Applicable to business – Page 35 – Maverisk / Étoiles du Nord

Scaling ‘security’

Availability: 99.9% (per year).
‘Security’ (the C, the I) … nothing. Or, the infeasible 100.0% XOR nothing.

We may have a major issue here…

Well, we do have OSSTMM on one hand, and the seriously innovative, very important Secrecy stuff on the other.
But can we answer the question “How secure are we“..? Indeed, OSSTMM gives us a number – for the operational and technical elements. How ’bout integrating the tactical, strategic, and non-tech stuff like hooman behaviour ..? And still make it somewhat understandable to the clueless (Csomethings and other involved in the utterly useless nonsensical area designated by the pejorative joke label ‘governance’; all with the exceptions acknowldged of course); other than the above % per year estimates that are interpreted so badly..!
Oh and things like failure rates from e.g., FMAE, as presented like ‘dam can stand a one-in-a-thousand-year flood’ also don’t work – dam can break today, and tomorrow, and the statistic may very well still be valid!

Maybe it’s key to first find how to whack the notion of “1-in-1000yrs means I don’t have to worry for another 999 years” fallacy. Psychology it is but so security should be..! As many of Bruce Schneier-et-al’s posts prove (?), FUD and other angle fail so miserably.

The time (decades) we’ll need to turn around the psychos, allow us some leeway to develop suitable Scale(s?) of Security. But let’s not wait for the end of those decades before embarking on the exploratory first steps of that. You suggestions, please, today.

[Edited ahead of posting, to add: This here piece on the (declining) half-life of secrets; definitely something to include in the above ‘metrics’. ..?]

For the eye candy:
DSCN4499
[Zurenborg again, slightly edited – who’ll do the colour corrections for me?]

Stale^2

Hm, wanted for once (huh?) to not be negative, deriding but …

This here piece calls for comment. Like: Instating a quality seal for products that should be considered well-matured, almost outdated tiny point solutions; isn’t that overly stale² ..?

Because quality seals are issued for … procedural justice of the petrifying kind. And, AV – isn’t that almost the model for grossly-insufficient-in-and-on-themselves point solutions that have no field of development/progress left ..?

Oh well, not much use kicking a dead horse.
Other than the Dakota arguments… thus turning this into a sort of Golden Oldie Pic Of The Day:
[Source: Scott Wagner; no ‘automatic’ endorsement.]

The Future Plays At All Boards

There seems to be quite an interest in ‘the’ future, lately. As in, the last couple of tens of millennia but also the last couple of months. Recency Effect, maybe ..?

The thing is; discussions how the near and far future will/might be, are handicapped by industry and specialisation myopia.

IT-angehauchten discuss ANI, AGI and ASI, with neural networks resurfacing, finally, in discussions over when (soon) we’ll have the Singularity. Yes you’ve read my great many posts about that already or go in shame and still do it (impression tracker is engaged).
A branch of that, discusses very near future labour markets – mostly, almost exclusively, those in the furthest developed economies only.
Biologists and eco-nuts (are they?) are on the Global Warming / Food- and Fresh Water- Starvation / Anti-GMO paths in their discussions.
And there’s of course daily glocal wars going on, military/physical and refugee atrocities everywhere, and economic warfare as well. Of the latter which ‘cyber’ in all its forms (remember, #ditchcyber) is part.
Simple-economically, there still is the enormous divide between haves and have-nots, now being exposed (nevertheless still growing) within countries’ local economies as well due to jobless growth and the Pikettyish 1%’ers.
And, I probably forget some category. [Edited half a day after post release, to add: Yup, this here combi-one.]

But, … all play out on/in the same world, the one you and I inhabit [well maybe not you, alien (as physical being or just meme/information floating around over whatever physical media) listening in from the Andromeda nebula]. So, we’ll have to deal with all problems, operational, tactical and strategical, together both in people and in solutions. And as the world spins faster than ever, requiring ever more clever and ever more-dimensional solutions. Until all choke, mind-wise. Hasta La Vista, baby.

