Some days I feel like all this “continuous monitoring” talk around the beltway is just really a codeword for “buy our junk”, much like the old standby “defense in depth”, only instead of firewalls and IDS, it’s desktop and server configuration management.  Even better that it works for both products and services.  The BSOFH in me likes having a phrase like “Near Real-Time Continuous Compliance Monitoring” which can mean anything from “tying thermite grenades to the racks in case of being captured” to “I think I’ll make a ham sandwich for lunch and charge you for the privilege”.

Anyway, our IKANHAZFIZMA lolcats have finally found a control worth monitoring:  the world’s supply of overstuffed cheeseburgers.  This continuous monitoring thing is serious business, just like the Internets.

• Federal Computer Week and S.773
• Metricon is Next Week
• Oh Lookie, Somebody’s Doing What I Said To Do….
• CISOin’ Ain’t Easy, But It’s a Living
• Draft of SP 800-37 R1 is Out for Public Review

There are a couple definitions for “darknet”, all of them valid for this lol.

• Incident Response and Lolcats
• LOLCATS: Defending our Cyber-Turf
• IKANHAZFIZMA and Transparency
• Aurora and LOLCATS
• Snowmageddon Meets the IKANHAZFIZMA Lolcats

Refs:

• I Accidentally
• Marcus Ranum’s Ultimate Firewall

• LOLCATS Take on MS08-67
• Redundant Lolcats
• Lolcats Protect the End Users
• LOLCATS and #CapSec
• LOLCATS and Firewalls

Sometimes it feels like auditing and oversight isn’t really the solution.  In fact, sometimes it feels like it’s part of the problem.  But when you’re sitting on Capitol Hill and your only tools are legislation, oversight, and auditing, you start to think that every problem can be solved with them. </soapbox>

• Senate Homeland Security Hearings and the Lieberman-Carper-Collins Bill
• Blow-By-Blow on S.773–The Cybersecurity Act of 2009–Part 5
• A Funny Thing Happened Last Week on Capital Hill
• Why We Need PCI-DSS to Survive
• In Other News, I’m Saying “Nyet” on S.3474

Do you really need an explanation?  OK, I’ll give you one hint on the meme.

• Beware the Audit Hammer
• LOLCATS: Defending our Cyber-Turf
• The InfoSec D-List and IKANHAZFIZMA
• A Stable InfoSec Program?
• Exhaustive Security Testing is Bad For You

In honor of the FISMA reform hearings last week, our IKANHAZFIZMA lolcats are reenacting government CISOs’ performance on Capital Hill. The haiku is just extra sauce.

• Lolcats and QR Codes
• IKANHAZFIZMA and Transparency
• Redundant Lolcats
• A Funny Thing Happened Last Week on Capital Hill
• Lolcats Protect the End Users