Evolution of Datology

Подробнее о видео

The Evolution of Datology E037 2024 09 18
A Bit of Security for September 18, 2024
We are on the brink of actually turning the dark art of information security into something like a science – not a hard science like chemistry or physics, but a powerful science like psychology. Peter Naur called our field Datology – the science of data.
Many information security companies are moving to a channel only strategy, which seemed counterintuitive to me. After all, a dedicated sales force carries the message more effectively, doesn’t it, rather than mercenaries? But if the product is essentially a commodity, then splitting the company into components and divesting the inefficient or substandard ones only makes sense. The world of the conglomerate collapsed because conglomerates aggregated inefficiencies. Bureaucratic arteriosclerosis. Middle managers built empires and controlled information flows to optimize their local patch. They thrived locally while the overall organization suffered and eventually became unprofitable. Note that the Cobit standard makes corporate information flows quite visible and identifies bottlenecks and bureaucratic dead ends very clearly – which accounts for some of the resistance to Cobit-like processes analyses. Business process analysis runs against selfish human behavior.
By focusing on core competencies, the organization can maximize its profit and return to investors, and avoid the unnecessary overhead that silos bring. An organization that doesn’t communicate effectively with its external channel cannot thrive – but a conglomerate with built-in e=inefficiencies can run a lot longer. That’s why investors look to break up conglomerates, to release locked-up value and allow market forces discipline and remove inefficiencies.
Put differently, an organization that insulates itself from market forces as three choices: it can pay attention to external events before they become overwhelming, it must break itself apart, or it will be torn apart. How does an organization pay attention? First, it must identify its vulnerabilities. Second, it must become aware of what’s happening outside its immediate sphere of existence. Third, it must understand where its vulnerabilities are, and what a specific force might do to the organizations’ mission and performance. Fourth, it must respond to the threat. Next, it must remediate the consequences of that threat. Finally, it must use the information and knowledge to fortify itself against future threats of that kind.
Does this sound familiar? The same principles we use to combat information security issues also help organizations combat functional weakening – and by extension even can work to combat societal deterioration. When the overall structure fails to support the interests of the participants, whether components in an application system, business units in a corporation, or governmental functions in a society, the choices are simple
1. Detect and respond to the challenges
2. Split the structure into effective components and let external forces erode the weak parts
3. Collapse
Collapse is the default. Put it another way, everything’s going to hell, entropy wins again. Combating entropy, erosion, and decay takes energy. Not just activity, but focused activity, guided by a clear understanding of the problem. That underlies the structure of our response to any realized risk: whether a cyberthreat or a physical attack. The form of thinking that allows us to develop an effective, rational response to a threat will conform to the capability maturity model – and more about that in another chat. And that’s our Bit of Security for Wednesday, September 18, 2024.
The Evolution of Datology
A Bit of Security for September 18, 2024
Our response to cybersecurity attacks has much in common with larger problem-solving approaches. Listen to this -
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #datology #cmmi #cisa #resilience # #BitofSec