Information Risk Management – Page 6 – Maverisk / Étoiles du Nord

Norm over substance of risk management

Overheard: A major company in a relevant industry re infosec – and well-known for their good and even so recently much improved infosec posture – doesn’t follow the mantra of “risk management first, policy/standards second” but first sets some quite rigid standards and then, when vendors can’t deliver (even when the standards are strict but quite reasonable and doable), do some form of risk analysis plus compensating controls / acceptance or what have we.
Because otherwise, everything gets so mushy (hey, normal (?) risk analysis is business driven, what do ‘they’ know ..!?) that the end result is a chaos of quasi-accepted risk all on one huge unmanageable infra heap of backdoors and byways (those in particular) which results in zero security. And because this way, standardisation is encouraged and security plus manageability hugely increased i.e. big bucks are saved.

So, it’s an interesting High Baseline Minus approach. Though I guess you may have some comments, so take it away …:

Oh, and already:

[Maybe green, but not fond of blaugrana ..? M’drid]

You had no idea …

Did the one(s) behind this have any clue ..? Letting your biggest adversary by far, in on some source code like this ..?
Or, is it a. scareware-news, like, alt-fact fake news to placate some faction that might profit from confusion or FUD over this, in any direction …, b. just untrue, and Onion article slipped into the mainstream c. a ploy to get the Other to not see double-crossing ..?

Anyhow, it may not be the publicity one’d need – or playing on that trope …

Oh how great the scenario analysis is on this … And:

[Would you trust what’s served here ..? Amsterdam Zuid-Oost food (really?? ed.) court…]

Golden Oldie Pic of the Day

Yet again, this time a not quite that oldie one without further ado…:

[Ohw source … Something-Compa… Supportica IT company. Sorry!]

Fog(gy) definitions, mist(y) standards

If you thought that containers were only something to ship wine in, by the pallet, you a. would be right, b. would maybe have overslept on the new concept, c. would not mind I introduce the next thing, being fog computing. I’m not making this up as a part, or extension, of low-hanging cloud computing.
You think I’m kidding, right? Or, that I should have called it mist computing which is a thing already but only a somewhat different thing… You’re still with me?

Then it’s time to read up. And weep. Over this here piece that sets the standard, quite literally.

There. You see ..? Indeed low-hanging, as in the stack … That wasn’t so hard. But implementation will be, if required to be secure. Have fun, will TLS. Or so.

OK, this post was as it stated just an introduction to the IoThing – I was serious though about the Go Study part. Plus:
[Cloudy top cover, smiley backside of a place of worship; Ronchamps FR]

Nation(state)s No More / Not Yet

Recently, Jamie Bartlett posted an excellent analysis of the probability of the return of the nation state of the future of the planet. If only to have so many ‘of the’s in a row.
Yes another one on the future of nation-states, now not from a bottom-up perspective but from an overall view.

The case is strong in that piece. But then, I had been having recurring … thoughts, about the evaporation of the legitimacy of the nation-state as well. Where my subconscious hinted, it was no clearer, that there was, and certainly is, a place in the discussions for on the one hand, Bruce Schneier’s ideas about sizes of societies and the rules one would need to organise them (which may read like a circular argument, I know), and on the other, various well-received (e.g., this) and hardly rejectable works on how we still roam the savannahs of today – at least in mind when operating in myriads of Sloterdijk’ian spheres (op.cit. in particular pp. 408–). And how e.g., cosmo- and anthropogenesis in religious books can be interpreted both as a coming of age of the well-developed human and ditto mind(s), indeed including the formation of societies and their rationale(s).

By which I mean that somehow, we indeed still have many traces of hunter-gatherer ethics deep down in our systems, now with a varnish of ‘development’ (quod non) into farmer/city-centered civilians, currently being thrusted in (evolutionary) asymptotically zero time past neoliberal capitalist/consumerist ego-only’ism into the frenzy of ‘tomorrow’ i.e., the post-singularity ASI age.
Shouldn’t we try to figure out some model of societal organisation that takes into account our heritage, and now that “we” have become sophisticated enough thinkers to finally see (macro-mass introspection-like) how we meddled along in the past from attempt to attempt, we now are also sophisticated enough to design our own macro-history future ..?

OK, that’s deep. In a way. In another:
[Whatever. This is what society wants … bread and circuses (squares?); NY]

Modern democracies – are they party-less ..?

