controls – Page 22 – Maverisk / Étoiles du Nord

Proof gone crazy

Was reminded recently, again, over the Proofing Gone Crazy aspect of the ‘show me’ approach in the totalitarian, SOx-ignited tidal wave of filing requirements.
As if the better the files, would not prove the better the manager is at hiding ever more wrongdoing ..!
As if it wasn’t, and still is!, the job of the auditor, the overseer and what have we (under whichever laughable guise of ‘regulator’ or even anything with ‘governance’ pitched in; ludicrous misunderstanding of what that would actually entail), to go out and find the proof oneself, not bothering the ones doing real, serious work beyond the bare necessity.
As if anything improved in ‘quality’ except auditors’ fees and the efficiency thereof — as if that were the purpose of it all.
As if the little time left after all the overhead is done, to do that real, serious work, doesn’t deteriorate gravely in ‘quality’ by the utter demotivation and distraction of all overhead requirements.

As if ANY of the original objectives were achieved. Only those that bulldozer over them, and/or are outrageously bombing the whole circus into the ground by pushing the pennywise and poundfoolish over the hill by exacting rule-based perfection while themselves taking the principle-based approach to break all that could be dreamt up for moral and ethical rules that apply still, everywhere, achieve anything. That’s a nice split main cause sentence …

So we’ll have to fight.

If only because originally, I wanted to start off with a title ‘Proof Sets Free’ after some motto on a gate that is commonly taken to point at humanitarian atrocities of a historical monumental scale — that are a direct and difficult to avoid consequence of the bureaucratic way of thinking. Those that toil under this motto, are set free only by ‘death’, physical or mentally, that is caused by their toils in the first place.
Which fits nicely with the utterly immoral requirement to turn oneself in at every misdemeanor that will for certain be taken as grave crime, including producing all proof of fact, and paying not only all legal fees but also for the bullet with which one is shot. Yes the world over that is considered a crime by the courts… Only here, the courts do not comply with the trias of politica and have all the power…

Now, just for laughs, try to prove me wrong in the above. Clowns are fun.

In return, you get this:

[Somewhat better here; The Hague (?)]

Vendors pitchin’ — reality’s b… moving elsewhere

Was reminded today that still, a great many vendors in the (Info)Security arena are pitching their worn-out warez to a laggerd crowd — or is it just me to see that, in particular where IAM is concerned, all eyes are still on some vault idea of data storage and systems, behind some mirage of a perimeter of the ‘data center’ (as it is presented ..!).
Luckily, I met this old friend of mine of Zscaler that see that today’s access and wider security concerns are over Cloud (storage, services) and Users (out there, anywhere). How nice would it be if not too much time would be wasted anymore on the classical, outdated (sic) model(s) and we’d all move to this new world ..?

This, for your viewing pleasure:

[Watching the ships go by, Amsterdam]

TLD: Shoo! Shoo!

Awwww was reminded today that the fallacy of Three Lines of “Defence” is a stubborn one. Debunked by a great many, among others on this blog over a year+ ago, but still much too much alive. So let me remind you with the following picture that speaks for itself (or …):

[No high-class design frenzy, just the blot-down in an angered jolt]

Yes, that’s right, still, and is until y’all ditch the TLD idea on the rubbish heap of history: the lines DO NOT stand between the threats and the vulnerabilities. And Boards et al can bypass the circus at their leisure. The lines (aren’t) of defense (aren’t) only stand between all that has gone wrong, and the regulators so the latter are placated with three rounds of white washing and window dressing.

In the past, everyone I discussed this with, agreed the whole thing’s a joke. A sour, very expensive, delusional one. Everybody reacts, nobody responds… Which will need to change or massive damage will occur.

OK, I’ll stop now before my language over the totalitarian, mind- and ethics-genocidal bureaucracy gets out of hand.

Trivial TLA Things-Tip

If you Thought This Time Things would be easier, as the universality of plug-‘n-play has spread beyond even the wildest early dreams into the realms of the unthought-of non-thinkingness, think again. Drop the again. Think. That was IBM’s motto, and they created Watson. No surprises there.
However… It may come as a surprise to some that now, an actual TLA has some actual tips, to keep you safe(r). As in this. Who would have thought… On second thought, this agency of note might have no need for the access disabled themselves anymore, as they’ve provided themselves of sufficient other access (methods) by now and just want to hinder the (foreign) others out of their easy access ..?

