Applicable to business – Page 4 – Maverisk / Étoiles du Nord

Deviate for Resilience

Well there’s an imperative. Deviate for resilience. Which goes waaay beyond mere ITCM or its linkage into BCM. What I mean here, though, is a reflection from the B side into the IT side.
Once encountered when it was still supposedly somewhat ‘cool’ (as it was called in the grandpa’s days) or so to work on … can you believe it, $AAPL infra. Where the Infosec staff had carved a corner for themselves: That they’d actually need to deviate from corp policies (the devolved kind) of using M$ stuff for alibi reasons of needing in ITsec par excellence, a fall-back that would actually work when all of the M$ infra would’ve collapsed due to some class breaking ~~glitch~~ exploit. Yeah. That meant that you did need a substantial budget to your own discretion without much transparency towards effectiveness of spend and no gadget and toys buying, right?
Nowadays, the coolness if ever it truly was (stupid sheeple), has worn off totally and is a tell for no comprendre qua cost/benefits analysis, sufficient tech-savviness to cut it in today’s world, and forward compatibility even to the cable mess (costing you tons). Predicting which unicorns will succeed, or fail, is easy; the former are on M$, the latter on … you guessed correctly. Nevertheless, the resilience argument still holds.

Which goes beyond the mere platform choice. It goes for global/local deviations as well. IF yes that’s a big if, if done right, not for NIH purposes (both ways ..!) but for resilience purposes. It’s not efficient to the max, but if you strive for that, you’ve done so much wrong already it might be irrecoverable. E.g., mission, organisational culture, risk management (incl analysis), control choices and implementations (case in point: multiple malware scanners), etc.

But remember: When done right, you very probably do need to deviate all over the place for resilience…

Just remember that to defend yourself, OK? And:

[If telecom fails due to clock synchro errors, it’s still a sun dial (really it is); Barça]

Your security policy be like …

The theme of your security policy and how good it is (not), is of course a recurring one. The recurring one, annual cycle (Is that still frequent enough? Yes if it’s truly a policy like here) included, with an all else follows attached. But then, it’s only Bronze when only a top-10 bulleted list extracted from … ISO2700x, mostly. It’s Silver when actually compliant in all directions, which includes serious ‘local’ adaptations…
And it’s Gold, when over and above that, it looks like this.

Not even kiddin’, really. Since your information security policy, next to the other security policies …, covers all of information of any kind and medium processed anywhere in the business. Which means that the from-IT angle will very probably not suffice.
But which also means that it helps when it rocks, in ways that interests all of your audience which is all of your colleagues including all colleagues at outsourced, cloudsourced and what have you processes and lines of business. Transparency, right ..? Runs all the way down the food/supply chain.

Indeed, the maturity of a company may be gleaned from the maturity (rocks’iness) of the information security policy. Get that right, and all else need not follow since it has gone before.

And oh, did I mention that in the implementation, resilience should be built in and not only be through formal (for-) BCM practices ..? I’ll return to that tomorrow. Plus:

[Lightning (-) rocks (pavement), too; Ottawa]

Fizzle disruption

Since the whole, Original and profound, concept of Creative Destruction was latter-day transformed into something much devolved [using that in a most pejorative way; ed.] called ‘disruption’ and applied in even worse ways to outright illegal stuff that had to be allowed still for … well, for no valid reason at all, certainly not morally or ethically improving society in any way only making things worse or much, much worse for all but the 0,1%,
it deserves some attention that the major true disruptions over the past two decades… either weren’t recognised as such but were straighforward Innovations, rightly so characterised (‘Internet’, anyone ..?) or have yet to come to full fruition, in a balanced new future (profitability of ‘Amazon’, anyone ..?).

Where, also, quite some of the announced disruptions have withered into oblivion. Upstart protagonists, most certainly. But also where complete industries have either resisted the ‘attacks’ or transformed themselves just enough to withstand the onslaught, the Barbarians At The Gate.
My point being: Can the latter variants be characterised, and show predictive value, through the outset sort-of situations not only qua industry (culture) but also qua country culture that the industries were pointed-of-gravity ..? The prediction part of course being the most interesting …

Would love to receive your pointers to the stacks of scientific research done already …
And:

[Art, of old but disruption-resistant: The old stays, the new attempts but is accepted and encapsulated…; Paleis het Loo]

Your conference improver

If you’re Irish. Or have some travel budget for them, out of Dublin. This outfit admitted to sometimes do conference ‘reports’ that do grasp the essentials for a change.
And have perfect gifts for any (business-, too) occasion.

Shadow IT – no problem

In the upheaval of the last decade or so on the rush to the cloud (no, not that cloud though rush-related), a similar development preceded it – and still runs on. It is the spectre not only hunting Europe (and certainly the deviant [all manners? ed.] off the coast, splitting but not drifting away like an Iceberg would. should…), but everywhere else as well, the spectre depending on who you ask of Shadow IT.

