Category: Information Risk Management

You, me, and ASI; the difference

Before we forget: Why some don’t see how ASI would surpass AGI and humankind, is that humankind has not learned to work together in all the time humans have existed in groups beyond the first few Dunbar numbers (2, 8, 20, 50). Which means we humans spend the most delicate thought and most thinking energy on the operations and tactics of working together, before the ‘external’ task can be solved if at all. Where ASI would have no trouble having all human culture combined into one processing faculty already, hence think-acting at a level of all humankind in concert, or beyond. We have external response flexibility, ASI has that covered internally with an n-dimensional external surface, n possibly > 4.

Deep-think that one over. And:
DSC_0168
[Indeed, one section. Goes for all of your brain’s work, too]

Still valid; MIS is a Mirage

Somehow, some neurons fired that sublimed into a thought about John Dearden’s MIS is a Mirage, of 1972 … Turns out I’m not the only one who thinks it’s still very much valid today. As e.g., here. Oh, the insights that run in deep undercurrents throughout today’s management- and other fads…!

But, once ASI comes along … Then at last, MIS can do without the, then relative but still, stupidity of mankind. Or ..?

[No pic today. Post too short. First, you study the article at length!]

Short post: Offense on the Defense

Apart from love, here too all is fair. Hence, the offense may be pushed into defense every once in a while. Yes, think that one through.
Or, that is misinterpreting it. Offense and defense do a danse macabre while the content fights out at higher abstraction levels. Think that one through ..!

[Edited to add: this link, and this one. Others apply as well.]

OK, ’nuff for now, and this:
DSC_0705
[Not even unique, as a NY wedgie; only just (…) the prettiest]

Preventing detection

At last, there’s a resurgence of non-preventative infosec (#ditchcyber) efforts. As, e.g., here (in Duts though the orig would be Engrish ..?) and here (a decent one, almost making the right point; co-typical ..? and on second reading, a bit empty of actual actionable advice). Hinting at leaving the Prevention Imperative and refocusing on Resilience.
Because ‘deperimetrisation’ may have clouded the longer-term, more strategic failure of locking oneself in and shooing away the so grossly underestimated enemies by one’s own utterly ridiculous overestimation of … authority, power, capabilities and competences, considered-self-evident importance (quod non…). The dumb not realising how dumb they actually are…

We’ve said this before, over and over again. And we’ll say it again. Because the Laggards (hey remember yesterday’s post?) still haven’t got it, deeply enough into their veins.

But, we have a start of that at last. Why only now? Because even the most conservative (sic) can no longer hold the fort (sic) of box-shipping at all levels? Anyway:
DSC_0804
[Rebound into the heavens!]

Ringtones on deaf ears

Must … resist … being … too … negative …
There seems to have been an explosion of ~mojis lately. Like, the past half year has seen a proliferation of subsets and niceties that, as a phenomenon, spell the end of interest in messaging.

As the phenomenon (not this which is great in any absolute measure) is so very much the same as we saw with ringtones
Arrrg! Yes indeed they spelled the end of the introductory phase of mobiles. The more it became a fad to have some peculiar ‘tone, the more one exposed oneself as a somewhat (?) pathetic Laggard, not quite knowing yet how to have and treat a phone as perfectly normal tool without having to brag how great one was for having one in the first place.

Can you see the same with messaging? If not, you may be the one that actually paid for the nicest ringtone you disabled in shame for not getting any but negative recognition after a couple of days again.

So, … next up in this series: How “Like us on Facebook” went the same way in the 2nd half of 2015, latest… And:
DSC_0711
[Siegfried& not quite]

Certified without being aware of that

Hm, how come so many organisations rely on certification – by means of electronic certificates; the other kind is mindbogglingly empty paperwork – and don’t have a clue ..?

I’d say, let them get a good checkup, e.g. via.

Deeper of course is the ‘problem’ that here we have a quite important piece of the ‘security’ (note the ”) puzzle, but one that is buried deep, very deep in technology. For most. And hence is out of view. But when there’s so much talk lately (for years, decades on end already – eras in Internettime) of (info)’security’ having to come aboard in Boards and this haven’t happened almost everywhere, we now see why (?): Infosec can, partially, be ‘solved’ way out of view. Like security around electricity. As already outlined long ago.

