Tag: controls

What should also be in the GDPR

At least, as an idea: Foreign countries that interfere with privacy in the EU, should be included in the penalisation stuff. Same levels, like; 4% of GDP for e.g., registering political opinions of citizens of the EU even when they’re also citizens of that foreign, alien, enemy country, without explicit opt-in consent. [This happened, happens..!] For every transgression. Then enforce via trade sanctions and import taxes [after checking the trade balance will effect the ‘payment’ of the fines; won’t be stupid].

Oh, and:
[Or the supreme leader goes to jail for a long, long time and is struck by lightning; unrelated, Ottawa]

Common(s) as privacy and vice versa ..?

Remember from your econ class that concept of The Commons, and how problematic it was? Is?
There was this intriguing post recently, on how Free Speech might be considered and deliberated in terms of the commons being exhausted by undue over-use (abuse) — for its use alone ( → ). Leading to aversity of the concept not of the abuser or his (sic) apparent locally recognised but globally not, ‘valid’ reason(s) for over-use.

Which, as is my wont of the moment, driven by personal business interests, I took to be applicable to Privacy as well. Maybe not in the same way, but … This will need quite some discussion between me on the one hand, and peers and others on the other who would actually know what they’re talking about. Throwing in a bit of anglo-american data-isn’t-yours versus European (‘continental’ — will brexit – which starts to sound like a lame Benny Hill kind of joke ever more – change that ..??) data-is-datasubject’s-always divides, and some more factors here and there. Complicating matters, but hey life’s not perfect.

Waddayathink? In for a discussion ..? Let’s start!

And:
[Not so very common-s; Toronto]

Ben still has all the Ayes

There is no end to the need to repeat the, somewhat but simply never sufficiently, quote by the Ben you know best:
Those who surrender freedom for security will not have, nor do they deserve, either one.

How valid today. How utterly moronic in comparison all that would allow crypto-backdoors (for other reasons, too), and covert catch-all dragnet surveillance. Etc.   Etc…

Oh and for the few that are still interested in the United States Constitution, they shall refer to article 1, section 7, clause 2 , that has not ayes and nays but yeas and Nays. Just wanted that off my plate.

Leaving you with:
[You’ll be naked and that will not be pretty; Barça]

Progress, friends, is here. Only, not everywhere. Yet. Say ‘No’ till then?

You know that the bright new future is here, when amid the torrent (figuratively referring to the physical phenomenon, nothing to do with the on-line tool(s)) of fake news, this still makes it into a headline: ATMs now to begin to start being rolled out with Win10 ‘support’. To be completed per 2020, when support for Win7 stops. Right. 2020; probably not referring to the eyesight of the ones planning this, not being personally accountable and duly informed of the risks.

Because otherwise, wouldn’t it be smarter to come up with a clever idea to do the roll-out within a month, to prevent just about anyone to take ATM security — or is it a signpost for overall infosec’s position — seriously, as seriously as it should ..?

It’s time there comes an agency, Nationwide, worldwide, that has the authority to say NO!!! to all ill-advised (IT- which is the same these days) projects. Infosec professionals tried to ditch the Dr. No image, but it turns out, it’s needed more than ever to prevent the Stupid (Ortega y Gasset’s Masses I guess) from endangering all of us or at least squandering the billions (yes) that could have been applied against world poverty etc.etc.

Oh, and:
[The UBO ‘humanity’ seems to be lost, here; Zuid-As Ams]

Crippling ‘synergy’

As of late, we haven’t seen too much news about failed mergers, have we or was it buried under seemingly more interesting industries’ development news ..? Like, the latter-day’s Seven Sisters on the ‘Net driving all M&A activity by grazing the startup pastures bare?
Actually, there are a couple of interdependent developments, it seems:

  • Classic mergers and take-overs (and divestments) seem to become more rare, as the importance of classical industry (primary-to-tertiary, maybe -quarternary) has diminished, in favour of, let’s say, quintary pure-information based industry/industries. I.e., beyond mere ‘service sector’ services but data-oriented everything. Hence, it’s IPOs to behemoths taking over microcompanies not mergers of (relatively) equals.
  • Classic mergers failed so pervasively in resulting net positive ROIs that no-one wants to deal with hem anymore. Including a development like this.
  • [Not all lessons learned, apparently; otherwise, these would be shared quickly and the M&A business would rebound — see (among) the following: ]
  • The new take-overs are of the obliterate-or-fleece kind; the heap of gold just being too big to resist after which the target is plucked bare for the few nuggets of worth in there, if any, then made disappear as technology integration overrides anything qua ideas that was of any value.
  • This pointing to where previous industries’ M&As failed, every time again [at least, often also for other factors of incidental and less interesting character]: Not accounting for IT. Would love to see the research that proves that the upswing of IT in business life negatively highly-correlates with merger failures.
  • Because the focus has been so much, longer-term, on ‘synergy’ — that always was in support fucntions that had to be shrunk, one plus one makes one plus less than half, or so. But this never worked, as the ‘keep as of old until integrated’ was executed so lacklusterly, Always leaving too many traces of old even when clean-slate renewal was attempted multiple times.
  • This in turn, because IT grew so much in prominence in business execution and administration — but wasn’t recognised as such; always relegated to the lowest of basement departments, that in the end the ‘integration’ [hardly ever to any measure of success off zero, almost always not associatiable with the term ‘success’ rather] of separate IT systems costs tons and resulted in … more costs, permanently, for not only the near term but -ever.
  • And, as above, this lesson haven’t been learned. As shown in this: Brexit woes

