Infinistructure: Who Knew What When...

Who knew what when? This is the question of the last few months as we now embark on the path towards recovery.

The Operational Risks that have plagued our aging county, state and federal institutions are growing and the convergence factor has brought us even bigger systemic organizations "Too Big To Fail."

While many will be side tracked by the need to deal with the toxic assets still on the books or in sinking agencies the "Zero's and One's" don't lie.

The information, digital evidence and just pure data audit trails will remain for many to be caught, charged, indicted and then sent before a jury to decide their fate.

Managing risks in the enterprise today takes on many flavors and within several departmental or enterprise domains of expertise.

Whether it be the C-Suite, legal department, the IT department, Internal Audit, Security department or even the Operational Risk Management Committee the "Zero's and One's" don't lie.

Think about how much time the people behind organizational malfeasance spend on trying to cover their tracks, clean up the digital "Blood Trail" of their crimes and wrong doing all the while knowing that someday, a smart investigator or forensic examiner will connect the dots. Game over.

Regardless if you are two paid-off programmers who have been enforcing the "Business Rules" in their software by the boss or an internal threat actor does not matter.

Whether they are copying, stealing, altering or damaging the digital information within the organization does not matter; these Operational Risks still remain constant.

The resources and the money devoted to continuous due diligence, monitoring and preemptive strategy to Deter, Detect and Defend the digital assets of the enterprise need to grow dramatically to stay ahead of the curve.

The best way to figure out “What to do” and “How to do it” will require outside assistance. Moving your digital assets to be professionally managed makes sense for economic and other financially prudent reasons.

Yet this migration away from large numbers of people managing and maintaining your information technology infrastructure internally and on your payroll is just the standard "outsourcing" strategy right?

It has it's own set of 3rd party supply chain set of risks. After your next incident who will be asking: Who knew what when?

Many private sector and government enterprises who are augmenting their COOP and the economic strategy of "Cloud Computing" have realized the smart course of implementing and migrating to managed services and infrastructure suppliers.

"How can the utilization of an "Infinistructure" with the knowledge and application of a legal compliance ecosystem in your enterprise mitigate the risks associated with bad actors, unprepared personnel and the digital loss of key evidence?"

Stay tuned for more on this later. In the mean time remember this.

All of the newest technology, fastest AI computers and neural networks enabled with encryption and secured physical locations will not be enough to save your institution from Operational Risks.

It is just one more piece of the total risk management mosaic, that will still require the smartest people and the most robust policy and processes imaginable.

Who knew what when? This will continue to be the biggest question of the next decade.

operational risk

Analytic Techniques: Ai Derived Decisions...

 Structured Analytic Techniques have been useful in so many ways for decades to arrive at “TrustDecisions”.

What particular technique is/was your favorite over the years for your current role or profession?

• Decomposition & Visualization
• Idea Generation
• Scenarios & Indicators
• Hypothesis Generation & Testing
• Assessment of Cause & Effect
• Challenge Analysis
• Conflict Management
• Decision Support

Analysis in any community of highly trained human professionals requires thinking that challenges and reviews an individual persons strategy.

In the past, it required a series of proven methods for arriving at faster decisions that can be effectively proven reliable and explained to those who are uninformed.

The risks associated with a particular set of actions or strategy can not be entirely eliminated, yet the risks may be minimized by using proven and disciplined thinking models.

Testing a decision makers conclusions by utilizing standardized and structured analytic techniques may sometimes open new thinking for the decision maker and other times avoid a costly outcome.

Testing senior management human conclusions is vital in a high stakes business or in an increasingly important life or death decision.

How might you utilize a methodology to continuously make more effective “Trust Decisions” in your area of responsibility?

Will Ai decision support eliminate certain human analysis techniques once it has been verified, tested and proved its risk is acceptable?

“Analysis conducted by the intelligence, law enforcement and business communities will never achieve the accuracy, and predictability of a true science, because the information with which analysts must work is typically incomplete, ambiguous and potentially deceptive.” Page 165 Structured Analytic Techniques for Intelligence Analysis - 2nd Edition - by Richards J. Heuer Jr. & Randolph H. Pherson

In our near future, it will require analyzing the actual methods that a person or group has been using and then the utilization of “Structured Analytic Techniques” to actually determine their true reliability and outcomes.

Humans may indeed spend even more time and effort into the future analyzing and validating our Ai derived decisions…

Vulnerability: Launching into the Future...

