Or, how did you not think this would happen, everywhere, all the time ..??
I’ll finish with a pretty pic:
![20160805_151612[1]](https://maverisk.files.wordpress.com/2016/08/20160805_1516121.jpg)
[When curtains would keep your salon business private …; Huis van Gijn Dordrecht]
Tag: Privacy
Said, not enough
Here’s a trope worth repeating: Humans are / aren’t the weakest link in your InfoSec.
Are, because they are fickle, demotivated, unwilling, lazy, careless, (sometimes! but that suffices) inattentive, uninterested in InfoSec but interested in (apparently…) incompatible goals.
Are, because you make them a single point of failure, or the one link still vulnerable and through their own actual, acute, risk management and weighing, decide to evade the behavioral limitations set by you with your myopic non-business-objectives-aligned view on how the (totalitarian dehumanized, inhumane) organisation should function.
Aren’t, because the human mind (sometimes) picks up the slightest cues of deviations, is inquisitive and resourceful, flexible.
Aren’t, because there’s so many other equally or worse weak links to take care of first. Taking care of the human factor may be the icing, but the cake would be very good to perfect for making the icing worthwhile…!
Any other aspects ..? Feel free to add.
If you want to control ‘all’ of information security, humans should be taken out of the (your!) loop, and you should steer clear of theirs (for avoiding accusations of interference with business objectives achievement, or actually interfering without you noticing since your viewpoint is so narrow).
That being said, how ’bout we all join hands and reach for the rainbow ..? Or so, relatively speaking. And:
[Where all the people are; old Reims opera (?)]
Save a few
Just a reminder; Dutch lower gov’t agencies struggling with storage formats … (Here, in Dutch, but Alphabet Translate (heh that still doesn’t ring well!) may help)
There may be hope for (!) privacy. And:
[Nice, functional (as / where it is), and certainly will look Old before you know it; La Défense]
Miss(ed), almost ..?
One might have easily missed one of the most valuable annual reports … but if you trust it (you can) or would want to dismiss it (you can, for various reasons like the management babble leading to a great many missed threats and ~levels as here, always of course, but still), it is an important item when you’re in InfoSec despite #ditchcyber! so you’d better study it.
Oh, yeah, this being the thing.
OK now. Plus:
[In “cyber”space (#ditchcyber once more), easily scaled. Haut Koenigsbourg again.]
Short Cross posting
… Not from anyone, not from anywhere. But crossing some book tips, and asking for comments.
Was reading the Good Book, when realizing that it, in conjunction with Bruce, could lead to some form of progress beyond the latter when absolutist totalitarian panopticon control frameworks might seem the only way out. In particular, when including this on the Pikettyan / Elyseym escape or not that serves only some but not the serfs. And then add some Mark Goodman (nomen est omen, qua author, and content?) and you can see where Bruce may have missed exponential crumbling of structures, and said escape might be by others than the current(ly known) 1% … Not all Boy Cried Wolfs will be wrong; on the contrary — Not Yet is very, very different from Never, but rather Soon Baby, Soon.
Not rejoicing, and:
[Nope, not safe here (Haut Koenigsbourg) either.]
Emerging degrees of privacy
Given that ‘privacy’ is a property that emerges from good Security, more particularly from Confidentiality (and Integrity), there’s two avenues to succeed in this field:
- If quick and maybe even too dirty: Data minimalisation (as e.g., here, in Dutch)
- Else (OR?): Fine-grained protection, also against the default Read all down the stack (user / end point / comms channels / applications / middleware / servers / storage — with the latter maybe crawling up and down the stack again when virtualizing in the cloud)
- Because binary’s not my thing and keeping it real (i.e. (!) not being consistent) is: Would any of you have pointers to some science on possible degrees or levels of privacy ..?
The idea keeps floating around in my skull. Including degrees of invasion! Where sometimes, the required degree (as set by the subject) would be less than the degree for some government agency so everything goes … for this some data point only. Yes, Value creeps in as a boring subject but isn’t everything. Should be a field of study …?
Thanks anyway for all your pointers on the last item… (none); hence:
[It’s watching over your shoulder….! Het Loo]
Repeat: Trawling for noise
So… Legal developments go at glacial ‘speed’, thus mumbling critical oversight to sleep. Happened, once again, in NL. Mass collection (sic) of and trawling through all sorts of data ‘out there’ is free game for gov’t agencies.
NO the oversight committee will not do anything. Anyone saying so, plainly and simply lies under oath to overthrow the constitution (isn’t that high treason?)
But what will happen of course, is that those that in the past weren’t able to connect the dots (proven fact), will now be swamped in enormously bigger piles of noise data. At the very very best (??) they’ll find bucketloads of false positives — ruining perfectly normal, perfectly legally operating citizens’ lives, of course without any serious recourse or restitution of lost life’s pleasure and happiness…
And the false negatives will also explode, induced by the very ‘countermeasures’.
So, also those that propose and implement and work with such ‘solutions’ quod non, will be culpable to.
Oh well Or well was right. Plus:
[I don’t want or like, but do expect, a similar thing again; for different reasons but with no really different methods — Prinsenhof Delft ya’know]
Who needs slaves ..?
When you can have serfdom? The first, merely meaning physical-legal possession, burdensome. The second one, utter dependence by the subservient of the Master. So, ‘we’ (ahum speak for yourselves) aren’t slaves of SocMed, we’re ‘merely’ not merrily their serfs. Which correlates with the Hobson’s anti-choice to walk away and suffer the withdrawal consequences… Freedom to starve, in the sense of the withdrawal and the great may intertwined and softer linked spheres of being.
Let’s not get depressed. Let’s get detached. And this.
Or what?
Oh, this:
[Once, ruling large portions of the ‘known’ world from here. Now, not so much. Aachen]
Meldt uzelve, out of control
Met al die seminars en cursussen over de Wet meldplicht datalekken lijkt het wel of het meldplichtprocedurenaarbinnenrammen dé oplossing is voor al uw privacy-problemen.
Terwijl het natuurlijk niet meer is dan het perfect regelen van het naar buiten toe rondroepen van de totaal transparante schuld zodra (niet als) er iets misgaat.
Over het voorkomen dat beter is dan genezen (en dat is implementatie van de meldplicht-procedures nog verre van), horen we een stuk minder. Hooguit bij degenen die nu én zometeen de kous op de kop krijgen; dat alles anders moet terwijl het a. nu vaak al best prima geregeld is, b. zometeen niet beter zal zijn (feit bij voorbaat), c. a en b gelden binnen de kaders van de nu en dan geldende organisatorische belemmeringen van budget, tijd en wil van boven, om de zaken beter te regelen.
Het kan ook anders anders: preventief. Leest en ziet.
En ook:
[Zonder privacy, een saaie wereld …; Zuid-As maar da’s duidelijk]
Bow the Stork Tie
When analyzing the Stork methodology for EU-wide federated eID- and authentication methods and technology, again one stumbles (rather, ‘ they’ do) over the bow tie of CIA, mostly C, controls. Too bad. Usually, ENISA(-involved) stuff is Great quality. Now, quite too much less so.
Which is too bad. To note, we already commented on the classical CIA rating (incl the bow tie fallacy) before. Now, the CIA seems to have something to bring to bear on CIA as well. Better study hard …!
Oh well …:
[Weaving transparency and stability, Cala at Hoofddorp again]
