One IoTA FYI

To close off [almost, since @KPN fraud themselves away from bankruptcy by series of outright lies to customers and tort] the year with a wild shot, ahead:
There is value in the information analysis in IoT, as described in Gelernter and many since, of the two-way flow of information. One, flowing up are information in the form of answers as aggregations or pattern matched tuples(ets); the other going down, being both commands and inquiries/questions.

This fits the IoT world snugly, and should be taken into account when developing IoTAuditing frameworks:
What we’re after of course in all of auditing — and this we consider self-evident or else go back to study auditing fundamentals, from agency theory! — is the controls that keep the quality of the back/forth i.e. down/up information flows within (client-!)required margins. No more! But be aware of who the client really is, not the one doing the actual paying. So, we may focus on the integrity of the information flows first and foremost, then the continuity (availability), and then confidentiality as an afterthought.
With neat break-downs to isolation, appropriate input/output buffering (anyone still aware of the difference between an interrupt and a trap? If not, take a hike and learn, and weep), integrity controls above all. And some thing on (establishing) the quality of aggregation and of the questions being pushed down — when the wrong questions get asked e.g. by lack of understanding of the subject matter (sic), as is so very commonplace in the vast majority of organisations today, the wrong results will turn up from within the data pool (reporting ‘up’wards).

And of course there’s the divide between
the operational world where actual business is done (either administratively in offices though one could argue (i.e. proof beyond recovery) that this isn’t actually doing anything worthwhile, or producing stuff), and
the busybodies world ‘above’ (quod non) that, which thinks (wrongly) to be able to ‘control’ and ‘steer’ the productive body, sometimes rising itself into the thin air levels of absolute ridicule (by) branding itself ‘governance’.
But do re-read all of last year’s posts and weep. But do also see the implications for variance in the integrity, availability, and confidentiality needs at various (sub)levels.

And:
DSCN2229
[The 2016 way is up; Cala at Barça]

Advertisements

About maverisk

Maverisk Consultancy, IS Audit and Advisory services: Wikinomics meets governance and audit; otherwise, see my personal LinkedIn profile
This entry was posted in ERM, GRC, Information Risk Management, Information Security, Innovation (technologicallly driven), Predictions 2016, Privacy and tagged , , , . Bookmark the permalink.

Your comments are welcomed!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s