Still no real investment


[Not NN, you fool]

Inspired by the picture: How come we still haven’t recovered from the age of panicky crawling backwards ..? As witnessed by the lack of real, true investment for the longer term. Longer term, not being as in “Short term I would usually define before lunch. Long term is after lunch”. But long term, like invest heaps now, reap the benefits over the decades. Very deep but later very flat hockey stick.

If not when there would be true investments made, things like the CN tower and other, relatively, follies, could again bolster the general spirit of a region, leading to unmeasurable but enormous productivity and general well-being gains.
Else we remain stuck in the negative, the fearful, the slow collapse, crumble to dust.
Endif // there are no other options.

Prediction of “A”PIs for IoT


[Some years ago, IL]

Ah, one thing I was concerned about, is elucidated elsewhere, already.
And ten more, halfway between hard tech deep innovation and societal acceptance.

Mall, where you’re heading?


[Some think this is hideous but it’s fresh, even if it ruined the neighbourhood.]

This then, on the future of retail. With an attempt to analyse and predict [You know my opinions on that …] what malls, or shopping centres in general, may look like in, say, five years from now.
Let’s first define the inputs for my ‘analysis’:

• Rapid developments of web shops in all retail areas, not just non-food and food ;-] Yes indeed, on the surface, even food already has its web sale / home delivery channels.

• At least temporarily, an increase in one-off / small batch production items as people seek things differing from mass products.

• The previous, along with flexibility in price. Not all one-offs / small batch products will have, or require, premium prices; mass products however may be required to ever further lower their price by expectations from buyers.

• Premium-price indetermination and small volumes work only when product offerings are available to (the increasing slice that cares, of) potential buyers. But we have that Internet, and may improve on the freshness of its content. Maybe through ambient intelligence / hyperlocal (discount/sales) offerings when some model of micro-location- or -time-based ad hoc approval of pitch presentation (on the hand-, wrist-, or headheld device) and trust of micro-time and -location permanence of privacy-sensitive (i.e., all) data fed back, would actually be trusted by sufficent numbers of sufficiently affluent potential buyers to get past the network effect point.

• This implicates the expectance that shoppers will still want to go out in the first place, to socialise (of fact; not by verbal communications or so but by mere presence) with the unknown Others out there.

• Through cost increases, people transport will diminsh or will shift to cheaper means; e.g. bikes – with much smaller load carrying capacity.

• So there will be various markets out there:
Mass markets for convenience products, either at hypermarkets out of town or with home delivery – with the trend probably going towards home delivery as that saves on the nuisance to go out and be among the hoi polloi and people in general being ever more in the devolution mode of less and less exposure to the outside-of-the-house environment. (A note; I’m unsure whether fitness will move ‘back’ to indoor clubs, or will move ever more into the ‘fresh’ outside air, or both as more people (will go to!) do anything at all about their bodies ..?
Mass retail webshops, for the home delivery markets as well as for the Lm-markets as below. Also serving product comparison.
Local markets for locally produced one-off / small-batch items. Note that these may be produced in somewhat larger batches if shipping can be done within the perish timeframe, in particular for non-perishables. But no batch may be so big as to become mass as the freshness and uniqueness (only in retail is that a scale not an absolute) would diminish too much; local shoppers for hipness may not like too-large-scale availability. And note that even if shoppers would like to be surprised by the (next)^x new thing that only they have access to, they will still want to be the first to a. compare with Everything else out there, through their mobile Total Information awareness device(s), b. share their überhipness immediately, thus diminishing the newness value of their latest purchase by snapchatting it, i.e., asking for copies to become available ASAP.
Local outlets for mass-produced goods, when the product selection experience can be made a worthwhile experience in itself as with luxury goods (mass produced in sweat shops as they are, along with the mass-produced rip-offs), or when the delivery/pick-up can sufficiently add to the product experience, to warrant the shop rent. This will hold as long as opulent display of one’s Mammon worship (only; by implication) has positive residual value (net of the ridicule by ever greater masses).