Looking in the rear view mirror from the Spring of 2004, the InfoSec World Conference in Orlando FL was on the calendar.

Our flight from Washington, DC provided just enough time to plan out the sequence of sessions and events to attend in order to explore any new innovations.

At that point, we were now only in our first decade of our "Information Security" evolution.

"Before “The Cloud”. Before IT standards could truly grasp the spectrum of sophisticated exploits, that were soon to be developed by other Nation States."

The guidelines and metrics developed that year by the Yankee Group were derived from The Laws of Vulnerabilities research, authored by Gerhard Eschelbeck, CTO of Qualys.

The Dynamic Best Practices in Vulnerability Management are based on key findings from The Laws of Vulnerabilities:

>>Half-Life: The half-life identifies the length of time it takes users to patch half of their systems, reducing their window of exposure. The half-life of critical vulnerabilities for external systems is 21 days and for internal systems is 62 days. This number doubles with lowering degrees of severity.

>>Prevalence: 50 percent of the most prevalent and critical vulnerabilities are replaced by new vulnerabilities on an annual basis. In other words, there is a constant flow of new critical vulnerabilities to manage.

>> Persistence: The lifespan of some vulnerabilities and worms is unlimited. In fact, the research shows significant spikes in the occurrence of Blaster and Nachi worm infections in 2004, months after they originally appeared.

>>Exploitation: The vulnerability-to-exploit cycle is shrinking faster than the remediation cycle. 80 percent of worms and automated exploits are targeting the first two half-life periods of critical vulnerabilities.

The best practices apply vulnerability management as the one solution IT can count on to measure and manage the effectiveness of a network defense program.

"Performing regular security audits is a vital step companies must take to keep up with the changing security landscape," said Eric Ogren, Senior Analyst at the Yankee Group. "With each new breed of attack, it is clear that best practices in IT security must be achieved for organizations to effectively protect critical network assets."

Based on these Laws, the Yankee Group defines four dynamic best practices for vulnerability management as:

1. Classify: Enterprises should identify and categorize all network resources. They should classify these resources into categories and tier a hierarchy of assets by value to the business. Critical assets should be audited every 5 to 10 days to identify vulnerabilities and protect against exploits. Based on hierarchical priority, lower category assets can be scanned less frequently as the work plans to patch will also be less frequent.

2. Integrate: To improve effectiveness of various security technologies such as server and desktop discovery systems, patch management systems, and upgrade services, enterprises must integrate with vulnerability management technologies. Best practice organizations should also report on operational progress against vulnerability goals to raise the level of awareness for security within the executive management team.

3. Measure: Enterprises need to measure their networks against the half-life curve and persistence curves of vulnerabilities. Graphically track the percentage of vulnerabilities mitigated within each 30-day cycle and the number of vulnerabilities that extend past 180 days. Chart the security team's performance to make sure the end result is risk reduction, especially to critical assets.

4. Audit: Security officers should utilize the results of vulnerability scans to understand a corporation's network security posture. Use the metrics to evaluate successes and failures of different policies to improve security performance. Use audit metrics to communicate security status to senior management.

Soon after the business trip to this InfoSec World event, the notes written then can still provide us additional vital context, as we commercialize our travel to Space.

They give us some basis for how over two decades later, the best practices are still very much the same.

Except for this.

Today, "Vulnerability Management" now has the Cloud, Quantum and more powerful AI…

OSINT 2: When is it Time?

Wonder why some companies don't have a more proactive OSINT (Open Source Intelligence) operation inside their own institution, looking at and analyzing potential “Threat Intel” across their global domains?

While there are very expensive services that can package up exactly what you are looking for, sometimes it just takes a little more time and the right “Sources."

You could get a service at x-iDefense or even a more wide range of collection capabilities from the likes of x-Cyveillance to assist the in-house OSINT operation.

Throw in some Stratfor, OSAC and one or more variations of Symantec or Qualys or Seerist and you have it mostly covered. Except for one thing.

Plenty of "Gray Matter.”  How many qualified analysts do you have on your team?

We might agree that there is more information out there than anyone could possibly imagine accessible with a few clicks and keystrokes.

Yet the easy part is the collection and the filtering or storage. Making any sense of it all with the relevance you seek is the "Holy Grail" for you, today.

Yet that might change tomorrow.

It's the consistent development of a new hypothesis and testing it that determines who will get the next new piece of information ready for OSINT.

And still the question remains. Will this be better kept a secret, or out in the “Wild"?

