Tag: IRM

Is it New (enough) ..?

After bemusement and annoyance with all Pokesheeple (They think trespassing (or worse) is OK in some game hunt? Preventative (hospital) detention is on order — no-one of their abilities is too stupid to not have to just stick to the law ..!), and the business model of selling simpleton crowd control to e.g., shopping malls has come out of the closet, my question is: How new is that ..?

Seriously; is it an ‘innovation’ that isn’t recognized (yet) as such, or is it a minor application of some other one’s idea ..? What (hopefully (??), non-game tied) variants can we expect in the near future ..? Or will we devolve into a real-life GTA game nation, with some 0,1%ers pulling all the strings?

Leaving you with this dystopian twist, but serious about the question before that, and with:
20141027_131258_HDR
[Upside-down Voorburg]

Right. Explain.

Well, well, there we were, having almost swallowed all of the new EU General Data Protection Regulation to the … hardly letter, yet, and seeing that there’s still much interpretation as to how the principles will play out let alone the long-term (I mean, you’re capable of discussing 10+ years ahead, aren’t you or take a walk on the wild side), and then there’s this:

Late last week, though, academic researchers laid out some potentially exciting news when it comes to algorithmic transparency: citizens of EU member states might soon have a way to demand explanations of the decisions algorithms about them. … In a new paper, sexily titled “EU regulations on algorithmic decision-making and a ‘right to explanation,’” Bryce Goodman of the Oxford Internet Institute and Seth Flaxman at Oxford’s Department of Statistics explain how a couple of subsections of the new law, which govern computer programs making decisions on their own, could create this new right. … These sections of the GDPR do a couple of things: they ban decisions “based solely on automated processing, including profiling, which produces an adverse legal effect concerning the data subject or significantly affects him or her.” In other words, algorithms and other programs aren’t allowed to make negative decisions about people on their own.

The notice article being here, the original being tucked away here.
Including the serious, as yet very serious, caveats. But also offering glimpses of a better future (contra the title and some parts of the content of this). So, let’s all start the lobbies, there and elsewhere. And:
20141019_150840 (3)
[The classical way to protect one’s independence and privvecy; Muiderslot]

Nopsrisk, Irisk

When it’s time, it’s time. Of course, meaning that the tough get going.
Lately, there has been a resurgence in Risk Management. In particular, in Operational risk management. That has been outclassed. Due to, among others, the calimero hanging-on at the tails of financial risk management but having failed to gain traction because the latter’s models were wholly inapplicable and seriously outright unusable for ops risk, due to having no clothes of one’s own (still, the upstart little peasant kid wanted to be emperor), due to having been outflanked by its little nephew of Information / IT Risk Management. That took on the coat of ‘cyber’ (#ditchcyber!) and gained prominence on all the vast wastelands that were left for the picking — and are now overwhelming the heartland with their successes in actual, frontline, FLOT hand-to-hand combat and battles (won).

Time, maybe, to give IRM the prominence it deserves, and forego the subsumption under ops risk ..?

It’s nothing personal…
DSCN9405
[Soon again: Serralves]

DAUSA

Maybe we should just push for a swift implementation of the megasystem that will be the Digitally Autonomous USA. No more need for things like a ‘POTUS’, or ‘Congress’ or so. When we already have such fine quality of both and renewal on the way into perfection (right?), and things like personal independence and privacy are a sham anyway, the alternative isn’t even that crazy.

But then, there’s a risk (really?): Not all the world conforms yet to, is yet within, the DAUSA remit. Though geographical mapping starts to make less and less sense, there’s hold-outs (hence: everywhere) that resist even when that is futile. The Galactic Empire hasn’t convinced all to drop the Force irrationality and take the blue pill, though even Elon Musk is suspected of being an alien who warns us we’re living in a mind fantasy [this, true, actually — the story not the content so much].
But do you hope for a Sarah Connor ..? Irrationality again, paining yourself with such pipe dreams.

On the other hand … Fearing the Big Boss seems to be a deep brain psychology trick, sublimating the fear of large predators from the times immemorial (in this case: apparently not) when ‘we’ (huh, maybe you, by the looks of your character and ethics) roamed the plains as hunter-gatherers. So if we drop the fear, we can ‘live’ happily ever after; once the perfect bureaucracy has been established. Which might be quite some time from now you’d say, given the dismal idio…cracy of today’s societal Control, or may be soon, when ASI improves that in a blink, to 100,0% satisfaction. Tons of Kafka’s Prozesses be damned.

