controls – Page 16 – Maverisk / Étoiles du Nord

Disciplined away from bureaucracy

After some thought on bureaucracy on either side of the Big Pond, it suddenly dawned on me how to explain the seeming (of course) paradox:

At the Western shores, a lot of military with front line battle experience (and some, only a bit less so), possibly out of reserve functions in mundane business, have gone (back) over to the dark side of commercial business, with their discipline and cutthroat ‘competition’ (using not secondhand car salespeople but live ammo) as main assets / gathered experience to bring to bear.
On the East oceanboards, not so much, and a love for egalitarian Rhineland ideas might have persisted, giving flexibility and care for customers (‘s souls), and much room for ‘Millennials’ (let’s all drop that most empty of phrases though you get my drift) in the workplace.
On the point of competition effectiveness, Westeros beats Essos hand down.

But, the critical points for resolution are:

US businesses have been taken away from petty-rule-based (only) bureaucracy that they were in (yes they were, even with the freedom-seeking escapism rampant throughout), by the infusion with serious doses of Mission Command (a.k.a. Commander’s Intent) flexibility in goal achievement over procedural justice / form-over-substance.
European corps had nothing to counter Power Corrupts style demise unto totalitarian bureaucracies with their headless-chicken compliance.

So, it really is no contest but we would need a (not present) ref to break it off. To bad, and:

[Oh how cutiepie, Doesburg defenses]

Plusquote: Motivators

…. ah, no. Will just give you some ‘inspirational’ Golden Oldies…:

39806dd3-9cc7-4f5d-ba93-ed54f13576b7-original

b56fa98d-4d51-41c5-b5f5-8dfd3d224363-medium

2dc9186f-fe42-4ed1-b3e3-a89005fe9ba4-medium

So… Legal developments go at glacial ‘speed’, thus mumbling critical oversight to sleep. Happened, once again, in NL. Mass collection (sic) of and trawling through all sorts of data ‘out there’ is free game for gov’t agencies.
NO the oversight committee will not do anything. Anyone saying so, plainly and simply lies under oath to overthrow the constitution (isn’t that high treason?)

But what will happen of course, is that those that in the past weren’t able to connect the dots (proven fact), will now be swamped in enormously bigger piles of noise data. At the very very best (??) they’ll find bucketloads of false positives — ruining perfectly normal, perfectly legally operating citizens’ lives, of course without any serious recourse or restitution of lost life’s pleasure and happiness…
And the false negatives will also explode, induced by the very ‘countermeasures’.
So, also those that propose and implement and work with such ‘solutions’ quod non, will be culpable to.

Oh well Or well was right. Plus:

[I don’t want or like, but do expect, a similar thing again; for different reasons but with no really different methods — Prinsenhof Delft ya’know]

Golden oldie pic of the day

Just like that, a Golden Oldie again then, that relates quite well to the elections, recently in NL and soon in the US:

Choices, choices…

Be-four you turn enthousiastic

[Warning: Long-read. Opiniated, and structurally your recommendations ~~may be~~ are needed, too]

About all of the banking industry, and other financials in their wake, have had to deal with loads of regulatory requirements. Justified, some say, for ‘they’ cause(d) so much misery beyond mere most temporary loss of bonuses that the ‘un’ should be (have been long before) detached from bridled. So, Basel II and -III regulations swooped in requiring much more explicit and detailed handling of financial business than ever before. The move from laissez-faire to regulation, to regulation with sanction schemes, to sanctions (possibly interpreted as ‘token’…), was extended with provability and then complete proof-demonstration as minimum requirement.

This all, however, has created a large, and in general even I would say quite overpaid [disclaimer: am profiting too] industry of consultants, quants, ‘risk managers’, reviewers, assessors, auditors, and scores of Toms, Dicks¹ and Harries of the GRC kind. That are all very likeable nice lads and lassies, but maybe not quite worth their salt, certainly not their bonuses, or even be sure to be worth much lending one’s ear to.

Since March, suddenly, there’s news. The Basel Committee on Banking Supervision has released a consultative paper on ideas for (much-needed, many know) simplification of the operational risk management part of regulations. For Basel-IV forthcoming.
Continue reading “Be-four you turn enthousiastic”

Crash’in the wings

… Thinking back of the Taleb’ian remarks, and truths, on Extremistan, and how some more or less closely watched parameters may lose their variance but not their uncontrol since such petering out of shock’lets are just the precursors of an asteroid impact scale collapse, I wondered what is about to happen in infosecland. Since for weeks, nay months already, there has hardly been any news… Apart from the usual suspects (#ditchcyber ..!), there hasn’t been anything serious, has there, by means of yet another class break or more comprehensive controllability breakdown?

Which is why everyone should sit more uneasily, in stead of the opposite sleeping better than ever.

But then, this was the message from your Wolf-crying boy …?