Oh well. I’m not (even) negative …
DSCN2520
[Anywhere, everywhere.]

Schmobol

With the current uptick in interest in the ageing population … of the handful still capable of hardcore manual programming of COBOL, as e.g., here, I wondered:

Is the code base still so enormously biased to COBOL(-based! software)?
Why haven’t COBOL-to-e.g., C, or others converters, not caught on widely so the ‘problem’ doesn’t exist anymore ..?

Especially the latter; especially since we still have tons, too many (?), programmers available to tackle C- and more modern-language scrutiny and optimisation jobs. Jobs; high-pay jobs. And automatic testers to compare absolute 1-to-1 identity of the functionality or tractable lists of boundary conditions (possibly differing).
But with so many more (modern) code/functionality maintenance tools and capabilities available. And with integration/migration to (even) newer integrated platforms available.
And, when things get tough, AI that should be easily trainable to get to the hard, core bugs (higher abstraction sense) before/after the translation(s).

So, what’s the deal? The only deal there is, is (and was, having lost a long time) the lack of forward-looking maintenance to have already started early on modernisation. Yes, of course, there’s Not On My Watch and Après Nous Le Déluge. But real leaders would cut through that; that’s what distinguishes them from mere shopkeeper ‘managers’.

All right. Leaving you with:

[Impossible to guess I guess. Where?]

The need for a new security framework

… I feel the need for it. A new security framework.

Because what we have, is based on outdated models. Of security. Of organisations. Of how the world turns.
Bureaucracy doesn’t cut it no more. The very idea of hierarchically stacked framework sets (COSO/CObIT/ISO27k1:2013/…) likewise, is stale.
And the bottom-up frameworks en vogue, e.g., OSSTMM (if you don’t know what that is all (sic) about, go in shame and find out!) and core work like Vicente Aceituno Canal’s, haven’t found traction enough yet, nor are they integrated soundly enough (yet!!) into further bottom-up overarching approaches. Ditching the word ‘framework’ as that is tainted.

But what then? At least, OSSTMM. And physical security. And SMAC. And IoT. And Privacy (European style, full 100.0%, mandatory). And business-organising disruption, exploded labour markets, geopolitics, et al.

OK. Who of you has pointers to such an Utopia ..? [Dystopian angles intended]

Unrelated:
DSCN6146
[Your guess. Not Nancy. But is it Reims ..?]

I am not me. Myself: nope, neither.

Now that infosec has become to lean so much on the People side of things – as in theory all things Tech have been solved, for decades already just not implemented to any degree of seriousness..! and ‘process’ having been exposed as utter nonsense ‘management’ babble – it is strange to see that psychology hasn’t come to the fore much, much more. Even when pundits and others, and the minions like Yours Truly even, have posted over and over again that no tech system however perfect can stand the assault of through, e.g., casual negligence and unattentive error let alone gullibility and other vices.

E.g., in the area of IAM. Where I, the construct, the behind-the-persona ego I recognise as such, is constantly changing. In my case, developing fast, forward, up. In your case… well, let’s be nice to one another so I’ll remain silent.
And all sorts of avatars are developing as substitute for you and me within systems. See, with AI mushrooming lately, avatar ‘development’ may quite easily, soon, surpass ‘you’ in being ..?

Back to the story line: It’s just not userIDs anymore; context-aware and -inclusive, capability- and rights-attached constructs they are, and integrating with the Avatar Movement (Rise of the Machines, yes) to morph into actual beings that might soon pass Turing for comparability to/with humanoid identities. We’ll be on equal footing, then, or soon after, bland dumbed-down versions of personas/egos.

