Book by Quote: Mintzberg’s Managing

[Or a mess, when addressed too formally] Yet another ‘Book By Quote’ then (An attempt to subjectively summarise a book by the quotes I found worthwhile to mark, to remember. Be aware that the quotes as such, aren’t a real unbiased ‘objective’ summary; most often I heartily advise to read the book yourself..!) So, this … Continue reading “Book by Quote: Mintzberg’s Managing”

Predictions 2014 the InfoSec edition

[DUO Groningen (couple of years ago), where a leak led to many a student’s funds were defrauded. Looks original, is just chasing outer effects] So, some of you have seen my Predictions 2014 including the update or two, and other posts on developments in the Information world at large. But what you desparately needed, awaited … Continue reading “Predictions 2014 the InfoSec edition”

sCrummy development. Standards ..?

[Just a great place] A peer leader asked around for guidance re assessing scrum development contract bids. And I browsed around. And found nothing really. Oh yeah, the usual suspects of IT-contracts / IT-development contracts, but even those are thinnish, insignificant as help. Somehow, it appears to be too fluid a field to be captured … Continue reading “sCrummy development. Standards ..?”

The IS Audit Worker of 2019

[Your prospect of Elysean fields] 2019 is only five years away… But predictions require a suitably close horizon to be able to see how today’s trends and Early Indicators might play out, and still be sufficiently distant to allow flexibility and variance off the predictions – otherwise the predictions are dull. Hence, apart from my … Continue reading “The IS Audit Worker of 2019”

The Compliabullies

[Berlin at dusk] Just a thought: Would investigation and analysis show that the kids that were bullied in prep school and / or (separate hypotheses…) high school, in later life be the ones that end up in Compliance and Risk Management (not being management of risks…!) departments, to take eternal revenge on those that bullied … Continue reading “The Compliabullies”

Fraud, try angle it differently

The fraud triangle should be not more. For too long, the simpleton representation of fraud occurrence possibility has dumbed down the discussion about countermeasures too much, leading to an unwanted, unwarranted, inefficient and ineffective approach difference from various sides. [For those who know where this is: This is unconnected to the story ;-] Point being: … Continue reading “Fraud, try angle it differently”

The Waning Age of Compliance

[Madrid; danger exites even if quite balanced, safety kills with boredom] All raise your hands; who thinks we have reached the end of the Age of Compliance …? Hmmm, not too many hands. Must be because you’re a totalitarian-bureaucratic lot with the illusion that your underling creeping back into the corner approach is equal to … Continue reading “The Waning Age of Compliance”

The P (part 1, too)

Now then, for the grand Part 1 of the People of Information Security. À la the triangle I posted on earlier (see somewhere below) where the People aspect floats around the triangle like a dense cloud; obscuring your clear view and posing a foggy unclarity threat. To jot down, there are many aspects of People … Continue reading “The P (part 1, too)”

Ever more learning to go around

In various discussions in my trade, and in general public, there seems to be a point of gravity around insufficiency of latter-day education. The troubles are many, but they fall into several distinct categories: [Spoiler: the true point of this entry is somewhere near the bottom…] Children know way too little; much knowledge is lost. … Continue reading “Ever more learning to go around”

No Ethical Hacking, Please!

We still see quite a market for ‘ethical’ hacking out in the information security consulting world. However, if this type of activity should have a name, it would be wise the name would be descriptive, right? Rather than deceiting, swindling… We certainly won’t do that, sir, no way. We’d call it ‘ethical’ if the purpose … Continue reading “No Ethical Hacking, Please!”

Maverisk / Étoiles du Nord