The argument usually isn't whether the results of the test should be published, it's more about when to publish.

Open Source Intelligence is going to be around for some time to come. The tools are getting even better to find and process massive volumes of information.

Think AI.  Think GPU.

The only real impediment will continue to be those who want to wait and hold on to it, a little longer…

Global Risk Economy: Follow the Money...

Operational Risk in the global economy is migrating to places that 10 years ago would not have been easily forecasted.

New countries, financial institutions and software technologies have changed the playing field for our risk management executives.

Why is this happening?

One example is the movement of employment to more emerging markets where corporate tax rates are lower and the supply of talented workers with specific skill sets is prevalent.

The simple movement of people and systems to those new countries creates new found risks that may not have been as pervasive in the past for the institution.

Another example is the evolution of new computing platform paradigms such as the emergence of "The Cloud" or “Infrastructure-as-a-Service".

This outsourced IT model not only provides economy of scale in terms of just in time computing power but also the more economical licensing models.

Operational Risk within the confines of the global workplace will continue to follow what countries are attractive and where these people and the systems are now operating from.

Along with this migration of responsibilities of vital corporate processes to other cultures and countries comes the risks associated with potential lack of safeguards, both legally and to the physical protection of key corporate assets.

In the United States, our “True International Economy" explains why there are tens of millions of employees now working for US-based corporations outside the country.

Once you have accepted this fact, your personal risk mindset may also change.

How many U.S. organizations have now moved their Corporate Headquarters to Dublin?

How many American companies now have personnel in foreign countries reviewing online “Social Media” content with the assistance of AI?

"You may have heard the phrase "Follow The Money" in several contexts in the past."

Whether it was Watergate investigations in the 70's or now the 2020’s and the new “Global War in Space”.

The real-time tracking of where money flows, can be a core indicator of where Operational Risk managers need to keep their radar focused and on high alert.

Operational Risk Management (ORM) in the next decade will take on a whole new international meaning and significance than it currently does today.

The risks associated with people, processes, systems and external events will become even more exponential…

operational risk

OPS Risk: Global Digital Spring...

Over a decade later since the Arab Spring of 2011, our planet has witnessed the growth of personal mobile communications and the explosion of the Quantum "Internet of Things".

The utilization of wireless mobile communications and its intersection with social media apps in our emerging nations civilian environments is here to stay. 

How these latest digital consumer-based applications have been now leveraged for situational awareness (GPS) and information operations is exploding across the emerging nations, where the mobile Internet is now gaining even more ubiquitous use.

What this also means for our risk managers in the C-Suites of major technology companies is a heightened sensitivity and awareness to the ways your tools and capabilities could be utilized in the hands of the wrong end user.

No different than the early days of unleashing certain web tools like Metasploit, to help understand our digital vulnerabilities within the confines of the corporate enterprise.

These same new open-source “App tools” could be utilized by nefarious cyber forces to quickly exploit the unknown weaknesses in our own U.S. government and corporate network systems.

Yet like many inventions by our mission-driven mankind, they can be used for good and simultaneously for evil in the hands of a certain person.

Operational Risk Management in the high technology sector (Ai?) will be just as much of an imperative for continuous compliance as the manufacturing and international shipment of products from Barrett or the manufacturers of Detcord.

The "Export Control" compliance mechanism is here to stay and companies who operate in the new age of emerging social media via mobile technologies, will need more effective OFAC internal controls.

Operational Risks may exist within the business processes that you use with your international sales and business development organization.

When was the last time you had a compliance-based OFAC discussion within the ranks of the C-Suite at your new emerging technology company?

Are you fully funded by the VCs and ready to sell your new encrypted FinTech or social media app for Android to the world?

Innovative organizations need to make sure that part of the roll out strategy, encompasses the effective conversations with the correct government departments.

This is also to determine the right process and the online tools available to better understand where and who you can sell your products to outside of the United States.

The worlds last “Arab Spring” and the next organized movement utilizing social media and satellite mobile Internet technologies that include encrypted messaging, GPS and live video, shall be even more closely scrutinized by internal compliance officers and the regulatory watchdogs domestically and abroad.

Yet the most effective internal management tools going forward, may just lie in the same ones used by your own Mother and Father growing up.

The ethical and the growing moral arguments in many cases can have a dramatic impact on young people at an early stage in their lives, as you hand them their first mobile phone as a parent.

Perhaps it is still not too late to remind and reinforce and to emphasize the fact that our exponential High-performance computing (HPC) cyber environments, are powering nothing more than the digital mirror image of the physical world we already know about. Both Good and Bad.

