Privvezee Shield

The fig leaf of the trade ..?
Probably will blow in the wind at the first whisper over 2Bft. E.g., through ‘misinterpretation’ of the rules and inherent incapacity to understand the Principles, by some vague fifth-line anonymous placeholder instructed to not understand, buried deep down in some TLA you may or may not have heard of.

And then, the wind cried Mary; landsliding into only the thinnest of lip service with a torrent (no double entendre intended) of factual breaches.

You’ll see… Plus:

DSCN7411
[A sub, appropriately, even if only in Baltimore…]

Plusquote: You’re not perfect

Even at the Computer History Museum most of the devices on display stopped functioning many years ago.
This time, not one of my own but quoted from Ray. Pointing out that it’s not that bad if you fail at having the perfect IT management (systems/operations) in the universe — even if you’d had forever you wouldn’t succeed so take it easy on the minor non-compliancies.

So, this in a series inspired by this here Expert, some more of my own (heh) personal ramblings which I would dare to call motivational soundbites but you would consider to be as typically as this sentence to be my interpretation of brief, not necessarily positively motivational but that’s (yes I do use abbreviations to shorten the sentence even further) because that remains your interpretation but that’s not necessarily the right one being the one I intended.

Capice? And:
DSC_0378
[Once – not forever – the newest, carved in / out of stone; Reims]

Ketenregie en legerkorpsvakgrenzen

Tsja en dan denk je terug aan de afgelopen decennia waarin het maar niet lukte om in semi-(quasi-? sub-? nep-?) overheidsland ketenregie op poten te zetten. Nee, nee, nee, er ‘werkt’ misschien hier en daar iets, maar dat komt niet verder dan een operationeel niveau van geen-nucleair-conflict met op tactisch en strategisch niveau een totalitaire koude oorlog.
En ja, in de private sector (op zich al bedroevend, dat er een aparte term bestaat voor wat toch 90+% van de economie zou moeten beslaan maar niet verder komt dan een procent of 30, hóógstens) is er wel iets tot stand gebracht, maar dan met geweld en keiharde afstraffing door failliet bij minder-dan-maximale totale opoffering aan de klant.

Ah, de klant. Van de keten, aan het eind van het productieverhaal.

En oh, er zijn wel modellen. Degenen die nog een kans hebben inzicht te hebben (opgedaan), pakken namelijk hun VS 2-1351 erbij. En lezen vooraf nog even hun IK2-25 ;-] en dan hoofdstuk 8 uit voornoemde. Maar dat terzijde, want de essentie is dat het de lessen terugbrengt inzake de kwetsbaarheid voor aanvallen vanuit het Oosten die zich, van die zijde de intelligentie erkennende die zich zal richten op exploitatie van de zwakke plekken aan onze kant, zal richten op de legerkorpsvakgrenzen.
Omdat daar de coördinatie zwakker zal zijn over de vakgrenzen heen, en de ‘eigen’ suboptimalisatie binnen de vakken tot verminderde aandacht voor de grenzen leidt.

En … dat klinkt bekend ja. En inderdaad, daarin ligt het knelpunt bij regie en toezicht over de hele, van achter, te doen hebbende met een tegenstander (sic) over de hele, tegenover. Die zo is naar interpretatie van de eigen doelen, nog niet in staat is tot tactische nucleaire actie (via de politiek) maar wel de eigen belangen onvoldoende tegemoetgekomen ziet.
En dan? Dan dus de oplossingen uit de door de eeuwen heen ontwikkelde praktijk ter hand genomen. Inzake dwang van hogerhand tot maximale coördinatie tussen de keteneenheden en opoffering van de eigen borstklopperij ten faveure van de totale prestatie, op straffe van degradatie. Zou dat niet boeiend zijn; de holste vaten vanuit de leiding verplicht voor de rest van de carrière in het call center tewerkstellen ..?