• And where does this leave the Mall, or the Shopping centre (if there would be a difference) ..? The above demonstrates: Uniqueness, experience will be the thing. Locality of shops, and trust of local production and uniqueness, will be key. Hence, chain stores can survive only if they enhance the experience, or have a sufficently fluent web-purchase / local delivery experience (i.e., perfect logistics) and not too much generic stuff in stores to ruin the experience. Or provide in-store, the advantages of web shops (enormous collection, vast browsability) in combination with the premium shopping experience but also in combination with affordability! If not affordable, markets will be too small to attract sufficient clientele to warrant rent and staff; concentration will result in ever smaller enclaves of luxury shops. Shoppers will drop out, and not come from far away (don’t want the hassle and cost anymore) to shop around (among a public they don’t associate with, for products they can’t afford and not want for its lack of quality (opulence only, no content quality).
Shoppers will come for Ll- and Lm-shops, though. Aim for those..! Not big shops, but small ones; many. The low rent these may provide, and the insecurity of continuity (as real estate owner, you have control over that: rent should follow shop income, not the other way around…), are a matter of fact. Big stores will be empty, for much longer, and will cost you much more non-rent, much longer.
But oh, will web shops not vacate the shopping centre ..? No. They’re a fully-alternative channel, but they’ll lose for shopping pleasure and for freshness (newness) of products – web sites, one would need to track too frequently and too extensively (in numbers) to keep up with and people will get bored pretty quickly with that. In particular if Ll-shops do that for them anyway.

You comments, please! (see link below…)

Domo tics


[Voorburg, Herenstraat; Mú by Ming Hu Chen]

With the Internet of Things coming at us with lightning speed, why haven’t we seen a surge in easily appliable domotics ..? Sure, there have been small little, often not too well-designed and plasticky appliances out there for a while, but they often were in the bargain bins before a full‑scale deployment could take place. And we see trials here and there in offices (cheesily, in Dutch, and video) with bits and parts of true ambient intelligence style domotics. But still, not the real stuff.

If you now say that within our homes, domotics don’t (doesn’t?) take off because of lack of network effects (What are the benefits? [How to size them up and compare/add them?] Where‘s the tipping point?) within the confines of our houses individually, and the prices still being too high (among others, due to the lack of turnover and initial investment recoup), and installation being too cumbersome (all devices need placement and connection, probably to power supplies other than oft- and quickly failing batteries, and either connect cabled (old-fashioned) needing breaking into walls, or wireless, requiring ugly visibility) – I would reply that these are issues to overcome with smarter solutions.

But then, what is the date of construction of Bill Gates’ Xanadu2.0 home [If you’re listening: I would like a tour yes indeed thank you!] that has all the follow-me temperature, lighting and ambient music ..? Over a decade ago; does M$ deliver a full copy solution to every home yet? Domotics Explorer 2.0 doesn’t give too many Bing search hits…

A thing that may need to be settled first, is the general architecture of it all. Sensors and actuators need to be put in place, but how and where; what secondary elements do we need (control centers; where and how many (networked, carry-on or stationary?), signals-generating actuators; separate devices (hi keycard/pin) or built into other things, or programmed into other things (hi smartphone, à la NFC payments, now not so N)). What human control, using monitoring dashboards and some form of input (fingerclicks and voice work well in sitcoms; phone screen swipes, maybe?), can we have, can we allow? Are any ethics involved (haves/have nots; control over one’s environment vs. experiencing new things, conflicts, the commons) ..?

And there’s the question of business models for device suppliers and servicers. Subscriptions with updates of software, and hardware, or plain purchase? What about interconnectivity and multiple standards?

