Information Risk Management – Page 79 – Maverisk / Étoiles du Nord

Seriously, what is @google up to ..?

Just a short note. Or question, rather: What the … is Google up to, these days..?
I mean, Glass has turned into a pilot thing, as yet testing the waters only, but spawning a whole eco(?)system of wearables. One of The Other Ones (fubbuck) swallowing up Oculus might tie in to this (pre-emptive, to keep it out of G’s hands ..!?), or not.
And after Hadoop there’s news on WebScaleSQL; I can understand that (but see how this means reaching out to conglomerate with erstwhile fiercest (attention) competitors).
But then there’s AI. Yeah, that might improve Search. But the potential(s) for game changers of unseen kinds are limitless. Is the Big G trying to outflank Watson, and/or will G morph into the Matrix ..? Blue pills…, blue pills everywhere….
Compared to this, the jump to Gmail Banking is just a little one, (will) disrupting only a couple of major industries.

As it all stands; what is Google’s grand master plan, or if there isn’t one, how could one get a good overview of all (sic) the initiatives in the wings, either public or, of which I guess there’s a lot more to know, internally?
I would sign a stack of NDAs to get an insight – if only to be able to decide on a reinventive career switch… Thanks Google if you could reach out to me!

Oh and now to close it off of course encore the usual picture for your viewing delight [sits on ‘Picasa’ somewhere anyway ;-]

[Appropriate, if you know what/where I mean]

Pontefract on dreaming

Oh how I do <heart> Dan Pontefract’s post on dreaming.
First, as you expected, a picture:

[How short do real creative ideas blossom]

Or, maybe go further and strengthen some, most often even virtually absent, actual praxis of rewarding the dreamer. For bringing the ideas that the future your organisation needs. Continuing along the trodden path will, for certain, as you know, bring about your downfall. Your downfall, as progressively, you will be less and less able to run away before the blame buck stops at your desk.

Which leaves the question: How to rate the performance of dreamers? As their dreams have varying, varying future values. What value to attach to ‘avoid extinction’..?

To be continued.

Seth’s Blog: Not even one note

Ah, so true; music over mechanics. Same in business, same gross lack of capabilities (including lack of (self)awareness about this).

Seth's Blog: Not even one note.

And a picture for the effort:

[Walk in the vintage park]

Ni Dieu ni maître …?

On the non-existence of ‘governance’.

Suddenly, I realised the full truth of Mitzberg’s dismissal of ‘governance’, since the traditional management would fit the bill perfectly but it has devolved to nothing more than a numb sort of administrative-clerk role (if you’ve read it and don’t understand, re-read it until you do).

Because, ‘governance’ isn’t anything. That what is assigned the ‘governance’ label, is nothing, literally and figuratively, and in all other ways nothing, more than plain good old management. Those who need models to do that, proof ex ante to will fail at their job.

Some of you may have heard me whisper, say, yell, over the past decades, that ‘governors’ are just a bunch of calcified obese that got stuck in their place and for mortal fear of being found out, they’ll mumblebluff their way through anything, anything, thrown at them. Zero, really zero, control over actual affairs, zero understanding of how shop-floor level work (the horror!) keeps the whole house of cards afloat, zero understanding of the treacherous nature of the false prophets deployed as ‘managers’. A few, a precious few white crows… the masses of them (all), just black. Inert.
If all ‘governors’ would disappear at once, wouldn’t society’s productivity shoot up through the roof ..? Wouldn’t actual managers step in and do the little bit of steering that’s required? Wouldn’t they disregard any of the ‘managers’ that (would) panic around, pushing them back into clerkdom ..?
Sigh.

One can dream, can’t one ..?

DSCN0962
[Which one is it ..?]

Top-down fantasies

And so, the emperor was shown to wear no clothes…
One couldn’t even blame PCI too much; their standards (meaning: as in uniform things, not the flags one can rally behind) actually do include pointers to deeper (and common-sense) actual infosec control implementation. But not throughout…

… nor systematically. As written before, and in many other posts on this site: The Information Security “Management” (quod non) “System” (quod non) was trusted because upward reporting on its efficacy showed ‘satisfactory’ or better – without realising that its was just deafening and wholesale bureaucratia’s babbling.
If you believe in compliance reporting and similar fairy tales, you’ll believe anything. How much misery must be heaped on all that can’t help it, and all that might have, before the fear of independent thought is restored in particular where it’s needed…? We may get philosophical here. And/or practical. Or whatever. It’ll takes a book(s) to describe it clearly enough for the unconvincable to be convinced or at least to get them out of blocking positions. They truly are the Maginot line of organisatia.

And a picture to close off for now:
DSCN2894
[Still somewhat light, though sturdy; Enschedé]

Infosec: outside in / inside out

One of those “When they speak, others listen” has a say on the future of infosec.
Dr. C. Dr.ow at it again.
First, a picture for your viewing delight:

[Private enjoyment for the general (not.)]

