Top-down fantasies

And so, the emperor was shown to wear no clothes…
One couldn’t even blame PCI too much; their standards (meaning: as in uniform things, not the flags one can rally behind) actually do include pointers to deeper (and common-sense) actual infosec control implementation. But not throughout…

… nor systematically. As written before, and in many other posts on this site: The Information Security “Management” (quod non) “System” (quod non) was trusted because upward reporting on its efficacy showed ‘satisfactory’ or better – without realising that its was just deafening and wholesale bureaucratia’s babbling.
If you believe in compliance reporting and similar fairy tales, you’ll believe anything. How much misery must be heaped on all that can’t help it, and all that might have, before the fear of independent thought is restored in particular where it’s needed…? We may get philosophical here. And/or practical. Or whatever. It’ll takes a book(s) to describe it clearly enough for the unconvincable to be convinced or at least to get them out of blocking positions. They truly are the Maginot line of organisatia.

And a picture to close off for now:
[Still somewhat light, though sturdy; Enschedé]

Leave a Reply