tag:blogger.com,1999:blog-27664448.post1119548083746240157..comments2010-06-03T23:09:55.101-04:00Chrishttp://www.blogger.com/profile/17491383655237198139noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-27664448.post-18998653133751175832010-06-03T23:09:55.033-04:002010-06-03T23:09:55.033-04:00Odd. I read the article through and the stuff that is being trumpeted as &quot;breaking new ground&quot;, such as continuous scanning and patch management has been SOP on the .mil side for several years. It took a couple of years to get the kinks ironed out, but there are no longer excuses allowed. You will be disconnected if your system is not kept clean and up to date.<br /><br />On the .gov side I made a very good living for several years going into agencies and cleaning up firewalls, etc, that had been built by GS lifers. I&#39;ve been out of that loop for a bit, so I can&#39;t say whether or not it is any better.<br /><br />Accreditation paperwork is just that. If passing the accreditation requires layered defense, tight firewalls, and ongoing monitoring and management, that is what you will get.<br /><br />It&#39;s getting better, I hope. :)Chrishttp://www.blogger.com/profile/17491383655237198139noreply@blogger.comtag:blogger.com,1999:blog-27664448.post-46252432614291345042010-06-03T09:12:22.332-04:002010-06-03T09:12:22.332-04:00When President Obama was discussing cyberwar with his cabinet,he said that he wanted a mechanism in place so he could shut down the internet at a moments notice, I sat there with my mouth open and then started an uncontrollable fit of laughter. I was stunned that no one in all of the presidents resources told him that wasn&#39;t possible or very difficult at best.<br /><br />I have not been in information security as long as you have , but it seems to me companies are focused on getting their accreditation paperwork passed through rather than providing a layered defense and instituting a best security practices philosophy. I have seen holes in firewalls large enough to drive a semi through or a firewall administrator who got the position because he/she could spell firewall.<br /><br />Cybersecurity is something that needs to be practiced on a daily basis not every 3 years when you need the accreditation to go through. NASA has started to approach security from an angle previously unheard of in government circles.<br /><br />http://fcw.com/articles/2010/05/24/web-nasa-fisma-memo.aspx <br /><br />I like this as I believe it will create a much stronger environment to operate in.Johnhttp://www.blogger.com/profile/11431927767211774004noreply@blogger.com