Information Risk Management – Page 14 – Maverisk / Étoiles du Nord

Panoptic business

Recently, I heard the gross error of thinking again “When people use their business IT for private purposes, they have no right to privacy” – rightly countered from the room that standing European law most clearly has the opposite: Employer has zero rights to see anything unless there’s prior evidence of some malfeasance or malfunctioning (e.g., performance problems – of the employee, not of the infra…). So, blanket or categorical surveillance (or blocking, which presupposes monitoring how the heck else would you detect the to-be-blocked URLs..!?): No sir.

What about the recent spat where a bank blocked Netflix because employees’ use of it at home, using company laptops that Citrixed back to the bank and from there onward, overloaded networks of sad (typo not said, intended to characterise the) bank? Well, a. how dumb can you be to Netflix over Citrix etc, or is one so incredibly cheap (hey, works at bank; apart from the exceptions you know, go figure) that bandwidth cost is an issue? Then maybe you’re too scroogy to be allowed to wok at a bank in the first place; monumental failure of ethics wise, b. in this case, clearly there are performance issues – when it’s noticable on the company network level, certainly it goes for a number of individuals, even if only by disturbing the performance (bandwidth availability) of others. c. there’s no absolutes in what employers cannot do.

But clearly, in just about every case considered today where categorical blocking by blacklisting would be attempted because managers sideways involved in HR stuff would understand what the URL is about, i.e., not-business-related entertainment however SFW or N-, skipping the blacklisting of the really to be blacklisted sites (torrents, malware shops and other rogue tooling),
we have again the panopticon argument of “observation changes behaviour” – and in these times of clueless managers (the less they know that of themselves, the worse cases they are!), you need in particular those ‘users’/employees that go beyond monkey typing away to be creative in their work and find new revenu / cost reduction directions. Which means that when you observe, or only log to be able to observe, you squelch productivity and profitability… Way to go!

Oh, and:

[Not the one mentioned above; HypoVereins München on a heat-hazy day]

AI learning to explain itself

Recently, there was news again that indeed, ABC (or The ‘Alphabet’ Company Formerly Know As Google) was developing AI that could improve itself.
O-kay… No sweat, or sweat, qua bleak future for humankind, but …
Can the ‘AI’ thus developing itself, maybe be turned first to learn how to explain itself ..? Then, this [incl link therein!] will revert to the auditors’ original of second opinions … Since the self-explanatory part may very well be the most difficult part of ‘intelligence’, benefitting the most from the ( AI improving itself )² part or what?

And:

[Improving yourself as the imperative; Frank Lloyd Wright’s Beth Sholom at Elkins Park, PA]

Simply laborious

After some post recently, I was triggered to summarise – and expand …
Since there is a bit of history missing. Being the Theory of Firm. Which is, among other stuff but au fond, about the creation of the manager. As the go-between of ’employees’, as the go-between between the workforce and Capital. As the foreman, the one in charge of coordination – when the people come together because they can achieve more in cooperation than the sum of their individual efforts, through specialisation of labour, those specialised contributions need coming together in one way or another, and the provider of capital (the thing that other raw materials are paid with hence the about-only thing to receive deferred payment; don’t get me started on the so absolute quod-non of the ‘inherent right’ to rent above trivial liquidity and risk compensation…) will want to talk to just one. Originally, sometimes capital provider and leader/cooperation-initiator/manager were one, until external capital was required from parties that extorted control. Big sic there.
Well, now don’t go blaming me that it is on the capital provider side that criminally biased rules and regulations have crept in. Flash capital, extortionist locust ‘capital management’ groups, et al., have forced their mob ways into ‘normal’ conduct — almost; the Rheinland model [first, learn to pronounce that correctly, then, get to understand it fully, then, return and prostate and happily receive your life sentences for your transgressions] still holds sway, and sometimes veers back a bit. A bit.

So yes, to the latter, that is criminal, and the cause of cushions called management layers, ever more wrongly devised and developed. And yes, we would need some totalitarian revision of organisational structures to cure it all. Including, starting with, the redefinition [i.e., throwing away all that function there smoothly now, as they denounce their incapacity to really do what’s really required] of middle management and refilling the positions. Also capping CEO pay to, say, something like 10 times the average pay of the bottom 10% of the workforce. All contribute, and a CEO may need a little compensation for when [not if; should be law..!] something goes wrong, his (sic) head rolls. But not too much. When the CEO is sacrificed, something went so wrong that many will get hit; the CEO being in the best position to survive it, qua social and economic strata he should be in. Workers, much less so; much less opportunity to have built buffers, capice?

