Innovation advisory and IRM/InfoSec/I-Audit services. Positive contrarian, inspirator, loosen-upper.
A sad state it is, when WordPress continues to Always (there you go) capitalise Always (yup) automatically. There was some other words as well, that get capitalised like it’s a product ad. Except that I’m quite 100% male so have no business nor advertising value for the A product range…
Stop it! You annoy me. Which is bad, very bad.
Plus:
[The exact spot of origin of Oh Say Can You See … for no apparent reason. Hint: O!]
I‘m referring more to dull trades, like auditing, than what your first thoughts were about…
It seems hard for some people to get their heads around the still persisting problem with AI introduction into regular trades, that when deploying AI to take over the rote grunt work at the lower rungs (which is, by definition (?), all that’s just behind your heels) and leaving the more intricate, ‘difficult’ and ‘intelligent’ work like decision making and risk weighing to seasoned, experienced professionals (to which you belong of course), that there will be no more seasoned, experienced professionals since the seasoning and experience is in years and decades of the rote grunt work that no longer exists for humans.
The ‘difficult’ decisions will all the more speedily be taken over by exponentially self-improving-on-the-intelligence-parts AI, as humans fail ever more quickly at those tasks. The excuse that the lower rungs failed in providing proper intel, will not work; higher-up humans would need to get a grip on the lower stuff, and to be able to determine the effectiveness of what goes around there… again you’ll need the extensive experience, maybe even more…
[Don’t get me started on how current ‘leadership’ (those that fell upwards by lack of weight, not the real leaders) already fails comprehensively at the intelligence part…]
Quite a vicious circle. And:
[Museum of what lies ahead for humanity, in total surveillance states, and AI futures; Riga]
If you wondered whether (if?) I’ve gone besirk and declare some little anti-malware tool to be officially authorised: No. What then? A Yes. Because whenever you read ‘AVG’ related to the Netherlands, you’ll find it’s the Law indeed. Being a fumbled translation of the GDPR. And full of the lawyers’ stuff on detail, demonstrating incapacity to understand the issues that the GDPR was originally trying to tackle. Of course, these got watered down to ineffectiveness before even being officially issued (and that’s not per 25/5/2018 but already behind us ..!!). So we find ourselves now in a struggle on all sides for clarity and practically viable interpretations – vis-à-vis some specific law. From a legal perspective, this might work; just wait for jurisprudence (authoritative-case law) and all will become clear. From every other of the asymptotically-infinite number of sides (don’t even try to explain that to the eager beavers among various parties), jurisprudence means the death of their organisation and of all employment that goes along with, is built upon that including the livelihoods and perspectives for a decently doable pursuit of happiness of employees and their (extended) families invloved.
So NO, you cannot leave things to jurisprudence, to case law. Modern society has moved far beyond that, leaving all trailing in understanding that, in the dust of ignomy and ridicule. We the People (of the EU++, and of the world affected) need clarity upfront.
Awwww this is turning into a rant. Which wasn’t the purpose, which was just to point out the irony of one antimalware-maker’s name being now wringed into something laughing-stock [ with an ? or an ! ].
Oh, plus:
[(From analog to digital when the latter wasn’t much good yet) sinking into the landscape, this time perfectly as intended, not out of shame; Melvyn Maxwell and Sara Stein Smith House, Bloomfield Hills MI]
Anyone know why we haven’t heard too much about Bellingcat lately ..? You know, the so ultimately objective that all sides may have gripes against and uses for them and their analysis ..?
I wondered because there’s so much going on around the world where their analysis would give better insights – and there is all sorts of new stuff on their site – that it is surprising to see no news channels pick that up.
Or is the world so full of itself and of fake news that the masses are utterly numbed ..?
Plus:
[For a calm life, go here; Toronto]
It was bound to happen: Fines! For privacy violations! Oh how do the Frightful Five shudder at the thought of these economic penalties that will down their businesses. Not so much. Is there anyone that thinks the fines will do better under the GDPR regime ..?
Kindergarten dreams. If all people are nice to each other there will be no more war and world peace. If GDPR kicks in …
Plus:
[An air of nice, just the air; not Nice but 4711 Cologne]
The Fourth Estate it was called, before it succumbed to sycophantry and fake news. The journalistic world, that by its moral code and behaviour cleansed the news so that the trias politica, and the populace, could do its job of monitoring and correcting each other.
