Posted June 5th, 2008 by
So we had a great bit of weather yesterday. I had just gotten back from lunch with Chris from How Is That Assurance Evidence (pretty smart guy, similar content to myself, worth checking out some time) when I got a tweet from the National Capitol Region Battlespace which is a civil-defense kinda organization but they have a good condensed tweet feed. Anyway, the contents was this: “Severe weather has entered NCR. Frequent lightning, tornado warnings for VA suburbs.” Ooooh, tornado drill time, shut down the home servers, make sure Mrs Rybolov is wearing real shoes not sandals and get ready to bolt to the basement when you hear the train coming through your house. Where’s Mogull to make a pithy saying about how twitter might have finally gotten a legitimate use. =)
Meanwhile, less than 5 miles away at Dulles Airport, Jennifer Leggio was grounded and all but abandoned by the UAL crew who headed to the bunkers, so she had to wheel an elderly nun to safety (BTW, that’s fairly heroic/good-samaritan-like all things considered). I think she finally got home today around late afternoon.
Parts of the DC area lost some power (Falls Church proper still doesn’t have power), including my server, which didn’t come back up when the power came back on because, well, I borked up LILO previously and didn’t know it. After a trip over to see it this afternoon, everything is back to working.
Now from a blogging sense, this was the worst time for me because the day before I put up a slideshow about “What you can learn from the US Government” and now that my server’s back up, I’ve most likely dropped off everybody’s rss feeds. The preso’s still there, go check it out.
After the storm blew through, NCR Battlespace sent the link to this beautifully evil picture of clouds in Alexandria:

Impending Evil photo by Joseph J D’Angelo
Similar Posts:
Posted in Odds-n-Sods |
No Comments »
Tags: extremeweathercloseup • itsatrap
Posted May 19th, 2008 by
I remember it like it was March: Georgia voluntarily adopted FISMA-esque metrics. I just found the policy statement for what they’re collecting in 2008. On a side note, all of Georgia’s security policies feature concepts borrowed from NIST, something I like.
Let’s talk about the scope creep of Government security, shall we? Fact of the matter is, it’s going to happen, and you’ll get eventually get caught up in FISMA if you’re one of the following:
- State and local government
- Government contractor
- Telco
- Government service provider
- COTS software vendor
- Utilities who own “Critical Infrastructure”
Why do I say this? Mainly because just like how the DoD is discovering that it can’t do its InfoSec job without bringing the civilian agencies along due to connectivity and data-sharing issues, the Federal Government is coming to the point where it can’t secure its data without involving these outside entities. Some are providers, but the interesting ones are “business partners”–the people that share data with the Government.
State and local government are the ones to watch for this pending scope creep. The Federal Government works on the premise that the responsibility to protect data follows wherever the data goes–not a bad idea, IMO. If they transfer data to the states, the states need to inherit the security responsibility and appropriate security controls along with it.
Now if I’m a contractor and exchange data with the Government, this is an easy fix: they don’t pay me if I don’t play along with their security requirements. When a new requirement comes along, usually we can haggle over it and both sides will absorb a portion of the cost. While this might be true for some state programs, it becomes a problem when there is no money changing hands and the Federal Government wants to levy its security policies, standards, etc on the states. Then it becomes a revolt against an unfunded mandate like RealID.
There are some indicators of Federal Government scope creep in the Georgia policy. This one’s my favorite:
The performance metrics will also enhance the ability of agencies to respond to a variety of federal government mandates and initiatives, including the Federal Information Security Management Act (FISMA).

Georgia on my Mind by SewPixie.
Similar Posts:
Posted in FISMA, NIST, Risk Management |
No Comments »
Tags: compliance • fisma • georgia • government • infosharing • itsatrap • management • pii • scalability • security • stategovernment