From which the questions arise:

  • Why haven’t we all (in particular, auditors of all shades that should have been the ones to have learned and warned) learned and warned that IT integration was so crucial, both in due diligence / cost estimations and in failure rates?
  • What is the content of the learned [not]; how to get good IT integration cost estimates, and what are successful methodologies for IT quality assessments ex ante and ex post?
  • Do we only learn from history that we don’t learn from history? This because two bullets don’t look right but three do.

OK, enough to consider and ponder; I want your pointers to definitive solutions in return for:
[Now there’s the resulting Simple view; Baltimore]

Behaviour is key to security — but what if it’s perfect?

When the latest news on information security points in the direction, away from reliance on technical stuff, of the humans that you still can’t get rid of (yet!), all are aboard the ‘Awareness is just the first step, you’ll need to change the actual behaviour of users‘ train. Or should be, should have been, already for a number of years.
In Case You Missed It, the Technology side of information security has so far always gobbled up the majority of your respective budgets, with all of the secondary costs to that, buried in General Expenses. And the effectivity of the spend … has been great! Not that your organisation is anywhere near as secure as it could reasonably have been, but at least the majority of attackers rightly focus not on technology (anymore – though still a major headache) but on the feckle user discipline. Oh how dumb and incompetent these users are; there will always be some d.face that falls for some social engineering scam. Sometimes an extremely clever one, when focusing at generic end users deep down in your organisation, sometimes a ridiculously simple and straightforward one when targeting your upper management – zero sophistication needed, there.

The point is, there will always be some d.face that makes an honest mistake. If you don’t want that, you’ll have to get rid of all humans and then end up overlording robots (in the AI sense, not their superfluous physical representation) that will fail because those underling users of old held all the flexibility of your organisation to external pressures and innovation challenges.
Which means you’re stuck with those no-good [i.e., good for each and every penny of your atrocious bonus payments] humans for a while.

Better train them to never ever deviate from standard procedures, right?
Wrong.
Since this: Though the title may look skewed and it is, there’s much value in the easy step underpinning the argument; indeed repetitive work makes users’ innate flexibility explode in uncontrolled directions.
So, the more you coax users into compliance, the worse the deviations will get. As elucidated, e.g., here [if you care to study after the pic; study you’ll need to make something of the dense prose; ed.].

So, here too your information security efforts may go only so far; you must train your users forever, but not too much or they’ll just noncomply in possibly worse directions.

Oh well:
[Yeah, Amsterdam; you know where exactly this depicts your efforts – don’t complai about pic quality when it was taken through a tram’s window…]

The Sixties, rehashed ..?

Quo vadis; society ..? This now has an answer: We’ll have a rehash of the 19-30s and -60s (/-70s) in one.
When the 1%ers slash Military-Industrial Complex slash totalitarians claim to want unfettered market economies for all even when they pursue an absolute, complete Big Government / monopoly society, even pushing IoT for the purpose of providing Big Brother with total surveillance capabilities under the guise of ‘citizen’-supporting ambient intelligence Oxford, and pushing VR as a tool for mind control (sucking everyone (?) into the blue pill illusions of the Matrix),
And on the opposite end we have a continued strive for the Commons-Arcadia of small businesses (not much beyond mom-and-pop freelance gigs) everywhere on a level playing (sic) field where Experiencing Nature in te Great Outdoors (soon trampled by the masses, and not too wild and Unknown), with IoT as tool for healthy slash sustainable living for all and VR as just a small-scope tool,
The Sixties / Ealy-Seventies are back. Much more transparent (also qua disruptors’ identities, whereabouts, and culpability vv the Law…), much more (yes indeed) ground to cover, to loosen up societies’ structures much more extensively — due to backlog, backfire and backlash since the last Aquarius rush (80s-10s). Even in business, seeing a return away from totalitarian-bureaucratics towards enterpreneurial freedom (“actual” leadership contra übernacissistic CEOs).
The Thirties are back. With the income distribution being more skewed than ever (!) in history, so with more argument pro (…) Revolution … [Despite the latter having proven throughout history to fail or rather, in the end to not work out the way it was intended!] But also the Junker that babble alternative facts (US) and pretend to rule (Europe) but have no clue about their overly apparent airheadedness, leading duces to be able to grab power.
Noting that in some conglomerate of nominally independent states, the division or even separation between the Poor in the middle and the Elites on either coast, is more clear (worse) than in the Thirties now.