To which:

[Since last Friday, you know this isn’t a reindeer but an elk that is no moose, at least not everywhere]

Security so(m)bering

There’s this discussion going down on the merits of privacy versus security. Whether the one is part of the other, or the other way around, or both. Whereas the smarts are with considering privacy enhanced by good confidentiality settings ’cause they see that privacy is an issue of higher (abstraction) order than mere confi; achieved by it but only as infosec are the bricks and mortar when all you wanted is not bricks or so but a wall.
Through which you may reflect on compliance in infosec. Because hardly ever, is that taken to include compliance with the principles and business objectives and conditions that include being sparse with hinder to the business. Really, those that truly set only guiding rails not enforcement rails, are the unicorns of the trade. No, not those unicorns, those are just frauds anyway.
You may try to do better; really. It starts with risk … when properly applied, you would not get the remarks about ‘why, it has never happened to us before / what are the odds?’ but might even get better support for some slightly hindering process changes and better (but less end user detectable) ‘infra’ i.e., everything under the users’ level of visibility.
So, I’m not sombering or if, about the eager beaver pervasive prevalence. Because sobering up, wising up, may win the day and may be due…

We shouldn’t somber too much… Isn’t this a perfect opportunity to finally demonstrate how we do (… can …) link up information security to real business issues at the highest GRC levels. Since we shouldn’t be passive, and leave ‘privacy’ to be taken over by lawyers jumping into the current Privacy Officer void. Since we can translate all the operational and tactical work that we do on privacy, all the way up to strategic levels and still be very concrete. And not have to wait till ill-understandable “guidelines” (shackles) keep us from achieving something.
No more wannabe whining about ‘deserving’ a seat at the Board table or at least be heard; not asking to be allowed but matter-of-factly showing ‘Done.’ … if, not when, you did informtion security right all the way…

Just like that:

[“Na na nanana can’t hear you!”; Porto]

Miss Quote: Your way. Or ..?

In the series of unfortunate misquotes, a famous one:

Anything that can go wrong, will (Murphy)

As a secondary quote from somewhere:
But Edward Murphy did not say this. What he most likely did say is something along the lines of:

‘If there’s more than one way to do a job, and one of those ways will result in disaster, then somebody will do it that way’.

Which only by you with the way you do things, does indeed result in disaster, without fail. So, if you use the misquote, you should add “when I do it”…?

That was a short and easy one … so, for you:

[You picked its current spot; deep into the harbour…; Baltimore]

De nieuwe KvK-registratie

Voor velen is het een klusje dat lastig is, maar er nu eenmaal bijhoort als onderdeel van ‘being in business’.
De registratie bij de Kamer van Koophandel. De basics, bij de enthousiaste start van bijvoorbeeld een zelfstandig bestaan. Het onderhoud, bij wisselingen in het verenigingsbestuur — en dan blijkt de KvK dermate relevant, dat men nog een natte handtekening vereist maar dan wel in het bekende veel te kleine rechthoekje te plaatsen waardoor de gezette handtekening welhaast per definitie niet klopt…! Hoe diep in het vorige millennium kan je achtergebleven zijn; dit toont wel aan dat de KvK welhaast niet nuttig meer kan zijn…

Maar nu is er in tijden van ‘cyber’ (#ditchcyber!) een alternatief of eerder, een vergelijkbare registratie: Bij de AP.
Jawel, de Autoriteit Persoonsgegevens, zo genoemd omdat de verwarring met het begrip ‘privacy’ nog niet groot genoeg was wellicht, en hernoemd om weer een decennium opstarttijd te geven voordat effectiviteit kan worden verwacht en alsdan weer een nieuwe tijd aangebroken is die vraagt om een ‘andere’ instantie ..?
Want we hebben immers de Wet meldplicht datalekken… Met 700 registraties in de eerste twee maanden (rekening houdend met een volle eerste maand nieuwjaarsborrels, dus een week of vier) is wel duidelijk dat het een kwestie is van (aan)melden en verder gelukkig niets — tenzij men pech heeft niet politiek relevant te zijn en ‘dus’ najaagbaar …

Ach, overheid; leuker kunnen ze het niet maken, wel onmogelijker…?

[En daar komt nou ook niet echt tegenwind vandaan…]

Miss Quotes: Free Hegel

The quotes, of motivational nature or other, that you meet every time again — but aren’t, since they are garbled versions of the original. And the original had much more profound wisdom, or was even true where the misquote isn’t.

Yet another one in a series, a rather old one:
“There’s nothing sure in life except death and taxes.“

… …

For one, “The only thing you can be sure of, so the saying goes, are death and taxes — but don’t be too sure about death.” (Joseph Strout) — before but on the Kurzweillian strain of thought (more on that elsewhere on this blog) that ‘humans’ may leave their biological medium (‘substrate’) and live forever — probably on tape or 5″ floppy disks though that angle Ray discusses [satisfactory, for once] too. But whether Ray’s scenario turns out to be true (where would religion go …? Betraying his/his father’s roots?), or the Spinozaic or anthropomorphic deity would allow to be overruled in v1.1 of the Design, it would be short-sighted to take dying as inescapable.

For another, [skipping lazy evaluation of the And clause that would already render the quote a miss] David Graeber already proved that in the history of humanity, almost no-one ever paid taxes, the above is just an order by the receiving end put onto the paying end to suppress any even the slightest inkling of an idea for revolt. Whereas the Dutch started their war of independence officially because of an income tax levy of 10% — the outrage! and practice was ‘slightly’ different, very probably. So, no score here, either.

QED.

And the Hegel of the title: Search my earlier posts on that.
And:

[This beauty however may not last forever ..? Bibliothèque Vanderbilt, Reims]

Tag: controls