Information Risk Management – Page 9 – Maverisk / Étoiles du Nord

Shadow IT – no problem

In the upheaval of the last decade or so on the rush to the cloud (no, not that cloud though rush-related), a similar development preceded it – and still runs on. It is the spectre not only hunting Europe (and certainly the deviant [all manners? ed.] off the coast, splitting but not drifting away like an Iceberg would. should…), but everywhere else as well, the spectre depending on who you ask of Shadow IT.

Which is facilitated through XaaS (SaaS/PaaS/IaaS/…) availability. But which hardly ever is allowed… — allowed through being compliant with organisational standards. From anyone’s perspective but the IT club’s, it is not about breaking the in-house IT vendor lock-in barriers. That were breached becaused the bounds were straight-jackets. Don’t try to break those, just sneak out the back door. But it’s about the latter, seeking what wasn’t provided in-house on one’s own account, previously not having been ‘allowed’ but it was IF the solutions sourced, complied with the security (mostly) requirements set at the organisation-wide level, and set from the business side of the organisation.
Controls in or out of IT, required by IT to be implemented elsewhere, are about the particular IT solutions chosen. Solutions to the problems identified in control objectives and controls, always having alternatives in the latter. So, when through these IT-dictated controls, your preferred solution cannot be made to fit (or only near-unusably awkwardly so), they do allow you, even in a sense require you, to go for shadow IT.

Which, hence, is permitted If ad only if being (security) controlled at at least the same level of control objectives achieved. So, some department might have to re-build all of the IT department’s load of overhead qua systems management, all of ITIL or even CObIT, all of … wait, not ISO 2700x – that is an organisation-wide thing already or it is of fact a crappily implemented thing. So covers the shadow IT as well, fitting in the latter under the umbrella of the former. That’s where the battle would need to be fought, if at all since the shadow runners may very well have done a good job at running an outsourced-portfolio coordination team, neatly sheltering under the umbrella already. Showing the IT department how that’s done.
Possibly [hey I’m over-using the em-tag or what; ed.] doing it both proper and cheaper. Usually doing not the former, hardly the latter and certainly not the latter if the former is corrected. But sometimes, showing how; when IT told them that was impossible, they just did it. As good / better, and cheaper. Yes you can, to paraphrase some sorely missed leader.

In the interest of the organisation, sometimes shadow IT should be the preferred solution direction…
I’ll stop now before angering too many. And:

[The (black) details, are they essential? In a way, but could they be different or would you have chosen these in the first place …!? Prague]

Copying it bluntly, for you

Just like that, a full page of niceness and arguments to consider. Guess which one I’m switching to. So should you. Competition, leading to improvement.

Neo is right

When it is about the way The Neo-Generalist, Kenneth Mikkelsen and Richard Martin, is:

The Neo-Generalist is both specialist and generalist, often able to master multiple disciplines. We all carry within us the potential to specialise and generalise. Many of us are unwittingly eclectic, innately curious. There is a continuum between the extremes of specialism and generalism, a spectrum of possibilities. …
Since the advent of the Industrial Revolution, our society has remained in the thrall of the notion of hyperspecialism. This places constraints on the way weare educated, the work we do, how we are recruited, how our career progression [say what? ed.] is managed [not; ed.], how we label ourselves for the benefit of others’ understanding. …
Our workplaces, governments, intelligence agencies and other communities and institutions constantly complain of silos, but that is an inevitable consequence of our promotion of hyperspecialism. So too the myopia of expertise that prevents us from seeing properly what is right in front of us, or connecting it in meaningful [sic; ed.] ways with other information, other people. [Preface, almost completely]

The institutionalisation of the label, and the constraints it demarcates, both physical and psychological, is an unfortunate legacy of the Industrial Revolution and its effects on society. The scientific management practices popularised at the turn of the twentieth century retain an insidious hold on how people think and organise themselves for manufacturing and knowledge work, even extending into Healthcare and education. It is a dehumanised and mechanical approach that views individuals not as people with unique charcteristics, knowldge and expertise but as replaceable parts. Their very humanity is occluded by the labels they are forced to bear. We remove this welder and replace them with that welder. When this accountant leaves, we will hire another accountant. Our project managers, nurses, teachers, bus drivers, are considered entirely interchangeable.