Ach, als, áls nou eens de Mexican armies van bureaucraatjes aan de FLOT zouden worden gedumpt… Page en Popla zouden de omzet fors zien stijgen. En het bewust worden van de eigenlijke opdracht zou na catharsis en vervanging door Echte leiders tot zo veel betere overheidsprestaties leiden…

Dromen mag, toch ..? En:
DSCN7902
[Geschikt voor de ‘leidinggevenden’; Stockholm]

Rosebud and Cain

So, … Waking up, a deeper layer of the Citizen’s movie surfaced. Unsure whether this was even in the movie, but of course there’s the battle of the same name (note the number of casualties that today would not count for much but then still did ..!), where “Indians” fought on both sides, and probably did it the best, too. And it was the lead-up to that other one. And the land issue remained open (until 1980 no less) and can still not be considered closed…
But apart, or through, all that, I figured: The above is about people of the land protesting the plunder by what was hoped to be passers-by but that turned out to be permanent though (still) roving occupiers (not of the ~[name your city] kind you superficial dumbo — on second thought, might be similar to the here-meant protesters!), in perfect analogy to the biblical story of Abel and his brother. Where in the bible, the story is skewed towards the Traveler side as that’s the side of the victors that wrote the story in the first place.

And that’s why the main movie character is named as, like he is but then his career as the settled, is opposite. Then, his sled’s name refers to his childhood lost (clearly in the plot) which was a time of roaming free, just like the white man’s settler times before the above battles — that lasted till all was conquered and stable, necessarily locked-down by lack of remaining open terrain (well, …), society developed. This of course was also the man’s life: Ever more protecting Xanadu the archetypical dwelling, and the estate at large. Through emergency vent projects, some bits of the core primal power (as here and as reflected in the abovementioned biblical story, and also in e.g., Germanic and Scandinavian lore as close-to the very beginnings of cosmo- and anthropogenesis!) had been able to escape but had been ridiculed. See the pic below; if you get that. And, that in latter-day society, too, there were tribes of the same Culture fighting each other, on both sides.

Then, the life came to an end. And then, the realization of the integrated whole came back, not only the yearning for the lost innocence, but also the ‘misfit’ness of life’s escapes and in the recluse stages the possibility of returning to a more balanced and holistic life, which latter option had now vanished and the cycle was finished. Rosebud…
After which the Order, the cleaning up of the house, of course summarily dismissed the non-Apollo’nian into the fire (back to its origins, one notes) at the hands of the minions of mind, the dull-minded follower housekeepers.
For Dutch readers, this here item may also apply, in somewhat similar, overlapping fashion.

OK, OK, I known, my insights deteriorated throughout he writing-up into the already known. But just wanted to add my by now deeper anchoring of the trope(s)… And:
DSC_0989
[Even the model is big. You know why this pic is here. And in DC]

Your valued info at risk

Ah, just noted: A great many of you may have switched (or, c’mon don’t be a laggard or too late, will soon switch) to self-assessments of risks, even to the level of detail of data security (as part of information security, part of IRM, part of ORM, part of ERM, part of just-freakin’-perfectly-normal-or-are-you-kiddin’-me mundane run-of-the-mill average daily management of which ‘governance’ is the most preposterous windbag label).
Which is all very well, to determine at the shop floor levels, that apparently are the last hold-outs of actual business knowledge beyond the mumbo-jumbo of meddle management (sour joke intended), what the risks, and particularly also, Value of information (data…) processed might be.

But … You’d miss half or more of the picture, then. The value you attach to the info, may very well be what you’d be prepared to fork out to protect it (balancing estimated frequencies of intermittent losses versus continuous costs flying out the window), but you then forget that the attacker isn’t after the value you attach, but the value to the cracker. Which may be completely different. Think, e.g., Sony (and the many others alike): comparatively, there was hardly a nickel value in the ‘stolen’ (exfiltrated, or egressed since it was lying around so obviously) data from the Sony perspective. But the value was enormous from the hacker perspective — whatever the innocuous data was, the mere exposure was of such import that APT’ ing around apparently was worth it.