It seems that we’re in Transition times… When there hardly is a country’s election anywhere (where they’re relatively Free), where the parties of old still hold. Sway, that is, as in determining unchallenged the outcome of the elections and party lines to follow. Even when the result is a failed-from-the-start dangerous president, or just a continuation of bland (colourless) neutrality in ‘policy’ pursued.
Despite the previous fears of breakthroughs of ultra-right parties and ‘strongmen’ (not so much; it’s rather pathetic (mix of embarressingly silly and punishing for loudness)) – and notice that those parties have gained in strength and depth of followership, maybe not ‘won’ but there to dominate from the shady (!) backgrounds in many situations – everywhere what we see more, is that ‘traditional’ parties have crumbled, qua lead over the others, qua dominance in cabinet formations, et al., and/or are prone to in-fighting and scism tendencies (because of that, or were on the path to anyway; cause and effect running in circles).

What is left, is countries with impotent mixes of parties, party fractions and -factions, when these countries are affluent to an over-the-hill kind of rapid collapse in some near future. Or countries that weren’t affluent / aren’t-affluent-because-of, being lead by strong men with suppressed expression of political fracticide. The vast majority of presidents around the world are the perfect example of why republics collapse, and are at best equal but often worse off than kingdoms with their long-term views (when the king/majesty represents the nation, accidentally also in one person).

We digress.
When party politics (internal/external) are thus rendered impotent by their own doings, and parliamentary representative democracy is through that dragged down (in)to the muddy levels of shamefulness, what chance would blockchain-based societies, notion-of-nation-unhinged geographic regions, etc., have to be reconsidered as alternatives, e.g., the Heineken Map ..?

Alasdair MacDuck

Just a Friday’s folly about Alasdair MacIntyre who, in his seminal and, when you’re into it (finally) quite pleasurably readable, After Virtue, has on pp. 243-244 (I have another edition 😉 ) “The name of the common wild duck is histrionicus histrionicus histrionicus.” – apart from this, it also is not true. The Mallard is; Anas platyrhynchos it is.
And now, I do challenge thee – was this ‘error’ on purpose or not, and if so, either to dare you to check it, or to pass off some signal to some kabal that reads his work and had put him under pressure ..? (As may be the reference close-by of secret passwords/passphrases of spies and double agents, and the three spelling errors in the book.)

Now, it’s weekend… plus:
[Now that’s low-light analog-to-digital conversion… decades ago, at Les Ménuires]

3D of the nudging to simplest infosec behaviour

Before you’re put off by the title its complexity … [Oh. You clicked. Wave function collapsed long before; ed.] This post is about improving the People part of infosec. Beyond the mere ‘awareness’ that begets you … a couple of days’ attention, then slippage into muchlessofthesame.

Two roads away from the dead end you were in, open up:

Nudging. Which is about small, inobtrusive and non too brainwashing incentives and disincentives, rewarding and penalising the good and bad so that ‘users’/people choose to do right without having to rationalise through all sorts of intricate, overly (sic) complex lines of reason why some shimmy is better than another twist. Just gently guide, don’t Law and Forbid. [Edited to add: This post was drafted and schedules for release weeks ago, before that Nobel Laureate was awarded his medal for this very method…]
Secure simplest option. Like the great many traffic controls; no traffic lights but roundabouts – the former, can be run through at high speeds in the middle of the night (and other times); the latter, require slowdown or you’re thrown off the road. The secure solution being the obviously simplest – the simplest solution being the secure one. People will take the simple road in stead of the difficult one. Better make the simplest one the safest. Not require the user to jump all sorts of complex hoops for safe behaviour! Like password complexity rules: The more you make them ever more difficult, the harder it is for users to resist finding loopholes and escape vents like writing them up (which isn’t a bad solution per se, but …). And in the end, you’ll loose the arms’ race against skillful attackers anyway; at the point where their smartness is hardly less than benign users need to get into your systems, you’ll have to revert to some other way anyway (re: dead end roads).
Ah, I’m not one for counting all that simple…
Smart trickery. This of course being a perfect example … a 3D zebra (road-crossing). Many great, very-marketable other such solutions may exist, to your (image’s!) advantage.

Now that you’ve read the above, how would you change your infosec ‘controls’ throughout …? Like, filling out the last matrix of this, in a smart way and changed to general infosec …?
For an additional bonus, outline how you apply this to your GDPR-compliance efforts… And:
[Advertising the trust you can have in this Insurance co.; Madrid]

Measure and/or die

For 10 points only, not the usual 50/100/150 and without pictures to color, identify the stupidity of this here rambling with an air of sophistication…
The ‘quality’ (quod non) of which is nicely summed up in the ‘metrics chart’ ..: “If you can’t measure it, you can’t improve it” – referring to the degree (sic) of the stupidity; unimprovable…?
Be aware Always (link, here again yes), people, …:
Not everything that counts, can be counted, and not everything that can be counted, counts ..!
Oh well. Nice effort to get from ‘nothing’ to ‘something’: when shot for the moon and missed, one ends up between the stars.
In a vacuum, light years away from any matter. [Excepting virtual Heisenberg’ian particles; ed.]

