Information Risk Management – Page 74 – Maverisk / Étoiles du Nord

Buck shot or machine gun; assurance

With news about the slow but steady adoption of SBR everywhere (but mostly on related sites…), it suddenly struck me that with this Standard Business Reporting we see a move from single firings of buck shot to the machine gun age in assurance.

First, this:
[Yup, actual business lurking in the background. Date this pic]

By which I mean that until now, and for a short bit of time to come, accountants of the annual accounts certifying type issue(d) single assurance statements about a whole number of individual reporting items; in conjunction with each other but hence (!) also about all of them individually. The single blow of much data, in multiple but somewhat related directions.
Now, with XML, and XBRL as a common ‘subset’ taxonomy definer, and SBR on the back of that, we suddenly have the possibility of firing a great many but single data points in all sorts of directions. Where each ~~bullet~~ data point has to stand on itself, and be assured separately, aimed at, well, a single recipient.
Which makes a change necessary from the cover-all assurance of yesteryear to a single data point assurance thing of today. Where one cannot rely on context – or the context is re-created by a recipient collecting the data points they want …! – one has to provide assurance on … does this end up with a system-of-production assurance thing again ..?

Hope not. Since that is too far off of any real application. Since assurance of systems misses the vast enormity of details that matter when one wants to give assurance on … details. What then? Both. Both systems assurance overall, not circling on the ledgers only. And detailed assurance per data point or tinysubset. With SBR for target audiences as intermediate [stage?].

And, will we not need the ‘traditional’ assurance over annual reports anymore …? Well, we will, for sure as we seem to need more than ever true and fair views of how business in general was conducted, to establish credibility of management control for the (near) future. But then, such reports would be enormously much more qualitative by nature. To be qualified in a very non-quantified since by second opinion givers like accountants. [And/or others …!?] What lyrical prose we’ll have, what market push to cut the cr.p, what difficulty of accountants to grapple with the auditees’ sheer poetry enlisted to window dress.

Moar will follow, especially re single point assurance…

Hopefully, CitizenMe will be trending

This may be a trend: Decide yourself what personal data to ‘sell’, and for how much. First step: Know what you ooze out. Hopefully, through this we’ll awake and implement Jaron Lanier’s dreams…

And even before this post came out, there’s an [update] to do … With this.

And then, of course:
DSCN0088 [‘goza just like that, for no apparent quality or reason]

IoTsec as expected

Yawn. A decade of humongous growth in Information security is coming. To tackle the likes of this.
Think of where the somewhat organized, somewhat budgeted, somewhat up to it corporate world now is. (With the public organization world lagging, seriously, on all counts.) Then think of what it would take to make the general public ‘safe’.

And then think of how many InfoSec professionals would be needed. Yeay! Indeed, as in:
[Onto Val d’Orcia, as you spotted]

Gotta TruSST’MM

Had been planning for a long (?) time already to write something up on the issue of Trust in OSSTMM3© – in particular, how it doesn’t conform with received (abstract) notions of trust and how that’s a bit confusing until one thinks it through wide and deep enough.

First, a picture:
DSCN4198
[Controlled to I/O, Vale]

Then, some explanation:
As I get it (now!), the OSSTMM model defines Trust as being an entry into or out of a system/component (objects, processes). The thing you may do when you are trusted. Literally, not the protection wall but the hole in that wall. Which isn’t some opinion thing the holder has of the visiting tourist. Interesting, but troublesome in its unsettling powers.

Dang. Running out of time again to delve into this deep enough – in particular where I wanted to link this to a previous post about identity and authentication … (this post in Dutch). OK. will move on for now, and return later. Already, if you have pointers to resolution of the differences (the whole scale (?) of them), don’t hesitate.

No Yo (~ Carpe Diem)

Well Hello! has anyone seen an app this stupid lately ..? Yoyoyo!
Looks a bit like:

[Dutchies read this review; star rating appropriate: (Parool review)]

Or remember the I Am Rich app:

Altogether, this sort of thing is for the yolo generation, that had forgotten how hip it is to not know one’s Carpe Diem – right! Same expression, same content. Sort of, not; the original at least had the idea to let you make most of life, not to get you out of the gene pool ASAP as per these awards that have been around since the inception of the ‘Net …
[Updated to add: Yo themselves can’t seem to grasp their own irony, as in this article…]

SecSec, two angles

Thothtech has a very useful and readable overview of ‘national’ versus ‘personal’ security.
Go read it a realize the balance has gone.

Go on! I meant that!
[Such detail, much masterpiece]

Business Model Down

[Deventer for zero relation with the following]

Although probably hardly still the core money maker for Big G, collecting search data for may fall back maybe significantly in the near future. Since, e.g., when did you last search for something specific enough that patterns may emerge from it..? Wasn’t it just point-and-shoot search-phrase-for-single-answer work that you did, if at all because you entered full URLs anyway ..?

Unless you’re of course part of the hoi polloi that delivers such low ultimate revenue to advertisers that it’s not worth it just return to mass marketing and don’t need Big G data specifics for that.

{Edited to add:]
… Ah, so that’s why said company is moving so swiftly into AI…

Welcome to Hotel SV

Just a short note; tinkering with more ‘cybersecurity’ songs (to support (or not) #ditchcyber), I came across the following snippets…:

“Welcome to the Hotel California”
“Such a lovely place”
Such a lovely face
Plenty of room at the Hotel California
Any time of year
You can find it here”

“Bring your alibis”

“Mirrors on the ceiling”

And she said “We are all just prisoners here, of our own device”

Last thing I remember, I was
Running for the door
I had to find the passage back
To the place I was before
“Relax, ” said the night man,
“We are programmed to receive.
You can check-out any time you like,
But you can never leave!”

How’zat (sorry (no I’m not Canadian) USofA, culturally you’re still 99% British so you should get that reference) for the famous search engine’s approach ..?

And, of course:
[Yeah Breck is CO not CA, about two decades back]

Crowdjustice

Wellicht zullen gevestigde belangen (weer ten onrechte … DNB-kneuterpietluttigheid-waarschijnlijk-uit-doodsangst-uit-onbegrip (hoewel dat d… terecht, en gewenst?) vs California State…) gaan waarschuwen voordat de vergelijking met de huidige feitelijke situatie voldoende fundamenteel en objectief is gemaakt, maar dit is natuurlijk een interessante nieuwigheid; crowdsourcing justice. En voor degenen die jury-rechtspraak iets engs vinden wat wat de boer niet lust, leze nee bestudere dit werk eens.
Plots komt zo veel samen… Vreugde alomom zo veel culturele vooruitgang.

[Edited to add: Zie de post van 25 augustus 2014…]

En dus een vrolijk:
[Kan dubbel zijn, swa]

COPE a Nope

Hm, this piece seems to miss the point entirely…

Because the move to BYOD had/has (sic) nothing to do with operability. But all with power. And speed. COPE will be much more of the same, but with an even more inexplainable awkward speed/flexibility/functionality trade-off. With nothing of (e.g., the European current and forthcoming Regulations’ and practices’) privacy in mind, just pipe dreams of regained totalitarian control. Heh, if that floats your boat, everyone’s including or except your boat has left the harbor because ships are safe there but it isn’t what ships are for. If you can’t see the analogy … you’ll be sunk.

And then, there’s a pic:
[Great for learning gaff rigging but for serious yachting…?]