Our future of effective enterprise Operational Risk Management (ORM) online and the effective compliance with potential legal sanctions, may well begin with a heart-to-heart conversation at your next company executive retreat or “All-Hands” fire side chat meeting...

Mosaic: Launching New Solution Navigators…

There are countless people and organizations who are articulating the problems that exist in your agency, your business or your non-profit.

Some international entrepreneurs are assisting those who have not developed their own concept selection and development team with solving the identified and validated problems.

The challenge in most entities has been enough resources and the correct people dedicated to defining the problem-sets and then applying a proven methodology for creating a solution space with a mission to deliver potential prototypes for testing.

How fast does your organization move from “Problem Definitions” to “Deliverable Solutions” ?

Well that is going to depend on what business or industry you are competing in across your geographic area. Are you in a small business? A regional enterprise. The national leader in ordering stuff online made by someone else and then delivering it to your customers household doorsteps?

Or are you in a services institution that invents and delivers new process designs. New intellectual capital. New creative ideas. New real-time OSINT information.

Moving from a past historical era where “Problem-space to “Solution-space” may take years, now our 2022 world is witnessing this time line whittled down to days, hours or even seconds.

In our current digital environment, utilizing Quantum capabilities, the problem may be solved in a minute or a second or two.

If you are trying to launch the next space craft to the Moon or Mars or beyond, it could take longer.

Yet what does all of this focus on true innovation really mean to “John Q. Citizen”?

So what?

Do you remember the first time you used Mosaic? What about the Netscape Navigator?

If you do remember, then you have a substantial set of real context on the topic of and history of creative innovation. Solving real-problems.

You actually understand and witnessed the speed at which people are capable of creating “New”.

Defining problem-sets to creating new solution-sets was a daily process for all of those "Digital Navigators" with electronic keyboards and modems in the early 1990’s.

Utilizing our Earths new World Wide Web technologies and capabilities, provided so many with the ability to explore, experiment and test, then to deliver new product solutions for those who did not even know they had a problem yet.

For those so interested in the future of our world and so eager to be innovators in 2022, sometimes you just have to study the past for a lesson. Maybe even read up on Mosaic on Wikipedia.

This journey has been epic. Now get out there and “Do” what you have a passion for and that will make a difference on this rock!

Organizational Design: Transition Speed into Action...

How would you change the design of your organization in order to accelerate your transition speed into action?

Now that you have just completed the phase of creative solution development that has produced five new designed prototypes, what is next?

How fast will you be able to put these into action with others on the front lines?

When might you and your organization deploy a cadre of people who have a single mission?

The “Mission Leaders Team” shall take the new designs and will be putting them into the air, onto the cloud server or in the hands of the true operators, who are in the game each hour of each day.

You see, your problem is not the pace of your innovation within your organization. It is the ability to more rapidly apply what you have learned, from all of your failed experiments in the field. It is the current design of your organization that requires new change.

Your ability to get the new tangible answers into operation with your most talented and able people is your next summit. Your next finish line. Your next destination. Who are these people?

The five new prototypes shall be demonstrated and documented with quiet care, so that you might expand the testing, the experiments in new environments. Why?

To learn faster than your adversary. To achieve market dominance before your competition. To deliver solutions to those in need just-in-time.

As the "Mission Leader" in your organization, you shall design the methodology and the process for others to view in real-time.

Allow each other to see, feel and witness the outcomes of the idea, the invention or the intended solution.

So what?

The transition phase is now before you. Take it and deploy it across the organization to those geographic locations that will allow you to learn faster. To decide with new insights gaining speed with the correct operators in the field.

Understand. Decide. Act.

Repeat.

Let us know what you learn and when you learn it. We might just be able to take this and apply it to our own team, in our own Area of Responsibility.

Now get out there…Onward!

Mission Resilience: Our Digital Trust in 2050...

“If we are to prevail as a civil, global society, designing and achieving digital trust is now a necessity. We must find the courage to move beyond what seems to work today but actually is crumbling. We must move beyond merely shoring up our defenses with stronger, more robust spending. Instead, we must begin anew, replacing what is with what needs to be—a robust, dynamic, interconnected, digital space through which we can communicate and live as a global society. In doing so, we can improve our confidence in our decisions and the decisions of our leaders.”—Jeffrey Ritter-Achieving Digital Trust

Our organizations across Corporate and Major Metropolitan areas of the world are at the epicenter of our trust.

