Do you recall Alan Cooper's book "The Inmates are running the Asylum"?
He makes the case that once you put a computer in something it stops
being that something and becomes a computer.
Camera + computer => computer
Well OK, we've had computers in cars for a long time and ...
The case he was making was that the computer takes over the UI. It does
eventually. My old 1970s era Canon A1 had a computer in it, a 'chip'
but it wasn't much more visible than the photocell+resistor of my older
Miranda Sensorex. By the time of my fathers Mintolta 7000 it had taken
over focus, exposure, film advance and more. Here we were with an
expensive SLR, one of the last film cameras before Sony bought them and
went digital, and it was a 'point and shoot' camera.
Many of the functions in a car were easy to take over with electronics
and subsequently computers, not least of all engine, braking and
traction issues. And it all gets easier and more effective with
electric cars! Only now, the 2014 models, are computers really
intruding into the cockpit. Dashboards with embedded tablet-like
displays worry e, they seem to be a distraction. Drivers don't need
that kind of continual update about the innards. The old Buick, now
deceased, had just tachograph, speed, fuel, batter oil pressure, and
engine temperature on the display. I'm not convinced tacho was needed
and having a digital speed readout is of questionable value. One safety
study indicated that a speed band indicated, like those led bar meters,
are less distracting. Certainly if the on board computer knew the local
speed limit and scaled so that red was over the limit ...
Another time we can discuss how the smart phone has become ubiquitous
and is affecting culture (and economics) in ways that even Steve Jobs
and SF writers couldn't have predicted.
But right now I want to raise a point about film vs digital for cameras.
Its sad that for many photographers digital camera look like old
conventional cameras as, while it may have eased acceptance, it has also
been a concept blocker.
The reality is that the digital medium *IS* different. Most digital
photos are displayed digitally: on the web for example or using 'digital
photo frames'. I'm not saying this is an absolute, that print and
posters don't and won't exist, but so much is going digital. Money did
a long time ago, so are invoices and bills and receipts. NFC is even
eliminating 'plastic'. Newspapers still get printed but even that is
dying; their composition went digital a long time ago the shift to
digital publication wasn't so difficult. I read news on my phone and
so, I see, travelling on the TTC, do many other people. You can get
software that eliminates adverts and trawls for what interests you.
More and more specialized sites that focus on single matters and
springing up to make that easier.
A book I've borrowed recently phrases it well:
Your digital camera probably resembles a film camera in both
appearance and basic functionality. Like a film camera it has
a lens with aperture and shutter controls that can be used to
decide how much light penetrates into the body of the camera
for each shot.
But that's where the similarity between film and digital
cameras end. Despite the similarity in appearance of the
hardware device used to make the exposure, digital photography
is an entirely new medium compared to film photography.
People don't fully understand that this new digital medium
consists of the camera-computer partnership. They're still
hooked on the fact that their hand held computer with a lens
(aka a DSLR) looks like a good old fashioned film camera -
and if it looks like one, it must work like one.
src: "The Way of the Digital Photographer", Harold Davis:
Well, perhaps not. Lets leave things like the Hero aside for one moment
and just think about cell phones. While most have cameras in the 5-10
megapixel range, such doesn't even compete with the 12-16 megapixels of
even the sub-$100 point and shoot shirt pocket camera, there are a few
that are exceptional, in the 50 megapixel range. What they lack is
But the cell phone apps make up for that in processing. The software
available on cell phones for processing images and enhancing the
built-in camera is quite amazing.
Harold Davis' book deals with the post processing on the computer, your
laptop or desktop, something with more power and certainly more screen
real estate than your phone or tablet. The pint he makes repeatedly is
that digital is not film and should not be though of as form of file,
and comparing, for example, the colour spectrum of digital with the
colour spectrum of various films totally misses the point. You can do
and do easily with digital processing things that would be difficult to
impossible to do with film even with an advanced and highly equipped
Davis' book discusses Photoshop. I'm a Linux user; I use Darktable
http://www.darktable.org/about/ rather than Lightable
rather than Photoshop
Davis has many other books that are worth investigating.
I can think of nothing more boring for the American people than to have
to sit in their living rooms for a whole half hour looking at my face on
their television screens.
Dwight D. Eisenhower
An article on Linked entitled 'The Truth about Practices" started a discussion thread with some of my colleagues.
The most pertinent comment came from Alan Rocker:
I'm not sure whether to quote "Up the Organisation", ("If you must have a policy manual, reprint the Ten Commandments"), or "Catch-22" (about the nice "tidy bomb pattern" that unfortunately failed to hit the target), in support of the article. Industry-wide metrics can nevertheless be useful, though it's fatal to confuse a speedometer and a motor.
However not everyone in the group agreed with our skepricism and the observations of the autor of the article.
And Anton aren't the controls you advocate so passionately best practices? >
NOT. Make that *N*O*T*!*!*! Even allowing for the lowercase!
