IoTsec as expected

Yawn. A decade of humongous growth in Information security is coming. To tackle the likes of this.
Think of where the somewhat organized, somewhat budgeted, somewhat up to it corporate world now is. (With the public organization world lagging, seriously, on all counts.) Then think of what it would take to make the general public ‘safe’.

And then think of how many InfoSec professionals would be needed. Yeay! Indeed, as in:
DSCN0449[Onto Val d’Orcia, as you spotted]

We Need New Sixties

Just an off the cuff remark. We need new Sixties. The world of totalitarian bureaucratic control, in business and in governance (if you’d reply that there’s governance in business as well, take a hike. With due apologies, that was putting it diplomatic already), has come to an end. It has failed to deliver the global commons cooperation required to deal with planetary issues. More of the same will not do.

Oh, if only we had the Sixties all over again, where old (political informal) structures were attacked by a very select very few opponents… That in the end quickly converted to being maybe even worse that their predecessors. Um.

That is why all of you should be wanting to have a translation of Tegen Verkiezingen
9200000007452360
[Get it. That’s an order or in the alternative a recommendation]

Yes, yes, working on a Book by Quote post indeed [to be posted per 25/8]. But would be in Dutch.
And, after an initial euphoria of recognition of many lingering ideas, I found some solutions still wanting. So, when I do the follow-up reading of referenced and secondary literature, do you help develop the many loose ends ..? E.g., relations with the decline of information/communication costs and -troubles so we can do so much more (not physically, not-physically) close interaction as to make all the nation sit around the old oak tree ..? In a systemic, structural, and operational way of development, e.g., through Internet voting with all the safeguards..?

Business Model Down

DSCN2931[Deventer for zero relation with the following]

Although probably hardly still the core money maker for Big G, collecting search data for may fall back maybe significantly in the near future. Since, e.g., when did you last search for something specific enough that patterns may emerge from it..? Wasn’t it just point-and-shoot search-phrase-for-single-answer work that you did, if at all because you entered full URLs anyway ..?

Unless you’re of course part of the hoi polloi that delivers such low ultimate revenue to advertisers that it’s not worth it just return to mass marketing and don’t need Big G data specifics for that.

{Edited to add:]
… Ah, so that’s why said company is moving so swiftly into AI…

Segregatie in werk

Meer State-of-the-Art Watson-like Big Data Analysis is niet te krijgen (a.k.a mijn hersens), leveren een opvallend patroon, ‘dus’ is het waar:
Vacatures voor ‘control’-gerelateerde functies (van modellenHAHAbouwers via ‘controlHAHAHAHAHAHAHAHAHAlers’ tot auditors) lijken steeds meer in de Provincie te vinden en steeds minder in de grote steden (a.k.a. Amsterdam). In de laatste duiken überhaupt weinig vacatures op, omdat de werkelijk nieuwe economie niet op zo’n formeel mechanism leunt; via-via- en informele cooptieve coöperatie drijven de innovatie en werkgelegenheid.
Áls dit in cijfers wordt gevangen, zullen die de verschuiving onderschatten omdat de nieuwe ontwikkelingen in hun diversiteit juist zo veel minder in hokjes te stoppen vallen. De anti-these van al wat vastloopt, van al waarin opkomende economieën (en voorheen science-fictionachtige binnenlandse sector’lets) juist níét in roeren en daardóór kracht hebben…

OK, OK, een plaatje tot slot:
DSCN6305
[Klassiek onklassiek]

4th of July, a message from the US of A

On controls and their systemic ineffectiveness per se. As written about a lot in the past year on this site, PCAOB now finally seems to find out how things have been ever since SOx… in [simple block quote copy from this post by James R. (Jim) Peterson]:

The PCAOB Asks the Auditors an Unanswerable Question: Do Company Controls “Work”?

“Measure twice – cut once.”
— Quality control maxim of carpenters and woodworkers

If there can be a fifty-million-euro laughingstock, it must be Guillaume Pepy, the poor head of the SNCF, the French railway system, who was obliged on May 21, 2014, to fess up to the problem with its € 15 billion order for 1860 new trains—the discovery after their fabrication that the upgraded models were a few critical centimeters too wide to pass through many of the country’s train platforms.

Owing evidently to unchecked reliance on the width specifications for recent installations, rather than actual measurement of the thirteen hundred older and narrower platforms, the error is under contrite remediation through the nation-wide task of grinding down the old platform edges.

That would be the good news – the bad being that since the nasty and thankless fix is doubtless falling to the great cohort of under-utilized public workers who so burden the sickly French economy, correction of the SNCF’s buffoonish error will do nothing by way of new job creation to reduce the nation’s grinding rate of unemployment.

The whole fiasco raises the compelling question for performance quality evaluation and control – “How can you hope to improve, if you’re unable to tell whether you’re good or not?”

This very question is being reprised in Washington, where the American audit regulator, the Public Company Accounting Oversight Board, is grilling the auditors of large public companies over their obligations to assess the internal financial reporting controls of their audit clients.

As quoted on May 20 in a speech to Compliance Week 2014, PCAOB member Jay Hanson – while conceding that the audit firms have made progress in identifying and testing client controls — pressed a remaining issue: how well the auditors “assess whether the control operated at a level of precision that would detect a material misstatement…. Effectively, the question is ‘does the control work?’ That’s a tough question to answer.”

So framed, the question is more than “tough.” It is fundamentally unanswerable – presenting an existential problem and, unless revised, having potential for on-going regulatory mischief if enforced in those terms by the agency staff.

That’s because whether a control actually “works” or not can only be referable to the past, and cannot speak to future conditions that may well be different. That is, no matter how effectively fit for purpose any control may have appeared, over any length of time, any assertion about its future function is at best contingent: perhaps owing as much to luck as to design — simply not being designed for evolved future conditions — or perhaps not yet having incurred the systemic stresses that would defeat it.

Examples are both legion and unsettling:

  • The safety measures on the Titanic were thought to represent both the best of marine engineering and full compliance with all applicable regulations, right up to the iceberg encounter.
  • A recovering alcoholic or a dieter may be observably controlled, under disciplined compliance with the meeting schedule of AA or WeightWatchers – but the observation is always subject to a possible shock or temptation that would hurl him off the wagon, however long his ride.
  • The blithe users of the Value-At-Risk models, for the portfolios of collateralized sub-prime mortgage derivatives that fueled the financial spiral of 2007-2008, scorned the notion of dysfunctional controls – nowhere better displayed than by the feckless Chuck Prince of Citibank, who said in July 2007 that, “As long as the music is playing, you’ve got to get up and dance… We’re still dancing.”
  • Most recently, nothing in the intensity of the risk management oversight and reams of box-ticking at Bank of America proved satisfactory to prevent the capital requirement mis-calculation in April 2014 that inflicted a regulatory shortfall of $ 4 billion.

Hanson is in a position to continue his record of seeking improved thinking at the PCAOB — quite rightly calling out his own agency, for example, on the ambiguous and unhelpful nature of its definition of “audit failure.”

One challenge for Hanson and his PCAOB colleagues on the measurement of control effectiveness, then, would be the mis-leading temptation to rely on “input” measures to reach a conclusion on effectiveness:

  • To the contrary, claimed success in crime-fighting is not validated by the number of additional police officers deployed to the streets.
  • Nor is air travel safety appropriately measured by the number of passengers screened or pen-knives confiscated.
  • Neither will any number of auditor observations of past company performance support a conclusive determination that a given control system will be robust under future conditions.

So while Hanson credits the audit firms – “They’ve all made good progress in identifying the problem” — he goes too far with the chastisement that “closing the loop on it is something many firms are struggling with.”

Well they would struggle – because they’re not dealing with a “loop.” Instead it’s an endless road to an unknown future. Realistic re-calibration is in order of the extent to which the auditors can point the way.

