Information Risk Management – Page 69 – Maverisk / Étoiles du Nord

Predictions 2015

So… The End is Nigh. Hence, my predictions for beyond it.

As 2015 is about to kick off, herewith my predictions of what happen in Internet / IT land, as notable in the global society, being part of my mind frame. Or so.
To not make things too difficult to understand, I’ve assembled a mixed bag of abstract notions and concrete(ly noticeable) stuff that will happen, interlaced with all sorts of fancy graphs and dull pictures – to make you think not applaud sheepishly. Think, think first, deeply, and then still agree with the clairvoyance of:

A first easy start: The development of Appl. [censored] stock as a systemic risk to the (financial and other) world. As the 1 trillion dollar mark approaches, how much would a stock need to corner the market in terms of risk ..? In particular when it will turn out to not be hip anymore somewhere during the next year:
Another of this kind: Docker. As explained before on this site, this underpinning of cloud-to-cloud portability, now backed by all the major brands and a bunch of others as well – those not in, to fall off the bandwagon, hard! –, will surface as a big-time hype catchphrase and will even get implemented quite extensively. Though the latter will remain under the surface for most outcrowd.

Aie oh Tee. Yes, as it rallied to the fore already in 2014, but will now burst out in earnest. After Kurzweil’s agenda, despite Carr’s, and beyond the nerdy early innovators’ adoptions. For the various directions that IoT will develop in, see this here earlier post. These streams will become more distinct next year.
- At least, the ‘domotics’ / wearables markets will come to full steam, in particular as retrofitting becomes easy and invisible.
- Security and audit (vendors racing to lead the former, you may thank and reward me in advance for the latter) over IoT of all kinds, will rapidly improve. See below.
- AI will get integrated. Because reasons. Being:
  
  [Useful if not when you understand what’s going on here, both (!) story lines]
Disruptions: In particular the unsettling decentralization ones. Like:

Where grassroots sharing on either the supply side, the demand side, or both, will rule.
OR the Amazonian style of Big Corp obliterating the defenseless old, may intervene.

AI. A big, very big one in 2015 – whether you like it or not, the Kurzweillian happy go lucky augmented-humanoid buds will come to fuller bloom next year.
- E.g., the above trolley problem and similar ethical and philosophical questions will be discussed profusely, hopefully delivering some twists and turns that settle parts of the problems. All of them, probably cannot be resolved once and for all; the Gödelian knots in them, are systemic and no re-definition of the problems may prevent that. FACT. But progress is there.
- And/or, there will be many snap-to-make-sense solutions coming out. Partly or fully automated [visual|speech]-to-[text|interpretation]-to-[information|action] will arrive on any device. Take this article as example of early stages; using spreadsheets – how Old School! but still pervasive ..!
- And many more applications. Like this. Big G’s X Labs is at full speed. And will come with many breakthroughs…
- Oh, even before this post aired, this here interesting development…
XYZCoin will continue to develop in the next year. Structures will emerge. Look for development in all the main sectors:
- Sorting of all the sorts of coins. Zippcoin may flourish. Litecoin, maybe. Others?
- Wallets (software wallets, and web/mobile wallets);
- Payment processors (payment service providers, and payment networks);
- Exchanges (xyzCoin exchanges, spot/forward exchanges, and stock exchanges);
- Borrowing and lending (peer to peer borrowing and lending, and bank-like borrowing and lending);
- Hardware and equipment development (for mining and ATMs);
- Investment vehicles (ETFs, trusts, venture funds);
- Other (binary options, casinos, microworks sites);
- Secondary and tertiary systems of cryptographic(‘ally provable’) unicity of IDs. This actually will be the Big One. As Zippcoin delivers a Basic Income in the economists’ sense. As DACs will do all sorts of strange things, hard to understand by most, easy to reel off in dangerous directions similar to quants having been ill-understood (at a deep, fundamental understanding/meaning level) in the financial derivatives world… And as explained here and here in its systems details.
  But then, if you’d claim to understand already, the following would be easypeasy for you to explain, right?
Security. Finally, something closer to home. Here, a natural modesty may cloud the actual vast progress. Like in:
- The spread of OSSTMM. More a gaining of ground. But from there, anything goes. ISO27k1:2013 may still go around, and will indeed have a major impact on the efficacy of InfoSec implementations – now, hopefully, where applied correctly (one fears in a precious few places only; the rest performing dismally), optimizing visibly and efficiently for maximum effect. But still, it will have to be augmented with OSSTMM(-style) concrete InfoSec business. Even when the compliance/certification Totalitarian-Bureaucrat mumbo-jumbo will continue.
- IoT security. Vendors are onto this now, mainly in the B-Internal and B2B markets (explained in these posts).
- Encryption of data by default, throughout. Quite an example of InfoSec basics spreading under the radar. Even socmed tools will incorporate this. Effectiveness (security levels achieved) may vary widely, but the attention is good. Very good.

