Things to Blog about

Series

So you’re the new IT Manager

  • Asset discovery
  • Role Definition
  • Managing the Team
  • Staffing the Team
  • Project Management
  • Budgeting
  • Vendor Management
  • Compliance and Governance
  • Networking
  • Security
  • Storage
  • Backup

Removing Obscurity and Ambiguity from IT

  • Countermeasures exist to resolve vulnerabilities and a vulnerability is resolved once a countermeasure has been put in place.
  • The term ‘Acceptable Risk’.

Book Reviews

Personal Branding

  • Personal branding.  Am i doing it right?  Am i doing it at all?
  • More Logo stuff.
  • Ten people I admire and ‘Bio Stalking’.
  • My personal life viewed from Operational, Tactical and Strategic Policy decisions.  How would that look?
  • Make every moment add value to the ‘Me’.
  • Ambition definition.
  • Viewing the ‘Me’ through several different perspectives.  Internal, External, Knowledge.
  • Make your story interesting.
  • My Story.  Not entirely certain what this means.

Fun and Interesting Quotes whose source I have lost

  • “It is healthy for the brain to do multiple integrative tasks at the same time.  It is unhealthy for the brain to do multiple non-integrative things at the same time.”
  • “Be intentional”
  • “Get Creative and be awesome”
  • “Be Brave” Chris Brogan
  • “Lots of dreamers and thinkers out there, but doers still rule”

Charts and Why they are awesome!

  • ‘Comfort Zone’ compared to the ‘Danger Zone’ in terms of our ‘Expected Results’ or ‘Unexpected Results’
  • Our ‘Unique Opinions’ compared to ‘Number of Observations’. Stolen from, “How to be interesting”.
  • Party crashing and People Watching as Anthropology.  Stolen from, “How to be interesting”.
  • Chart Knowledge over questions and the possible relationship(s).
  • Reasons to be remembered over things you make happen.   Stolen from, “How to be interesting”.
  • Results are the product of all accepted variables and constants.  As these increase, ease of validation decreases.
  • Angel and Devil approach 0 as the extremism of the perception decreases.
  • How we can go about pulling an infinite number of infinite sets from a set of finite value.
  • On the intersectionality of Passion, Excitement, and peoples willingness to purchase.
  • Having vs Doing.  Lots of money, lots of neurons.

Perspective

  • Is there a way to take the concept of ‘Views’ from Security Policy generation and apply it to regular day life?  Can this be directly mapped to the questions of perspective that I brought up in my first photo blog post?
  • Construction on Lake, change over time.  How many things do I only notice because they change over the course of the photoset?

Causation or Correlation

  • People at the top go to the most workshops, conferences etc.  Do they do this because they are at the top, or are they at the top because they go to these?
  • Do questions prompt knowledge or does having knowledge cause us to ask the questions which begat more knowledge?

Amazing Things about Math, Physics and Science in General!

  • Solar Fusion.  The math and the process.
  • Measuring in the physical world causes change.  If you put a thermometer in your freezer, the presence of the thermometer will actually change the temperature a small amount.  Heisenberg’s Uncertainty Principle extends this down to the quantum level.  Our observations of self and rigorous introspection causes changes in our beliefs and concepts.  How far until this analogy breaks?
  • Energy.  What it is, how it is transferred and how it should be perceived.  High school science classes have totally failed in this basic concept of how the universe operates.  This is something every person should understand.
  • How awesome it is that at the quantum level, energy and mass are interchangeable.  Think holding energy in an atom.  How the hell does this work.

Conceptual Exploration and Cognitive Dissonance

  • Rules of evidence from a scientific perspective.  How do I know that a statement made by a study is valid evidence?  How do I quickly analyze what I hear to establish whether it is evidence which should be taken seriously.
  • The more variables and constants in a statement, the less strict that statement is.
  • When best practices are agreed upon, and evidence exists, why do people not all adopt the new standards?  The Harvard report on Austerity was proven to be flawed, why dont all of the European countries which adopted austerity at least partially based on this report immediately jump ship?
  • Selection Bias is a pain in the ass.  How do we resolve?
  • Its the junk that makes life flavorful.  Why is it better to cook over charcoal?  Gas is much more efficient.  It has a much greater energy return per volume.  Its efficiency is exactly why it sucks to cook over.  There is no variation from gas to gas.  The junk like carbon and other trace elements exist only in inefficient transitions like the one for charcoal.  How far does this go?

CISSP, otherwise known as the MOST boring thing I have ever studied.

  • Section 1 overview
  • Chart the abstraction model.  1 AR; 2 CO; 3b ESA; 3a ES; 4 P.  4- ISO/IEC 27000, 3B – SABSA, 3A – Zachman, TOGAF, DoDAF, MoDAF, 2 – COSO, ITIL, 1- COBIT, SP 800-35.  0- Six Sigma, CMMI.
  • Chart RATDIIMES.  Recon assets, Ident Threats, Dev Sec Policy, Ident prot controls, Implement prot controls, Maintain controls, Establish acceptable risk, Security Awareness.
  • Chart IRM.  Identify and asses risk, Reduce to acceptable levels, Implement mechanisms to maintain acceptable levels.
  • “Security through Obscurity – BAD” “Security through Difficulty – GOOD”
  • Chart vulnerability spectrum.  No vuln, to complete exploitability over countermeasure improvement.
  • Neo-MO = My newly minted security framework (ESA) which eliminates all vagaries.
  • Chart abstraction model of P -> EA -> ESA -> RM -> IRM.  Policy, Enterprise Architecture, Enterprise Security Architecture, Risk Management, Information Risk Management.  Should a level exist for CO’s?
  • Chart the relationship of orgs: Size, sec posture, threat profile, sec budget against something.
  • Chart Prioritization process over Cost, Relevancy, Timeliness, Threat response.
  • Chart for: Asset valuation process; Identify asset, identify vuln, identify threat to vuln, quantify probability, provide economic balance through a cost/benefit.
  • Intangible asset.  How to identify and valuate?
  • Zachman Diagram and explanation.  Start with this quote, “The basic idea behind the Zachman Framework is that the same complex thing or item can be described for different purposes in different ways using different types of descriptions (e.g., textual, graphical). The Zachman Framework provides the thirty-six necessary categories for completely describing anything; especially complex things like manufactured goods (e.g., appliances), constructed structures (e.g., buildings), and enterprises (e.g., the organization and all of its goals, people, and technologies). The framework provides six different transformations of an abstract idea (not increasing in detail, but transforming) from six different perspectives.It allows different people to look at the same thing from different perspectives. This creates a holistic view of the environment, an important capability illustrated in the figure.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: