaining in the stratosphere of the conceptual is no better than having one’s feet firmly planted in concrete. (p.163)
Structure is supposed to take care of organization, just as planning is supposed to take care of strategy. Anyone who believes this should find a job as a hermit. (p.164)
Nothing is more dangerous in an organization than a manager with little to do. (p.165)
Common these days is what can be called the administrative gap. … A gaping hole exists between those who administer and those who deliver the basic services. (p. 171)
“Top management’s insistence [at a teleconference “far removed from the world of murky technology, shims, improvisation, and tacit understanding that engineers used to make the shuttle fly”] on explicit argument as a substitute for their own lack of firsthand experience silenced te tacit reservations that foreshadowed tragedy”(Weick 1997:395) (p.173)
It has become a popular adage that if you can’t measure it, you can’t manage it. That’s strange, because who has ever really measured the performance of management itself? I guess this means that management can not be managed. … Apparently we have to get rid of both management and measurement – thanks to measurement. (p.176)
1. Hard data are limited in scope. They may provide the basis for description, but often not for explanation. (p.177)
2. Hard data are often excessively aggregated. … It’s fine to see the forest from the trees – unless you’re in the lumber business. Most managers are in the lumber business: they need to know about the trees, too. Too much management takes place as from a helicopter, where the trees look like a green carpet. (p.177)
… we have to cease being mesmerized by the numbers and stop letting the hard information drive out the soft, instead combining both whenever possible. (pp.178-179)
As Tom Peters put it, in managerial work “’sloppiness’ is normal, probably inevitable, and usually sensible” (1979:171) (p. 180)
The organization may need predictability, but the world has this nasty habit of sometimes becoming unpredictable: … (p. 180)
Hierarchies work in both directions, so what is sent down has a habit of coming back up, and when a manager imposes a nice neat plan and gets back nice neat reports – on how nicely and neatly the plan was supposedly executed. (p.181)
In other words, managers often have to feign confidence. For reasonably modest managers, this can be difficult enough; for the supremenly confident, it may not be difficult at all, just catastrophic. (p.186)
If you are sure of the facts and are positive of the right corrective action to be taken, if you endorse any single answer, you’re dead. (Pascale and Athos, p.188)
… succesful managers are flawed – we are all flawed – but their particular flawsare not fatal, at least under the circumstances. (p.197)
Fatally flawed are those superman lists of managerial qualities, because they are utopian. (p.198)
That is why the terms “calculated chaos” and “controlled disorder” apply so well to managerial work. (p.210)
To appreciate other people’s worlds does not mean to invade their privacy or to “mind-read” them, which can be condescending. Lewis et al. found these to be “destructive characteristics” seen only in “the most severely dysfunctional families” (p.213). (p.213)
Hiro Itami …told the participating managers: “Management is not to control people. Rather it is to let them cooperate.” (p.213)
Collaboration is not about “motivating” or “empowering” people in the unit, because as noted earlier that may just reinforce the manager’s authority. It is rather in helping them, and others outside the unit, work together … (p. 214)
Managing seems to work especially weel when it helps to bring out the energy that exists naturally within people. It is important to appreciate that there is nothing especially magical about this thread, no great characteristic of leadership. (p.214)
Mary Parker Follett wrote in 1920 that “the test of a foreman is not how good he is at bossing, but how little bossing he has to do.” (p.215)
Managers who try to go it alone typically end up overcontrolling — issuing orders and deeming performance in the hope that authority will ensure compliance. (p.215)
To quote Isaac Bashevis Singer in what could be a motto for the effective manager: “We have to believe in free will; we’ve got no choice.” (p.216)
Effective managers thus do not act like victims. They are “agents of change,” not “targets of change”. (p.216)
Managing is a tapestry woven of the threads of reflection, analysis, worldliness, collaboration, and proactiveness, all f it infused with personal energy and bounded by social integration. (p.217)
Managers should be selected for their flaws as much as for their qualities. (p.219)
Managing happens on the inside, within the unit (with the roles of controlling, leading, doing, and communicating), and on the outside, beyond the unit (through the roles of linking, dealing, and communicating). Yet it is usually people outside the unit who control the selection of its manager … What sense does this make, especially when it is so much easier to impress outsiders, who have not had to live with the candidates on a daily basis? Charm may be one criterion for selection, but hardly the main one. (p.220)