Which points at the other of two major approaches to get better information security throughout society. Not, by expecting Every Man to do His Duty, or by “Ik val aan, volgt mij” (the hero here), getting better security in a piecemeal way by (having to) upgrading each and every foot soldier read Internet user every time again through labourious exercise.
But by instating societal institutions that govern infosec for us. And then I thought that CD wasn’t a fan of governments…

Nevertheless, interesting. In particular, if some form of transparency could create True Democracy in this field. Which I doubt. But again, nevetheless interesting.

Shortie: Your meek / bleak future

As confirmed by Forbes, no less, in this article. Not much can be said against this…

And a picture for your viewing delight.

[About all there is to Commercy]

Rule-based rules rule, babe

First, a picture for your viewing pleasure. You’ll need it.
DSCN5208
[OK, noga I mean toga I mean yoga class, Bryant Park]

Solliciting your help in trying to find the lapse of reason in the following:
Rule-based laws, or regulations, or organisational procedures, aren’t always bad. There need not be a principle-based approach always certainly not since (fact) that deteriorates over time into yet another bucketload of rules every time again for clarity [which proves it just is too difficult for the great many, to think, to only need the principles and act accordingly…].
There can be simple sets of rules… here and there … IF those rules are the precious few guiding rails needed, to keep everyone in reasonable alignment. Brushing off the sharpest edges, and standing ready in the background when something might go heywire.

In organisations throughout. Anything one can dream up, may be left to the specialists (if…), who (should) know best and need not be micromanaged.
Who is it that thinks to be better at rule-setting than the ones in the midst of turmoil in the first place ..? The compliabully, yes, but kick back (Frappez! Frappez toujours!) for freedom. The biggie rulesets derived from principles or not: They squash your freedom of action, your independece, your autonomy.

Take a look at societal rules. The law books have a few very abstract principles, and a great many very detailed rules… In case of doubt, courts come to the rescue [give or take that even there, one cannot be 100% perfect always]. Normal people using their normal brains, will not overstep the line.
Why can’t subsocieties like industry sectors function the same way? No autorities there, to govern the lot? Too many free riders and other scum, maybe; then step in from the outside and wipe it all clean (including the internal cleaners that didn’t perform – claw back their income in full as they didn’t deliver on their promises. Bad luck, such is life throughout the centuries).
Why can’t subsubsocieties like organisations function the same? Same. Would wipe the top half of many an organisation; silly bureaucrat mice walking on the bridge next to the elephant and claiming how much noise you make.

So, would we need oaths per professional association or per industry sector? No. By having been born, one has sworn to uphold the law that includes the lesser rulesets that any halfbrained dunghead could know to have to work within.

Connections, tangled

Yes, that’s my InMap (http://inmaps.linkedinlabs.com). Quite a messy thing. Large clouds of KPMG [blue], ABN AMRO (various subsets) [orange, green], Noordbeek [light orange], Achmea [purple], NOREA [lilac] in it, too, Maverisk/ISSA [light blue] etc.; aiming for connectedness is nice but I think I’ve wiped enough into one tangle. The top grey Private, #Tuacc et al., ICC and Miscellaneous, is obviously less of a mess.

Oh well.

Postquote

Just a rip from Seth Godin’s blog:

Entropy, bureaucracy and the fight for great

Here are some laws rarely broken:

As an organization succeeds, it gets bigger.

As it gets bigger, the average amount of passion and initiative of the organization goes down (more people gets you closer to averge, which is another word for mediocre).

More people requires more formal communication, simple instructions to ensure consistent execution. It gets more and more difficult to say, “use your best judgment” and be able to count on the outcome.

Larger still means more bureaucracy, more people who manage and push for comformity, as opposed to do something new.

Success brings with it the fear of blowing it. With more to lose, there’s more pressure not to lose it.

Mix all these things together and you discover that going forward, each decision pushes the organization toward do-ability, reliability, risk-proofing and safety.

And, worst of all, like a game of telephone, there will be transcription errors, mistakes in interpreting instructions and general random noise. And most of the time, these mutations don’t make things wonderful, they lead to breakage.

Even really good people, really well-intentioned people, then, end up in organizations that plod toward mediocre, interrupted by random errors and dropped balls.

This can be fixed. It can be addressed, but only by a never-ending fight for greatness.

Greatness can’t be a policy, and it’s hard to delegate to bureaucrats. But yes, greatness is something that people can work for, create an insurgency around and once in a while, actually achieve. It’s a commitment, not an event.

It’s not easy, which is why it’s rare, but it’s worth it.

And a picture for your viewing delight (?)

[The epitome, unfortunately]