Top-down fantasies

And so, the emperor was shown to wear no clothes…
One couldn’t even blame PCI too much; their standards (meaning: as in uniform things, not the flags one can rally behind) actually do include pointers to deeper (and common-sense) actual infosec control implementation. But not throughout…

… nor systematically. As written before, and in many other posts on this site: The Information Security “Management” (quod non) “System” (quod non) was trusted because upward reporting on its efficacy showed ‘satisfactory’ or better – without realising that its was just deafening and wholesale bureaucratia’s babbling.
If you believe in compliance reporting and similar fairy tales, you’ll believe anything. How much misery must be heaped on all that can’t help it, and all that might have, before the fear of independent thought is restored in particular where it’s needed…? We may get philosophical here. And/or practical. Or whatever. It’ll takes a book(s) to describe it clearly enough for the unconvincable to be convinced or at least to get them out of blocking positions. They truly are the Maginot line of organisatia.

And a picture to close off for now:
DSCN2894
[Still somewhat light, though sturdy; Enschedé]

Advertisements

About maverisk

Maverisk Consultancy, IS Audit and Advisory services: Wikinomics meets governance and audit; otherwise, see my personal LinkedIn profile
This entry was posted in ERM, GRC, Information Risk Management, Innovation, economics, society at large, Sociological, psychological notes. Bookmark the permalink.

Your comments are welcomed!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s