If one simple prescription could improve the effectiveness of managing monumentally, it is giving voice in the selection processes to those people who know the candidates best – namely, the one who have been managed by them. (p.220)
There seems to be some tendency of late, at least for senior positions, to favor outsiders: the new broom that can sweep clean. Unfortunately, the sweeping may be done by the devil the selection committee does not know, while the sweeper may not know enough to distinguish the real dirt. So the danger arises, especially in this age of heroic leadership, that the new broom will sweep out the heart and soul of the enterprise. (p.221)
Managers are not effective, Matches are effective. (p.222)
Maccaby does add that “a visionary born in the wrong time can seem like a pompous buffoon.” (p.222)
A healthy organization is not a collection of detached human resources who simply look after their own turf; it is a community of responsible human beings who care about the entire system and its long-term survival. (p.223)
A society that is based on the letter of the law and never reaches any higher is taking very scarce advantage of the high level of human poossibilities. The letter of the law is too cold and formal to have a beneficial effect on society. Whenever the tissue of society is woven of legalistic relations, there is an atmoshpere of moral mediocrity, paralyzing man’s most noble impulses. (Aleksander Solzhenitsyn, p.224)
Executive impact has to be assessed in the long run, and we don’t know how to measure performance in the long run, at least as attributable to specific managers. So executive bonuses should be eliminated. Period. (p.225)
Sure, measure what you can. But then be sure to judge the rest: don’t be mesmerized by measurement. Unfortunately, we so often are, causing us to drive out judgement. (p.224)
To be effective in any managerial position, tere is a need for thoughtfulness – not dogma, not greed risen to some high art, not fashionable technique, not me-too strategies, not all that “leadership” hype, just plain old judgement. (p.226)
“Consider a book you read recently [may not apply to many today’s managers, ed.]: can you quantify its costs?” Sure: so much money to purchase it, so many hours to read it. “Good. Now, please quantify the benefits. If you can do that – measure its impact on you – please let me know and I will do the same for the program.” (p.226)
Managers, let alone leaders, cannot be created in a classroom. (p.227)
Most management education and much management development is organized around the business functions. This is fine for learning about business, but marketing + finance + accounting, etc., does not = management. (p.229)
Management is a very practical, down-to-earth activity. There are no profound truths about it to be discovered and there are no hidden secrets to be uncovered about how to do it. Management is a very simple activity which involves bringing together people and resources to produce goods or services .. The message is to lighten up a bit – be playful, agile, and alert. (Watson 1994:215-216; p.234)
[What a view]
I was unpleasantly surprised by Tim Harford’s note on mazes in the economy.
Because he’s so right: We’re all taken for a ride, not only in casinos but ever more often, IRL, with utilities (among which phone) subscriptions and many other things we need (not ‘want’, but need!). And we have no way to control it, not even collectively…
![[Caen; secure?]](https://maverisk.nl/wp-content/uploads/dscn8296.jpg)
[Caen; secure?]
To start, just as a quote, then, from Bruce Schneier’s blog:
Income Inequality as a Security Issue
This is an interesting way to characterizing income inequality as a security issue:…growing inequality menaces vigorous societies. It is a proxy for how effectively an elite has constructed institutions that extract value from the rest of society. Professor Sam Bowles, also part of the INET network, goes further. He argues that inequality pulls production away from value creation to protecting and securing the wealthy’s assets: one in five of the British workforce, for example, works as “guard labour” — in security, policing, law, surveillance and forms of IT that control and monitor. The higher inequality, the greater the proportion of a workforce deployed as guard workers, who generate little value and lower overall productivity.”
This is an expansion of my notion of security as a tax on the honest. From Liars and Outliers:
Francis Fukuyama wrote: “Widespread distrust in society…imposes a kind of tax on all forms of economic activity, a tax that high-trust societies do not have to pay.” It’s a tax on the honest. It’s a tax imposed on ourselves by ourselves, because, human nature being what it is, too many of us would otherwise become hawks and take advantage of the rest of us. And it’s an expensive tax.