It is Cybersecurity Awareness month in the United States in October again and the number of Ransomware incidents is rising on a daily basis. Cryptocurrency is being used on the “Dark Web” to complete transactions that go well beyond the purchase of digital keys, to unlock stolen and encrypted data from those digitally frozen municipalities, hospitals, and other vital corporate Critical Infrastructure entities.

The CIA finally has a “China Mission Center” dedicated to the continuous analysis and proactive geopolitical actions to protect the invisible, yet ever more present digital influence operations across the Internet.

How will the challenges of our "Digital Domains" change from their foundations of open communications and collaboration to major systems disruption and loss of trust?

How might we proceed community-by-community both online and face-to-face, to raise the level of integrity and confidence in our accelerating digital age?

Our future for a trusted and civil global economy will depend upon our respective confidence in the digital world we all have created this past two decades.

The algorithms and the software code have largely been written by humans, who are still so capable of making errors.

The opportunity for us all, is to increase the quality of our digital world and to better manage the forensic initiatives that will still lie ahead of us.

In the Board Room, the GSOC Center and every desktop where humans type on keyboards in a protected building, located off Chain Bridge Road near Georgetown Pike, the challenges will continue to rise.

Writing the descriptive words for an all-source PDB or coding in the syntax and semantic language known as Python, our technology tools remain open to exploit.

Our digital trust relies on the people with decades of hands on experience and the people who will design the software to run our growing infrastructure of tomorrow.

Mission continuity and operational resilience is the next digital wave of innovation required to build trust across our cities and across continents. 

Critical Infrastructure Protection must remain pervasive, engineered into all that we design and deliver with Confidence, Integrity and Assurance…

Discontinuity: Breakpoint To Our Future…

Can you feel the wind in your face? The smell of the ocean breeze as you watch the sun set into the Pacific.

There is a sense of change in the wind before us. Our world is in great anticipation of new and promising projects, endeavors and a renewed sense of daily purpose.

The Covid-19 pandemic of 2020 will never be forgotten. It is now part of our "Global History," just as our other historical challenges.

Former plagues including new vaccine discoveries, inventions such as the automobile, or our human space travels to the Moon.

Our history that includes World Wars and others that became apparent the morning of September 11, 2001.

Yet the new opportunity for our personal and our organizational change that is now on our doorstep, shall not be disrupted.

How might you proceed, into the next 365 days with the ambition to learn from our history?

What will you pledge your allegiance to, as you break through all that has held you back during this pandemic, certainly not the last one that we will endure here on Earth.

After our first quarter of 2021, our United States ambition and enthusiasm is building towards a tremendous future. A future that will be full of new found innovation and promise.

You see, the "Discontinuity" in society creates breakpoints. Just as The "Arab Spring" and the forming digital systems social revolution that now lies before us, it creates new crisis and simultaneous opportunities.

Both are challenges for people, business, governments and global economies to analyze and rationalize.

Will you innovate? Or stagnate?

If you are a policy maker in your organization, what are you doing to innovate?

Do you have new solutions for the changing Operational Risks to be encountered, as your employees and citizens travel the globe and make vital decisions for your enterprise?

If you are the main policy bodies within your government, what have you done lately to find new creativity to address the potential opportunity before you?

If you are the head-of-household, how might you pivot to a new independent "Gig" to enhance your dreams?

In either case, the speed of change and the ability to learn and adapt, will certainly decide your future...

Digital Overmatch: Senior Leaders Survival…

“These three qualities of trust decisions—rules-based; fueled by information; mathematical—allow us to embrace an understanding of trust that rejects both instincts and emotions. Instead, trust (or the absence of trust) is and always has been the resulting sum of a rules-based, information-fueled calculation.” —Achieving Digital Trust -Jeffrey Ritter

On the asymmetric battlefield unfolding before us, how will you assess your final outcomes?

The digital velocity of our day-to-day “Trust Decisions” are accelerating past our own cognition. Yet we are now beyond what the sensors are showing us. What is True?

overmatch - verb

over· match | \ ˌō-vər-ˈmach\

overmatched; overmatching; overmatches

Definition of overmatch

transitive verb

1 : to be more than a match for : defeat

2 : to match with a superior opponent

How could a “Software Development Kit” (SDK) in the hands of our contracted outsourced digital engineers, become our greatest vulnerability?

The tens of thousands of organizations utilizing software from SolarWinds now understand, that a supply chain “Back Door” exploit, motivated by pure espionage, is just the first sign of a match with a superior opponent.

