Risk Management – Page 18 – Maverisk / Étoiles du Nord

Are sw bugs taxing your resilience ..?

There would be a solution when we’d find a way to tax software makers for their product faults.

Because caveat emptor can work only if unlike in softwareland, one can duly (!) examine the product before purchase otherwise-and-anyway culpability for hidden flaws remains with the seller/licensor.

Which is impossible with shrink-wrapped stuff — and the ‘license’ claim is ridiculous, moreover the EULA is inconsistent hence null and void: Either the product is used under license hence the product quaility liability remains with the producer/licensor or the licensee is liable for damages the use of the product might cause but then invariably ownership is with the purchaser.

The software maker can’t have their cake and eat it; that would run against basic legal principles. And claiming that one’s always allowed to not use the product and choose another one or not, the Hobson’s Choice that brings about so many legal ramifications that even $AAPL’s pockets would never suffice, would invariably lead to oligopoly/cartel charges …!

Or, as this may easily be solved when taken as a societal problem just like environmental stuff like CO₂ pollution (we all need electricity): Why not tax the software makers for their ‘pollution’ of the IS environment with bugs ..? (And prohibit the use of greenhouse gases like SQL injection weaknesses?)
Like, after post-write but before release, this (Dutch) news that casual carelessness is a headache for government(s)… A bit like driving rules with no enforcement, maybe ..?

I’m not one for fighting the real windmills… hence:

[The outards of the inn(ard)s of courts; Bridget’s London obviously]

Simply, stats

Just putting it down there.

With some discussion, OK, OK…:

Fubbuck still the largest, “of course”, but by less of a margin than previous (?);
Because FB ‘messenger’ oh horrendous thing, is listed separately. Prob with reason. At least, because reasons;
QQ and QZone still biggies, to grow ..!?
Tumblr’s big this time. Let’s dig for demographics, et al., to see whether some specific user group is biasing stats. The age-old subject that the Internet was invented and invaded for, may be a big one in this;
LinkedIn larger than Pinterest. A #first ..? And not by much. Cause? Sturdy growth, hanging in there, holding out and succeeding by others falling back; or has some take(n)-over played a role here …?
Insta quite big but maybe not living up to the hype (or what’s its growth), Snapchat rather flat. Is Millennialhyping a thing from the past already ..?

You sporting against all

When sports are considered to be character-forming for later (mostly assumed to be business-)life, either by having been trained to be competitive or have learned (really?) to cooperate in teams (really?), let’s see which versions there are:

In which the You Against Natural science (No counter-actors other than nature, only personal performance counts, possibly measured against others but still, bad luck gets you), You Against One opponent (where one’s in a knock-out tournament or variant; running into the later champion in the first round doesn’t do much for your chances for second place), and Team Against Team (if you’re a champ in a bad team, fuggeddaboudit; the other way around too, like Leicester City…), are all too well known, with the ‘character formation’ mostly being: Either you win or are a loser, and Suck It Up The Other Guy(‘)s Much Better.

But in business … Be careful not to think that it’s a team-to-team competition. Yes, you may assemble, or join, a team, but you’re playing against … the Market. Not another team … Unless the very unusual situation of a duopoly, which should be breakable, legally.
Rather, you’re up against ‘everything out there’; can count only on one’s own errors, not count on the luck of anything out there working your way though they sometimes do. And the character building/application is … well, mostly about you not being Hercules.

Well, if you think you are the big Heracles himself, note that your Impostor Syndrome is no illusion. The Wonder CEO that thinks he’s in the bottom right corner, is deluded to not see that it’s not all the underlings (certainly the sycophants) in a Team against him (seldomly her), in an internal struggle much larger than any competitive fight out there. But that all those one’s up against, are the Team in the top left corner, though possibly having ousted him for displaying anti-team play morals…

Talking of big business: What sport would have massive teams of hundreds, thousands, hundred thousands of players on either side ..!? With all specialised in their own little square foot of the playing field ..? At best, one has such armies with the classical mercenaries — and even they were, are, organised much more effectively. The military discipline of the multinational überbureaucracies will fail in the murk out there, certainly when one’s not against one specific opponent, as above.
‘Normal’ teams in sports are, ballpark, smaller than 20 players, all maybe having designated tasks but always all (of the winning teams) have the flexibility to step out of their role and position, with team mates catching the blind spots. As if that ever happens in business-outside-the-startup-scene. The closest to actual normal business, would be athletics teams, all with their specialties, contributing to the total, the satisfaction of having succeeded as a team winning out over the satisfaction of personal performance over team gains.

So, what was that about through (‘high school’/university age) (team) sports, would one breed character for the real world ..? If one does sports, obviously it should‘nt be for that reason but for the joy of it. ‘Character building’ as an argument shows one has no clue.

You're Exposed…

You haven’t studied this here overview hard enough. Because you’re not even on it so shows your lack of will to enormously improve the seriousness of your (clients’) information security which would get you onto the list, just. Your security being too much of a joke to even achieve this level of honest attempt at seriousness.

ig_nobel_stinker_serif_icon_400x400

Teh business, does it exist ..?