Pendulum swings everywhere. And throw in China and Russia, plus some India into the mix…
What have we learned from the past; can we deal with extremes in a better way now ..?

Plus:
[Absolute rulers, Nature in the back; Salzburg again]

FOMO as FOYA gone bad

The enslavement to socmed seems to be a generation- … less thing: Unfortunately, all too many seem to need to be connected — mistakenly, just liking things will not lead to a true connection; how many are there that actually grow into such? Only on apps that are specifically aimed to that –swipe-left– otherwise, not so much. Or hardly. Most socmed like-affiliations are a. for sheeple attaching themselves to some brand(s), indicating their lack of self-esteem by submitting themselves as consumer-onlies, b. for lack of dare to actually do something for a Good Cause but wanting to be associated with Successful-in-life people [i.e., actual do-somethings] nevertheless. No c. to think of, qua ‘most’.

What remains, is a hard to miss impression of the truth, being that socmed attachments (mostly to the worst-on-ethics corp behemoths rather than anything) are panicked FOMO symptoms to the world, signalling a much deeper problematic psyche, being the Fear Of Youself As-is; FOYA.
That’s right. Individualism having gone so far as to drive all those that subconsciously cling to group belonging much more than is societally acceptable ( or so it seems!), i.e., the vast majority (of Like-serfs), to seek ways to still attach to something that can slurp up their feeling of insecurity (on their own) and return a pat on the back for group support.

You get it. Can ramble on, but have little time. And:
[An affiliation choice!; Amsterdam]

Leaking profiles

Got an attention raiser during an off-the-cuff discussion on data leakage. Qua, like, not getting the first thing about what privacy has been since Warren&Brandeis’ eloquent definition, and subsequent codification in pretty hard-core, straightforward laws.
The problem being, that no theory of firm (incl public) allows subsumption of employees into slavery, of mind or otherwise. Think Universal Declaration of Human Rights, article 12. Hence, tracking and tracing every keystroke of employees, i.e., treating them as suspect of e.g., data leakage before one has any a priori clue about everyone individually actually doing anything wrong, not having been granted any rights of surveillance in this jurisdiction, is a crime in itself.
And no, the comparison with street cameras that bother no-one and make everyone safer, is a lie on two counts. And, in many countries (the civilised ones; a criterion in reverse), such (total or partial) surveillance isn’t outlawed without reason.
So, your data leakage prevention by tracing everyone is an illegal act. Don’t.

No, your security concerns are not valid. Not the slightest, compared to the means you want to deploy. Stego to files of all kinds, when all are aware of its implementation, may help much better. And supplies you with the trace you want; not to your employee that you (but no-one else) suggest is rogue – (s)he knows about the traceabilitry so will be self-censored (ugch) into compliance – but to the third party that spilled the beans. Since stego-cleansing tools may exist, your mileage may vary. Encryption then, the destruction of content accessibility for those not authorised (through holding a password/token/~), will fail when anything you send out, might have to be read off a screen; the PrtScn disabling being undone by good ol’ cameras as present in your good ol’ S8 or P900 (though this at 0:50+ is probably the typical TLA stakeout vid/result).

Conclusion: Excepting very, very rare occasions, your data leakage prevention by employee surveillance will land you in prison. Other methods, might be legal but fail. Your thoughts now on outbound traffic keyword monitoring. [Extra credit when including European ‘human in the loop’ initiatives.]

And:
[No privacy in your prayers, or ..?? Baltimore Cathedral]

Ninety percent

Not in any economic sense you may have thought, given the attention oft given to, e.g., the 1% or 99% (We Are-; Occupy-style) where now the 90% might be the disappeared middle class in the US that extended from the bottom 10% – that was around even in the best of times – all the way to the top — excepting the 0.01% that was in charge all the time …
Here, it’s about a quote slash truism:

90% of everything is crap

Have ever truer things been said. This, of course you knew since prep school, being Sturgeon’s Law.

Just putting it there. See the link for a ‘proof’. Or look around you; physically (co-workers), mentally (in your head, and feel free to assume the others’ heads are not necessarily better…), qua your pay check, your significant other [hey here I can testify I’m lucky with a not-90% specimen par excellence; no she’s not reading this], etc.

Leaving you with:
[In the 10%, definitely. Even when it rains, this one. Baltimore]

Maverisk / Étoiles du Nord