Going back through my email makes me laugh.  As crazy as I probably seem to my blog readers, there are things that I can’t really share with the world.  This is not one of them, but it could be offensive to some people, so rest assured I’m joking, people.   =)

PS-9 Stalinistic Purge of the IT Department
Control:
The organization: (i) conducts periodic arrests and interrogations on any member of its staff deemed to have “significant security responsibility”; and (ii) asks personnel being interrogated to name three (3) of their accomplices.

Supplemental Guidance:
Geeks are like peasant-workers.  You have to intimidate them at periodic intervals so that they don’t think they can take over the business functions of your organization.

Control Enhancements:
(1) The organization establishes a “show trial” system to publicly humiliate personnel being interrogated as a deterrent to other personnel who might be considering challenging the management structure.
(2) The organization hoists the heads of those found guilty of “crimes against the organization” on a pike at the entrance to the organizations headquarters or data center.

Low: PS-9  Moderate: PS-9(1)  High: PS-9(1)(2)

• Guerilla CISO Tip: Get Inside the Data Center
• How I Do the “FISMA Thang”
• More Security Controls You Won’t See in SP 800-53
• Yet More Security Controls You Won’t See in SP 800-53
• How Much Security Should the Outsourcer Do?