Which is facilitated through XaaS (SaaS/PaaS/IaaS/…) availability. But which hardly ever is allowed… — allowed through being compliant with organisational standards. From anyone’s perspective but the IT club’s, it is not about breaking the in-house IT vendor lock-in barriers. That were breached becaused the bounds were straight-jackets. Don’t try to break those, just sneak out the back door. But it’s about the latter, seeking what wasn’t provided in-house on one’s own account, previously not having been ‘allowed’ but it was IF the solutions sourced, complied with the security (mostly) requirements set at the organisation-wide level, and set from the business side of the organisation.
Controls in or out of IT, required by IT to be implemented elsewhere, are about the particular IT solutions chosen. Solutions to the problems identified in control objectives and controls, always having alternatives in the latter. So, when through these IT-dictated controls, your preferred solution cannot be made to fit (or only near-unusably awkwardly so), they do allow you, even in a sense require you, to go for shadow IT.

Which, hence, is permitted If ad only if being (security) controlled at at least the same level of control objectives achieved. So, some department might have to re-build all of the IT department’s load of overhead qua systems management, all of ITIL or even CObIT, all of … wait, not ISO 2700x – that is an organisation-wide thing already or it is of fact a crappily implemented thing. So covers the shadow IT as well, fitting in the latter under the umbrella of the former. That’s where the battle would need to be fought, if at all since the shadow runners may very well have done a good job at running an outsourced-portfolio coordination team, neatly sheltering under the umbrella already. Showing the IT department how that’s done.
Possibly [hey I’m over-using the em-tag or what; ed.] doing it both proper and cheaper. Usually doing not the former, hardly the latter and certainly not the latter if the former is corrected. But sometimes, showing how; when IT told them that was impossible, they just did it. As good / better, and cheaper. Yes you can, to paraphrase some sorely missed leader.

In the interest of the organisation, sometimes shadow IT should be the preferred solution direction…
I’ll stop now before angering too many. And:

[The (black) details, are they essential? In a way, but could they be different or would you have chosen these in the first place …!? Prague]

Copying it bluntly, for you

Just like that, a full page of niceness and arguments to consider. Guess which one I’m switching to. So should you. Competition, leading to improvement.

Some nuggets for social

Alas,dair MacIntyre may have scared off some readers in the first few chapters of his After Virtue, with reason to not offend the simpletons, the dunces though addressed, as ‘they’. When after a while, the langauge becomes more simple, but the content no less valid. As in:
It is of course that if social science does not present its findings in the form of law-like generalizations [z, sic; ed.], the grounds for employing social scientists as expert advisors to government or to private corporations become unclear and the very notion of managerial expertise is imperilled. For the central function of the social scientists as expert advisor or manager is to predict the outcomes of alternative policies, and if his predictions do not derive from a knowledge of law-like generalizations, the status of the social scientist as predictor becomes endangered – as, so it turns out, it ought to be; for the record of social scientists as predictors is very bad indeed, insofar as the record can be pieced together. … One could go on multiplying examples of the predictive ineptitude of economists, and with demography the situation has even been worse, but this would be grossly unfair; for economists and demographers have at least gone on record with their predictions in a systematic fashion. But most sociologists and political scientists keep no systematic record of their predictions and those futurologists who scatter predictions lavishly around rarely, if ever, advert to their predictive failures afterward. … it is impressive that in not a single class is the predictive power of the theories listed assessed in statistical terms – a wise precaution, … [pp. 104-105]

Since organizational success [shown to be dependent on mass individual flexibility and unpredictability; ed.] and organizational predictability exclude one another, the project of creating a wholly or largely predictable organization committed to creating a wholly or largely predictable society is doomed and is doomed by the facts of social life. [p.123]

The dominance of the manipulative mode in our culture is not and cannot be accompanied by very much actual success in manipulation. I do not of course mean that the activities of purported experts do not have effects and that we do not suffer from those effects and suffer gravely. But the notion of social control embodied in the notion of expertise is indeed a masquerade. … The fetishism of commodities has been supplemented by a just as important fetishism, that of bureacratic skills. For it follows from my whole argument that the realm of managerial expertise is one in which what purport to be objectively-grounded claims function in fact as expressions of arbitrary, but disguised, will and preference. … For claims of this modest kind could never legitimate the possession or the uses of power either within or by bureaucratic corporations in anything like the way or on anything like the scale on which that power is wielded. So the modest and unpretentious claims embodied in this reply to my argument [the above, suggesting malevolent attitudes towards others; ed.] may themselves be highly misleading, as much to those who utter them as to anyone else. For they seem to function not as a rebuttal of my argument that a metaphysical belief in managerial expertise has been institutionalised in our corporations, but as an excuse for continuing to participate in the charades which are consequently enacted. The histrionic talents of the player with small walking-on parts are as necessary to the bureaucratic drama as the contributions of the great managerial character actors. [pp. 124-125]