And … there you go, for today’s sake:
DSCN7728
[Watching (us against) you …]

To invent, and/or be Belgian.

Hm, it struck me that one would better not be Belgian when inventing stuff.
This guy invented the Internet – and was all but forgotten; so many others were bestowed the fame.
These guys predicted the closure of the Standard Model – and the particle was named otherwise.

This guy, at last (actually, first), achieved fame for his invention. … Hey, there seems not to be any link on the ‘net to that great man Vanderslagmulders the inventor of the spare tire …! Oh did these fellows get credit again. There goes my argument. Or not even.

So, for closure:
??????????
[At the heart, somewhat relevant]

Prediction of “A”PIs for IoT


[Some years ago, IL]

Ah, one thing I was concerned about, is elucidated elsewhere, already.
And ten more, halfway between hard tech deep innovation and societal acceptance.

Predictions 2014

Already somewhere below, I noted that the Analytics part of SMAC(T) may need to be rephrased. Already now, I’m unsure whether to do that or just leave it unchanged. What I didn’t yet do, was to opine on the other elements so often put together.
First, a picture.


[Casa de Música Porto, for the chaotic structure of the future]

Now then:
Social everything: Yeah, yeah, of course there will be news. The decline of Fubbuck, etc. But will we see actual breakthrough hitherto unseen inventions of anything game-changingly new? I predict 2014 will be a pause year in which we’ll only see paradigm detailing and quite an improvement (sic) of the use of Social by medium- and larger sized enterprises. In somewhat innnovative ways, but nothing earth-shattering.

Mobile everything: The same, hopefully through the much-wanted huge improvements in cross-platform and cross-screensize compatibility and standardization. Which, too, would be refinement rather than absolutely unexpected New.

Analytics, we discussed, separately.

Cloud, ‘mehhh’ for theory, ‘hey how refreshing to be able to distinguish so clearly a good implementation’ in practice. Because that’s what we’ll see in 2014; cloud stuff deliberately done right. (Being deliberate, not by accident as it was in 2013!)

Things; The Internet Of ~, maybe, but in my view it’ll be too early. More like something for under the [Warning: European + derivative culture reference coming up] Christmas tree, to be played with in the year after.

Any other business?

Yes.

One with long odds: Clarity on the demise of “ERP” software. Of course, pre-2014 already the said administrative software, hardly ever used to its full potential but very often having been relegated into the bookkeeping role only, had been pushed away from the limelight into the back of the stage. But in 2014, we’ll see an acknowledgement of this, with consequences I cannot really predict very well – probably, all sorts of other software, more geared towards front-office functionality and integrating better architecturally with the bandwidth from there to the app/widget-world, will take over center stage.
[Update 2014 02 06: This link]

One with lesser odds: An enormous push for more information security, both at its operational, technical levels and upwards in renewal of structure (away from the stale, outdated ISO2700x sphere!) and inclusion of a more holistic approach (see some of my earlier posts, and probably some to come in the near future).
This will have a second leg in renewed interest in Business Continuity Management, not only by rule-based following of standards but also by more principle-based (sic) implementation of ISO 31000 (with all its drawbacks) throughout the business. If we can get our heads around the eradication of that ‘the business’ nonsense… and really integrate (continuity) risk-based management into general management, not needing too much 2nd or 3rd lines:

A final one: The deflation of TLD. The three lines don’t actually defend against anything but regulatory discovery of all that goes wrong in the business (from top to bottom and back again, there). As the previous prediction will already defend against actual mishaps, TLD will be shown to be emperor’s new clothes where lightning strikes. And oh will it strike; frappez, frappez toujours! it will and I hope. All those busybodies doing busywork, I just can’t stand it. The utter denouncement of humanity and human dignity …!

So, there you have it again; SMAC(T) weighed, and three more. Who make some interesting stuff available when I hit (or overshoot) five or more out of eight ..?

To close, another picture…

[Serralves, Porto – rainy outlook]

Maverisk / Étoiles du Nord