How will Sunburst, Sunspot, Teardrop or even Facebook or YouTube, become your greatest adversary in the near future?

The failure of your own Third-Party suppliers “Software Quality Assurance” process, combined with your own organizations business aspirations to more quickly satisfy your Customer, Constituent or Senior Leaders emotions, will be your next “Operational Risk Management” (ORM) challenge. (Read this last sentence again, slowly.)

How might you, as a vital individual in the accelerating digital process to Understand, Decide and Act, make even higher quality “Trust Decisions”?

• Ask more informed questions with your OPS Risk Subject-Matter-Experts side-by-side.
• Realize that the speed of your decision, could jeopardize your own organizations livelihood.
• Know the rules and monitor human behaviors, that can jeopardize intended outcomes.

When software, the Internet and people are combined, your risk exposure expands significantly.

In 2021, the “Quality Assurance” steps you take along your path, will make all the difference. Is the light “On or “Off”? Is the number a “Zero” 0 or is it a “One” 1? What is True?

The outcomes of your future endeavors will continuously rely, on the complexity of the environment you are operating within and the discipline you shall require to survive there…

Cultural Cognition: The Velocity of our Future...

“The true sign of intelligence is not knowledge, but imagination” - Albert Einstein

In the culture that you are part of, there are Trust Decisions being made in seconds based upon rules.  Yet your particular culture has evolved over time, also because of the affinity that your culture attracts other people, just like you.

The question is, who do you really aspire to be?

“How do you make trust decisions about people, associations, tools, or their value when the information upon which you will rely is increasingly digital and intangible?

In a global culture in which digital trust is under attack and degrading, how can you build and engender old-fashioned human trust with your customers, business partners, associates, and employees?” -Jeffrey Ritter - Achieving Digital Trust - P. 21

When you enter the realm of a culture that is constantly being recorded, digitized, captured, communicated and transferred, the behaviors and thoughts of people will be studied.  They will be analyzed and they will be judged.

What are you doing today to learn and improve how you operate in a digital world?  How are you making decisions between trust, and pure risk?

Our cultures are rapidly evolving towards “Artificial Intelligence” and tool sets to assist humans in making more informed decisions, faster.  Why?

Quality and Velocity.

What made you decide to learn Mathematics?  How did you decide to become a Software Engineer?

What made you decide to learn the Law?  How did you decide to become a Lawyer?

You like rules don’t you.  You have a hard time living in a world, where the rules are being ignored or broken.

How fast will you be able to adapt to the change in the “Digital Ecosystems” that mankind has created on our Earth?

The truth is, you and your organizational culture is already in the midst of an “S” curve and you must now “Grow or Die”.

To improve and adapt in a world, that is accelerating and whose velocity is reaching light speed requires new tools and mechanisms to assist us in our “Trust Decisions”.

For those cultures and situations where trust is at stake, the utilization of technological inventions will evolve and grow as the standards for evaluating the truth.

We as humans are already at a point where we are trusting digital devices and machines, more than we trust ourselves.

The Safety, Security and Velocity of the evolution of our Digital Future is at stake.

Now is the time for our cultures to recognize, question, learn and improve how we engage with our machines, our software, our Mathematics and our Law.

It is now all about our TrustDecisions…

TrustDecisions: Understand, Decide, Act...

From the Board Room to our modern day asymmetric battlefield, Jeffrey Ritter’s Achieving Digital Trust will open eyes. It provides us with a reference model that management and software architects have been seeking. The survival of the Internet as we know it is currently at stake. This book provides a look into the transparency of «Trust Decisions» and how ensuring digital truth will shape our global governance for decades to come.

"How do you decide to trust digital information that is intangible and cannot be lifted, opened, or flipped through?

What questions do you need to ask to conclude that trust is justified in both digital information and the sources from which you acquire the information?

How do you make trust decisions about people, associations, tools, or their value when the infor- mation upon which you will rely is increasingly digital and intangible?

In a global culture in which digital trust is under attack and degrading, how can you build and engender old-fashioned human trust with your customers, business partners, associates, and employees?

Flooded with digital information, devices, and the capacity for others to question decisions, how can you make better decisions, choose the superior alternatives, and reduce the number of decisions that “just take the risk” because of data that is missing or not proven to be reliable?

Can achieving digital trust be proven to be good business and create new wealth in a global, 24/7/365 marketplace that demands increasing velocity while also increasing the risks of living digitally?" 

