A Step Inside the Guerilla CISOs Mind
...security model (and many other things) works
Bookmark to
The Guerilla CISO
 |  |
 |  |
 |  |
 |
Showing 1-10 of 39 records
| |
| |
| |
|
Legacy Systems: Where the Catalog Falls Apart and LOLCATS Roam
...security is a myth. Compliance in IT security with legacy systems is like a chupacabbra riding a white unicorn chasing a leprechaun while waving Excalibur. And the auditors just shake their head and wonder why you cant just comply
Anyway, on to the LOLCATZ (note that Im getting all creative-stylie with haikus this week, must be something in...
| |
| |
| |
|
No, FISMA Doesnt Require That, Silly Product Pushers
...security specifications set by the National Institute of Standards and Technology, and it has been reported that the federal government s Office of Management and Budget (OMB) plans to begin enforcing DNSSEC requirements through an auditing process, setting the standard for DNS best practices
Yep, if you stamp FISMA on it, people will buy it,...
| |
| |
| |
|
C&A Seminar in August, Instructor-to-Coolness Ratio Goes Up!
Potomac Forum is having a 2-day C&A seminar on August 6th and 7th . It will be unusually good this time because I wont be there to drag everybody downIll be on the road for some training. =) Anyway, check it out and say hi to my instructors from me
Bookmark to
| |
| |
| |
|
LOLCATS Take on Catalog of Controls
Guys, please remember that the controls from SP 800-53 and the test cases from SP 800-53A need to be tailored. Otherwise, theyre as useful as a watermelon in a lake is to a kitteh
Bookmark to
| |
| |
| |
|
On Government Employees, Culture, and Survivability
...security: its all an issue of culture. I have a friend who converted a year ago to a GS-scale employee and took a class on what motivates government employees. Some of these are obvious
Pride at making a difference
Helping people
Supporting a cause
Gaining unique experience on a global-class scope
Job stability
Retirement benefits
And one...
| |
| |
| |
|
FISMA Reporting Guidance for 2008
Its out. Check it out in the OMB Memo. Ill most likely have something pithy to say when I look at it a little bit more, but it looks like its mostly the same as last year
Anyway, you can get it here, its OMB Memo 08-21
Bookmark to
| |
| |
| |
|
Friday Subversive MusicThe Dead Kennedys
Its even funnier when you know about the Frankenchrist album trial just a couple of years later
Bookmark to
| |
| |
| |
|
Exhaustive Security Testing is Bad For You
Hot on the heels of Security Assessments as Fraud, Waste, and Abuse comes this heartwarming lolcat
Bookmark to
| |
| |
| |
|
Security Assessments as Fraud, Waste, and Abuse
...information security does not scale the way that we need it to for ST&E, and we need to understand this in order to fix security in the Government
What we need to be doing is Security Test and Evaluation which is focused on risk, not on compliance using a checklist of control objectives. Usually if you know enough to say Wow, your patch...