The argument here is that the greater the inequality, the greater the tax. And because much of this security tax protects the wealthy from the poor, it’s a regressive tax.
Now throw in a bit of Jaron Lanier’s You Own the Future and we’re all set…
[Open inside]
Yes, it’s bias time again. The fourth of the series of biases that you, yes you, have. Even if you are aware of these, and even if you consciously try to correct for them to be, heh, ‘objective’, as in what e.g. auditors pursue, you will fail.
[Bastion; inside/outside]
Yes, it’s bias time again. The third of the series of biases that you, yes you, have. (previous one here.) Even if you are aware of these, and even if you consciously try to correct for them to be, heh, ‘objective’, as in what e.g. auditors pursue, you will fail.
Voor sigaren bepalen we het profiel aan de hand van de criteria Smaak, Balans, Body, Sterkte, Aroma en Finish.
Voor Smaak pakken we het aromawiel erbij. Let wel I; wat u proeft of verwacht, kan gedurende de diverse fasen van het roken nog variëren... En let wel II; er zijn ook aspecten die nog niet zozeer als aroma staan aangegeven in het wiel, we denken aan termen als (ja de sigarenwereld is langzamerhand, helaashelaas US-, Engels geworden) zesty, tangy, floral, en earthy, of soms zelfs metallic. Lijkende termen die een combi zouden kunnen zijn van diverse aromas en papillaire en olfactorische/nasale sensaties en -tactiele invloeden. Hierbij komen termen als 'complex' uiteraard ook bijgepakt, om in dit geval te beschrijven dat er vele aromas herkenbaar zijn. Rustig roken, dat is niet alleen beschaafder en allerlei sigarenrokeneffecten-versterkend maar biedt ook meer kans om aromas te onderscheiden.
Balans is voor de hand liggend; of de zoete, zure, zoute en bittere tonen (OK, en 'umami'...) in balans zijn. Ja, ook bij een sigaar – al zal het meestal gaan over de balans tussen 'creamy' en 'spicy' en gaat het meestal mis door te veel bitter of te veel spiciness.
Body gaat over de volheid, in dit geval vooral te bepalen aan de volheid, dikte, dichtheid van de rook. Die ook een gevoel geeft; 'light' is als een licht bier, 'full-bodied' is als een rechttoe-rechtaan whisky of cognac.
Overigens hoort bij Body ook textuur, 'leathery', 'meaty', 'silky', 'creamy', 'soft', 'succulent', 'woody', 'chalky', 'dry', 'oily' en 'spicy'. Die dus net niet hetzelfde zijn als de aroma-indicatoren uit het wiel; soms overlappend. Niet handig maar zo is het nu eenmaal.
Sterkte is een wat eenvoudiger maat voor het nicotinegehalte van de sigaar. De topbladeren van een tabaksplant heeft meer nicotine dan de lagere bladeren – me(n) dunkt dat de topbladeren zijn waar de plant verder wil groeien en dus betere bescherming nodig heeft van de nico; lager is het wat ouder en 'expendible' dus ga je daar als plant niet je nico op concentreren ..? Waar de sigaar van gemaakt is, heeft dus invloed. Kan je meestal niet kiezen, maar wel proeven. Rustig roken is ook hier handig; om een nico-klap/duizel te voorkomen bij het opstaan.
Aroma dan, vervolgens. Ook hier kan het aromawiel worden ingezet. Vreemd genoeg is het moeilijk de aromas te bepalen als we zelf roken; iemand anders' rook kunnen we beter analyseren. Of we blazen de rook door de neus uit ('retrohaleren'), dan hebben we wel de volle verfijning (ga ik vanuit, lezer!) van onze neus ter beschikking. Bedenk bij het 'benoemen' overigens dat we veel meer uit ons geheugen putten, qua eten en drinken!, dan we wellicht zelf(s) denken. Dus rare smaken herkennen is niet raar.