Oh well, never can do well, right? And this:

[Another one from the cathedral of dry feet — only after, making sticking fingers in dykes worthwhile; at Lynden, Haarlemmermeer]

Gaming comms is deadly serious

I was reading up a bit (again) in Eric Berne’s masterpiece Games People Play, and realized a great many of the Child moves in just about every game, approached how some nefarious organisations seeking sub-animal-level absolute tyrannical power under the sometimes literally completely wrong, oppositional guise of (true) religion. One thinks Middle East, and elsewhere.
Would it be possible to counterattack, apart from head-on obliteration through military force, with anti-game moves in the global and local/individual comms contra/pro these movements..? If these address the core sources of discontent, as explained here, it could work, couldn’t it ..? Sufficient experts available, one would think, on the Good (?) side.

Just a thought. This:
Keep 'em flying!
[Should be kept available…]

Let’s celebrate (with) a contest for the dumbest security

On this celebration day (for me/us), let’s instate an annual contest — over the most precise prediction of the dumbest information security breach of the upcoming year.
So, the following:

Your prediction, storified (½ – 1 page, at most slightly formatted);
Realistic, i.e., a combination of dumb and dumber, and stupid and worse, of (non)actions and responses, on the attack and ‘defense’ sides. Realistic, but keep it realistic…;
Hence, do include lots of cyberhere, cyberthere, cybereverywhere and only a little bit of #ditchcyber …;
Deadline: 1 January 2016;
The predictive element means that no sign of the thing actually occuring yet, may be found in the (whatever medium) press already;
Prize… ah, there you go. I’ll try to figure out a way to ship a bottle of the finest champagne to the winner;
No discussions about my judgement.

Well, off for now. Have fun:

[Shaky ground (huh, just photographer’s lack of proper alignment due to hurry);
somewhat relevant, in the opposite (of today)]

Simple reading tip

David Graeber: The Utopia of Rules. Simple as that. There. And elsewhere of course (??).
Nothing more; that stuff is enough already for today. But be back soon.

Assurance… No; continuous blockchainproofing will be

Accountants (of the certifying kind) have seen the light of continuous assurance coming. The vast majority of them reacted by being the rabbits [certainly not of the Winnebago / Native American trickster type ..!]; though assuming the headlights were and are still very distant, sitting quite still…
A select few have responded differently – embracing some change as inevitable, researching how Continuous Assurance might be, in times of proliferating XBRL and the like.

That’s OK. And laudable for the Virtue of facing the danger not ducking.

But … all of the assurance industry is still lock, stock and barrel dependent on being the Third Party in agency models.
And now, blockchain tech is around the corner, promising all sorts of unbelievable new ways of transferring trust. If only one could build some system(ic) in which any principal would be able to Read all minute transactions of an agent, and would be able to reliably (…) make sense of it – then the information quality (read: [non]uncertainty, [non] information (access, processing capability) difference) would be immediately visible and actionable. Undoing the need for a trusted third party to give a second opinion that is so beaten down to platitudes anyway that the usefulness has deteriorated way beyond what third parties themselves still believe (if they wouldn’t, who would…?). And note the italics of trusted.

Trusted – the thing that blockchain technology spreads so evenly, so extremely to the opposite of the ultimate non-spread of one person/entity.

Oh well. You know now, and this:

[Relevant if you think it through: Warped reflections. NY of course]

Reeled in; struck out ..?

Oh…kay… There was this theme going round a couple of … years to decades ago about how the (?) Internet would make geography unimportant and hence would make possible the dethroning of all geography-based governments.
Well, that didn’t go too well… Turns out that not much happened in dethroningland. Or did it ..?

Would be interested to learn how longer-term developments (decades-to-century) could play out, scenario-wise. Maybe put a bit of blockchain versus (??) singularity in the mix…

[Somewhat relevant agency … NY HQ]

Sharing a name for economy

Rightfully, I thought as I read this article… but then, not.

Yes, ‘sharing economy’ is abuse by the UburbNb’s of this world as they’re exploitative scams that have little to do with the actual Sharing Economy.
The actual Sharing Economy is about sharing because of caring, which is price-less in itself and holds quite some anti-monetary ulterior goals.
The Sharing Economy shouldn’t have to change its name because others, in an ethically-horrendous and despicable robbery, claimed it.

And all this is futile resistance. “All that is of value, is defenseless” (Troelstra)

And:

[Yes, the same as a couple of weeks ago, now from a approx. 120deg different angle, still works ..?]