On purpose, teh. Plus a spoiler: No.

Though this is a tell-tale sign your infosec program, of whatever kind, will #fail, wholesale.
’cause If you can’t specify all stakeholders, at their various levels of detail required, beyond swiping them up under the ‘the business’ nomen, Then you might as well call it ‘teh’ business, as you are vague to the point of irrelevance, as you will be regarded by ‘the business’ and since that’s where 99.9% of your security sits (including budget holders…), fugeddabout effectiveness.
Endif. No Else.

So, stop using ‘the business’ as a stopgap designation for your lack of understanding of the infosec problems that you claimed you could tackle hence you demonstrate to know no thing about the swamp of root causes to the problems that you said to go solve.
You n00b.

Oh well…:

[Some specific business; Madrid]

Data Classinocation

I was studying this ‘old’ idea of mine of drafting some form of impact-based criteria for data sensitivity when, along with a couple of fundamental logical errors in some of the most formally adopted (incl legal) standards and laws, I suddenly realised:

In these times of easily provable easy de-anonymisation of even the most protective homomorphic encryption multiplied with the ease of de-anonymisation throught data correlation of even the most innocent data points, all even the most innocent data points/elements must (not should) be classified at the highest sensitivity levels so why classifiy data ..!?

This may not be a popular point, but that doesn’t make it less true.
In similar vein, in European context where one is only to process data in the first place if (big if) there is no alternative and one can process for the Original intent and purpose only,

To prevent data from unauthorised disclosure internally or externally, without tight need-to-know/need-to-use IAM implementation, one already does too little; with, enough.

That’s right; ‘internal use only’ is waaay too sloppy hence illegal — it breaks the legal requirement for due (sic) protection, and if the use of data is, ‘by negligence’ not changing a thing here, let possible, the European privacy directive (and its currently active precursors) do not allow you to even have the data. This may be a stretch but is still understandable and valid once you take the effort to think it through a bit.
Maybe also not too popular.

Needless to say that both points will not be understood the least by all the ‘privacy officer’ types that have rote learned the laws and regulations, but have no experience/clue how to actually use those in practice and just wave legal ‘arguments’ (quod non) around as if that their (song and) dance is the end purpose of the organisation but cannot answer even the most simple questions re allowablity of some data/processing with anything that logically or linguistically approaches clarity. [Note the ‘or’ is a logical one, not the sometimes interpreted xor that the too-simpletons (incl ‘privacy officers’) interpret but don’t know exists.]

OK. So far, no good. Plus:

[Not a fortress, nor a real maze once you see the structure; Valencia]

Waves of cyberfud

Not just because #ditchcyber is real. But because only now, the first of the absolute leggards (i.e., gov’t officials) begin to make waves about access to private data, through apparent (sic) complete lack of understanding about the fundamentals of free society. The issue of blanket access to any communications, for whatever purpose, has been settled so shut up for eternity or however much longer it takes ‘you’ to get it or die — whichever comes first, my guess is the latter.

Politics being the only field of work where no education is required; all the cyber-blah being the second, then, apparently ..? And:

[He would have annihilated the little people that clamour for ‘backdoors’, etc., et al.; DC]

Tugging on with Thoreau

It’s not enough to be industrious; so are the ants. What are you industrious about?

As a warning to the many that just continue to be ‘compliant’, letting their best, and next in line their mehhh, drain and be crowded out by meek submission. Which is what some Others live off, totally.

Hey, don’t just point out this all sounds rather negative: It’s Monday, right ..?
Switch to the Useful, creative, productive life! Yes, sirmadam, so can you! And you and you! And:

[If only life were always like this Valencia …]

What we all want / need …

Just as a simple link. If (sic) you understand, you’ll understand what you, we, all need, crave.

Yes indeed that’s all. Plus:

[More than just the Montanges …]

Another Thoreau, another on more-than-mere-process

I would not have every man nor every part of a man cultivated, any more than I would have every acre of earth cultivated: part will be tillage, but the greater part will be meadow and forest, not only serving an immediate use, but preparing a mould against a distant future, by the annual decay of the vegetation which it supports.

Which again, points at not every waking hour should be spent on work within the straight jacket of Process(es) and procedures, just clicking the only icons you have. But also having, taking, the time to let one’s mind wander, and do things differently, for the very purpose only of refreshment. Refreshment of the mind, for the purpose of that creating the mould, … on which future creativity is crucially, essentially dependant.

Without ‘idle’ land and time (spent on refreshment and enrichment, e.g., through reading serious (sic) i.e., only tangentially business-related (sic) books), your future will be a depleted land, a life spent being a wringed-out lemon for others’ profits.
With idleness, refreshment and joy (that essential true-life ingredient), you can be(come) all you want to be and live a full life.

‘Nuff said, plus:

[Even the ground enriches the eyes… Plus, straight lines at a slight angle are more interesting >:-] ; Ancy-le-Franc, Aube]