fingers on keyboard
The KIT
Knowledge & Information Technology
No. 280 - 18 January 2021
Two ISO Standards on Cybersecurity
Are you ready to part with some Swiss francs? ISO standards are not free, you need to purchase your copy online from their Geneva office -- at least if you want to be legal about it. Each of the documents below costs CHF 88, which is roughly EUR 82 or USD 99.

ISO/IEC 27014:2020, published on Dec. 15, 2020 is called "Information Security, cybersecurity and privacy protection - Governance of information security." According to the abstract, "this document provides guidance on concepts, objectives, and processes for the governance of information security, by which organizations can evaluate, direct, monitor, and communicate the information security-related processes within the organization."

ISO/IEC TS 27100:2020, published on Dec. 16, is entitled "Information Security - Cybersecurity - Overview and Concepts." The specification describes cybersecurity, its context, and "relevant concepts, including how it is related to and different from information security."
Business Architecture Innovation Summit
The Business Architecture Guild will present its next Innovation Summit on March 30 - April 1 (virtually, of course). This annual event "will once again bring together a cross-section of industries, practitioners, experts, and beneficiaries to share their business architecture experiences." Registration costs $375.

The BA Guild offers individual as well as corporate memberships. Individual membership costs $125 a year, and gives (among other resources) the right to download and use the Guide to the Business Architecture Body of Knowledge® (BIZBOK®Guide), a sizable volume, updated twice a year, which is a great tool for business and enterprise architects and for consultants in this domain.
Digital Vaccination Passport
The arrival of vaccines against COVID-19 has raised the prospect of according vaccinated people certain privileges, including travel or returning to the office or school, that would be withheld from those not (yet) vaccinated. Of course, a paper certificate could easily be falsified. The Mayo Clinic, Oracle, Microsoft and several others are teaming together within the Vaccination Credential Initiative to develop a digital card that can prove the bearer's vaccination status. This is not going to be a simple affair, in part because the system relies on the availability of electronic medical records "using the open, interoperable SMART Health Cards specification based on W3C Verifiable Credential and HL7 FHIR (Fast Healthcare Interoperability Resources) standards." Great, except that in many countries, including the U.S., electronic health records are in their infancy. Will a mass vaccination center in the Disney parking lot, or your local pharmacy, provide a compliant record?

Secondly, international adoption will be at minimum chaotic: what about travelers who were vaccinated in another country by a legitimate health organization that is not a participating "data source" for VCI, or where there is already a different national health ID card (such as the Carte Vitale in France)?

Every form of digital ID presents challenges of security, privacy, and equitable access across digital divides. Vaccination credentials will be no different. In addition, people with money who want to violate the rules will incentivize hackers to break the system's safeguards. And yet, as variants emerge and we learn about how long a vaccine is effective, being able to prove one's status is going to literally be vital.
Integrated Industries Digital Showcase

Stay tuned for updates on the next virtual event by Hannover Messe USA. Originally announced for Feb. 23-25 (and the main page for the event still shows those dates), it appears from the schedule and registration pages that the event has been moved to June 15-16. Check back here for updates. The event is free, and should be an excellent opportunity to hear the latest about Internet of Things in manufacturing.
Seen Recently...
"If you can, do it. If you don't know how to, learn it. If you don't want to, you can leave."
-- Slightly paraphrased version of the motto from the CIO's boss at a major university.
talking about the ability of IT personnel to become actors in that institution's 2025 digital strategy

"The video and press release drop 'AI' and 'AI-powered' every other sentence in meaningless incantations."
-- Aaron Gordon, in a "Tech by Vice" article entitled