OK. So far, so good. First, let’s celebrate the end of the year commemorative days, in a solemn and thankful, humble way. Then, party like it’s 2015 all the way. And, I’ll leave you with:
DSCN8963
[Not oft seen, at Viana do Castelo]

[Edited to add: I’ve upgraded the predictions a bit, and turned them into a PPT. Yeah, I can do More Slick but this: ISACA Zuid 2015 01 21 (in Dutch but you get it) is how it is…:]

Cultural maturity – of organisations

Adding to the Maslow-for-organisations idea of December 3rd’s post; would it be possible to gauge an organization its maturity level by trying to establish its ‘score’ on the various pyramid layers (to be) established? Though immediately, I see trouble for the method where e.g., companies may get into (financial / freshness/motivational) trouble and sink back some layers. But then again, we may then look up in DSM-5 what ails the company, and find avenues to restore good health.

Hmmm, how is it that when thinking of corporate culture, one so quickly ends up at the mental disorder metaphor? And I jump in with the option of (boardroom consulting) intervention; highly profitable, for the firm if it hires me for that, and for me anyway.

So it seems not to hinge on the Maslow pyramid. Nevertheless, as diagnostic tool, it may help.

To keep you sane till I’ve fully developed the method:
[Calatravalencia]

Continuous AssuMining

… Where the process mining for overall assurance, as e.g., @ConeyDataDriven do so well, may spill over into straightforward data point assurance. Of sorts.
Because, when one has visual petri nets (well… sort of) at the transactions level(s) all through the systems, wouldn’t it be dead easy to have tallies at stores and flows, that can be reported on – and when audited in real time, given assurance on! – in all their shining minute detail as compared to the late, very late after-the-fact yes even after-the-full-year-has-ran-its-course annual figures.

This would of course require auditors to sit by all the information flows as they go, and have controllers at hand to correct any single transactions (and reporting) that go unwarranted ways. But hey, there’s tons of fees there, right? So it will happen. In one form or another.
More importantly: No need to keep on dwelling in XML/XBRL quagmires; that level of operational capability would need to be stable or one would lose out. Hence one can from some stage on assume that all transactions are indeed captured and passed through the systems interfaces at all (lower) levels OR some balances will fail – that’s what balances are for. Having established that, the bliss of control room overview will come to administrative(!!)-information flows:
[Just plucked off the search results, for a refinery. But you get the idea…]

Would there be any roadblocks to this development? Your call.

Golden oldie pic of the day

Yup it’s time for one of those again:
[Yes, appearances in the end will fail you]

Jumping the aggre chasm

On the subject of individuality versus group aggregates. And where the characteristics just don’t add up because they do. As in:

Elections. Every vote counts, but no single one matters.
‘Democratic’ (quod non) politics in general. Where one can only change things by joining political parties where your particular issue voice is lost, you are required to toe the party line on many (other) things against your ad hoc will and purpose, and parties end up not representing anyone in particular – no party has exactly all opinions right on all your issues, and in the end even parties don’t do as promised because they have to compromise.
Organizations. Where group think (is the) rule(s). Where all collectively are expected to behave individually. Or so. At the end of this.
Statistics. Where n times the average of n data points is nowhere the same as any of the data points. The statistician drowned in the river that is 1 ft deep on average. The average human has 1 nipple and 1 ball. Etc. [Let alone causality that is only implied in the human discourse, the Story, but has never yet been proven to exist. Philosophers’ stuff]
Mathematics (I). Where the greatest common divisor decreases rapidly as the number of elements increases.
Mathematics (II). Where there is a continuity ‘correction’ when jumping from discrete to real arithmetic.

