Feeds

•  Posts RSS
•  Comments RSS
• Subscribe via Email

Phone-Readable

Pages

• Home
• About
• Contact
• Papers and Presentations

Photos

Latest Tweets

• At CityZen with @danphilpott and @cyberhiker talking about Burger King.
• @securityintern hey now, calm yerself.
• @csoandy little-known fact: all Michaels are interchangeable. Smiths, too.
• RT @jack_mannino: My early #ff goes to @IE6_must_die
• RT @IE6_must_die: RT @jack_mannino: ProTip: Stop using IE6 http://bit.ly/bsSczi <-OMG what a twitter ID! Love it. =)
• RT @jack_mannino: ProTip: Stop using IE6 http://bit.ly/bsSczi <-There, I fixed it.
• Desktop power supply died. I swapped all the goodies into a new case/motherboard/processor combo and life is much gooder.
• @danielkennedy74 Failure of Concept? Proof of Failure?
• RT @gattaca: Weird press release. $person is giving a cloud security talk at a local library for a fee. Huh? <-That's why @beaker is busy!
• RT @myrcurial Have Infosec Know-how, Will Travel. I'm a Toronto-area Infosec Geek looking for next contract - DM/email me for Resume.

Recent Comments

• Observations on PCI-DSS and Circular Arguments | The Guerilla CISO on Why We Need PCI-DSS to Survive
• 20 Critical Security Controls: Control-by-Control | The Guerilla CISO on 20 Critical Security Controls: What They Did Right and What They Did Wrong
• Opportunity Costs and the 20 Critical Security Controls | The Guerilla CISO on Your Security “Requirements” are Teh Suxxorz
• Lolcats and QR Codes | The Guerilla CISO on Barcode Hacking
• LonerVamp on Observations on PCI-DSS and Circular Arguments

What’s Hot

Tags

Categories

• Army (23)
• BSOFH (15)
• Cyberwar (2)
• Diary of a Startup (3)
• DISA (8)
• FISMA (131)
• Flyfish (20)
• Hack the Planet (16)
• IKANHAZFIZMA (62)
• ISM-Community (15)
• NIST (78)
• Odds-n-Sods (114)
• Outsourcing (27)
• Public Policy (25)
• Rants (94)
• Risk Management (62)
• Speaking (26)
• Technical (80)
• The Guerilla CISO (77)
• Uncategorized (4)
• What Doesn't Work (76)
• What Works (97)
• Zombies (44)

Blogroll

• Amrit Williams
• Ascension Blog
• BackTrack
• Backwater Angler
• Chateau Blogsville
• Chris Hoff
• Cypher Punk Reading List
• Emergent Chaos
• Gunnar Peterson
• How Is That Assurance Evidence
• InfoSecAlways
• ISM-Community
• ISM-Community Blogs
• ISM-Community Combined Feed
• Jack Whitsitt
• Layer 8
• LOLFED
• Martin McKeay
• My Linux Blog
• NoVa InfoSec Portal
• Rich Smith
• Riskanalys.is
• Rob Newby
• Security Buddha
• Securosis
• Technology Liberation Front
• The New School of Information Security
• The Ninja CISO
• This is Fly
• TSSCI Security

Archives

• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007

Blog under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License

My 2 Obsessions this Week

Posted March 18th, 2008 by rybolov

If you're new here and would like to see more of what I'm saying, you may want to subscribe to my RSS feed (I can even email my blog posts to you when I publish a new one) or have a look at my papers and presentations page for downloads of stuff that you can share or "borrow heavily from". You also might find my guidelines for posting comments interesting, especially if you're a government employee. If you want to see me blog about anything in particular, drop me a private email on how you think I'm completely full of myself, extend me an invitation to speak at your next security meeting/event, or just to ship a huge bag of money in my direction, you can do that through my contact page. Thanks for visiting and happy hacking!

#1:  How does a company/organization convert from doing compliance management to doing true risk management?  I think it’s the difference between being good and being great.  There are a couple of non-IT models that we can look at:  Emergency Room care transitioning into long-term care being a good one.

#2:  Compare and contrast the metrics that are collected as part of the annual FISMA reports with the major initiatives that we have on the table.  They don’t add up.

OK, I think it’s time to go fish this weekend, I’m having dreams about LoB initiatives.  Mini-me says I need to do something non-IT/security/$foo for the 8 hours of the day that I’m NOT working.

Bookmark to:

Hide Sites

Posted in FISMA, Odds-n-Sods, Risk Management, The Guerilla CISO | 3 Comments »

3 Responses

1.  Mini-Me Says:
   March 18th, 2008 at 10:23 am

   About time’

2.  Vlad the Impaler Says:
   March 20th, 2008 at 12:13 pm

   Fishing pole…

3.  halon73 Says:
   April 2nd, 2008 at 12:52 am

   Better late then never… But there is nothing wrong with being passionate about what you do as long as what you do doesn’t become who you are.

   That’s my stab at a Hie-Co. I’ve had to physically unplug and get away to the mountains or get on my bike and just ride.

   But the answer to number one is “Nuke the Planet it’s the only way to be sure”.

Leave a Comment