De Finish ten slotte is kort of lang, naargelang de aromas lang op de tong (sic) blijven hangen. Milde sigaren zijn nogal eens kort – hetgeen niks zegt over de complexiteit, overigens. Hierin zit ook de reden om een zwaar (sterkte)kanon na een milde te nemen, niet andersom.
Als het gaat over de champagnes en hun profielen, pakken we er de (echte en semi-)klassieke wijn-analyses bij die we allemaal wel kennen; onderscheidend in [Hier verder. In ieder geval https://www.wijnwinewein.nl/hoe-proef-je-wijn/ en aromawiel + zuurgraad/tannines/body(viscositeit/alcohol/tannines/smaakintensiteit/mondgevoel)/afdronk + Aanzet/Zuren/Zachtheid/Tannine/Body en alcohol/Afdronk/Smaken dus de aromas bijna-los van structurele criteria. Dan de smaken matchen met die van sigaren, of niet; Klosse's overlap/contrasten erbij halen en dan verder. En toespitsen op champagnes... pak het smaak-plaatje van het CIVC erbij!]
Dear reader; bij deze dus de waarschuwing dat u vanaf hier (?, inderdaad, echt niet alleen hier) serieus te lange zinnen tegenkomt.
Ach, daar ben ik me prima van bewust, mijn hele blog is immers ook een poging tot schrijfoefening in alle facetten. Sommige posts daar blinken uit door korte zinnen en ellipsis; ook deze pagina is opgesteld als tegenwicht. En ik vertrouw erop dat u dat gewoon doorlezend aankunt.
Als voorbeeld: Oplettende lezers zullen opmerken dat onderstaande waar het uitweidingen achter links naar andere pagina's betreft wellicht beter met behulp van OnMouseOver's, alt-tekstblokken of andere tags per pop-uppable item zou kunnen zijn geïmplementeerd maar ik heb het zo gekozen en ik kan best komma's toevoegen in deze zin maar ook dat heb ik achterwege gelaten zonder de leesbaarheid of de begrijpbaarheid in het gedrang te brengen.
Inderdaad, het ontwikkelde, ik schreef, een en ander vanuit een voortdurende, voortgaande research. Na zoeken in het wilde weg algemeen, navraag bij het Comité (iv) Champagne, een aanvullend zelfzoeken met Google Satellite én Street View zowel rond de officiële als in het algemeen, kwam ik tot de Lijst Van (uiteindelijk) 78. De en passant gevonden kaarten leidden tot enige aanvulling. Toen kwam ik Weinlagen.de tegen en tsja dan ben ik niet meer te houden qua sys-te-matisch alle streken én plaatsjes af! Hoewel, ... in onderstaande tabel heb ik maar niet meer voor ieder stuks de Street View erop losgelaten of onderstaand ingevuld. Terwijl ik er vanuit ga dat dit alles nog aanvulling kan krijgen ... Les Clos Inconnus zijn uiteraard zichzelf.
De gangen kwamen al zeer onregelmatig door, en met andere tafels die uitliepen en/of (weer) bijtrokken, tot zeer ver inhalen zelfs, tot gang 6 van de 7 tachtig (schrijve: 80) minuten op zich liet wachten, ondanks diverse malen navraag. Waarna het nauwelijks-opgewarmde pompoen met koude polenta bleek te zijn; "dat hoort zo" ammehoela. Nee, het niet-koude nagerecht erna hebben we niet gehaald; we zijn opgestaan en weggegaan. Die zien ons nooit meer, zeker omdat de bediening ook Zwak was (gangen aan verkeerde tafeltjes serveren want die waren al twee gangen verder), etc. En balsimaco-saus dus, 'et al.'...
Huh, da's écht voor de Insiders..? Inmiddels wel toegestaan als aanplant, maar nog zo'n drie tot tien jaar onderweg voor er de eerste re-de-lijke wijnen van kunnen worden gemaakt en dan is het nog maar afwachten. En dan had je Floreal, Artaban en Vidoc nog niet gezien. Die mogen (in de toekomst) ook... En dan is het Comité Champagne ook nog bezig met kruisingen van de Top 3, Arbane, Meslier, en Gouais. #feest
