others on risk

Blogs have their lifecycle.

In fact, the blog format has passed its hype and entered what some would call a plateau of productivity.

A blog list is a nice feature, with active feeds bubbling to the top. RSS feeds might seem out of fashion. Still, being able to subscribe to tailored channels is a powerful technique.

Blogs appear, develop and fade. My blog list others on risk (see the sidebar) has been a tad neglected. Some members have been silent for years. Others have now taken their places. Enjoy!

mind those misses

An article in HBR suggests a way to avoid catastrophes by focusing on near misses, situations where luck saved the day.

The authors describe how latent errors (such as gas leakage at an oil rig) combine with enabling conditions (a windless day or a welder working nearby) to cause failure (think of the BP Gulf disaster).

Lessons for InfoSec are to leverage incident reporting to catch smaller mishaps and to explicitly manage vulnerabilities as a precursor to risk identification with threat sources.

an educator thinking aloud

I've been tweeting and blogging about my educator role, sharing ideas and occasional glimpses of content from seminars and courses. The goal is to "think aloud" when developing new material, while being more transparent about my narrative.

At first, I tried collecting these in Twitter Moments. That format has turned out to be unstable, even unworkable, so I'm pinning my hopes now on Twitter's Collections feature.

Please find the "Teaching" Collection under a tab of its own at the top of the page.

Kilomba on Ignorance

Artist Grada Kilomba's captivating film trilogy Illusions addresses human rights in our time using well-known fables such as Narcissus and Echo.

She challenges our perception of ignorance as merely a reflection of legitimate lack of access rights. What if, asks Kilomba, ignorance itself is a reflection of privilege?

one does not know,
one does not have to know,
and one should not know.

Such a multiple layer of ignorances could offer a comfortable distance to wrongs and thereby stifle accountability.

carved in stone

I guess time has caught up with Swedish expressionist artist and sculptor Siri Derkert.

In my youth I used to think of her blasted concrete subway artworks as dull and self-important. (Then again, I couldn't be bothered to care about any contemporary art.)

Now, what I see is instead grace and materiality and Siri's timeless thoughts of peace and women are gaining a renewed sense of urgency in this day and age.

Here is Derkert's Study for Female Pillar, part of the collection at Moderna museet.

sampling Trockel

I spend lots of time in art exhibitions these days. My favourite is Moderna museet which has become sort of second home when I've got time on my hands.

Taking photos of pictures might sound pointless but I like experimenting with "sampling" artworks into bits and pieces and then having these rearranged into a photo collage.

Rosemarie Trockel has knitted a monochrome After The Hunt. With wool yarn and wood she challenges how pictures are supposed to be made. And here is my attempt at sampling Trockel.

a student, a volunteer and a consultant

After five years as an employed consultant, I will continue under my own flag. In recent years I've been privileged to teach Information Security which is superb training from a generalist perspective, but now I will refocus on Information Risk in three different ways. First, I will return to the university to dig deeper in the theory realm of risk. Second, I might do a bit of volunteering in a "security advisor" capacity. Last but not least, there should be room for some consulting as an educator.

on maturity and abstraction

What is Security Architecture and what does it take for an organisation to master this domain?

Operativ informationssäkerhet in April welcomed six guest lecturers.

Sebastian Åkerman offered a maturity perspective on architecture and helped us navigate between properties, controls, mechanisms and components.

Other guest sessions covered Safe UX, Crisis Management, agile ideology, Business Continuity and Secure Development.

Two group exercises and an individual assignment took us from theory to practice.

Know Thy Assets

How can organisations get a better grip on their information assets, and what aspects are there to master?

In the March edition of Strategisk Informationssäkerhet with five guest lecturers, Information Architect Tina Lindevall of Huddinge kommun made the case for Information Cognizance (Informationskännedom).

Other guest sessions covered Security Law, Policy and Classification, educating co-workers and Security Strategies.

An individual assignment as well as two group exercises provided a bit of practice.

my year in art (2): Walk The Line

Glass art - basically pretty and harmless? Hardly. One 2018 highlight was the Dunkers group show Walk The Line showcasing nine different artistries having glass as a common denominator. 

Terese William Waenerlund, Åsa Ljungnelius, Birgitta Ahlin, Sirkka Lehtonen, Nina Westman, Ditte Johansson, Ingalena Klenell and Fredrik Nielsen made it clear that Swedish glass manufacturing is alive and kicking.

At least one coat got too close for comfort during the exhibition weeks. Hardly harmless material!