In the meantime, however, we have set up a conveyor belt of humanity that is geared towards squeezing people into the correctly shaped holes, ensuring that the label fits. Hyperspecialism is the end goal. … Educational choices made during our impressionalble teen years can have a lasting effect. To select is also to exclude. Opting for certain academic disciplines during high school limits what can be pursued at university or as a trade. For those who aspire to it, a higher-education specialism then narrows workplace possibilities. Qualifications lead to employment, whcih in turn leads to the constraints of a role and job description, the path towards increasing functional expertise. Measurement and performance assessments impel us to sharpen our skill set within the restricted field. The myopia of the expert sets in. The boundaries within which the specialist operates get narrower still.

The funneling has an inevitable consequence: it fosters silo-based practices and behaviours. Corporations, government departments, intelligence agencies and a host of other types of organisations bemoan the disjointness of their departments, the lack of interoperability between IT systems, the hoarding and protection of knowledge. Yet this is the end result of a system that encourages hyperspecialism and narrow, deep expertise. [pp. 24-25]

And so it goes on, with relevance. We may interject a full Book by Quote later, but for now leave it at this and encourage you to Study the work. To weep and learn, how you should not do it. I mean, tag along. Resist!

Oh, plus:

[Cordoníu the Beautiful (~ design by Puig i Cadafalch), San Sadurní d’Anoia Catalunya]

Where art thou, APT ..?

In line with some previous posts, about e.g., the Maker Movement, I’d like to ask if anyone knows the whereabouts of all those pesky APTs that were around a couple of years ago. Oh, yes I do know they’re in your infra everywhere all the time, but qua publicity, qua countermeasures ..?
I would like to hope that in this case, more contrary to its nature you can’t get, it would indeed bebecause (sic) of having been dealt with sufficiently in the past. Or the whole APT thing turned out to be a [any country’s] TLA move – of a side with ample publicity-suppressive powers everywhere.
But that would be day-dreaming. So, I’d like to ask your insights…

And:

[[Fuzzyfied] Oh, just some storage room in my house. Or, somewhat more, at the Royal palace, Dam, Amsterdam]

Tech-brittle society

Anyone already studied the brittleness of society re technology ..? Of course, we all do know there’s a lot of ‘critical infrastructure’ out there. But do we realise enough, that it’s not only those somewhat-well-defined (not) industries that might suffer from any form of e-attack (incl EMP; what was it with those old low-band radars that the Russian had stacked behind the Ural and were found to be very effective in picking up F-117s because the latter had never been back-tested so far ..? Same, here ..?), and society as a whole might be blown into disfunctionality when some, not critical-industry-confined but ‘class break’-like attack were to be attempted ..?
I’d think not. The more complex society becomes and (hence !) the more interdependencies there are that already work with ever slimming margins, the more brittle our society becomes, the more it is like a giant house of cards, ever more critically stable before one wind collapses the whole shazam. And the less people there will be, that remember from long times ago how one would run a society in a much less complex way… If anyone still uses ‘shazam’.

Plus:

[Even those were, are complex machines to operate. And what if your coal is delivered just-in-time by some networked drone delivery in the ‘chain cloud or so and none of that still exists ..? Utrecht]

Do you business card, still ..?

Once upon a time there were infrared dumbphone-to-dumbphone connections replacing paper business cards. Or people had fancy-shape mini-cd-ROMs.
Now, we have … paper business cards. Or do we ..?

Would love to hear from you whether social network platform invites are already established easily enough at any networking F2F without the awkwardness of having to use your smartphone in such meetings, without looking sheeplish. You replies via the socmed platform you found this post through, please, so others see this whole thing and may contribute – or it’s just that the Comments sections of this blog don’t work.