Just check the wikipedia page; so much more to discuss. E.g., re the integration or not, I definitely prefer not, of domotics with “‘smart’ grid” ideas of outside monitoring of our home internals – but connection to the outside may help your fridge to order short stock/supplies. Or what to do when conflicting demands are made within the same room (try sharing music tastes with your kids; they just don’t seem to get Purple, Floyd, or the Maiden or even Zappa).
But the question remains: How to overcome the not-yet-existing network effects requirement ..?

Predictions 2014 the InfoSec edition


[DUO Groningen (couple of years ago), where a leak led to many a student’s funds were defrauded. Looks original, is just chasing outer effects]

So, some of you have seen my Predictions 2014 including the update or two, and other posts on developments in the Information world at large.
But what you desparately needed, awaited before even starting on the Christmas decorations (for those in the West), and held out any shopping for food or beverage for, I know, I know [Heh, that’s the opposite of Unk Unk’s ;-], is my completely and utterly unpretentious predictions for the Information Security arena of 2014.

Well, here we go then:

Advanced Persistent Threats will blossom like weeds (not wiet!) in 2014. APTs being the ultimate blended threats to confidentiality of information. There may be cases of government-on-government espionage, that highlight the ‘modern’ squared or cubed variant of traditional intrusion & spying (information exfiltration) work. But moreover, there will be incidents much publicised where business-on-business espionage, possibly helped by shady government agencies, is outed as more than a theoretical possibility. Of course, you all know that this is nothing new, but the general public will demand an answer from some Board members and State secretaries here and there (literally) of victims and perpetrators (denial becoming less if at all plausible). These answers will be the definition of lame. The infosec industry will rush to develop (maybe not yet fully utilise) the market; contra but hush-hush, also pro…

Certificate vulnerabilities will be shown to be a factor of import. Yesterday’s unprotected printer WiFi, will be the current certificates being stolen or manipulated. Bot victimisation of clients will be less by trojan planting and more by means of hijacking certificates (‘Certjacking’? You read it here, first! [Update to add: well, in this spelling …]) to do … sort of low-level ID / trust theft. This will not be explained nearly well enough to the general public to get them concerned, but with tech-savvy CIOs and IT managers, this will give a stir. And major sweeps through the own infra. And not much by means of future better cert management.

Crypto-failures. Cryptography, as far as actually implemented at all (some ‘implementations’ may embarassingly be found out to be done on paper only!), will show to have failures in at least two ways: procedural errors will lead to (much publicly visible) non-availability of information, e.g., when asymmetry isn’t implemented well due to lack of understanding of bureaucrat procedures writing committees mumbling and fumbling about; and by public demonstration of bad technical implementation, the coding being so shoddy that the strength of crypto will drop to n-day crackability (with 0 < n < 2 I guess).

Quantum computing, on the plus side, for crypto, will see its first practical proofs of concept. Where the PoCs are used to protect the most secret of some government’s information, but with that information having to be used by the most bumbling-about officials hence the overall end user -to- end user effectiveness being close to zero and helping any and all attackers (rogues, organised or not; state(-sponsored) organisations, etc.) to learn about tentative, among them maybe class-hack, attack vectors.

Methodological innovation in information security. As already discussed earlier, and here, and here, and with OSSTMM, and before that in quite some other posts as well. Now, also Docco joined the fray, advising SMEs from the accountancy side … Which shows this prediction for 2014 is already hatching.
On this item, we will see much improvement. E.g., combining the OSSTMM framework with SABSA. Combining the rebooted CIA with the fresh install of the (alternative to the) ‘15.5 risk’ management approach via the OSSTMM framework. And so on. Interesting! Want to contribute!

