Rybolov’s note: Vlad’s on a rant, at times like this it’s best sit back, read, and laugh at his curmudgeonly and snark-filled sense of humor.
So there I am having a beer at my favorite brew pub Dogfish Head Alehouse, in Fairfax, when my phone vibrates to this ditty…. I couldn’t get past the “breaking news.”
From: <The SANS Institute>
Sent: Friday, May 28, 2010 4:05 PM
Subject: SANS NewsBites Vol. 12 Num. 42 : House attaches FISMA corrections to Defense Authorization Bill for rapid action
* PGP Signed by an unmatched address: 5/28/2010 at 2:52:21 PM
Breaking News: US House of Representatives attaches new FISMA rewrite to Defense Authorization Bill. The press hasn’t picked it up yet, but NextGov.Com will have a story in a few minutes. This puts one more nail in the coffin of the Federal CISOs and security contractors who think they can go on ignoring OMB and go on wasting money on out of date report writing contracts.
Yet another millstone (pun intended) piece of legislation passed on a Friday with… a cheerleader?!?!??? Whoa.
This ruined what was turning out to be a decent Friday afternoon for me…
My beef is this — I guess I really don’t understand what motivates someone who vilifies Federal CISOs and security contractors in the same sentence? Does the writer believe that CISOs are in the pocket of contractors? Even I am not that much of a cynic… Which CISO’s are “ignoring OMB?” All of them except NASA? Are all of our Government CISOs so out of touch that they LIKE throwing scarce IT dollars away on “out of date report writing contracts?” (sic.) (Vlad – Are hyphens too costly?)
I could drop to an ad hominem attack against the writer, but that’s pretty much unnecessary and probably too easy. I’ll leave that to others.
Suffice to say that what is motivating this newsbit appears IMHO to be less about doing things the right way, and more about doing things their way while grabbing all the headlines and talking head interviews they possibly can. (See “self-licking Ice Cream Cone” in my last post)
Yeah, I’m a cynic. I’m a security professional. What’s yer point?
Posted in FISMA, NIST, Rants, Risk Management | 3 Comments »
Tags: cashcows • compliance • fisma • infosec • itsatrap • law • legislation • management • moneymoneymoney • NIST • omb • pwnage • risk • security