2 blogs from Wired caught my eye today:

• Mom and Lawyer in Montana Hunts Terrorists on the Interweb

• Woman Volunteers to be a “Pain Ray” Guinea Pig

Maybe it’s just me today, but is this like watching a train wreck to anybody else? So fascinating I can’t put it down.

The first story seems like something right out of my Russian classes: the grandmother who hangs camouflage netting on the steeples of PeterburgPetrogradLeningradPeterburg to keep the fascist bombers from using them as aiming points.

Less-lethal weapons are cool to experiment with. I mean, um…. we never did get to lock Schmidt (all 250 pounds of pure muscle) in the shipping container and pop a stinger in after him, but with all the movies I’ve seen with bored joes tasering each other in a supply depot near you, less-lethal weapons seem to be the extreme sports of the year.

Here, watch some more pain ray guinea pigs.

• Blame it all on John Hughes….
• Pandemic Flu Exercise
• Election Year Follies
• Milestones
• Simple Thoughts on Simple Rocks

Today’s story is brought to you by potatoes. After all, I grew up in Idaho, speak Russian and have red hair.  Potatoes are very near to my heart.  =)

So anyways, the middle of the 19th century in Ireland was a horrible time. From 1845 to 1849 (some say 1851), the potatoes rotted in the ground from a horrible oomycete called “Potato Blight”.  This time is known as “The Great Irish Famine”.

Well, one evening during the famine, three farmers were gathered in a local public house sipping Guinness.

The first farmer was crying into his stout. “I can’t believe I planted an acre of potatoes and it all rotted in the field from the blight. Now I have no food for my family.  I don’t know what I’m going to do.”

The second farmer joined in. “And I planted two acres of potatoes and it also rotted in the field from the blight. I also have no food for my family. I don’t know what I’m going to do.”

The third farmer just sat back with a big smile on his face, close to laughing. The other two farmers looked at him with utter shock. “Why the big smile,” they asked, “all of our potatoes are gone.  We’ll probably have to emigrate to America, work in a factory, and never see our beloved homeland again.”

The third farmer kept his wide grin, leaned in and answered, “I might not have any food, but I sure as well didn’t plant any potatoes.”

(You guys are great, no really. Try the veal.  Tip your waitresses, they work hard for you.  I’ll be here all week.)

And yes, by this time you’re wondering what this has to do with information security^wsurvivability (see, I pay attention, Hoff).  Well, it’s a classic case of risk avoidance, but either way, starving is starving.

• Buy a Costume, Get Security Suite Free!
• Communicating the Value of Security Seminar Preview
• Simple Thoughts on Simple Rocks
• Federal CIO Council’s Guidelines on Security and Social Media
• An Open Letter to the Next President of the United States

“See, that security thang, it ain’t so hard.” I guess endpoint security is a complete and utter commodity now. =)   I can feel the cyanide bullet C&D letter coming in the mail any minute now.

From: ZoneAlarm <news@zonealarm.zonelabs.com>
To: rybolov
Sent: Wednesday, October 10, 2007 5:42:47 PM
Subject: Buy a Costume, Get Security Suite Free!

ZoneAlarm® Internet Security Suite FREE! Buycostumes.com has 100s of Halloween costumes: We also have over 100 other special offers available from partners such as Lancôme, Blockbuster and American Express. Find a costume now — get started now!

• Communicating the Value of Security Seminar Preview
• Standard Maturity
• I’m Addicted to the Hans Reiser Trial
• Give Me Your Free-Form Comments
• Back to Blogging

Nice concept on risk management applied to Meerkat Manor. I’m missing the drama, though–the blog posting just didn’t draw me in like it should.

Oh, to be a meerkat on sentry duty performing risk management for the clan. My story would go something like this:

09 October 2007: Dear diary, I drew sentry duty for the third day this week. I know it’s my solemn duty to protect the clan, but my risk assessment has determined that, although a predator is a high-impact event, it is a low rate-of-occurance activity and so I think a better use of my time is in foraging for stray eggs. Besides, if the predators come and eat us all, it’s not like I’ll have to face the Meerkat Manor Board of Directors.

10 October 2007: Dear diary, I grow tired of the incessant looking for predators. I mean, why do us meerkats focus exclusively on detective controls which use up to 15% of our available manpower when we could just as easily reduce the sentries to 5% of our efforts and put in place corrective controls such as trap holes and punji sticks to reduce the threats to our home? The true cost savings is that the effort for corrective controls is a one-time installation where sentry duty is a recurring bill. Didn’t the alpha-pair learn anything in their Masters in Meerkat Administration classes?

11 October 2007: Dear diary, today I instituted a metrics program to gauge the effectiveness of our sentry program and to determine if we are getting the best level of risk for the time that we are investing. So far, I’ve made a bar chart to analyze the total number of predator alerts versus the total number of predator intrusions. I think I have a business case to slowly reduce the ratio of sentries to foragers during the day.