I’ll leave these here for you to follow up. When (not if) I’m right on any of the above: Yeah, see? Told you so! And if (not when) not all five are square-on: Hey, they’re only predictions! Don’t shoot the messenger that only conveyed the message of the Great Engineer Behind The Scene.
Though I would like to receive a bottle of good (I mean, really good) red Bourgogne for each prediction that shows to be somewhat right; at the good side of 50-50. Any takers?
The opposite, I can unfortunately not do as it would have way too many takers…

The Ethics of Full-Autos


[EU whale washed up in Strassbourg]

Via Ross Dawson, again, I found a piece on the ethics of self-driving cars which is fascinating in its ethics discussions. Or, pointers to, as the discussions are of course not definitively settled once and for all as is the nature of such discussions. In particular when various ethics backgrounds from around the world collide, as they will! (No autopilot there, heh.)
But the discussion should reach further. ‘We’ now focus on cars, but if we can tackle that issue of autonomous, self-driving cars (wasn’t the term ‘automobile’ not already coined to include that glimpse of a possible future (apart from the engine part) ..? And weren’t horses self-driving to a degree ..?), there are so many more self-operating things out there that would require simpler environmental awareness. If cars can drive full-auto, so many more machines can – how much human operators would we need; how many (how few) managers, etc, when organisations are self-driving ..?How do we train and gain experience necessary for the inevitably required human overrides ..?

But more importantly, how would we settle the ethics arguments like the ones indicated in the above example ..? Because there will be many, of a great variety. And certainly not all (end) stakeholders may be present at/for the discussions, or may not be capable to represent themselves (incurring agency issues, already the downfall of all democracy), or may vary in their quality of discussion process execution, and may not reach a final equitable conclusion shared by all; then what ..? [‘One should not count arguments, but weigh them’ (Cicero); very, very true]

Will we have time to develop a societal framework for ethical discussions, or will we have to take them one by one as they come along, badly reinventing the wheel every time, and getting overwhelmed by the sheer number of must-settle ethical discussions that will come at us ..? Because settle we must; letting it rest and letting marketplace/economy forces run their course, will result in unethical results. Mammon shouldn’t rule.

But anyway, let’s get engaged. Because similar problems are already all around us – healthcare costs mushrooming, global environmental destruction, etc.; all problems at the societal scale or above, all still in much need of ethical discussions and course setting.
And because we must.

The IS Audit Worker of 2019


[Your prospect of Elysean fields]

2019 is only five years away… But predictions require a suitably close horizon to be able to see how today’s trends and Early Indicators might play out, and still be sufficiently distant to allow flexibility and variance off the predictions – otherwise the predictions are dull.

Hence, apart from my predictions for 2014 (and update) below, some more ‘mega’trends, in particular for the management of information risks – I still maintain that anything managed, isn’t a risk ‘anymore’! – professional or more specifically, the ‘information systems auditor’. Note the ‘’ as this post will show how the role and content will change enough to warrant a new job title.

Now then. As a starting point, I took the insightful graph of the always even more insightful Ross Dawson off rossdawson.com, noting the CC-BY-SA 2.5 license:

Which is a depiction of trends that impact the IS auditor as professional, rather than touching (too much) on the content of her/his work… Indeed, but I’ll demonstrate where the content is touched, too, by the trends depicted. Let’s just run them down one by one:

1. Connectivity will mean the necessary re-think of the traditional CIA to be able to guide, control and audit the information security stance of clients. The Information availability explosion, the globalised (i.e., de-geography-bound is de-accidental-physical-location-bound) access hence globalised use, and mobile work to even loose the ties of the Last Mile (in a way), require this. And enable the IS auditor to do the same. Already, this is being piloted, and in my view, we’ll see much more of this kind of work for the IS auditor in the very near future; this enables not only the auditor to not have to come to the clients’ offices too much – albeit that initially, some F2F contact may still be required but the need may diminish quickly when clients gain experience –, it also enables her/him to engage with clients much further afield, remotely. As far as (by today’s standards) superb connections reach, that is. See items 5, 9, 10, 13, and 15 below.