But now, first, your pic of the day:
DSCN1315
[Also Girona, oft missed]

Which all reminds us of Ortega y Gasset’s rants against the hordes, the masses – his their Revolt is the fear of the shrinking greatest common divisor.

Which also reminds us of the perennial individual versus history movements when discussing innovation. One can go it alone but will not gain traction. Or (later) succumb to the pressure of joining others but losing something for the sake of being allowed to join. Hmmm, I feel there’s much more to be said here. But the bits margin on this blog did just not suffice. To be continued. In the mean time, I’d welcome your contributions to the above list …

Helpful ‘failure’

This here ‘problem’ may actually not be a let-down, but a help in getting acceptance for xyzCoin (e.g., the most interesting zippcoin project!). Or ..? Your comments, please.

And, of course:

Maslow for companies

Some first sketches of an idea that sprang to mind during some musings about (the feasibility of) schemes that classify maturity levels for companies, or organisations. The idea being that the common Maslow pyramid that, despite some critique here and there that usually points at critics’ misunderstanding of modeling and this model in particular, is still very much valid for establishment of personal preferences and comfort zones.
* Yes I do know the cultural variance in ‘it’.

But the idea quickly stalled due to lack of progress in the bottom layers of the OrgPsyPyramid – what comes first for e.g., start-ups; is that different for established organisations that are under threat of extinction due to disruptors and/or self-inflicted financial troubles ..? Is it market share (these days, a.k.a. active users), growth for growth sake, immediate positive cash flow (or the opposite; burn rate as a plume à l’honneur), or ..?

Hm, it’s time for:
[Tok’about old (?) and new classics]

The other layers, … will follow in a couple of weeks. Think traditional growth, market share, capitalization (or valuation), profits, foundation for longevity. But as we move up higher, as to be expected we’re entering the harder-to-understand regions, being the harder to define, implement and achieve ones too. If you would have some pointers to science already having been done; yes please I’d be happy to incorporate that. So, looking forward to your comments… (as if anyone would comment…)

From Sedlacek to accountancy

While going through Sedláček’s seminal Economics of Good and Evil – which should be a mandatory read for all economics, business, and audit (-of-all-sorts) students, I came across one part that struck me as possibly relevant for direct application in accountancy.
Oh but of course, there’s so great a many more parts that should be applied, the sooner the better. I’ll return one day, in the next couple of months, with probably a series of Book by Quote posts on the book, including some analysis and comments maybe this time. And by ‘direct application’ I meant application as useful underpinning undercurrent, root cause, in tha analysis, of what’s wrong with latter-day accountancy, helping as pointers towards possible improvement(s) there. The kicker is in the tail of this post …

First, this:
[According to legend, the exact spot (flag) where St. George slew the dragon, at the St. Jordi (of course) gate, Montblanc, Catalunya. Somewhat fittingly a bus stop 2 yards away, if you could make this post a similar exact slaying spot of accountancy’s woes ;-]

OK. To start. Sedláček has this chapter where a number of Value systems are lined up. On the far left is Kant, with the good-ness of a man’s actions being everything, regardless of the results. Next from the left towards the middle are Christian and Judean thought, and on with Aristoteles, Epicurists (which I think he interprets, and places, incorrectly), Hedonists and finally on the far Right flank, Utilitarians and Mandeville – Greed is Good or rather: only (!?) vice is good (for progress – and we all need that, right?). When reading this (and, as said, I don’t agree with everything there even taking into account Sedláček’s clear statement that the abbreviation may bend the correctness of content), something struck me:

What if, when, the utilitarians have kidnapped the meek of the middle-to-left; have made them believe that they could remain true to themselves in this hostile world, while at the same time the villains have isolated them from the real world and just harvest their proceeds?