  Page 21 Achieving Digital Trust:  The New Rules for Business At The Speed of Light - Jeffrey Ritter

Are you reading this on your Macbook?  iPhone?  Or on one of the dozens of variations of devices using the Android Operating System?  Why?

Think about the origin of the words you are reading.  Are they manifested from the brain of a human who is typing the words on a keyboard?  Or could it be a computer creating this digital content purely from some form of artifical intelligence?

How would you judge the trustworthiness of this digital information, if you could verify that it was written by a person vs. a machine?

All of us make split second decisions on who and what we will trust.  By the way it looks.  By the way it moves.  By the way it smells.  By the way it sounds.

Now, make a slight shift in your mind set to the mechanism we define as "Advertising".

How do you as a human, accept and process an advertisment in a cognitive way?

cog·​ni·​tive | \ ˈkäg-nə-tiv
Definition of cognitive

1 : of, relating to, being, or involving conscious intellectual activity (such as thinking, reasoning, or remembering) cognitive impairment

2 : based on or capable of being reduced to empirical factual knowledge

Why are advertisements necessary on the televsion you watch?  Do you every find yourself muting the advertisements?  Do you record all of your shows on the DVR so you can purposefully Fast Forward through the Ads?

At the same time, you may have a brand, company or person that you respect and trust.  You are loyal to that brand, company or person for several reasons.  Much of that has to do with "TrustDecisions".

When you read the words in a book by an author with their name printed on the cover, do you value and trust what they have written?  It depends on the author, right?  Who is that person and do you trust that what they have written is worth consideration.

We all have our own trusted sources of information.  Our Go-To authors.  Our news feeds.  Our verified intelligence.

Now visit this company on the Net:  Primer.ai

Now that you have reviewed the company Primer, and you see and think you understand their product solutions, the people behind the software solutions, the investors in the company, what do you think about next?

After all, a web site is just an Advertisement right?  Your Decision to Trust has all to do with words written, colors used, visual pictures and even sounds (think music).

Based upon what you have read and see, do you trust the products and services of Primer.ai?

Based upon what you have read and see or feel or hear, do you trust your Doctor, your Priest, your Lawyer, your Bank, your Airline, your Employer or your Digital VPN?

You see, most people do not even think long enough about the origins of trust or the origin of their own trust in something or someone.  Unless you are in the business of research, questioning or creating hypotheses on an hourly basis.

Unless these can also mean the life or death of another person and/or the factual truth of something not present to the naked eye, your hearing or your taste or smell.

hy·​poth·​e·​sis | \ hī-ˈpä-thə-səs
\
plural hypotheses\ hī-​ˈpä-​thə-​ˌsēz
\
Definition of hypothesis

1a : an assumption or concession made for the sake of argument
b : an interpretation of a practical situation or condition taken as the ground for action

2 : a tentative assumption made in order to draw out and test its logical or empirical consequences

3 : the antecedent clause of a conditional statement

When you encounter the conscience world before you, whether it be Face-to-Face with another human, with written words by an author, by the spoken words of an advertisement or news broadcaster, think more deeply about this.

• "Every transaction creating wealth first requires an affirmative decision to trust.
• Building trust creates new wealth. Sustaining trust creates recurring wealth.
• Achieving trust superior to your competition achieves market dominance.
• Leadership rises (or falls) based on trust (or the absence of trust)."

 Page 35-36 Achieving Digital Trust:  The New Rules for Business At The Speed of Light - Jeffrey Ritter

Now that you Understand, it is time to Decide.  Then you must Act... 

FIRST Responders: Our New Age of Learning...

“Vulnerability is the birthplace of innovation, creativity and change.”
― Brene Brown

What will we learn during this COVID-19 crisis?  How did we learn as a result of the incident known as 9/11?

Our vulnerability this time, is far beyond scanning luggage and the new processes for ID check or travel analysis.  Brene Brown has been trying to educate us, in so many important ways.

In all our years of an "All Hazards" Homeland risk management philosophy, what have we learned?  How will we Assess, Prepare, Respond and Recover even better, from this point forward?

What have you discovered about your organizations ability to adapt, innovate, create and change during this first quarter of 2020?  Will you even survive?

One key item may have revealed itself in your experience so far.  How would you improve your organization, when it comes to "Incident Response"?

One truth is, that our individuals who have a "C" in their title acronym, (CEO, CSO, CIO, CTO, CISO, CMO, CRO) have been challenged in new ways.  These same leaders have not trained enough, or long enough in this past decade.  Complacency is now becoming apparent again.