2. Machine capabilities will lead to work being taken from our hands. Through raw processing power explosions (not only due to Moore, but also due to the explosion of the sheer number of devices out there), Spatial recognition giving machines even more data to deal with, and large-scale Artificial Intelligence deployment not the petty trials of today, will enable the off-loading of much manual mental work (human- / person-bound work) to machines ‘out there’. The user will not even need to know where the ‘there’ is. Or should (s)he ..? We’ll see a redesign of philosophy, thought, methodology and tools on privacy surface. Quite some areas where IS auditors might (sic) lead the way, in thinking, acting, controlling and auditing.
And robotics … If that takes off, it’ll be piecemeal on the one hand (I too want my Roomba) but massive on the other (so many disjoint markets blooming). If only Asimov’s Three Laws can be reinstated, and reenforced or we’ll end up either in a mess or dead… It’ll start with Worker replacement anyway … (see below).

3. Demographics are something that we have somewhat less to deal with in the management of information risks. Apart from Migration leading to professionals’ markets impoverishing to markets of lemons, if unprotected (the dams will only hold back only so much inflow for only so shortly), and Country divergence maybe hitting us when our geographic region forces us to move elsewhere, as in item 1 above.

4. Social expectations Not much, either, apart from the Flexibility that will created Theory of Firm 2.0 type organisations, on which the IS auditor and others can no longer impose totalitarian bureaucracy. What then ..!? I don’t know. Your bad, if you can’t adapt… From the true ethics of your trade, you should have already adapted long ago…

5. Modularisation may impact us in ways similar to what we have already seen in the past; just labour specialisation, if any. Not too much to do about not too much. Though the general trend by which broad experience by and large caters for broad, balanced widening of one’s professional content in the stages after specialisation, may turn or have been turned already, the direction is unclear, either repeating constantly all directions, or awaiting a major redirection.

6. Globalisation I already characterised as a possible major impact through the Connectivity angle. In Products, I consider it to will come to completion in the near future. Service… To the degree that any service has no physical-presence component; (medical) care, for one, would be hard to do remotely, and also some other personal services e.g., IT tech support, may not ever work to a satisfactory degree without being able to communicate by nonverbal / sensory signals. So, not all the promises of item 1 above may not be realised all too soon.

7. Productivity will be driven by the Machine capabilities, mostly. Together with Connectivity, theese will determine Factor shifts or rather, define and refine factors of worth. Manual labour will re-flourish! And so will brain work, but only the non-standardised stuff, the work requiring creativity, true intelligence and empathy. Where many IS auditors etal. Think they are, but they aren’t. You know my rants against ‘peers’ just checking boxes. That is not what auditing is about. That is administration. Auditing, and other management of risk roles (sic), is about interpretations, judgement, close calls, gut feeling, and guts. Balls. (F/M), you must have them or be replaced by drones. Do not count on being (just) on the right side of the dividing line! Count on being on the wrong side, the down side, the cast out side. Or join progress.

8. Value polarisation again one where the machine capabilities, Connectivity, and Globalisation will work to quickly create new classes of haves and have-nots. The 1% of today, may be another 1% in other fields tomorrow or the day after. Try to be part of that, or you’re no longer suitable as part of life. Seek out your own 1%. But one thing would clearly be wrong: Remain as you are, meek, sheepish, not daring to be a Man (M/F) … So, most IS auditors et al. will have to change dramatically, if one can change one’s character…

9. Remote work I already described above. Telepresence, (remote!) Collaboration, and (local) Machine operation – 3D rinting, maybe ..? – will work as above (item 1 again). Virtual worlds may provide diversion from the destroyed natural habitat we still have to live in. The tropical island scenario still is somewhat too far away from us.