[From here on, it gets contentious. Don’t be put off by what you might interpret as rebellious bluntness. I just have not sufficient time to write it all out in a diplomatic, friendly fashion – a diplomat is someone who tells you to go to heck in such a way that you look forward to the journey]
This, e.g., in the wider society where Jaron Lanier’s siren servers harvest all the data production that consumers do; promising benefits but keeping all the humongous moneys to themselves. And, as said, in accountancy, where the individual accountant (partner) is still allowed to believe (s)he works for the greater good of society, to be a really important cog in (economic) society’s good behavior machine. Where in the mean time, the leading partners (or the jump from individual to collective!) roam off all the vast margins and don’t care less about quality. The latter may sound coarse but considering the pressure on productivity levels and budgets, and considering the declared Holy goal of profit increase (second derivative!) …

Such kidnapping points at the improvements required in accountancy today, in particular re the ‘Big’ 4 their handywork for large organisations i.e. just signing off and caring less (proven) about the quality of investigative work done. The horror to think one would dig deep enough for root causes, that would only cost mo-ney…! and could set us up for confrontation with the client, even by causing the hassle or having to amend (processes – cumbersome and costly, and books – the same).

As stated, this may help in the current discussions about the ‘business model’ in accountancy in particular re the ‘Big’ 4. Where talk is of what the client is that should be served, and how to align payment accordingly. As now, in practice the Board, the very auditee, pays. Officially, the Board of Supervisors (Raad van Commissarissen) does, that in an ideal world would represent not only stockholders’ interests but also other stakeholders’; we live in not quite an ideal world where the RvC has to deal with Regulatory Capture if (not when) they’d be aware of that and would even be aware of the need to break the old boys’ networks. And even then, the client could be the RvC but paying the (external) accountant out of profits comes down to the Board registering that in the organization’s books after the best placed to understand and estimate, the Board, would negotiate the budget. In the end, the auditee pays. Who pays, stays. ‘Whose bread one eats, his words one speaks’ (Dutch). Despite the Good ones trying to maintain their independence, in appearance and practice; this shouldn’t be a struggle but an easy stable starting point not having to depart from or returned back to. Certainly not in public opinion..! But now, is troublesome.
Another option, to hire accountants via the insurance companies that insure the auditee organisations qua malpractice, may work but makes accountants dependent in other ways; insurance co’s aren’t philanthropic institutions and would have their own ways of setting budgets, not ex ante aligned with accountants’ societal interests first.

Thirdly, nationalization of accountants also pops up here and there again and again. Where all accountants – not; only the ones to audit organisations of societal interest – would then be allocated in some way or another to auditees. Regulatory capture and other distortions may readily start off in this mode as well; is this studied well enough? Though in this model, accountants with their legally protected task would earn much capped incomes in line with all (?) other civil servants like street cleaners and PMs.

And, of course, there’s the BOHICA approach.
Which might not even be that bad, if, IF paired with an introspection plus real change where the profit seekers are ousted (and not allowed to re-enter, through changed promotion paths) and the kidnapped are released. So that they can again do their best work, as virtuous (wo)men.

So, this above reasoning all the way from Sedláček to current accountancy business models, leads to the distinction of two different sorts of ‘Big’ 4 partners. Which in turn leads to the kidnap interpretation. Which, in turn, leads to changed promotion paths as way forward.

Aren’t we lucky that accountants know everything about true transparency … because that’s what will be needed when progressing with this. So that no lip service will be paid to these changed business principles.

