After jamming to get a new budget and do annual FISMA reporting, our Government security leaders take a small breather before elections and transition to a new administration.

• Preliminary Findings on Cybersecurity Review Now Out
• The Authorizing Official and the Lolcat
• LOLCATS Take on the Pre-Election Slowdown
• Cyber-FEMA LOLCATS Prepare for Cyber-Katrina
• Lolcats, Capital Hill, and a Haiku

Well, other than the fact that I think TIC isn’t about reducing the attack footprint of the Government (more to follow on this), it makes a fun compliance pinata to whack at.

• Beware the Audit Hammer
• The InfoSec D-List and IKANHAZFIZMA
• Preliminary Findings on Cybersecurity Review Now Out
• IKANHAZFIZMA and Transparency
• Snowmageddon Meets the IKANHAZFIZMA Lolcats

Since it’s SCAP week here inside the beltway, I thought that it would be a fitting theme for today’s IKANHAZFIZMA.

• Redundant Lolcats
• Lolcats and QR Codes
• LOLCATS: Defending our Cyber-Turf
• Bolt-On Security
• Lolcats, Capital Hill, and a Haiku

Not exactly security-related, but relevant nonetheless.  And by transition, we mean the activity where all of the senior people in the executive branch rearrange themselves and are replaced by the new president’s appointees like a warped version of “upset the fruit basket”.

• OMB Makes it to LOLCAT Fame
• LOLCATS Take a Break
• LOLCATS Take on MS08-67
• LOLCATS and Hackable Coffee Pots
• LOLCATS, Eric Schmidt, and Privacy

Pet peeve of just about every CISO in existance:  the so-called “audit requirements”.  What they really mean to say is “It’s on the checklist, so it has to be true, just do what I say”.

Without traceability to the actual requirement, items on a checklist are just that: items on a checklist.

Anyway, on to the lulz:

• Auditors and LULZ
• IKANHAZFIZMA Tackles the Consensus Audit Guidelines
• LOLCATS Take on MS08-67
• Continuous Monitoring with LOLCATS
• The Authorizing Official and the Lolcat

PE-52 Self-Destructing RFID Implants
Control:
The organization equips all employees with integrated storage media with self-igniting RFID devices so that they can be tracked throughout any government facility and destroyed upon command.

Supplemental Guidance:
All CISOs know that the information inside their employees’ heads is the real culprit.  When they get a new job, they take that information–all learned on the taxpayers’ dime–with them.  This is a much bigger security risk than the data on a USB drive could ever be.  Instead of denying the obvious truth, why don’t we implement security controls to minimize the impact of out-of-control employees?  This control is brought to you by L Bob Rife.

Control Enhancements:
(1) The organization destroys the information inside an employee’s head when the employee leaves the organization, much like hard drives need to be degaussed before they are sent for maintenance.
Low: MP-52 Moderate: MP-52(1) High: MP-52(1)

• Continuous Monitoring with LOLCATS
• LOLCATS Take on POA&Ms
• Oh to be a Program Manager
• Super Secret Security Control You Were Never Meant To See
• More Security Controls You Won’t See in 800-53: Now in LOLCAT Form!