Information Risk Management – Page 52 – Maverisk / Étoiles du Nord

The End (of the week) Is Nigh

A couple of weeks ago, there was this little discussion on history writing re the birth of the Third Industrial Revolution. Walking by my own bookshelves — desperately trying to keep the Unread under 50, the Read explode anyway — when I realized that there were some that were and are desperately underrated as for their Told You So farsighted predictive value and hence need much more attention and re-reading, again keeping this sentence at suitable length period
To be more precise, just three biggies (in terms of their Value, not page number ;-):
Eric von Hippel (luckily, also available for free here!), Bruce Sterling and Adam Greenfield:

Just sayin’: Get your copies, and study the sage’ ness of them three.

The definitive Top 2000 of 2015, already

Which of course isn’t; it’s the Top 2266 for one thing and Definitive is slightly understating it.
And yes, it is downloadable in plain Excel, for your own tinker and play, in this file; checked and clean (no subversive content).
Next, a few little notes (repeated from last year):

“That’s odd! The usual numbers 1 to 50 aren’t where they’re ‘supposed’ to be by common standards!” Correct. Because I‘m ‘Rekt. The list is mine; why put the Mehhh songs high up there? They’re in there somewhere, but its my list, my preferences..! yes I do like some almost-forgotten songs better, sometimes much, much better, than the expired old hands.
Especially.. see the notes, when the clip (much) enhances the song(s). Wouldn’t that mean the song in itself isn’t fully complete ..? No, it means in (since) the age of video, songs with clips (‘integrated’) can much surpass mere songs by themselves, for a cubed sensory experience.
There’s more than 2000 yes. Because, already after the first 500 or so, determining the relative rankings becomes awkward. Hence, the cut-off would be random …! (why not 2048, that would make more sense in this digital (i.e., binary) age).
If you would still have some (preferably wacky) songs you miss, please do comment them to me. I’ll see whether I’d want to include them still, or not. Hey, it’s my list so I decide, geddid?
The actual end result order is far from definitive (sic). It depends heavily on one’s momentary temper and the memories that spring to mind like Proustian madeleines. And on one’s ability to hear quality. Such is life.
When dabbling with the Excel file yourself, feel free to play around with the ranking mechanism. What worked for me, was to first split the songs into bins of about 250 size (designate some song to be in the first bin that will end up being ranks 1-250, another song to bin 5, which is around the 1000-1250 mark, etc.), then sizing down bin 1 etc. to 8 smaller bins. Then, numbers 1-50 get a personal treatment one by one to their end rank, the rest gets (got) a random allocation within their bracket. After this, sort and re-apply number 1-whatever. Through this, actual intermediate bin sizes aren’t too important.

Then, as a long, very long list. With a Moar tag otherwise it would be ridiculous… [i.e., for the complete list in the post, follow the link:]

Continue reading “The definitive Top 2000 of 2015, already”

1	Hustle	Vann McCoy	Yes, the original
2	Easy Livin’	Uriah Heep	To power it up
3	Heart Of Gold	Neil Young	Hits the heart
4	Hide and Seek	Howard Jones	Same, if you listen well
5	Peter Gunn	Emerson Lake & Palmer	Just for the intro alone
6	She	Elvis Costello	Personal nostaliga
7	White Room	Cream	Nicely powerful, doesn’t wear out too easily
8	74-’75 (+Video)	Connells	The video sublimates the message
9	Windowlicker (+Video)	Aphex Twins	Incomplete, as a work of art, without the video
10	Nice ‘n Slow	Jesse Green	Calm down again
11	One Of These Days	Pink Floyd	Hidden pearl
12	Smoke On The Water	Deep Purple	Of course
13	The Man With One Red Shoe (+Video)	Laurent Garnier	Incomplete, as a work of art, without the video
14	You’re So Vain	Carly Simon	I think this song is about me!
15	Dancing Barefoot	Patti Smith	Hidden treasure
16	Right Here Right Now	Fatboy Slim	Oft forgotten, defined an era
17	The Great Gig In The Sky	Pink Floyd	Appealing complexity
18	All I Need	Air	Mindfulness in musical form
19	Dream On	Aerosmith	Heartburn
20	You Got To Fight For Your Right to Party	Beastie Boys	Appealing. Simply that.
21	California Dreamin’	Mamas & The Papas
22	Whole Lotta Rosie	AC/DC

Starreveld in the Information Age (industry)

@deKokPieter or others (or just one of his interns; grad work?) may have to help me out with yet another crazy (not (?)) idea of mine:
There was (is?) this great theoretic of accountancy called Starreveld, with his value cycle typology for, literally, every kind of industry and on close reading, even sub-industry. Given that we live in times of information processing factories, how would they fit the model or how would we have to read / translate / interpret the model to ‘work’ in today’s day and age?

Since the information processing industry, being almost all of the world’s service industries including (almost) all public sector organisations, works in an extremely devolved form of hyper-mass-single-piece production including storage, and how do we translate e.g. stock type and count to ‘information’ and ‘data point’?
If we take this approach, i.e., from both sides, being from the current industry operation side to Starreveld and the other way around, do we have a complete mapping and what do we learn for control and audit ..?