Wrapping up, hence, with the always good advice to live fearlessly ..! 😉

20160529_135303
[Some Door of Perception! (and entry); De Haar castle]

Overwhelmed by ‘friendly’ engineers

The rage seems to be with chat bots, lately. Haven’t met any, but that may only be me — not being interesting enough to be overwhelmed by their calls.
Which will happen, in particular to those in society that have less than perfect resistance against the various modes of telesales and other forms of social engineering (for phishing and other nefarious purposes) already. Including all sorts of otherwise-possibly-bright-and-genius-intelligent-but (??)-having-washed-up-in-InfoSec-for-lack-of-genuine-societal-intelligence types like us. But these being the ones of all stripes that ‘we’ need to protect, rather than the ones apparently already so heavily loaded that they can spare the dime for development of such hyper-scaling ultra-travelling foot-in-the-door salesmen. Is this the end stage, where none have a clue as to which precious little interaction is still actually human-to-human, and the rest may be discarded ..?

As for the latter … It raises the question of Why, in communications as a human endeavor… Quite a thought.

But for the time being, you’re hosed, anti-phishing-through-social-engineeringwise.

Just sayin’. Plus:
DSCN0408
[Retreat, a.k.a. Run to the hills / Run for your life; but meant positively! Monte Olivieto Maggiore near Siena]

Wats’on your bug-hunting program ..?

Tinkering with some unrelated ideas …:
How would one go about setting Watson (Clone, III) to work on bug hunting ..?
Where the Beast would be fed all sorts of past code / code patterns (source~ or executable~, or whatever style you’d prefer) with known bugs / errors / exploits and the way in which they failed, and then have the Big W scan, e.g., Win10 source code and come up with a list (in this case, assuming sufficient storage ;-| ) of bug red flags. Probably, to be classified in a range of Sure Thing, via Commonly, to Maybe. As we’re discussing patterns, certainty can’t be had for all found points of interest per se.

That being the simple part, what about automated immunization ..? If some patterns are near-certainly bugs/errors/exploit-points always, can they be plastered ex ante ..? It might be easy(er), too, to throw in an extra development test in the first place (“Sorry Dave, I can’t compile that”). But this sort of scope creep could easily lead to creepy behavior, e.g., if (??) the (??) system would get hijacked.

Oh well. Would still be glad to have your thoughts. And:
DSC_0062
[“Tin”foil hat for actual protection (well, No.), at Haut K-bourg again]

Plusquote: Critique of the Pure Reasonlessness

This episode, by reference to the excellent Future Crimes (Marc Goodman, as here), one originally by G.K. Chersterton (The Blue Cross):

The criminal is the creative artist; the detective only the critic

To which we would want to add: And the auditor, only the disgruntled desk-bound traffic cop.
Since, the checker (and penaliser) of the trivial petty little rules, should remain in the third line, right ..?

Where by the way, the creativity of the artist is required to make the art work that sells — and hence all make their living off straightforward crime or would perish. The more you bureaucratise into totalitarianism, the more you see life wither, till death. Even if the crime keeps on being perpetrated — by laxity of the second and particularly third lines, in cahoots with the profiteers. … Maybe that’s a bit deep-but-overly-lapidary …
Hence, just:
DSC_0247
[Panopticon Central, Strassbourg]

Miss(ed), almost ..?

One might have easily missed one of the most valuable annual reports … but if you trust it (you can) or would want to dismiss it (you can, for various reasons like the management babble leading to a great many missed threats and ~levels as here, always of course, but still), it is an important item when you’re in InfoSec despite #ditchcyber! so you’d better study it.
Oh, yeah, this being the thing.

OK now. Plus:
DSC_0113
[In “cyber”space (#ditchcyber once more), easily scaled. Haut Koenigsbourg again.]

Still, 3LD is the 4th leg

This, not as much a monster under the bed as it is a monster elsewhere; Three Lines of Defense (quod non).

I’ve discussed the utterly nonsensical, totalitarian bureaucratic, lie of its utility already over and over again, but the thought — through encounter in daily practice so often still — returns every now and then. And then, one realizes: Three Lines of ‘Defense’ (quod non) are not the third, but the fourth leg of a flipover stand. Yes, indeed, you hardly see that ever — for a reason: Where the third leg is flimsy already and certainly so compared to the stability provided by the first, essential, two legs, any fourth might impress but destroys stability of the whole!
Yes, as three ground point define a surface hence stable stance on any irregular surface (and, hence again, are completely sufficient), four such touch points are very hard to get stable, onto a plane surface. Therefore, the fourth leg destabilizes the whole shazam, undoes the effectiveness of the third. Now, two are bungling.

And no, not because a flipover has three legs does that reflect TLD; the first two legs are equally required and face us, thus giving the thing its purpose which is completely, fundamentally, different from TLD where there’s three lines behind each other that only ‘protect’ (quod non) against regulatory oversight by massaging all embarrassment away through ever more dubious language. When you don’t see the fundamental of that difference, you may or may not be hopeless. Stop dragging the IQ average of whatever group you consider yourself part of, down so low.

I now rest my case.

20160428_170217[1]
[‘Transparency’ and building material? We see right through that both, Chanel!
 (PC Hooftstraat)]

Maverisk / Étoiles du Nord