Now, how’zat (women have deliveries, men have Balls) for all the other info throughout your glocal enterprise/empire ..? Similar to same, I presume.
So, … what about the budgets to be made available to counter data theft/robbery/whatever comparison to physical-world expropriation you’d like to use? And still not trying to overshoot in comparison to the value you yourselves establish for yourselves by yourselves, or you’d run the risk (chance close to 1) of splattering any flexibility and usability under tons of ‘controls’ (quod non, BTW). But then, not protecting ‘regular’ data enough, might expose it too easily — which might be rational but will cost you, e.g., through EU data protection fines … ;-|

So, you’ll not only have to do the multiplication of this and this, but extend in other dimensions as well…
Oh well, the world gets more complicated every day… and:
DSC_0115
[Your data protection; Noto]

Bow the Stork Tie

When analyzing the Stork methodology for EU-wide federated eID- and authentication methods and technology, again one stumbles (rather, ‘ they’ do) over the bow tie of CIA, mostly C, controls. Too bad. Usually, ENISA(-involved) stuff is Great quality. Now, quite too much less so.
Which is too bad. To note, we already commented on the classical CIA rating (incl the bow tie fallacy) before. Now, the CIA seems to have something to bring to bear on CIA as well. Better study hard …!

Oh well …:
DSCN9668
[Weaving transparency and stability, Cala at Hoofddorp again]

RCSA is close to BAU

Close, as in no cigar yet (has the US ban on Cuban import been lifted already?).
But definitely, Risk Control Self-Assessments would, if carried out properly, be that major part of management’s daily (sic) chores that wouldn’t need annual get-togethers coaxed by outsiders (sic) but would be Business As Usual in operational practice. Maybe needing some periodic (weekly? monthly? certainly more than as now weakly annually) departmental review gathering but not a stage show as if this is the holy grail of business information flow. After which the ‘second line’ (as the back not even middle office function) receives the (right) info and acknowledges that the ‘first’ line has so much better sensors since they’re the first line par excellence, integrates the info into the upward report flow and reverts to fine-tuning the tools they provide to first-liners, and furthermore does … nothing. Second line is helpers, not dictators-by-soft-smothering. When it would turn out that all the high-quality hence qualitative (the reverse for quantitative) risk pics cannot be easily integrated into one pic, that’s too bad for the integrators but an appropriate (!) reflection of reality.

And if, on the other hand, first-liners need to be taken away from their actual productive work to sit in some song-and-dance by second-liners because it was so decreed by ‘governance’ levels (emperor’s clothes!), the very objectives will not be achieved. Since the ‘do something’ by deep-lying incompetence has lead to the wrong turn into a blind alley whereas the broad avenue (something like Younge Street) between wilderness and high (?) culture.

[I scheduled this post a couple of weeks ago for release in a couple of weeks but new developments seem to speed things up. For my many posts against Form over Substance … just search this blog for ‘TLD’ or bureaucracy …]
Won’t rant (too much) on; keep it to RCSA = BAU + quite some ε still, and:
DSC_0015
[Distorted? Only your picture is, here for a change, by standing too close; true reality is  not at the Edinburg Royal Mile!]

Prediction16

Yawn. Or not. The following will get real serious in 2016. Like,

Well, for the list with everything and their dog:

  • Some Exits: Green Egg, ‘Cyber’everything, disruption/uberization, privacy, and, certainly and very much hopefully, “Like us on Facebook” … and very, very certainly hipsters let alone their ‘beards’ (quod non).
  • Entrat to replace the latter, hopefully, some actual non- or anti-bureaucratic frameworks of mind.
  • Also out, to be replaced by … [as yet unknown]: Vlogging or what have we, in socmed space, with 100k-1M+/++ followers as being he thing to aim for. As it becomes clearer and clearer in 2016 that only the 10M+/++ leaders (??) can make a dime from it, or barely a living. Who are the big winners, in all of this? User data / experience farmers?
  • Risk Management 3.0 will grow to be the Next Thing in managementspeak. If you’d need any proof, go read back the ton of posts on your perennial Truth site.
  • Also, we might get a last blip from SMAC(T) as a trend summary.
  • All of the points made by The (some) Man. Obviously. And some of this as well though this may all show to be overblown.
  • Still a wave of interest in Rise of the Robots. Combined with AI through and through, like in this. With support at an angle, from this.
  • A further blend of cloudsourcing and deperimetrisation putting your infra and all of your data naked and out there in the cold.
  • Oh almost forgot: A lot more on APTs, 3D printing (when will we finally get 4D printing …!?), MehhDrone stuff, blockchain, IoT, et al.
  • But we may hope, the latter two get much more innovative applications; one the one hand with simpler explications, on the other, truly innovating e.g., into the DAO realm.
  • Ah, DAOs; let’s first see more of this in 2016.
  • Offering a simple list copy from HBR:
    • Algorithmic personality detection: Yes
    • Bots: Yes
    • Glitches: Mwah; we indeed will see scores of them, ever bigger and more impactful (also b/c complexity explosions of the mixed e and physical worlds), but they’re somewhat of the mehhh category for the purpose of Here.
    • Backdoors: See APTs et al; much more of them yes but again, mehhh
    • Blockchain: As mentioned
    • Drone lanes: Hmmm, interesting…
    • Quantum Computing: Probably hung in there from previous (many) years’ lists; mine, too. May, might, but for the same token may not
    • Augmented knowledge: Definitely. Hopefully, in a good way. But maybe even hopefully, steered towards safe use, after a hopefully indicative but small-enough dystopian-style mishap ..?
  • CloudIAMming. IAM, renewed, for federated use in ‘the’ cloud. Yes, this will have a whole new lease of life, as a management field, and a consultancy field as well.
  • This just in: Forgot to mention VR as a thing in 2016. Definitely.
  • I may want to do an update halfway through the year…
  • Oh, and of course our motto for 2016: A CEO with you, is still a CEO.
    #gosubstitute[ _X, _Y | fool, a tool ]

After which there’s only:
DSCN7943
[Purposefully unsharp. Berlin, some years ago.]

Game season

Sooo… We have a new game console on the block. Let’s see whether the new boy will persist.
This, after:

But which may translate to a double jump, from classic TV via Netflix to this new blended thing where even much more than nowadays, categories (like ‘news’ or ‘nature documentary’) no longer apply. Where will the Authoritative (news) Sourcing community go, even when it may shrink and dwindle into little if any size or significance? Juvenalis’ bread and circuses the world will be.

Well, anyway, we’re storming towards that. And this:
DSC_0042
[Gloomy, waving your Freedom goodbye; still at NY]

Common meltdown

Ah, indeed a meltdown is approaching; maybe not even of the common kind of just something breaking down in ‘IT’ — the inverted s… hits the fan scenario — but a larger-scale one. Being the lack of budget / approval for IT staff to do continuous education of all sorts. [As in here, in Dutch.]
Which will inevitably lead to ever larger of the small- to midsize collapses mentioned, possibly one triggering the other till past the critical point where the chain reaction feedback loop switches from negative to positive.

By which time it will be too late, much too late, to hyperventilatingly engage in counteractions. Both against the root cause problems in IT, as in the edjucayzional category within those. Because, au fond, so many of IT’s ails were and are, increasingly, driven by lack of (continued) education. Causing problems in the user’s specs (at the highest levels) and subsequently, 2nd Law of thermodynamics, spawning all of the subsequent complexity developing into unmanageability, and error stacking that breeds like viruses.

Even more poignantly in InfoSec corners. You know, the outposts of IT — yes, yes, I know that the I is of so much greater import than the T but get real, instead of 20% InfoSec is 85-95% T still, these days ..! — where the real commandos and fancy-dancy ‘Delta teams’/SEALs operate.

Can we all please get our act together ..? If we don’t turn this supertanker around quickly, we don’t even need to bother about global warming because we’ll have no industrialised world to worry about…

Après nous la deluge …
DSC_0196
[Mosquito hunt; Edinburg]

Maverisk / Étoiles du Nord