O-kay, that seems to be enough for now, to consider and ponder, and to weep for your own part in the ‘charades’. How is your defence not a corroboration of the argument ..? Also:

[Actual Class, now bluntly demolished by technobureaucratic pauperminds; Clos Eugénie, Culmont]

Neo is right

When it is about the way The Neo-Generalist, Kenneth Mikkelsen and Richard Martin, is:

The Neo-Generalist is both specialist and generalist, often able to master multiple disciplines. We all carry within us the potential to specialise and generalise. Many of us are unwittingly eclectic, innately curious. There is a continuum between the extremes of specialism and generalism, a spectrum of possibilities. …
Since the advent of the Industrial Revolution, our society has remained in the thrall of the notion of hyperspecialism. This places constraints on the way weare educated, the work we do, how we are recruited, how our career progression [say what? ed.] is managed [not; ed.], how we label ourselves for the benefit of others’ understanding. …
Our workplaces, governments, intelligence agencies and other communities and institutions constantly complain of silos, but that is an inevitable consequence of our promotion of hyperspecialism. So too the myopia of expertise that prevents us from seeing properly what is right in front of us, or connecting it in meaningful [sic; ed.] ways with other information, other people. [Preface, almost completely]

The institutionalisation of the label, and the constraints it demarcates, both physical and psychological, is an unfortunate legacy of the Industrial Revolution and its effects on society. The scientific management practices popularised at the turn of the twentieth century retain an insidious hold on how people think and organise themselves for manufacturing and knowledge work, even extending into Healthcare and education. It is a dehumanised and mechanical approach that views individuals not as people with unique charcteristics, knowldge and expertise but as replaceable parts. Their very humanity is occluded by the labels they are forced to bear. We remove this welder and replace them with that welder. When this accountant leaves, we will hire another accountant. Our project managers, nurses, teachers, bus drivers, are considered entirely interchangeable.

In the meantime, however, we have set up a conveyor belt of humanity that is geared towards squeezing people into the correctly shaped holes, ensuring that the label fits. Hyperspecialism is the end goal. … Educational choices made during our impressionalble teen years can have a lasting effect. To select is also to exclude. Opting for certain academic disciplines during high school limits what can be pursued at university or as a trade. For those who aspire to it, a higher-education specialism then narrows workplace possibilities. Qualifications lead to employment, whcih in turn leads to the constraints of a role and job description, the path towards increasing functional expertise. Measurement and performance assessments impel us to sharpen our skill set within the restricted field. The myopia of the expert sets in. The boundaries within which the specialist operates get narrower still.

The funneling has an inevitable consequence: it fosters silo-based practices and behaviours. Corporations, government departments, intelligence agencies and a host of other types of organisations bemoan the disjointness of their departments, the lack of interoperability between IT systems, the hoarding and protection of knowledge. Yet this is the end result of a system that encourages hyperspecialism and narrow, deep expertise. [pp. 24-25]

And so it goes on, with relevance. We may interject a full Book by Quote later, but for now leave it at this and encourage you to Study the work. To weep and learn, how you should not do it. I mean, tag along. Resist!

Oh, plus:

[Cordoníu the Beautiful (~ design by Puig i Cadafalch), San Sadurní d’Anoia Catalunya]

Tech-brittle society

Anyone already studied the brittleness of society re technology ..? Of course, we all do know there’s a lot of ‘critical infrastructure’ out there. But do we realise enough, that it’s not only those somewhat-well-defined (not) industries that might suffer from any form of e-attack (incl EMP; what was it with those old low-band radars that the Russian had stacked behind the Ural and were found to be very effective in picking up F-117s because the latter had never been back-tested so far ..? Same, here ..?), and society as a whole might be blown into disfunctionality when some, not critical-industry-confined but ‘class break’-like attack were to be attempted ..?
I’d think not. The more complex society becomes and (hence !) the more interdependencies there are that already work with ever slimming margins, the more brittle our society becomes, the more it is like a giant house of cards, ever more critically stable before one wind collapses the whole shazam. And the less people there will be, that remember from long times ago how one would run a society in a much less complex way… If anyone still uses ‘shazam’.

Plus:

[Even those were, are complex machines to operate. And what if your coal is delivered just-in-time by some networked drone delivery in the ‘chain cloud or so and none of that still exists ..? Utrecht]

Do you business card, still ..?

Once upon a time there were infrared dumbphone-to-dumbphone connections replacing paper business cards. Or people had fancy-shape mini-cd-ROMs.
Now, we have … paper business cards. Or do we ..?

Would love to hear from you whether social network platform invites are already established easily enough at any networking F2F without the awkwardness of having to use your smartphone in such meetings, without looking sheeplish. You replies via the socmed platform you found this post through, please, so others see this whole thing and may contribute – or it’s just that the Comments sections of this blog don’t work.

Oh, and:

[It’s not your vault; De Bazel Amsterdam]