But How Is This Relevant … Ah, the clue of today’s post: Because social engineering, phishing etc. play on the weaknesses of humans to be able to impersonate. So, either stop the weaknesses (as vulnerabilities; eternally impossible) logical-OR stop the impersonation (the assumption of avatars/personas by attackers; taking down their masks). The latter, by at least being aware that the avatar, the persona, isn’t the actual person. How to get that into systems, and at the same time recognising ‘actual’ avatars/personas i.e., the link between those and the right real persons behind the masks even when considering through human weakness the persona has been ‘compromised’ …? That will solve so many infosec troubles…
But heyhey, I don’t have a clue like you do. Or do you ..? Very much would like to hear ..!

[Edited to add before publishing: Hold Press; include this on behavioural stuff]

[“Riga”..? Aptly French?]

Disruption, -parity

Just wondering: How’s the disruption in your ICT coming along ..?

Seriously; hardly at all ..!?

Join the club. Of almost all. Public, private, large, small; all organisations suffer your fate of [barely; outdated browser] being able to read all about the Great New stuff that’s out there, but seeing nothing of it in your daily work. Strange, eh?
Or is it again the short-term impact being overestimated until it’s “too” “late” to join in, for most orgs ..? Because the real talent, the people that actually want something out of life either with, through your org or without it, elsewhere, will have gone to that elsewhere with all their motivation, and you’re left with the dull, exhausted, numbed-by-the-avalanche-of-downsizing-rounds petrified staff [you deserve, if you don’t pay attention]?

So, be positive; hunt for the opportunities and push your people to do the same! While also bulldozering through the roadblocks, often (middle? elsewhere too?) management having been trained to the hilt with objection finding, -raising stamina to defend the stasis quo [intended]. Close the gap, from veering into nothingness off the path of innovators, to return to lead at the head.

Oh well; for now:

[Needs serious renewal above the shoulders; DC]

Publi(li)us Series; final part V

OK, the fifth and final part of a series, on quotes of the guy that went from Publius to Publilius Syrus in a century, after having been forgotten [Oh! How unduly! How unfortunate! Hence this series] for a century or fifteen. As they’re handily numbered already and in fitting English (not too modern i.e. simplified, dumbed down), but quite a few may be enhanced by some frills of mine, I’ll take mine from an 1856 translation:

800. It is the height of folly to blame without knowledge.
So… Any blame on me can be retorted with this. Remember also the earlier quote about the virtuous man not being touched the slightest by false accusations. Yup, combine these two re me.

806. It matters not with what purpose you do it, if the act itself be bad.
So, utilitarians are wrong. They are. Now go back and reread (over and over again) John Rawls until you finally get that.

813. A man has as many enemies in his own house as he has slaves.
Yes Celebrity CEO, your number might be up any moment.

821. A frog would leap from a throne of gold into a puddle.
So, you’re free to return to where you liked life. … yes, go ahead and make room so I can return to my destined place.

852. The eyes and ears of the mob are often false witnesses.
So don’t trust statistics, polls, or popular opinion.

867. The sons of the blacksmith are not frightened at sparks.
So, learn a bit how to code! Otherwise, you’ll have to be aloof all your life about e.g., app building, to overshout your fear for it.

881. It is late to devise expedients when the danger is at hand.
Basically, the foundation of and need for risk management. Of the sane sort, not what the other 98% preach.

903. It is folly to censure him whom all the world adores.
Even in a friendly way ..? A word to the wise, will be understood by those, only. The adored by the mob, is suspect enough already ..?

910. It is folly to punish your neighbour by fire when you live next door.
Uh-huh. But what if you want to disrupt in order to build a business …?

919. A lax government can not maintain its authority.
Beware to slack when you lead …

920. A boastful prosperity will prepare its own fall.
So, don’t boast about your sheer utter luck..!

955. One will agree with you sooner than many.
There’s no pleasing everyone. Aim high, but be content with lower achievements.

960. Either be silent, or say something better than silence.
So, silence may be golden but if (big if, in your case, when, in mine) you have sparkling diamonds to offer, do speak.

974. It is better to trust virtue than fortune.
Ah, this against the introductory musings of this (in Dutch); where consultants and advisors of all sorts are better believed/trusted because they show off with bigger cars, unfunctionally smart suits, etc. – which is posing of course, fake it till (if?) you make it. But will disappoint. Then hire me and you finally get the stellar actual performance you wanted.