But, to conclude, it’s an And-And thing all the way throughout the organisation. One can dream, can’t one?
DSCN0610
[If you immediately thought of Asley Madison, that’s your dirty mind …!]

May a change *is* happening

The title is correct; finally we can see what the Mayans meant when they, errrm, their calendar, predicted the end of the previous era and the dawn of a new one. Where many simpleton minions pinned it down to some very moment at 1 Jan 2012, of course the lore was about a longer-term turnaround phase before a really new era could be said to have emerged.

Now, isn’t it since the beginning of this millennium or even more, since about 2012 that AI sentience has merged with IoT to kickdown towards the Singularity …? So that the new era isn’t one for mankind only but one in which machines take over the lead over the world’s physical as well as mental reality ..? Just saying.

Oh don’t take it all too seriously. One might even read this as if I would follow Hegel’s reasoning of a path to a final and eternal triumph of abstract Reason. Hah. And:
DSCN0623
[Torún. Famous for …, somewhat appropriately]

Why ‘cyber’s still a dud

[Oh yes @CyberTaters will warp the pings re this post. And #ditchcyber!]

For one, all (sic) of ‘cybersecurity’ (quod non) is incomprehensible to those that consider themselves ‘leaders’ in one way or another in practices where actual infosec should be top of mind. Since the (for quite too large a part) despicable mice (of this story) don’t see their own folly, these kindergarten emperors will be found to wear their new clothes well… but not ‘get’ what it takes to start developing ideas how to actually lead in the infosec field. Starting with debunking Internet myths and hype-FUD but also starting the sea changes needed to achieve something (if maybe not everything).

For another, since all the hype-FUD only leads to Technology focusing, where those that would still not have thus-focused houses on order should be fired; decades of developments would have to have been easily dealt with – though it is rocket science, it’s hence not that hard. Hey, designing and building a probe to Pluto, isn’t there an app for that?
Leaving the other 99.9% (well…) of work in the area of People (and don’t start me on Process..! see my posts over the past couple of weeks). Which, even if it would be understood what needs to be done in that field, would be known to be near impossible to pull off, let alone in the short term.

Hence by simple (?) logic, ‘cyber’whatever is a dud.

Sobering:
DSCN2508
[You know where, or not; every corner needs to be beautiful…]

ICYMI PON heeft gelijk [Dutch]

Voor het geval het een paar weken terug langs u heen is gegaan; dit. Terecht. En ondertussen zitten allerlei (zeer!) kwetsbaren zonder de zorg die ze verdienen (verdiend hebben) omdat (voorgaan)de bodemloze put miljarden (sic) het zwarte gat in zuigt.

Scaling ‘security’

Availability: 99.9% (per year).
‘Security’ (the C, the I) … nothing. Or, the infeasible 100.0% XOR nothing.

We may have a major issue here…

Well, we do have OSSTMM on one hand, and the seriously innovative, very important Secrecy stuff on the other.
But can we answer the question “How secure are we“..? Indeed, OSSTMM gives us a number – for the operational and technical elements. How ’bout integrating the tactical, strategic, and non-tech stuff like hooman behaviour ..? And still make it somewhat understandable to the clueless (Csomethings and other involved in the utterly useless nonsensical area designated by the pejorative joke label ‘governance’; all with the exceptions acknowldged of course); other than the above % per year estimates that are interpreted so badly..!
Oh and things like failure rates from e.g., FMAE, as presented like ‘dam can stand a one-in-a-thousand-year flood’ also don’t work – dam can break today, and tomorrow, and the statistic may very well still be valid!

Maybe it’s key to first find how to whack the notion of “1-in-1000yrs means I don’t have to worry for another 999 years” fallacy. Psychology it is but so security should be..! As many of Bruce Schneier-et-al’s posts prove (?), FUD and other angle fail so miserably.

The time (decades) we’ll need to turn around the psychos, allow us some leeway to develop suitable Scale(s?) of Security. But let’s not wait for the end of those decades before embarking on the exploratory first steps of that. You suggestions, please, today.

[Edited ahead of posting, to add: This here piece on the (declining) half-life of secrets; definitely something to include in the above ‘metrics’. ..?]

For the eye candy:
DSCN4499
[Zurenborg again, slightly edited – who’ll do the colour corrections for me?]

Maverisk / Étoiles du Nord