12 October 2007: Dear diary, I noticed today that the younger meerkats are ineffective at sentry duty because of their inability to stand still for long periods of time without chasing each other around the veldt. This is a problem staffing-wise because sentry duty now takes some of the best, well-trained meerkats and takes them out of other occupations. I’m not criticizing my clan leadership, but I just feel like we’re doing a bad job at meerkat time management. Maybe we need to cross-train into other skills.

13 October 2007: Dear diary, I was standing on a rockpile today and the idea hit me: why don’t we do a meerkat predator drill weekly to instill confidence in our abilities to respond to a predator incident? I brought it up to the clan’s alpha-pair and they said they would “take it under advisement”. I guess that’s what it means to be just one of the peons out here, standing in the sun. I swear, if they don’t up my salary from 80 bugs to 90 bugs, I just might leave the clan and start my own on the other side of the hill.

14 October 2007: Dear diary, today we had a visit from the Better Meerkat Bureau’s auditors. Our clan pretended to be extra-vigilant and we put out several extra sentries to try to impress them. Some days I think the auditors would be happy if we all starved to death as long as we were all on sentry duty doing our part to keep the predators at bay. I guess that’s the price of blind compliance.

15 October 2007: Dear diary, I spent 3 hours today in bark training. Apparently the auditors reported back that our barks were substandard, so now we have every-friggin-la-dee-da-merkat out in the hot sun standing in a line practicing how to bark. I mean, come on, it’s barking, we do it all day. We bark when we’re scared. We bark when we’re mad. We bark when we’re hungry. But I guess auditors know what they know, and what they know are checklists, and we didn’t do too well in the bark section of ours for some reason, so here we are practicing.

16 October 2007: Dear diary, I had a meeting today with the meerkats from the “vendor” clan. They want to trade some food for some bald eagle repellent spray and a device called “Hole Access Control” which ensures that only meerkats from my clan can crawl down our holes and into our burrows.  Needless to say, I’m a little skeptical at first, I’ll see if I can get them to throw in an inflatable lion to “sweeten the deal a little”.

Postscript: Added the 16th of October because when I read this a second time I realized that I listed all the problems in the life of today’s risk manager except for vendors. That’s now been fixed. =)

• Core Belief #2 — Risk Management Uber Alles
• Indicator Species
• When Acceptable Risk is Not Acceptable
• A Visit from DCAA
• Meerkats Join the Big 4

I’m utterly shocked now. I’m used to getting vendor spam, but almost always is something like “buy our continuous compliance cr*p” or “make all your SoX problems go away at the drop of a hat and $0.5M”. A whole data center is way out of the ballpark for me.

Anyway, on to the spam:

Rybolov, I understand you are the correct person at $Foo Corporation to contact about data center requirements. If that is not the case, please let me know either by telephone or email reply as to who the correct person is so that I may contact them directly regarding this facility, or feel free to forward this email.

We’ve recently brought to market our Teaneck NJ data center, and it is available for lease at a significant discount to the replacement cost of $25+ million.

The Teaneck property is a 53,000 SF, free-standing secure facility with raised floor and office space. It was most recently occupied by the <large financial institution> as a primary data facility, and has undergone significant upgrades since its initial construction. Some features of the facility are:
– 18,047+/- SF of raised data floor
– 2.5Mw delivers 138 watts/SF and is expandable.
– Multiple fiber providers through diverse building entrances.
– Fully fenced and secured perimeter

There are few, if any, comparable properties available in the greater NYC/NJ area.

If $Foo Corporation is planning for additional data center space, then I’d be happy to talk to you in more detail about this facility or others we currently hold.
I have technical staff available for conference calls and site tours.

Regards.
<name witheld to protect the not-so-innocent>

• Targeted Spam
• Secret Lives of the Cleaning Crew
• My Stalking Spammers
• More Vendor Spam
• My New Fan Club

So all 5 of my blog readers keep coming back. That’s good. =)

But every time I go through my search strings–queries people put into a search engine that take them to my blog–some good questions pop up. I like to look at it every now and then to get a feel for the zeitgeist of who’s looking and reading my stuff. Maybe just deep down inside I’m all egotistical, but really it’s fun to look at the anomalies.

Here is the long tail of my search strings:

• c-word: 2 searches. Yes, I want this meme to stick around for a couple months more. Of course, the post is The C-Word.
• magic ciso: 2 searches. Believe it or not, Sprinkling on the Magic FISMA Fairy Dust is the #1 search result when I checked.
• compliance without “liance”: 1 search. Part of The C-Word.
• A synonym for guerillas: 1 search. Oddly enough, it points to SBU Must Die.
• do financial institutions need a ciso: 1 search. If you have to ask, the answer is “yes”. Next question, please. =) I just can’t find where this search string points to.
• skilcraft us gov pens: 1 search. Yes, the same pens we all know and love. This one also goes to SBU Must Die.

• A Day in the Life of the Feedmaster
• Some Thoughts on Comments to My Blog…
• And Now for Something Completely Different…
• It’s All Friggin’ Magic, Mkay?
• Sprinkling on the Magic FISMA Fairy Dust