s t e a d y . o r g

…in search of balance on two wheels, in the kitchen, and with the family

Time of Reckoning?

I’ve been a long time subscriber to SANS news letters.  Most days I have too much to do to really read them, but today as I was wrapping up the day I came across this nugget:

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

A fascinating battle is taking place today in the struggle between those

who recognize the need to move quickly to continuous security monitoring

(of critical controls) and those who are clinging to the now discredited

practice of preparing out-of-date, paper-based reports about security.

A US Office-of-Management-and-Budget-led initiative to improve the

metrics by which agencies assessed cyber threats was 50% successful and

50% hijacked by the report writers. All the federal CISOs were asked

this morning to help shape the metrics.  We’ll let you know week by week

how the battle goes.  It matters because billions of dollars were thrown

away (according to sworn Congressional testimony) on the discredited

reports. Once the federal government makes the transition to automation,

the defense industrial base, and then the rest of the US critical

infrastructure will shift quickly. And that will radically improve the

job prospects for people who can reduce risk vs. those who just write

about risk.

<snip>

TOP OF THE NEWS

–FISMA 2.0 Advances in the US House of Representatives

A bill that transforms FISMA from encouraging paper-pushing to automated

monitoring of security advanced in the House. The bill also calls for

the jobs of the White House Cyber Czar and Chief Technology Officer to

be permanent and subject to Senate Confirmation.

http://www.nextgov.com/nextgov/ng_20100505_8690.php?oref=topnews

Oh, how I would love to see the day come when Information Security wasn’t dominated by people who can’t do a damn thing to mitigate risk but do a great job talking the talk and writing the copy about it.  I cannot count how many times I’ve run into a supposed “expert” who couldn’t even begin to pull apart a packet capture or tell me the difference between a Layer2 address and a Layer3 address.  It is, as they say, Frustrating.

Tagged with:

Categorised as: computing, daily life, frowns, frustration, geek, incongruities, information, internet, irritants, rants, struggles, technology

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>