983. Conceal your opulence if you want to avoid envy.
And, in many other Syrus lines, you read: Envy will in the end get the better of your fortune…

985. Flattery was once a vice, now it is a virtue.
And still is (considered such), wrongly.

1047. You are not happy if the rabble do not make sport of you.
This goes within trade groups as well. If the rabble ‘colleagues’ or ‘peers’, the meek able-only-to-follow’ers blame your creative ideas, you can be happy to know you are right and not they.

1057. Money is a servant if you know how to use it; if not, it is a master.
Notice ‘use’: Not invest to merely make more of it, but to achieve something for the betterment of society…

1058. When we speak evil of others, we generally condemn ourselves.
Speak no evil…

1074. If you obey against your will, you are a slave, if of your will, you are an assistant.
Which goes for (having to) obeying to totalitarian bureacracy, and possibly being an accomplice (of a grave evil) ..!

And… we’re… done. Enjoy reading the entire thing! Leaving you with:

[Recognisably but often overlooked, Calatrava, Toronto]

To model, shuffle back and forth

Now that the Jobless Growth meme has lost steam (though possibly not fertility, yet), it is useful to have a look at its in some way I don’t completely see how counter-part, antidote. Quod non. Where the analogy breaks down.
What I mean to say is; when Big Corp / Gov’t exists less than before, after the shake-out-by-the-numbers-by-lack-of-management-capabilities-to-raise-revenue waves of the past decade+ [don’t start me on the utter non-distinction between ‘governance’ and management ..!] every last grain of growth or even innovation capacity has been thouroughly bleached out of said sad organisations. And still there’s Growth. Which is a. a ridiculous but very, very dangerous financial bubble, b. non-existent as for work being performed, productivity being delivered, c. both.

No, all the start-ups that you hear about, are money- and certainly productivity pits.

Or, as noted before on this blog, there’s many jobs unregistered as such, in the independent consultancy sphere. [Typo resulted in con-slut-ancy; apt. May be one myself, soon.] Which may correct the numbers, but doesn’t diminish the fear behind, embedded within, the remarks about the joblessness and how jobs are important for the moral structure of societies. Yes, what would jobless growth for a great many years on end already have meant for the moral/ethical structure of US society ..?

But let’s turn now to the core message of today’s post: There’s hope, suddenly, that structures emerge in which a more egalitarian (as for power differentials) labour market may re-emerge. On the one extreme, there’s Uber et al with their The Algorithm Rules Over Minion Slave Single Menial Job-Contractors model, and on the other, the classical Let’s Keep All Minions On Contract Lest They Badmouth Us And Run with the last snippets of intellectual capital we might have (left). Caps off, begun to be too much.
Two extremes. Now, some middle ground starts to emerge. I mean, there was already some ‘flexible shell’ of independent contractors for odd jobs, temp projects etc., be it with smaller out/in-sourcing companies – but that was only a halfway solution with a core that in fear of death hung on to their increasingly irrelevant little corner and the increasing army of zombies floating around from too short stint to too short stint to pay the mortgage (or barely so) – and don’t start on Mechanical Turk etc., as so summarily and thouroughly dismissed by Jaron Lanier et al. But with Instacart on the move, there is a shift from the other side; much needed and welcomed, through which the ideal of a flexible life for workers comes into view before the horizon, suddenly seems realisable.

Yes, it may regard not-too-highly-paid jobs initially; the workers are still ‘lowly’ (?) manual labourers in this case. But the idea that it may be worthwhile for organisations to have a (larger) pool of flexible part-time workers, with their independence at scheduling and all, is New and should be recognised and celebrated the world over.

Well… Certainly I would like the idea to spread fast, very fast – as in: the next two months – to here the Netherlands… Work 3 days a week, and paid-hobby for the other two (?); I’d very much like that thank you indeed.