Oh, and:

[It’s not your vault; De Bazel Amsterdam]

No confidence voting

Why would it surprise anyone that these here results came out of the Defcon 25 Voting Machine Hacking Village ..?
More importantly, where is the true side-by-side comparison of trraditional paper-only voting against all safeguards thinkable by today’s voting protocol science ..? (As here and here, to name a very few of the tons out there)

And, where can blockchain fundamentals be applied to ‘vote’ more equally and/or provide a graceful degradation or (hacked to breach to skew) error correction mechanism ..? Preferably with two-round- and/or multicameral (2+) systems tweakability; that would be grand.

All else that would need to be arranged, would be … [similar to encryption in general practice…] error-free, tampering-boobytrapped implementations… Good luck with that. And:

[Museum of tamper-free hence ?? abandoned voting system ..? No. But a museum, Lissabon/Belém]

A philosophical one: Polynesian time

When one considers Einstein’s profound maxim Time is that not everything happens at once, is one lost for causation and/or free will ..?
The former excluding the latter, if taken to its utter consequences. The latter, presupposing the former or how else can one’s decisions turn into actions turn into something chosen among alternatives that can only exist when alternatives are potentially there, excluding ultimate-causation theories. With the apparent-free philosophies in the middle.

But that’s not my point. My point is: The thought of Polynesian navigation crossed my mind. Not in a literal sense, but in a cultural sense where (the Original) Polynesians, as lore has it but there’s nothing against believability, would not actually sail to another island but the world would rotate underneath them. The traveller would remain in place, with everything else shifting.
Is this how we all travel through time, individually? We all staying in the (Here and) Now, with the Past slipping by us, behind us, and the Future just rotates to under us?
Is this impacting on causation and/or free will ..? Will have to think this one through; awkwardly hard.
Where would the ‘everything in the universe is not matter or natural laws or Energy but Information’ or ‘All energy is Information’ school(s) fit in ..?

I sense there is a link between the Indivudual Time / Universal Time dichotomy, if that’s not refuted by Einsteinian / -adepts’ time relativity theory. Another one to think through.

Qua individual time nevertheless, it’s comforting. Time-wise, we are where we are. No need to ‘be in the moment’, we already always are. No worries about the past or the future; those are, already, somewhere (in time). [Apart from having to care for one’s mortgage…]

Oh well, the head spins (+1/-1 ;-| ) when thinking too hard… Hence:

[Into the distance… Belém]

Dubbeltestje

Ubent nu onderdeel van een testje. Niet statistisch verantwoord, maar dat is sowieso vrijwel nergens te vinden; dát zijn pas unicorns …
Anyway, without further ado, let’s see how many (huh) hits this post will get when it’s half-Dutch. When you’d interpret that as half-baked, you’re correct…(?)

Terwijl er tegenwoordig héél wat luipaarden zijn, die nu dus voor de foute partijen kiezen contra het vage clubje, “ze”, die de leeuwen zijn in dezen. De welpjes, die hebben nergens benul van noch hebben ze ooit iets fout gedaan (?). Etc.; het is allemaal nog heel relevant vandaag de dag.
And, on a lighter note:

Gödel around the White House

Any consistent formal system F within which a certain amount of elementary arithmetic can be carried out is incomplete; i.e., there are statements of the language of F which can neither be proved nor disproved in F.

How does that not relate to what we’ve been hearing a lot about in ‘Murican politics, lately ..? And, how does this not lead to absolute nihilism all around ..? The seriousness of purpose not reflecting the seriousness of the attack which is at most an amusing re-calibration of sanity, outside the attackers’ circles. But then again, how is that not like about-a-century-old politics, knowing where that lead to ..? If only the damage could be so-very-limited in comparison, to what humanity had back then.

But hey, maybe we will be burnt off the earth before anything that bad happens, right? Always look on the bright side of life [no link to the #1 of your playlist necessary]. And:

[It’s only a model”– also without link needed; ineffective as such but hey, it’s Châteauneuf itself; no “-“, near the church of Flip and Sjaak]