Plus:

[To hope that one day, this king’s -dom may understand the British Crown / Commonwealth model before an all-out civil war breaks out…]

Top 2000++ of 2017 – before the herd

Because all sorts of hoi polloi pundits are out there, ‘polling’ (quod non, just repeating the meh mediocrity) for the Top 2000 of 2017 on the ray-the-ohw and elsewhere, herewith the real deal Top 2000.
Which of course isn’t; it’s the Top 2276 for one thing and Definitive is slightly understating it. If you hadn’t guessed, #14 is about me.
And yes, it is downloadable in plain Excel, for your own tinker and play, in this file; checked and clean (no subversive content).
Next, a few little notes (repeated from last year):

“That’s odd! The usual numbers 1 to 50 aren’t where they’re ‘supposed’ to be by common standards!” Correct. Because I‘m ‘Rekt. The list is mine; why put the Mehhh songs high up there? They’re in there somewhere, but its my list, my preferences..! yes I do like some almost-forgotten songs better, sometimes much, much better, than the expired old hands.
Especially.. see the notes, when the clip (much) enhances the song(s). Wouldn’t that mean the song in itself isn’t fully complete ..? No, it means in (since) the age of video, songs with clips (‘integrated’) can much surpass mere songs by themselves, for a cubed sensory experience.
There’s more than 2000 yes. Because, already after the first 500 or so, determining the relative rankings becomes awkward. Hence, the cut-off would be random …! (why not 2048, that would make more sense in this digital (i.e., binary) age). The result is quite random in the end, too, indeed; some of the last songs ‘should’ be up much higher…
If you would still have some (preferably wacky) songs you miss, please do comment them to me. I’ll see whether I’d want to include them still, or not. Hey, it’s my list so I decide, geddid?
The actual end result order is far from definitive (sic). It depends heavily on one’s momentary temper and the memories that spring to mind like Proustian madeleines. And on one’s ability to hear quality. Such is life.
When dabbling with the Excel file yourself, feel free to play around with the ranking mechanism. What worked for me, was to first split the songs into bins of about 250 size (designate some song to be in the first bin that will end up being ranks 1-250, another song to bin 5, which is around the 1000-1250 mark, etc.), then sizing down bin 1 etc. to 8 smaller bins. Then, numbers 1-50 get a personal treatment one by one to their end rank, the rest gets (got) a random allocation within their bracket. After this, sort and re-apply number 1-whatever. Through this, actual intermediate bin sizes aren’t too important.

Then, as a long, very long list. With a Moar tag otherwise it would be ridiculous… [i.e., for the complete list in the post, follow the link:]

1	Hustle	Vann McCoy	Yes, the original
2	Easy Livin’	Uriah Heep	To power it up
3	Heart Of Gold	Neil Young	Hits the heart
4	Hide and Seek	Howard Jones	Same, if you listen well
5	Peter Gunn	Emerson Lake & Palmer	Just for the intro alone
6	She	Elvis Costello	Personal nostaliga
7	White Room	Cream	Nicely powerful, doesn’t wear out too easily
8	74-’75 (+Video)	Connells	The video sublimates the message
9	Windowlicker (+Video)	Aphex Twins	Incomplete, as a work of art, without the video
10	Nice ‘n Slow	Jesse Green	Calm down again
11	One Of These Days	Pink Floyd	Hidden pearl
12	Smoke On The Water	Deep Purple	Of course
13	The Man With The Red Face (+Video)	Laurent Garnier	Incomplete, as a work of art, without the video
14	You’re So Vain	Carly Simon	I think this song is about me!
15	Dancing Barefoot	Patti Smith	Hidden treasure
16	Right Here Right Now	Fatboy Slim	Oft forgotten, defined an era
17	The Great Gig In The Sky	Pink Floyd	Appealing complexity
18	All I Need	Air	Mindfulness in musical form
19	Dream On	Aerosmith	Heartburn
20	You Got To Fight For Your Right to Party	Beastie Boys	Appealing. Simply that.

Continue reading “Top 2000++ of 2017 – before the herd”