Category: Information Risk Management

Continuously intermittent

Why processes don’t work, at all: The blocks. The activities scheduled, often only throughout the year, in sequence. As if … Reality will throw all activities at you every day, as reactions to incidents and panics.
Along the lines of “Can’t have a massive data breach today, because this first quarter we’re only supposed to do risk analysis by the book – unsure if by Summer, we’ll have finished this as everyone is learning the first baby steps of it in turns. Come back per September and we’ll have a result that no-one of us recognises, or anyone else for that matter, as anything approaching a serious result, and no-one will know what to do next or have budget for it.” (Remember, the 15.5 risk ..?)

Practice may sober you up. Then, auditors come around. “Check. We did ask about this. Uncheck. You failed to do the irrelevant. It’s nothing personal, but your head will roll.”

Oh well, Mintzberg had it right already.

Check; need to write this up in some white-paperish long-form post. Closing off now, with a picture for your viewing delight:
DSCN6305
[Ah, what a monument, what a museum!(piece) to cherish, to search for]

Selecti(n)on

DSCN1197
[No room for downstairs personnel]

Where are the leaders?
I don’t mean the hopeless hapless clueless bureaucrats that label themselves such.

I mean the kind that opposes the following:
Every time again, when something goes horribly wrong in society, it turns out there are few to blame, if any, after careful search and much (self- and friends-)exculpation. It appears as if (read: when) all societal structures, regulatory and oversight structures in particular, are just set up to spread accountability. So that when all are accountable, none are accountable.

Quod non! However, the meek, that shall be eternally butchered in hell for their inaction against Evil (i.e., bureaucracy and its drone executioners), their complacency and their numbness. Is the latter a definition of blindness to the real world?

E.g., in the world of temp staffing, in particular re freelancers, contractors, external consultants. Some department has a need, however inexact the requirements for the solution. The in-charge must deal with HR, and Procurement (in all their shades and clourings, and many other departments probably too), to get a slot filled. HR and Procurement have NO clue whatsoever, are only marginally capable of posting a check box list from some outdated, never-have-been-valid longlist of randomly assembled requirements.
Candidates apply. The ones that check all the boxes (currently, often automatedly, shutting out even more interpretation), get the job. The ones that fulfill the original need, don’t. All now must be satisfied for procedure was followed – to death. The problem owner isn’t since (s)he gets only the dull, the procedure-fitting, not the original, the fresh, the new, that could actually create (new, innovative) solutions to the ill-defined problem. The true candidate isn’t because (s)he’ll never be able to deliver the real solutions.
How can you comment when HR and Procurement just did their jobs ..? When in fact, they didn’t. But theirs was not a lofty goal or objectives, theirs was just the mincemeat targetlets. Operation successful; patient died.

And don’t start on the financial sector… And every business failure in between.

Or do we first need to revert to common sense in principle-level target setting, over just the quarterly figurelets..? This may not catch on quick enough to prevent the mob from raiding the regents’ houses… (as here (Dutch)).

So, where are the leaders that call this crap for what it is, fire all those that refused to think, and instate and require direct comms wherever possible …?

No me auto

On the quest to maintain autonomy as Freedom, as the driver for privacy.

First, a picture:
DSCN1118
[Oh look, a fig leaf of green, so this isn’t Metropolis at all (…?)]

Yes, indeed. I was triggered by the ‘blessings’ that Big Data may deliver in e.g., health care, where Watson-like doctors may deliver more accurate diagnoses that humans might. IF, big if, they’re fed with the right information. Restraint will not be in the system.
But, moreover, it is not the emotionless (?) machine we fear; it’s the loss of control. A human would interact; a machine, well, wouldn’t have need for that as it’s ‘always’ better than a human, and shouldn’t be second-guessed. A human doctor we can still distrust even if posing as an authority.

In there is our fear: The loss of control. The loss of autonomy.

Prisoners don’t fear guards as long as the latter just act normal. Because then, the latter are drones that actuate the System, the bureaucracy that is the Power That Be. Abusive guards, overstepping their (‘minimal’) power, lose that authority and are just Evil.

Humans fight bureaucracies because of the loss of autonomy that these bring.
Ever since Man (F/M) became aware of his autonomy in the dangerous environment, she has strived for control over that uncontrollable Nature beast. Most of all, by growing a pair, of brain halves, to a size so huge that pattern recognition leading to predictive analysis was bound to spring up. If only one could predict Nature, then one would have power over it because nothing surprising would happen. And then, one could do less fleeing, a bit more fighting and feeding, and much more of the Four F’s ‘F-for-reproducing’.
Ever since Man (M/F) started to cooperate in groups, there was a balance of sacrifice of autonomy, independence and efforts as inputs versus gains from cooperation.

