Plusquote: Beaton

Be daring, be different, be impractical, be anything that will assert integrity of purpose and imaginative vision against the play-it-safers, the creatures of the commonplace, the slaves of the ordinary.

Thus wrote sir Cecil Beaton.

And right he was. And is, and will be, more than before. Since times are a’changing ever faster, too. Which means the risk, nay certain penalty of not venturing out into the future by one’s own action, increases by the day, as well. Live, or not — the characterisation of those of the ordinary is apt.

With thoughtful salutations, I thee present:
dsc_0043
[One feels invited to have to wait here, only; Royal waiting room entrance, Amsterdam CS]

You're Exposed…

You haven’t studied this here overview hard enough. Because you’re not even on it so shows your lack of will to enormously improve the seriousness of your (clients’) information security which would get you onto the list, just. Your security being too much of a joke to even achieve this level of honest attempt at seriousness.

ig_nobel_stinker_serif_icon_400x400

Teh business, does it exist ..?

On purpose, teh. Plus a spoiler: No.

Though this is a tell-tale sign your infosec program, of whatever kind, will #fail, wholesale.
’cause If you can’t specify all stakeholders, at their various levels of detail required, beyond swiping them up under the ‘the business’ nomen, Then you might as well call it ‘teh’ business, as you are vague to the point of irrelevance, as you will be regarded by ‘the business’ and since that’s where 99.9% of your security sits (including budget holders…), fugeddabout effectiveness.
Endif. No Else.

So, stop using ‘the business’ as a stopgap designation for your lack of understanding of the infosec problems that you claimed you could tackle hence you demonstrate to know no thing about the swamp of root causes to the problems that you said to go solve.
You n00b.

Oh well…:
dscn1150
[Some specific business; Madrid]

Data Classinocation

I was studying this ‘old’ idea of mine of drafting some form of impact-based criteria for data sensitivity when, along with a couple of fundamental logical errors in some of the most formally adopted (incl legal) standards and laws, I suddenly realised:

In these times of easily provable easy de-anonymisation of even the most protective homomorphic encryption multiplied with the ease of de-anonymisation throught data correlation of even the most innocent data points, all even the most innocent data points/elements must (not should) be classified at the highest sensitivity levels so why classifiy data ..!?

This may not be a popular point, but that doesn’t make it less true.
In similar vein, in European context where one is only to process data in the first place if (big if) there is no alternative and one can process for the Original intent and purpose only,

To prevent data from unauthorised disclosure internally or externally, without tight need-to-know/need-to-use IAM implementation, one already does too little; with, enough.

That’s right; ‘internal use only’ is waaay too sloppy hence illegal — it breaks the legal requirement for due (sic) protection, and if the use of data is, ‘by negligence’ not changing a thing here, let possible, the European privacy directive (and its currently active precursors) do not allow you to even have the data. This may be a stretch but is still understandable and valid once you take the effort to think it through a bit.
Maybe also not too popular.

Needless to say that both points will not be understood the least by all the ‘privacy officer’ types that have rote learned the laws and regulations, but have no experience/clue how to actually use those in practice and just wave legal ‘arguments’ (quod non) around as if that their (song and) dance is the end purpose of the organisation but cannot answer even the most simple questions re allowablity of some data/processing with anything that logically or linguistically approaches clarity. [Note the ‘or’ is a logical one, not the sometimes interpreted xor that the too-simpletons (incl ‘privacy officers’) interpret but don’t know exists.]

OK. So far, no good. Plus:
dscn0990
[Not a fortress, nor a real maze once you see the structure; Valencia]

Waves of cyberfud

Not just because #ditchcyber is real. But because only now, the first of the absolute leggards (i.e., gov’t officials) begin to make waves about access to private data, through apparent (sic) complete lack of understanding about the fundamentals of free society. The issue of blanket access to any communications, for whatever purpose, has been settled so shut up for eternity or however much longer it takes ‘you’ to get it or die — whichever comes first, my guess is the latter.