Now that the fourth is no more (effective) [edited to add: some holdouts, like Bellingcat], but the Fifth is (Facebook, Google, … the Frightful Five), one might need extra resources to get the first few scratches of control back.
With this little device. An anti-bug. Not preventative yet, but detective with resilience against detection. Counter-intelligence.
Oh this was just a HT to the developers. And BTW, any half-decent TLA would support these guys [edited to add again: Bellingcat], for their adherence to lofty principles does in fact align with the ultimate, ulterior purpose of any country’s TLAs. Only the stupid will fight against noble straight-backs.
Oh and:
[Yes even HMs GCHQ would, in principle, concur. Or, they work for the Dark Side; London]
We keep on hearing these great things about how AI will help us in the battle against no-gooders qua information security. Like, in hunting for bugs in software (as asked for here, borne out in various much more recent cases or rather, news items hinting at pilot prototype vapourware) or hunting for fraudsters, possibly hiding in plain sight (superrrintelligent anomaly detection; unsure how false positives / false negatives are handled…).
Where on the Other side, great strides are also feared to be made. Deploying AI to improve (better fuzzify) attack vectors, and help with improvements in evasion and intelligence gathering in various other ways.
Pitted against each other …
When you know what Blue On Blue stands for (first of this), you will now see it coming, inevitably. What if autonomous (for speed of response!) retaliation kicks in …?
Never mind. I’ll like the fireworks show. Plus:
[Yeah, yeah, ships are safe in harbour but that’s not what they’re made for – I’ll just enjoy this view from a truly excellent restaurant; Marzamemi Sicily]
Well there’s an imperative. Deviate for resilience. Which goes waaay beyond mere ITCM or its linkage into BCM. What I mean here, though, is a reflection from the B side into the IT side.
Once encountered when it was still supposedly somewhat ‘cool’ (as it was called in the grandpa’s days) or so to work on … can you believe it, $AAPL infra. Where the Infosec staff had carved a corner for themselves: That they’d actually need to deviate from corp policies (the devolved kind) of using M$ stuff for alibi reasons of needing in ITsec par excellence, a fall-back that would actually work when all of the M$ infra would’ve collapsed due to some class breaking glitch exploit. Yeah. That meant that you did need a substantial budget to your own discretion without much transparency towards effectiveness of spend and no gadget and toys buying, right?
Nowadays, the coolness if ever it truly was (stupid sheeple), has worn off totally and is a tell for no comprendre qua cost/benefits analysis, sufficient tech-savviness to cut it in today’s world, and forward compatibility even to the cable mess (costing you tons). Predicting which unicorns will succeed, or fail, is easy; the former are on M$, the latter on … you guessed correctly. Nevertheless, the resilience argument still holds.
Which goes beyond the mere platform choice. It goes for global/local deviations as well. IF yes that’s a big if, if done right, not for NIH purposes (both ways ..!) but for resilience purposes. It’s not efficient to the max, but if you strive for that, you’ve done so much wrong already it might be irrecoverable. E.g., mission, organisational culture, risk management (incl analysis), control choices and implementations (case in point: multiple malware scanners), etc.
But remember: When done right, you very probably do need to deviate all over the place for resilience…
Just remember that to defend yourself, OK? And:
[If telecom fails due to clock synchro errors, it’s still a sun dial (really it is); Barça]
In line with some previous posts, about e.g., the Maker Movement, I’d like to ask if anyone knows the whereabouts of all those pesky APTs that were around a couple of years ago. Oh, yes I do know they’re in your infra everywhere all the time, but qua publicity, qua countermeasures ..?
I would like to hope that in this case, more contrary to its nature you can’t get, it would indeed bebecause (sic) of having been dealt with sufficiently in the past. Or the whole APT thing turned out to be a [any country’s] TLA move – of a side with ample publicity-suppressive powers everywhere.
But that would be day-dreaming. So, I’d like to ask your insights…
And:
[[Fuzzyfied] Oh, just some storage room in my house. Or, somewhat more, at the Royal palace, Dam, Amsterdam]