Our leadership skills have all been exposed to the vulnerabilites of people, processes, systems and external events.  We have been caught off guard on a spectrum of challenging global incidents just these past 24 months.  A crisis spectrum that spans our physical world.  Also to our invisible virtual digital world.

Our growing "Incident Response Spectrum" is wide and vast.  It still requires specialized skills and knowledge to address the kind of change, that will now increasingly be required, in Fortune 500 Global Companies, Mid-Market INC 500 emerging businesses and especially, our Small-Medium Businesses (SMB).

How will we continuously Adapt, Create and Change from this point forward?

You almost could have predicted, how well our cities and our local municipal governments would fare in the COVID-19 crisis?  An invisible threat vector.  How?

Look at just one example.  How well have our cities and Critical Infrastructure organizations performed during their "Incident Response" from the dozens of Ransomware Attacks?  Digital malware, that has plagued our cities these past few years.

Ask Baltimore, MD about their particular learning curve, on what they have learned since discovering their own vulnerabilities.  How they discovered the real value. of effective Incident Response.

Look at another emerging example.  How well have our U.S. companies been exercising their "Incident Response" plans with disruptions to our Supply Chains?  Issues with the availability of critical equipment and commodities, that previously would never have thought to be so vital to our ongoing response?

America.  This new era going forward, is going to be about our innovation age all over again.  It will be all about creativity.  And it will be much more about dramatic change.

Most of all, it will be about finding grace.  About our compassion.  You see, we are Americans.  Our endurance and our leadership, is inherent to our people and all of the U.S. organizations, that will rise up to meet this crisis and others in our future.

So what?

Our Incident Response and Security Teams will be learning even more now.  Our organizations will be "Up Skilling" or "Skilling Up," with new found tools, processes and policies.

Our supply chains will become even more resilient.  Our Critical Infrastructure and essential services will be gearing up for the "W" curve of recovery.

So what will you be doing to innovate and create a new mechanism to make us even better?

How will you do it with grace and compassion while working towards collaboration with others, instead of just being competitive?

Our American tragedy, will not just be about how many people have died.  This alone is enough.

Yet, it will be about our FIRST Responders.

This new spectrum of FIRST Responders, is so much wider than you ever realized.  Who is a FIRST Responder in your organization?  In your entire community.

The skills and knowledge of our FIRST Responders from this point foward, must improve, will expand and we will do this all together.

This next paradigm, is about Communication, Cooperation and ongoing Collaborative Education.

Will you join us...

Culture: Systems of Trust in Your Worldview...

Why are you spending your time on this?  Why does it mean this much to you?  Why do you continue to do it day after day?  Why is it so important to you?

Your particular purpose in life may be different than others.  The question is, are you bold enough to be transparent enough to tell the world who you are and what compels you on your daily mission?

The people who surround you and look up to you are waiting.  They are seeking your real purpose, your particular life mission.  The role of a leader, is to make sure that they truly know you and what your "Why" is every day.

When you begin to study the life journey of leaders at companies such as General Electric what do you think about?  Jack Welch created a noble company and a unique culture there to be certain.  So how do you compare it, with a company like Apple, Palantir, Costco or even SpaceX.

The founders or key leaders that shaped and built the culture there, forever shape the mission and the employees vision of the "Why."

How effective have you been as an "Operational Risk Management" practitioner in your life so far?  The ability to sense, process and mitigate operational risks in any system is a worthwhile purpose, personally and professionally.

Whether you are approaching a person, artificial intelligence, an organization or an agency with your new ideas, products or services, they all require several key elements as a system.  First and foremost, how do you build Trust?

"It is really very simple. In the foreseeable future, we will not function as a global society without the Net and the immense digital resources and information assets of our society. The addiction is established—commerce, government, education, and our neigh- bors offer no option other than to require that we rely upon digital information in making decisions. But we will not function success- fully if the war for control of those assets is lost. The battlefield, however, is the one on which trust is to be gained or lost—trust in the information we use, trust in the infrastructures that support us, and trust in the decisions we make in a digital world."  ― Jeffrey Ritter

In 2020 and beyond, what and who will you "Trust?"  How will you build systems that are trustworthy?  In your relationships, family, organization or agency, there are risks to sense, to process and to mitigate.

Why will you be more aware of the "Trust Decisions" you have to achieve today?  Your particular culture and livelihood depends on it...