Politics being the only field of work where no education is required; all the cyber-blah being the second, then, apparently ..? And:

dscn1128
[He would have annihilated the little people that clamour for ‘backdoors’, etc., et al.; DC]

World Animal Day: a disruptive Whale

Because today is World Animal Day, let’s think of the Whale.
hqdefault
Because this is the kind of disruption your brain needs. Today, and any day.
Yes the clip is ‘Old’ — but still fresh; how’s that you Under-30-or-younger hunting faux headhunters that still, en masse (over 99,5% at least) hunt for dummies (car crashing kind) to fill dummy slots in Bureaucratia.

That’s all. And do check the vid at least until 2:42 Because Reasons.

Fraud no-angle

There was a lot of work done, mainly from faux legal/ethical corners, on the so-called ‘fraud triangle’. Without pointing only at previous dismissal, there are some fresh insights on why this’all is faux.

One is, as pointed, the presentation that considers the three corners of the triangle (pleonastically not tautologically) to be ‘present’ at one same time. In stead of seeing that there is a (very) definite order of the three. Once started, the march by moral capture / self-blackmail is one-way only. Whether triggered by willful act or casual impulse (i.e., Kahnemann’s System 2 or System 1 ..!); this is just a fact.
Two, the considerations on the triangle, and how to ‘prevent’ ‘it’, are theoretical only. Because they leave out human nature, where Systems 1 and 2 interplay. Where ‘protection’ against that, is not a theoretical exercise somehow (sic) translated into perfect control — as history learns, all totalitarian dehumanising organisations inevitably (sic) fail, and even trivial implementations will fail due to imperfect control everywhere, by definition through its selection by risk vs. budget balancing.

Yes the Faux triangle sometimes appears to be discussed only by those without due experience in practice. That know not of what ‘ethical’ means when it comes to leading and controlling people. That see only a tiny fraction of perverted Bad people (tellingly forgetting about the difference between Bad and Evil, Nietzschian style) that need to be stopped at all cost… Because Ordnung Muss Sein.

We all know how that worked.
Leaving you with:
dscn1377
[Please take a bath…; at Caldelas]

What we all want / need …

Just as a simple link. If (sic) you understand, you’ll understand what you, we, all need, crave.

Yes indeed that’s all. Plus:
carte-vignoble-de-champagne-big
[More than just the Montanges …]

Being busy bodies doing busy work

… Anyone noticed that the ‘trend’ (development) where everyone claims to be oh so busy with, basically busywork, started with the demise of the secretarial profession ..?
Where secreataries (either a pool of or a single personal, or in a pool altogether for sharing i.e. load balancing) and like support staff were (sic) there to alleviate all the chores that now, all underlings/specialists, ‘managers’ and even up, are supposed to do now, in stead of the work they were hired for and be productive in the thing that labour specialisation had made them best, most productive, in, like a Ricardo trade deal within the organisation.

Yes, the secretaries were doing much of, superficially!, uninteresting work but were so labour-specialised in that, that they were more productive, effective, than any heap of managers ever could dream to be … Where the specialists as well as the managers once were specialised folk, with suitable spans of control, but now, no more…

That has been chucked out of the window. Despecialisation resulted indeed, and has included the tons of changeover time involved. Making everyone miserable with having to fill out dumb forms (dumbed-down to the max because now even managers needed to understand, not only the understand-experts that the secretaries were) in stead of the interesting work that one came over to the organisation for.

The hyperbolic extension to socmed addiction and FOMO, and a prefix Impostor Syndrome, of course leading to a neat total burn-out. Thta prefix thing, I’ll elucidate later in some seperate post, if you don’t git it.

The solution also being Obvious: Bring Back The Secretaries! And give them proper status and reward (in all ways; monetary, too, since they raise productivity and morale so handsomely — the latter not literally meant, btw).

Let’s all admit that productivity increase by firing lowest-level staff first, doesn’t work as far as we (???) have done that over the past four decades, and revert that trend. Plus:
dsc_0747
[Wide, high, mighty, needs no tower; Metz cathedral and yes, that’s part of another building on the right not a pic error … (?)]

Maverisk / Étoiles du Nord