10. Work marketplaces are the mechanism through which the market for lemons may play out, or not. The barriers to Participation should be watched – some arguments for, some against –, Availability may not be an issue anymore (oh, but availability of suitable, sustainable markets may be), Pay pressure defines the lemons aspect, as does Access to expertise. Don’t sit still, as through Globalisation, access to expertise and availability, and participation will lead to pay pressure. I.e., pressure on your economic sustainability. Do not think you’re protected in your behemoth Organisation; any organisation is not too big to fail ..! So, even Big4 IS auditors should be aware. The bigger, the … no, size doesn’t delay a crash landing into a gentle glide, you’ll not be able to sit it out. The only sliver of new work would be to assess the work marketplaces against some standard but even that may be outsourced to … why assume a certified auditor should do that; why not instead (sic) by a reliable professional …

11. Crowdsourcing will impact IS auditors, too. But it may be a threat, or a blessing. No more dumb production of checked boxes…!? On the one hand, drafting those dull IS adit work programs from PDFs and too lengthy texts, may be outsourced to Labor pools – lucky if you can stay out of them, otherwise, you’re done. Will you be the one overlooking Managed crowds, or in it? By the munbers, and by today’s mentality, the vast majority of IS auditors will in fact be in the masses. Enhanced mechanisms will enable evenmore IS audit work (aspects) to be crowdsourced, changing the value proposition in the audit / advisory projects hence threatening livelihood. Open innovation’s also an In or Out aspect, for IS audit work. Though there may be a splinter of secondary audit work to be done on the deliverables of crowd sourcing and on the crowd markets… Fuzzy why that should be by certified auditors.

12. Worker replacement. Oh yes, if you’re a worker. Which is what a lot of IS auditors are. Not doingthe hard to replace physical work (taken over by Robotics, see 2, for the standard stuff but) since this requiresproximity and flexibility. Plumbers will be OK, IS auditors, not; will suffer from (enormous progress in) Automation, Robots, though Service may be slower to migrate (medical care robots may be proficient in many other areas, too, though), and Judgement may be the last to go over, to AI. So, as above, anything requiring judgement may for the foreseeable future not be taken away from us. But again, so many IS auditors et al. don’t judge, but administer. Where would you want to go, if (not when!) you would be able to (quod non)..?

13. Economy of individuals I consider to regard our profession in particular. Are you one of those few ones above that actively seeks out one’s own future? Then you’re in luck; your Independence and Entrepeneurship may lead to work being available, in Collaboration of the Theory of Firm 2.0 based on your Reputation. All these factors will be currencies of the future, so work on hoarding them! Not ‘the’ currencies, as Bitcoin and the like may kick in on a large scale within five years.

14. Polarisation of work With the Pay and Opportunity being so unevenly distributed, one may not rely on Affiliation with an organisation of old any longer. The dinosaurs are dying. New affiliations will need to be sought out. IS auditors, be aware, be active or be left out.

15. High-performance organisations or as I indicated above, Theory of Firm 2.0 organisations, may rise quite quickly. Google, Facebook and the like have risen to their 1.5 (sic) status and size in (qua order of magnitude) five years. Others may be in their inception phase today, and be the biggies, the most wanted (virtual) workplaces literally tomorrow. Again, be aware. Internal markets, Ad-hoc networks, Social technologies and Distributed value creation may all be part of the landscape of small and middle-sized temporary organisations that will flourish, already from, literally, today and tomorrow on. All these factors point at project-oriented get-togethers of professionals all with their own needs (for fair value to contribution distribution) and wants (work only where, when and for whom you like, do only what you like; if one factor starts to fail, move elsewhere) banding together just for the common interest and then all going their own ways again, maybe meeting again in the future, maybe not. Temporary Affiliation only..? Or looser ties? Double o, though many an IS auditor may have a single o as they haven’t innovated and are left behind as deadwood.

16. Education is key, to many of society’s desirable developments. Available, Open, Continuous is must be, and focused on Peer learning. All things where IS auditors could play a role, as auditors and advisors, and partaking out of necessity to keep abreast of latest developments.

Because the italics weren’t there for nothing. IS auditors, and others, just play a role and not an important one at that! Do not fool yourselves; auditors are only, and no more than, an afterthought of business and other organisations. Be happy that you have some specialised knowledge that you apply in whatever role, one accidentally being audit. When now both the unimportance of the audit role comes to the fore, in particular through Ross Dawson’s megatrends and technology developments, and your knowledge and experience that you apply in the role, are ever quicker to expire, you’ll have to keep abreast of all new knowledge ever more certainly, ever more widely and completely, and ever faster, and you’ll have to constantly seek out new roles to apply your greatness. Dropping audit as an expired old skin…

The central message is clear. IS auditors et al.: Innovate! That takes trial and error, and ‘learning experiences’ also for one’s deeper insights and even character, it takes risk taking and damage to one’s personal quest(s), but with the right virtues (Aristoteles-like), one will prevail. Innovate, along the lines of the work future and towards developments as described elsewhere and more.

[More will follow on this subject…]

New InfoSec (OSSTMM)


[Eye aye, captain!]

Hey look, interesting new way(s) to do effective information security…:
An intro in Dutch
And the ‘source code’ in English

Now, let’s combine this with Rebooting CIA, and we’re getting somewhere …

[Edited 2013-12-13: a link (in Dutch) maybe relevant to the CIA remark.]

Shaping up Non-BYOD


[Honeymoon]

To investigate; an idea: Now that the BYOD phenomenon has taken the pressure off of IT departments’ provision of equipment (and software), how can we use the time and budget that has become available, to shape up the Asset / Configuration / Inventory Management regarding the iron that we still have, keep, and service ..?

Out of a desire to maybe see those systems management areas for once be complete and current… Even if only for the efficiency of subsequent maintenance, and the beauty to see insight finally bringing better understanding and razorsharp management.

But it won’t be an easy walk. Because of the backlog… Because of the amount of work, redecorating the shop while it’s still open for business, and while all sorts of other demands are placed on staff; demands that are more urgent, more important, and more interesting ntellectually.

And because so much … user interaction oh the horror, is required. To establish the total landscape of all systems, from the meanest hardware cable and plug, all the way up through the infrastructure, systems software, middleware, applications, parameters, et.etc. up to what the end user would understand to be their ‘system’. And back again, checking the rationale of every tiny part, and every chunk in between and at the top. Indeed, much may be found, that wasn’t suposed to be there, that is, without anyone knowing why, but still working, without anyone knowing why. Or how. Or where…

So far, so good. But now, the shop is still open and all end users want the latest (app!) toys to be connected to just all enterprise ‘systems’ in ways that nobody would know a rationale for but hey, we must quod non give it a try!
Yes, the old demands are still there, reenlivened, with seriously stepped up requirements in terms of timeliness and speed, versatility, and quality. High time to make it happen; high time to start with the basics ..!

Rebooting the CIA


[Nope]

The CIA of information security doesn’t cut it anymore. We have relied on Confidentiality-Integrity-Availability for so long, that even ‘managers’ in the most stale of government departments now by and large know of the concepts. Which may tell you that very probably already by that fact, the system of thought has been calcified into ineffectiveness.
At least we should reconsider where we are, and where we’d want to go.

Lets tackle Confidentiality first. And maybe foremost. Because it’s here that we see the most clear reflection of our deepened understanding of the value merits of information not being in line with the treatment(s) that the information (data!) gets. Which is a cumbersome way to formulate that the value estimation on data, and the control over that data, is a mess.
Add in the lack of suitable (!) tools. User/Group/World, for the few among you who would still know what that was about, is clearly too simple (already by being too one-dimensional), but any mesh of access as can (sic) be implemented today, makes a mess of access rights. Access blocks? Access based on (legitimate, how to verify) value (s), points in time, intended and actually enabled use, non-loss copyability, etc.?
But what is the solution ..? Continue reading “Rebooting the CIA”

Maverisk / Étoiles du Nord