So I need to compile a list of ALL assets, information or otherwise,
That leads to tables and chairs and powerbars.
OK so you can't work without those, but that's not what I meant.
Physical assets are only relevant in so far as they part of information processing. You should not start from those, you should start from the information and look at how the business processes make use of it. Don't confuse you DR/BC plan with your core ISMS statements. ISO Standard 22301 addresses that.
This is, ultimately, about the business processes.
I often explain that Information Security focuses on Information Assets.
Some day, on the corporate balance sheet, there will be an entry
which reads, "Information"; for in most cases the information is
more valuable than the hardware which processes it.
-- Adm. Grace Murray Hopper, USN Ret.
Some people see this as a binary absolute - they think that there's no need to asses the risks to the physical assets or that somehow this is automatically considered when assessing the risk to information.
The thing is there are differing types of information and differing types of containers for them.
I get criticised occasionally for long and detailed posts that some readers complain treat them like beginners, but sadly if I don't I get comments such as this in reply
Data Loss is something you prevent; you enforce controls to prevent data
leakage, DLP can be a programme, but , I find very difficult to support
with a policy.
Does one have visions of chasing escaping data over the net with a three-ring binder labelled "Policy"?
Let me try again.
Policy comes first.
Without policy giving direction, purpose and justification, supplying the basis for measurement, quality and applicability (never mind issues such as configuration) then you are working on an ad-hoc basis.
On the ISO2700 forum one user gave a long description of his information gathering process but expressed frustration over what to do with it all all, the assets, the threats and so forth, and trying to make it into a risk assessment.
It was easy for the more experienced of us to see what he was missing.
He was missing something very important -- a RISK MODEL
The model determines what you look for an how it is relevant.
Java 7 Update 10 and earlier contain an unspecified vulnerability
that can allow a remote, unauthenticated attacker to execute arbitrary
code on a vulnerable system.
By convincing a user to visit a specially crafted HTML document,
a remote attacker may be able to execute arbitrary code on a vulnerable
Well, yes .... but.
In many of the InfoSec forums I subscribe to people regularly as the "How long is a piece of string" question:
How extensive a risk assessment is required?
It's a perfectly valid question we all have faced, along with the "where do I begin" class of questions.
The ISO-27001 standard lays down some necessities, such as your asset register, but it doesn't tell you the detail necessary. You can choose to say "desktop PCs" as a class without addressing each one, or even addressing the different model. You can say "data centre" without having to enumerate every single component therein.
How do you know WHAT assets are to be included in the ISO-27K Asset Inventory?
This question and variants of the "What are assets [for ISO27K]?" comes up often and has seen much discussion on the various InfoSec forums I subscribe to.
Perhaps some ITIL influence is need. Or perhaps not since that might be too reductionist.
The important thing to note here is that the POV of the accountants/book-keepers is not the same as the ISO27K one. To them, an asset is something that was purchased and either depreciates in value, according to the rules of the tax authority you operate under, or appreciates in value (perhaps) according to the market, such as land and buildings.
Here in Canada, computer hardware and software depreciates PDQ under this scheme, so that the essential software on which you company depends is deemed worthless by the accountants. Their view is that depreciable assets should be replaced when they reach the end of their accounting-life. Your departmental budget may say different.
Many of the ISO27K Assets are things the accountants don't see: data, processes, relationships, know-how, documentation.
"Once the hacker gained access to Honan's iCloud account, he or she
was able to reset his password, before sending the confirmation email
to the trash. Since Honan's Gmail is linked to his .mac email address,
the hacker was also able to reset his Gmail password by sending a
password recovery email to his .mac address.
Minutes later, the hacker used iCloud to wipe Honan's iPhone, iPad
and Macbook Air remotely. Since the hacker had access to his email
accounts, it was effortless to access Honan's other online accounts
such as Twitter."
Every new technology has people, the pioneers, who buy into the vendors hype ... and pay a price for that.
We should learn from them.
- Hard-Learned Lessons from the Honan Hack (lumension.com)
- 60-minute Security Makeover: Prevent Your Own 'Epic Hack' (pcworld.com)
- Former Gizmodo writer Mat Honan's hacked iCloud password leads to nightmare (nextlevelofnews.com)
- Apple Flooded with iCloud Password Reset Requests Amid Tightened Account Security Controls (macrumors.com)
- How Secure Is the Cloud, Really? (technewsworld.com)
Investigators say Antigua tried to pass himself off as an Air Force veteran, a member of NASA's Space Shuttle crew, even a doctor complete with hospital ID's and his own medical bag. He also had blue police-style flashing lights for his black Escalade
"We are going to go to whatever lengths that we need to travel to find out, is he really a threat or is he somebody living a very involved fantasy life," said Chief James Steffens.
Taking Cosplay too seriously?