Tag: Information Risk Management

Iconic clarity failure (privacy edition)

Got a pointer to the icons that are in the EU Privacy directive.
Wow. I can’t even … (did I just write that ..!?)

See whether you’re able to guess the meaning of the following:
Icons

A big Nope, huh …? The answers, after the break… Continue reading “Iconic clarity failure (privacy edition)”

OSSTMMPerimeter ..?

Just a note; was struck by the OSSTMM approach towards the structure of infrastructure. [Disclaimer] though I am quite a fan of the OSSTMM approach (and do want to write up tons of whitepapers linking it with my ideas for moving forward in the InfoSec field without having to revert to #ditchcyber bla), I feel there’s a snag in it:
The analysis part seems to still take a perimetered, though onion, approach. The Defense in Breath is there, for sure, but still the main (sic) focus is on the primary axis of the access path(s). Does this still work with the clouds out there and all, focused as they are on principalled agnostics on where your data and ‘systems’ might hang out?

OK yes now I will go study the OSSTMM materials in depth to see whether this is just my impression and I’m proven horribly wrong, or …

So i’ll leave you with:
DSCN3689
[Hardly a street, next to Yonge]

Note: M$ is just a vendor

Microsoft declared the era of XP finally over, amongst others by not providing fixes in Updates per May 13 (not a Friday, but close).
Markets (use base out there) declared Microsoft to be just one vendor among many, not to dictate anything but to deliver at want, at need. No more. They did so through continued use of XP in oh so many machines, of the general-purpose computer type, and in embedded systems et al. Microsoft weighs, the user base decides.

And, of course:
DSCN7921
[A sunny pic of Ståckhølm]

WIoTables

Am I too late with this post, or are people still mixing up the Internet of Things and Wearables ..?

First, a picture:
DSCN0468a
[Rarely seen Cala, at ON]

Because we’re talking quite distinct things. Yes, there’s a crossover area where e.g., the sensors or ‘reflectors’ we wear, operate in the IoT realm of ambient intelligence.

But for starters, there’s wearables. Mostly, human-to-Matrix sensors / Matrix-to-human feedback interfaces. Hooking you up in a blue pill world. Oh yes so helpful; often providing morsels of value like Likes through displaying to all out there, mostly to trolls, your (under)achievements. Or calling attention to your slacking; business can’t wait! (You’re not essential though, by the way, easily dumped by the wayside if some human or not algorithm plays it that way).

And there’s the IoT, sensors, networks, actuators, and Central Scrutinisers (1979 mind you!!) that form the Matrix itself. Out of control, soon to be out of control of any human or (alternatively) TLA. Soon to be run by its transient Singularity.

Now, don’t make that error again!

Not news, still suppressed?

Why is it that this paper on chip-and-pin fraud hasn’t gained much more attention in the Netherlands ..!?

Maybe because NL has only just sort-of completely switched off the magstripe to EMV.
Which even before its comprehensive roll-out here in NL, was known to be weak. Years before. And still no-one took action.

A picture for your efforts. But (payment) industry, you fail with a big F again
MEDIUM09
[London temp, also years back]

CIAAEE+P

Privacy came to the fore last week, at a very interesting ISSA NL event.
Where we discussed the prevalent Confidentiality-Integrity-Availability approach (where impacts mandatorily regard the data subject(s), not you the processor, as the data subjects are legally owner of their info …!) and whether those three actually cover privacy aspects sufficiently.

Well, we did conclude that for now, CIA is ‘still’ the common denominator. But … hey, Auditability might be added, as that’s a sort-of requirement throughout privacy protection. And Effectiveness and Efficiency – of the data handling! – have a place as well, being representative of proportionality and legal-grounds-for-the-privacysensitive-data-handling-in-the-first-place (i.e., real purpose / purpose limitation!); if you collect more than very, very strictly necessary, you’re culpably inefficient in a hard legal sense, and at least part of your data handling is not effective.

But should we add Privacy as yet another factor ..? Does it have value in itself? Initially, I thought so, as the common CIA somewhere will always have lost its connection to information value, e.g., through the Bow Tie effect and other deviations (lagging) from modern developments.

Which I’ll discuss below. But now, first, an intermission picture:
OLYMPUS DIGITAL CAMERA
[Yup, Whistler]

So, as said, Privacy may be covered by CIA. But, … with specific deviations of interpretation. Continue reading “CIAAEE+P”

Can’t have your cake

I guess you can’t have your space cake and eat it over your keyboard.

If only they’d hire me. I bring [1337 hacker skillz and dope use]negated; not-fully and absolute none, respectively.

But then, …:
DSCN1297
[Beeb]

Aweariness.

Tweeks ago, at this successful! symposium, I noted the developments in the Awareness side of our IRM business. Multiple speakers were onto the subject without hesitating to move beyond the mere annual poster campaign for awareness, and moving into the daily-normal subconscious behavioral change work that was for a long time so much lacking. From ISO 2700x as well.

Which of course is a very, very good thing. Before the 80% of hard work in IRM as such (after discounting the first 80% in hardcore information security), the 80-100% of effort should go into this socio-/psycho-/behavioral fluffy stuff that yields so many benefits and returns. Though we ‘still’ may not be good at it, at least there is development, and leading examples. Thanks, speakers, for that; and for now:
DSCN1807
[Your guess. No, not Paris, Reims; not even Strasbourg and that’s a hint]

On the verge of many breakthroughs

Just to note; my feels are that this piece on scientific analysis on the verge of chaos is an emergent technology for many current applied fields. E.g., analysis of where the Internet of Things will bring us; Singularity or not, or what. And brain analysis obviously in the first place. But also sociologically, I see many applications just beyond the horizons.

And, of course:
DSCN5710
[Somewhat hidden, still a Major Place]

Who has your back; who’s up your back side?

Depends on how you foresee the world’s wheels of fortune turn…:
cntzyd5kxvsfhujxspwj
[Plucked via some byways from this originating site. Worth a visit!]

But beware … Things may change rapidly.

Maverisk / Étoiles du Nord