But maybe not absolute only Owners and Professionals. That will simply not work. Both sides would, even in an ideal world of perfect information everywhere, be buried under control information to the mountainous levels that they wouldn’t have time left [if you’d need more than 25 hours a day to do your work, just work that little longer!] to do their primary jobs…
But a revisit of Galbraith’ four information processing capacity increasing routes, as here, is desperately necessary… Surely, herein lies the way forward to much better organisational design, integrating the latest of possibilities qua information processing and internal and external networking, making possible the creation of true networked organisations and individuals…?

Oh, and:
[Completely undoctored, also unsmoked, pic from Toronto]

2FA is illegal!

Just when you thought the solutions to your eternal (not) pwd problems were getting mature enough to deploy – nudged to annoyance by all the vendor FUD – and you forgot the solution is totally easy and already in your infra everywhere, you will find … 2FA is declared illegal …

Oh …, it turns out to concern the party drug kind only, not 2FA but 4-FA. Like, here. Phew!
But stil, kids, don’t rely on 2FA either; help users reduce complexity not hinder ’em!

Oh, and:

[When all sober and straight would have been Boring; Lille]

Surge ethiconomics

There was already quite some debate about surge pricing, in particular re [illegal] taxi services.
What I missed so far, are discussions about the economic or raher ethical character of abusing surges and their price tag instabilities. Like, how would you depict such developments in price elasticity graphs; shooting up and down on-curve, and curve shifts included. Is orderly society permissive of such hog cycle disruptions ..? [Term pointing at the characterisation of the CEOs that not want to see anything in/human in what they do]
The asymmetry (shooting) on the curve, is market imperfection; the curve shifts in the long run, are better captured by ‘classical’ economics. Again: the ethical ramifications aren’t value-free (tauto), aren’t of uninterest to anyone that values freedom — as that requires markets to function, which is done by regulating them. The latter is proven so many times I don’t even want to discuss it here.

Stock markets, and stocks, are capped qua max change (volatility spikes), the most extreme competitive markets out there;
why wouldn’t other markets have the same ..?

Your contributions in comments, please… Plus:

[Stable, safe, cleared for use; Madrid]

Autoflexelec

Oh (not like here though supported) when will EVs be useful? Like, being available with diesel range (1000kms, seriously! I seriously need that) and station car luggage space (660/1950ℓ – yes really need that, too), at a fair price (which is 2nd hand, not even a fifth of what 40%-featurematching EVs go for today).

No, I’m not going electric today because EVs will get better in a couple of years. I’m not going to waste buckets of money and opportunities by sitting out those years with a severely underperforming car. If others do that; that’s their bad decisions.
But wait; there’s hope around the corner (of the Cobra, Málaga–Ronda and v.v. kind): When we have electric (?) autonomous trucking sometime soon (like Big T is proposing or already developing), the results might be scaled down to anything in the range, in due time. And/or current auto-elecs are scaled up considerably. Squashing my own hope, this will take a couple of years.

By lack of proper alternatives, trying to do away with fully functional transport, is an attempt to hinder the due functioning of society; to be categorised as illegal.

I rest my case. And:

[Once upon a time, in a world far, far away (i.e., not so far Valencia), training was Fashionable]

Bringing back symmetry/-ia

Some issues, aspects of interest, collided a couple of weeks ago.
Macron’s team with their skillful double-cross deceit in the ‘leakage’ of election-sensitive info (!read the linked and weep over your capabilities re that, or click here for (partial?) solutions or others or devise your own). One down, many to go; Win a battle, not win a war yet.
In unrelated (not) news, what are the tactics used IRL to actively engage in pre-battle tactics? Can we plant our own systems with scar (?) tissue i.e. fake immunised (for us!) / unused information that is weaponised with trail collecting (or only source-revealing) capabilities, like shops and private persons can get “DNA” spray paint thus called because it’s uniquely coded so is identifiable and traceable? Can we harbour ‘hidden sleeper (?) cells’, pathogens i.e. malware, that doesn’t affect us but when ‘leaked’ to an adversary’s environment / stolen, oh boy does it become virulently active and destruct? (Silent) tripwires, boobytraps where are you?
How far behind the curve are the general public (us, I) with intel on developments in these areas? If the French used some of this stuff (using is revealing, qua tactics, unfortunately) certainly others would have considered the methodologies involved. Raises questions indeed, as were around, about whether or not the cyrillic traces were planted into WannaCry1.0 or left there in error. [There’s no such thing as perfect Opsec but this would severely hurt some involved at the source / would’ve cared better, probably.]