Just putting it out there. This, too:

[That little theatre of note, I mean Noto]

Program. Check. Not.

Going to present at a conference. You know, to raise one’s reputation that is the single currency in independent-consultancyland, and to gain feedback on one’s private research and professional (industry) development zeal.

So, I was to present at (ISC)², or rather, not, as notified in an email of May 7^th, less than 2 months after proposal submission.
And indeed the program/agenda presented online then (and the weeks before already), didn’t show my name. Bummer. Was granted a slot at a back-up filing (ISACA Copenhagen) but had to decline, due to private circumstances.
Over the course of the last couple of months, did receive some (Google)anonymous cell calls from the UK. Dismiss, obviously, as this is the Fast Route to phone bill exploitation by connect-throughs; everyone knows this, right? The some that I could (Google)trace, and the some that left voice messages, I reacted and sometimes responded to. Lesson: Be traceable via your cell number or else.
And then, yesterday this guru peer sent me a message whether I would be in town already — the town being far away, vaguely recalling the above conference of first preference…

So, … checking the conference agenda (PDF here) … my name is there …!
Texted back whether peer might present the rejection email to conference organizers which he did, causing some more cell calls with some voice mail (08:49h) about ‘terrible mistake’ and whether I could still present, at 12:10h — considering having to dress up, make a full professional presentation, pack up, get to the bus, get to the train or to the airport, get a suitable ticket, get on (train takes only 8,5hrs; plane: gate time delay, flight time, offboard delay = ?), transfer to the conference venue, for half an hour talk time … Oh. Or go the next day, in the slot that the replacement speaker got instead but then, I’d still lose out all credibility before having even started.

This just in: per tweet, MIS Training EMEA thanks me for my session… Adding to the audience that will be aware that I didn’t deliver.

Now, still awaiting a proposal from their side, how to compensate for the:

Reputational damage of being shown as if not delivering, to a crowd of foremost peers and potential clients;
Loss of outright marketing opportunity [note: not ‘sales’], to the same;
Feedback not received, which could greatly have enhanced both my service offering and the acceptance and acceptability of the same;
Loss of (permanent) education I would have got from being at the conference and hearing all the cutting edge developments in the field (that the organizers promise);
Expense and leisure of private travel (incl. spouse) that would have shouldered the conference and would have been half deductible on business for income tax.

I’ll stop now and wait. Some time, before switching to legal recourse.

[Justice will be served.]

PIA is KIA and KYD (?)

Since the whole Privacy thing has gained new traction with both the European Data Privacy Directive regaining (some…) steam and the European Court finally deciding what all with any bits of brain already knew i.e. that ‘Safe Harbour’ was a sour joke (to put it mildly), I realized, when working on a presentation for a forum centering on/around Identity and Access Management, that any Privacy Impact Analysis work comes down to two things; an objects-side analysis in the form of Know Your Data and a subject-side analysis by means of Know your (authorised OR actual) Identities and their Access, with some Privacy By Design thrown in at the solutions end.
Since I just like sentences of the right length, being entities that contain a discrete but complete set of logically coherent and united concepts.

And for those of you in the know; the above contains all there is to Know. Sort of. Maybe add in a bit of this (in Dutch; from the FD newspaper), for implementation. For a lot of implementation…
And, things may change in the somewhat near future with the advent of drones, IoT, robotics (humanoid or abstract), and ANI/AGI/ASI, in the IAM sphere alone. Just read up your huge backlog on this blog, and elsewhere as I cannot really summarise it all here…

I’ll give you some time space for that now. With:

[At the Ragusa Ibla end but of course you knew]

Ambient Intelligence where is it ..?

Similar to the question two weeks ago about the whereabouts of smart dust, here now the opposite (more on that below): Where has all the Ambient Intelligence gone ..?
And I don’t mean Smart Dust of some kind that the Release of Colorado has dwarfed some niche markets elsewhere (it hasn’t, I gather?), but the dust of nanobots that could be sprayed around just anywhere and drift in the wind, as hard to detect, spread-out snooping devices. Either for the good, puffing around IoT-sensor en masse, or for the bad, (video)eavesdropping invisibly, undetected.

Ambient Intelligence then would be opposite as it would deliver seamless Intelligence of the Watson^3 kind, AGI or ASI, to just where you would find yourself in need (as detected by that intelligence before you realized it) e.g., in the form of hyper-personalized ads. When you walk by a store front window. So you’d be enticed to buy more, more, more. Yes it’s sad but that’s the most clear example that everyone apparently needs; anything more complex is too much asked of your dumbed-down, numbed, nerve center that exist for the pleasure of your iSomething these days.

Before I turn sour: The idea gained traction some five years ago. Where is it; in hiding? In some black programs by DARPA, Fubbuck, Big G et al. so much out of sight we have no clue of the massive budgets being spent to gain control over us all ..? Just a shout-out for your pointers.