But wait … all the above should not be news. And appears to be insufficient since, as accountants, the very few who actually do, discussed: shouting for ‘cultural change’ is just window dressing that in itself will not result in said change and may not prove to be doable, as goal. To put it very mildly. We may need more. Along the lines of Mandeville, where the Bad are allowed to exist, are required to exist but don’t tell them (no need), in order for the whole of virtuous society to benefit from them; if there were only virtuous citizens, society would come to a standstill until destroyed (from the outside, mostly).
What if we can devise a (business) model that would actually kidnap the despicable, the money grabbers, and turn them into the nible thrifty termites that we the virtuous ants could live off ..?
[Edited to add: This may require Piketty-style progressive taxes on specific professions, but would that be impossible ..? ‘t Might be done in-house in some way, e.g., by setting limits on the income range, the top 10% earning a max per person of … whatever, times the earning per person of the lower 20%]

I’ll leave you now. A much more extensive analysis may be in order of this subject. Which may or may not follow. In particular re the jump from (sum of) individuals to collective à la Ortega y Gasset and Brian (and followers); an oft overlooked but still Very Hard Problem. But your comments are welcomed already…:

Coining an answer; Bit-passports

The answer to the final question (“… why the governments didn’t invent this sooner,” he says. “I came up with this over a weekend in my spare time, why didn’t they? …”) in this here very interesting piece, is easy: Enrollment Problem Plus Risk Management.

But still, the idea of using Bitcoin crypto style solutions to the ‘international’ passport problem is useful, and might work. In some way. Not this self-certification one. If you’re aware of how long PGP has been around, you should be aware of all the failures of any form of tribal-cred-branching-out IDs.
And, a great many governments may just not have a sufficiently pressing need for a new passport scheme. The risks of the current model, are known and (again: apparently) manageable.

So I’ll leave you with:
[Apologising calmly. And frequently.]

Hiding or in plain sight (IoT dev’t)

In IoT development, there seems to be a disconnect between the hype and the underlying developments. By which I mean that of course, the hype will not play out according to itself, but according “We overestimate short-term impacts and underestimate the longer-term ones”. But moreover, I also mean that there’s a variety of development speeds for IoT. Since there is various types, categories of IoT developing.
As in this here one of my previous posts.

Oh right away:
DSCN8649
[Your office ‘life’, Zuid-As again]

So… what we’re seeing, is certain differences in speeds:

B-inhouse IoT develops rapidly; after some decades of slow introduction of robot-driven factories, we’re on the verge of a breakthrough at less than light speed where the same factories will be linked up to form semi-small, mid-size ‘local’ 3D printing warehouses. Maybe. But certainly, the factories will go the way of data centers, that can be anywhere around the world with only rump staffing locally and control being … anywhere else around the world. With the premise that in the ‘Western’ world, there will be sufficient sufficiently educated staff to control the factories elsewhere. So that ‘manufacturing’ may ‘return’ to the West its origination (Industrial Revolution and since). Nearness of production cutting the costly transport now that labour costs become less relevant, and leaving the most pollutive production where locals still don’t have the economic power to fight the externalities. Short-changing economic development in many places where it had barely started in earnest (no ‘trickle down’ yet). Unbalancing global power developments. We’ll see… Or not; these ‘secret’ in-house developments (in particular, within large conglomerates that can pilot) may not be too visible before their join-or-die breakthrough.
B2B IoT: Same, somewhat. Moving ahead with cutting out the middle men, DACcing all around. Pure economics (power play by big corp’s; ROI et al.) will determine speed(s) here. Join-or-die aspects play here, too; less in outright competition but more in missing out in cooperation, being left in the dust.
C2B IoT: Out in the open, where all the hype is. No concern – as for secrecy of developments; heaps of concerns re e.g. privacy ..!! Critical Mass (as defined in Yours Truly’s seminal graduation thesis of, already, 1990 (on office automation incl e-mail, where it played then) yes a great many years before it was to be called) Network Effect, or – Tipping Point may be the key point for development fits and starts in this one; in publicity, actual adoption and fruitful use.
C-internal: Same. Slower due to legacy. I.e., houses already out there. Some have been around for centuries. Massive update ..? [Edited to add: this here toytoolset seems helpful in this area]

We’ll see…