And now, with the übercomplexity of society having passed a threshold somewhere in the mid-19th century, there is no room, no dream, for escape anymore. Until then, there was sufficiently vast terra incognita’s, (near-)unoccupied inhabitable lands, that there was always the alternative, however distant in achievability, of quitting the Contrat Social. Or, as before, societies weren’t overly complicated (for: ), one could start a revolution, or so. To get the non-autonomous together and with their combined muscle- and brain-force, get all to be free again. Until then, there was no notion of privacy, but it did result quite quickly (well, in line with the speed of societal development that then was also seen as being high…).

Which also ties in with the overwhelming Big Corp (Google, the Second Tier, and the rest) dominance over governments is steering our societies as these integrate. These uncontrollable beasts go far beyond what ‘democratic’ geography-tied national authorities pull off. Pulling both the TLA-agency snooping (automated trawling for patterns; no humans involved! but that’s exactly where the (above) fear comes in: uncontrollability as it’s too much, too fast, too abstract to be tractable for humans…!) and the loss of copyright over one’s own data (production) into the picture. The latter, as in this most recommendable book.

[Bell for a relevant intermission]
Or … this; around 0:37- but the whole thing isn’t too long and needed for full understanding – yes indeed if that was The Message, then it is, still, for all.
[We’ll continue the show]
Continue reading “No me auto”

T-Rend Not Found

DSCN3994
[How to call this, politically correct..?]

Uhm, would anyone have a serious overview of security trends as they unfold this year ..? So far, there’s nothing but a handful of incidents. Or is my memory just insufficient …

Anyway, I’d really like to at least have some classification scheme whereby we can bin various news items. “Antivirus is useless since it’s reactive and too slow for the rapid morphing of fingerprints” versus “Heuristics and profiling [secondary signatures?] solve this, as does upping the effort; unprotected neighbours go down first, please” would go into the Basic Endpoint Protection bin, for example. Privacy would be a similar bin. But who has a useful (sic) partial taxonomy or tree ..?

Kennis-werkers?

Short post, long read (in Dutch): Surprisingly valid, all the things I dreamt up in 1994 … this paper on Kenniswerk, in particular from page 13 on – but the rest, is also still valid and very worthwhile reading when I may say so.
And a picture for your viewing pleasure…:
005_21 (2)
[Where? No contest.]

Die Information

DSCN5494
[Twisting by the pool]

Claim. There needs to be some seminal work of economics on the thing that follows Labour and Capital, being Information. And how societal structures are impacted. I will write that book. Someday. And/or, sooner, when (not if?) you fund me through some crowdfunding scheme. After Das Kapital, a new wave.

Frameworks, the inventions for …

DSCN5676
[Sturdy volume, i.e., Rotjeknor]

… for hanging.

Most unfortunately, after the demise of SOx et al. (as in this and many other places) there still hasn’t been a decline in interest for ICT management frameworks.
Which is bad, because

  • The Odies of this ICT management world, that is, both the ‘managers’ themselves and all the hangers-on like consultants, internally and externally, compliance freaks, auditors, etc., will still require yet more implementations of ‘new’ frameworks that, luckily, are so much blown out of proportion that their giant bubble content has diluted to a level both easily implemented and ever more quickly demonstrated to be failing the achievement of original objectives. Much ado about nothing.
  • [But after so many rounds of failed framework implementations, why a. do you not realise that it’s stupid to even try, b. do you not fire all that were involved as they apparently didn’t deliver ..? The latter, as continuous renewal and improvement must have been part of the implementation all along, and that hasn’t happened …!]
  • The strive for framework implementation still takes all the resource away from growth avenues, to calcification practices.

Get over it! The world has never been more unstable than [pick your most recent timeframe you consider relevant, when less than one year …(!)] … I mean ever before. [Sorry for the warped sentence; you get my drift.]
Which means that the cozy cold (!) sitting still like a rabbit in the headlights that frameworks will coax you into, will not carry the day if it ever did (do you need the spoiler? : it didn’t). By stifling any other, maybe actualy innovative, useful-in-prepping-you-for-tomorrow projects as they get implemented, and afterwards in particular if they’re successful.

Would I hence advise to use frameworks?

  • I don’t, if you’d want to take them as more than rough guidance. Use your brain! Frameworks are what they are, they’re not filled-in voids in between.
    And/or I can, and want, to help.
  • I do, if you want to crucify yourself (sic) on them. Not trying to be harsh, but good riddance.

OK, now have a look at your own industry. Finance including (ever more) central(ised) banks, anyone ..? Ever more attempts to regulate, to smother in totalitairan bureaucratic control …? And still wondering why and how the disruptive greenfield ops take over?

Straight

Was triggered by this:

That is in front of this little post: 15k infections is only 0.001% (a 0.0001 fraction) of all apps installed, that have malware. So, ruling out that you install anything remotely rougue or hacked-for-free-download, the risk is negligable.

Which is why we may ask anyone would care. After, for pennies!, we can have antimalware and not bother anymore, we should even care less… which is when it gets interesting. Je vous présente… the attack vector of three years from now, when everyone will have forgotten about it.
For now, I’ll leave you with a picture. Of course.
Photo20 (4)
[No wuss consin, by FLlW]

Maverisk / Étoiles du Nord