And:

[Hard work and easy living, side by side, better not mix]

Proof gone crazy

Was reminded recently, again, over the Proofing Gone Crazy aspect of the ‘show me’ approach in the totalitarian, SOx-ignited tidal wave of filing requirements.
As if the better the files, would not prove the better the manager is at hiding ever more wrongdoing ..!
As if it wasn’t, and still is!, the job of the auditor, the overseer and what have we (under whichever laughable guise of ‘regulator’ or even anything with ‘governance’ pitched in; ludicrous misunderstanding of what that would actually entail), to go out and find the proof oneself, not bothering the ones doing real, serious work beyond the bare necessity.
As if anything improved in ‘quality’ except auditors’ fees and the efficiency thereof — as if that were the purpose of it all.
As if the little time left after all the overhead is done, to do that real, serious work, doesn’t deteriorate gravely in ‘quality’ by the utter demotivation and distraction of all overhead requirements.

As if ANY of the original objectives were achieved. Only those that bulldozer over them, and/or are outrageously bombing the whole circus into the ground by pushing the pennywise and poundfoolish over the hill by exacting rule-based perfection while themselves taking the principle-based approach to break all that could be dreamt up for moral and ethical rules that apply still, everywhere, achieve anything. That’s a nice split main cause sentence …

So we’ll have to fight.

If only because originally, I wanted to start off with a title ‘Proof Sets Free’ after some motto on a gate that is commonly taken to point at humanitarian atrocities of a historical monumental scale — that are a direct and difficult to avoid consequence of the bureaucratic way of thinking. Those that toil under this motto, are set free only by ‘death’, physical or mentally, that is caused by their toils in the first place.
Which fits nicely with the utterly immoral requirement to turn oneself in at every misdemeanor that will for certain be taken as grave crime, including producing all proof of fact, and paying not only all legal fees but also for the bullet with which one is shot. Yes the world over that is considered a crime by the courts… Only here, the courts do not comply with the trias of politica and have all the power…

Now, just for laughs, try to prove me wrong in the above. Clowns are fun.

In return, you get this:

[Somewhat better here; The Hague (?)]

Vendors pitchin’ — reality’s b… moving elsewhere

Was reminded today that still, a great many vendors in the (Info)Security arena are pitching their worn-out warez to a laggerd crowd — or is it just me to see that, in particular where IAM is concerned, all eyes are still on some vault idea of data storage and systems, behind some mirage of a perimeter of the ‘data center’ (as it is presented ..!).
Luckily, I met this old friend of mine of Zscaler that see that today’s access and wider security concerns are over Cloud (storage, services) and Users (out there, anywhere). How nice would it be if not too much time would be wasted anymore on the classical, outdated (sic) model(s) and we’d all move to this new world ..?

This, for your viewing pleasure:

[Watching the ships go by, Amsterdam]

TLD: Shoo! Shoo!

Awwww was reminded today that the fallacy of Three Lines of “Defence” is a stubborn one. Debunked by a great many, among others on this blog over a year+ ago, but still much too much alive. So let me remind you with the following picture that speaks for itself (or …):

[No high-class design frenzy, just the blot-down in an angered jolt]

Yes, that’s right, still, and is until y’all ditch the TLD idea on the rubbish heap of history: the lines DO NOT stand between the threats and the vulnerabilities. And Boards et al can bypass the circus at their leisure. The lines (aren’t) of defense (aren’t) only stand between all that has gone wrong, and the regulators so the latter are placated with three rounds of white washing and window dressing.

In the past, everyone I discussed this with, agreed the whole thing’s a joke. A sour, very expensive, delusional one. Everybody reacts, nobody responds… Which will need to change or massive damage will occur.

OK, I’ll stop now before my language over the totalitarian, mind- and ethics-genocidal bureaucracy gets out of hand.

Privacy for drones, *from

Some found it odd that e.g., in Chicago, the ground floor space, the up into the air (no not that) building, and the naming rights to that building, are traded separately.
Elsewhere, one’s home comes with an expectance of Privacy, “behind one’s front door”. But not outside; that’s free game for any … usually still ..!, photographer when from public space.

But now, back gardens, previously considered safe from prying eyes, are visible from other, 3D public space: the air. Via drones.
Which takes care of the public space part, where the ‘photographer’ (?) still is without even the need to trespass ’cause the camera is unconnected to him (sic). [Apart from the argument that just about any official could claim access to the back yard as if semi-public space..?] But does it nullify the “shouldn’t have been outside” argument ..? Or is the previously invisible part of the garden also part of the interior..? As it had similar/same protection by having needed illegal means of access hence the expectance of privacy — that now, by the legality of that access not having been arranged (yet), is still in doubt and the morons “break in” regardless.

Hence the start with the above distinction: Would the air over one’s house be private property as well (How high ..? At least till levels of commercial flight, that is regulated), then possibly, flying a drone into it would be trespassing. But immediately, since camera resolutions increase so quickly, we would need protection against prying eyes from above the streets as well, looking over rooftops. Hm, we would revert to the “expectance of privacy” argument back again anyway. And the automatic ownership non-transfer would prevent shooting them down, still.

So, hopefully, I’ve made you think. Else, there’s no result … ;-[

Oh well:
20141015_132551
[Beauty exposing herself very publicly… above not under some n.rds? Voorburg]