But … your thoughts ..? And this:

[Lobster doesn’t know. Barça]

Publi(li)us Series; part IV

OK, the fourth part of a series, on quotes of the guy that went from Publius to Publilius Syrus in a century, after having been forgotten [Oh! How unduly! How unfortunate! Hence this series] for a century or fifteen. As they’re handily numbered already and in fitting English (not too modern i.e. simplified, dumbed down), but quite a few may be enhanced by some frills of mine, I’ll take mine from an 1856 translation. Getting on steam. Series 451-800 today:

451. It is bad management when we suffer Fortune to be our guide.
How far-sighted. What an accurate description of just about any corporate ‘strategy’ (quod non). When your already had the eerie feeling of this saying (probably without actually having worded it this way), notice the ‘suffer’ part which is your feeling.

453. Supreme power may be lost by an abuse of power.
A word to the wise. And to supreme powers everywhere.

469. It is a bad plan that admits of no modification.
Slack resources! Any project success chance is inversely proportional to its slack resources!

475. When the ill-inclined cannot do mischief, they still dream of it.
Aint-fraudsters beware. And InfoSec’ers as well. 100% security is a pipe dream.

480. When you are at sea, keep clear of the land.
I.e., don’t go into harbour when you’re enterpreneuring.

501. To depend on another’s nod for a livelihood, is a sad destiny.
The Levi’s one 😐 but true, these days when you think of multiple hamburger jobs per capita not even providing a living wage.

520. Seek to please many, and you seek a failure.
P.T. Barnum was correct. And, see the labor de-specialisation of today, coupled with the (g)local focus of sufficiency over world domination.

561. There is no fruit which is not bitter before it is ripe.
So, don’t IPO too early. Also, flip-sidedly don’t invest too early.

571. It is only the ignorant who despise education.
When advice is offered, take it. But chew on it [this was somewhere else in Syrus’ but skipped for obviousness].

573. He can best avoid a snare who knows how to set one.
It takes a thief, but skewed to the positive. (?)

581. It is not every question that deserves an answer.
You keep questioning me.

586. No scar is dishonourable which is a mark of our courage.
Personally, agree. See my resume. To have tried to live (work) virtuously, is better than to have settled in under the wicked.

596. You cannot put the same shoe on every foot.
Beware, you ‘standard’ setters!

597. Do not suppose everything will come to pass as you have arranged for it.
See some previous issue of this series; Von Moltke.

599. Don’t consider how many you can please, but whom.
Licking up, kicking down, or be ware to target the virtuous only ..?

601. It is not safe to play a game of wits with kings.
I beg to differ as I’m the court jester – knowing how far (not) to push it.

613. Crimes are most easily concealed in the midst of a crowd.
Hide in plain sight, but duck and disguise.

632. A cheerful obedience is universal, when the worthy bear rule.
By smart, wise rules-setting, compliance needs not be enforced but follows voluntarily.

645. By tolerating many abuses, we encourage the assaults of such as we cannot tolerate.
Zero tolerance ..? There’s a stretch bandwidth between some and many..!

673. he who has plenty of pepper, will pepper his cabbage.
Nothing on turnips, though.

691. Freedom alone is the source of noble action.
Hence, get free. Then act out of virtue (which is possible for the free only).

699. When you have good materials, have good workmen.
So when you’re the material, hope for a good boss…

715. God looks at the clean hands, not the full ones.
One’s last dress has no pockets!

750. Pardon one offense, and you encourage the commission of many more.
Oh. Goes together with 645. Zero tolerance, still ..??

766. It is the height of eloquence to speak in defense of the innocent.
A bad spell on the equity of court judgements … if it takes the pinnacle of eloquence to mount a defense that should’ve been obvious.

787. What do you need of money if you cannot use it?
Investing money to make more of it, is inproductive to the greater good!

796. The wise man guards against future evils as if they were present.
Risk-manage wisely, my friend!

To close it all off, for now!

[Art to be appreciated; Louvre]