Just so we can get a better view on the balance being shaken up so vehemently, between asymmetric simpleton hacks [the majority you know (like, you actually can learn about; the real majority you may not hear about) of big organisations with their huge attack surfaces and attackers only needing one pinhole] and more-or-less regaining-symmetric nation-state attacks against each other (all against all) where the arms’ race of tooling now is so out of balance.

Would like to know, for research purposes only of course, really.

We’ll see. And:
[Yes that’s real gold dust on the façade hiding in plain sight, but you wouldn’t be able to scrape it off. Would you? Toronto]

No Dutch AI

How far behind is the Dutch (startup) scene with AI ..?
That may seem kurt, but …
Really there is no sign of Dutch AI industry or even industriousness.

Unbefitting the Dutch, is it not? ‘We’ should have all the brains needed, the industriousness, the venturing spirit, the openness to things-new.
But apparently, ‘we’re still stuck in collectivist ideals, where rocking the boat is only allowed when for some naïve progress [Uhm this is no sligh to Boyan Slat; on the contrary I and everyone likes his ideas and heart and soul he puts into it]. When searching for ‘Dutch AI scene, hardly anything turns up. This among the hardly search results; ominously.

So, it’s a Shame. And Why ..!?
Yes I did list some why’s but they don’t cut it, against the Aye’s. We need a new élan! How to get such a thing going!?
And:
[If that is the neo-modernistest that you build / apparently want to spend your money on, then well you may be doomed indeed; Zuid-As Ams]

Visual on socmed shallowness

When considering the senses, is it not that Visual (having come to ther play rather late in evolution or has it but that’s beside the point, is it?) has been tuned to ultrahigh-speed 2D/3D input processing ..? Like, light ~~waves~~ particles who are you fooling? happen to be the fastest thing around, qua practical human-scale environmental signals – so far, yeah, yeah… – and have been specialised to be used for detection of danger all around, even qua motion at really high pace (despite the 24-fps frame blinking).
Thus the question arises: What sense would you select, when focusing on shallow processing of the high-speed response type? Visual, indeed. Biologically making it less useful for deep thought and connection, etc.

Now that the world has turned so Visual (socmed with its intelligence-squashing filters, etc.; AR/VR going in the same direction of course), how could we expect anything else that the Shallows ..? Will we not destroy by negative, non-re inforcement, human intelligence and have only consumers left at the will of ANI/ASI ..?

Not that I have the antidote… Or it would be to Read, and Study (with sparse use of visual, like not needing sound bite sentences but some more structured texts), and do deep, very deep thinking without external inference.
But still… Plus:

[An ecosystem that lives off nanosecond trading – no need for human involvement so they’re cut out brutally; NY]

Per vertical lines of defense

What if … Lines of Defense aren’t three (or four or five) ‘horizontally’, but vertical, like actual protection against things getting out of bounds ..?
Wouldn’t that return the whole concept of 3LD, TLD, Three LoD or what’s your favourite abbreviation, to the already tried and tested process control models of yesteryear and when not if Yes, wouldn’t you be found out to be a sort of bumbling eager beaver when you think you’re still doing great and are Really Important and a GRC star and don’t see your kindergarten Importance is called out to hang high ..?

Because then, you’ll need no more big Risk departments with all the procedural justice, compliance on paper (and actual (operating) effectiveness nowhere!), etc., just some nimble support structure. Then, a major part of the conzulting industry would collapse and core management capabilities would have to be returned to formal and practical education and experience-training.

Oh well, one can dream, can’t one?
And:

[A lot of science and engineering there, inside and out, and how beautiful it is (for it); Valencia]