Sometimes a soul is perfect before birth and God decides it is time

Nathan Green Cupps
Born May 14 2008
Died May 14 2008

Tough Week

Two words FMEA and FTA

Well acronyms really

SCADA Topic - Source

Looks like an interesting conference.

http://www.sourceboston.com/

Write to me if you are interested in going.

An for all of you other bloggers that I haven't been engaging with as well as I should please forgive me and link to either this post or the conference for me.

Evolution

In the next few generations our peripheral vision is going to improve several fold.


Call it the blackberry selection factor.

Year of SoD

From a security perspective

If '00 and '01 were years of the worm;

'02 through '04 the years of SoX, Compliance, and executive oversight

'05 through '07 the years of organized crime and Identity theft

Then

In the Security Realm these will be the years of Segregation of Duty.

Why?

7 Billion Dollars
Wall Street Journal
http://online.wsj.com/article/SB120168827173528415.html?mod=googlenews_wsj
CNN
http://www.cnn.com/2008/WORLD/europe/01/30/french.bank.ap/
Reuters
http://www.reuters.com/article/businessNews/idUSWEB304120080124
Bloomberg
http://www.bloomberg.com/apps/news?pid=20601085&sid=aSy8ZDtkdcow&refer=europe

On the Sub-Prime Side
Guardian
http://www.guardian.co.uk/business/2008/jan/30/subprimecrisis.creditcrunch?gusrc=rss&feed=networkfront
Financial News
http://www.financialnews-us.com/?page=ushome&contentid=2449684760

Information Security has a unique role that it can play in protecting a company from these issues. That role is due to the convergence of information. The information security team is the only location that all of the data exists that can be used to properly control for these types of complex issues.

Addressing them requires the proper combination of ID management, Roles Based Controls, and Analytic Business intelligence. (the latter is the primary reason I championed the Analytic Environment standards over a year ago).

This is an area that Info Security can not only serve as a minimum barrier to prevent downtime or confidentiality loss but can also add legitimate value to the business in the form of information, reports and preventative controls to enable increased trust to the actual people performing the real day to day work without the risk of a massive failure.

On the opposite end SoD control failures are massive and systemic. Not only do they result in dramatic items like the ones mentioned above but also ubiquitous often unintentional losses. From system down time to improperly placed orders or paid claims the incremental small losses exist in every organization.

The real question now is can we position ourselves so that we are ready as these waves break?

GLB

Anyone want to chime in on what their take is on this quote from GLB?

"was, or is reasonably believed to have been, acquired by an unauthorized person"

What is reasonable?

Any case law people can link to?

How about other State Laws.

Oh yea a good table to have if you are a CISO, Director of Security or a Compliance lead. Not sure how up to date it is. But the current was November of '07.

Fatal Meme's

“There is, a thought that stops thought. That is the only thought that ought to be stopped.” - Chesterton

Buckaroo Banzai

They are comming to take me away

Ha ha

He he

ho ho

10 Reasons

Wicked Cool but can you Hack it?

200KW self regulating Mini Reactor with 40 year lifespan

Update:

I want to know if it is a true fission reactor or just a decay based one.

More here don't think it is the same thing though this one looks more like an RTG.

and Here

And here Homeland Security angle

This one talks about the 4S mentioned above

Not a Huff Fan - But write for free anyway

Found this via Instapundit (If you haven't noticed he is a daily read for me).

I am certainly not a Huff fan Pretty much the opposite (I am not a moron Huffington Pseudo Int zombie political hack) but it is hard to criticize the model. After all I write for Google via Blogger for pretty much free.

Almost all of us do.

Hell I don't even write for the hit count fix anymore.

"the market can stay irrational longer than you can stay solvent".

Goes for dodging Security bullets as well.

TNR Beauchamp - NEI ?

I have been following the Beauchamp TNR storry for a while and while it disgusts me I haven't had much to say that many others are not already saying more effectively.

This morning I read this post at that I found via instapundit.

I was quite surprised to see the NEI as one of their advertisers.

I have cross linked with the NEI blog a number of times and am a regular reader of TNR online. Believe me when I say that it is unlikely that ardent readers of TNR are unlikely to support NEI's goals of increasing the acceptance of nuclear power. It seems their advertising budget would be better spent in less hostile venues.

Do I have a fundamental misunderstanding of either of the organizations? Or could this be a case of the Yankee picking algorithm planted adds and equating them with direct advertisement? An understandable mistake but still possibly a mistake. If so we might want to be judicious in approaching the advertisers or laying blame.

Was this in the paper publication or did it only appear on their site?

In any case I agree with the general need to press TNR to stop presenting lies targeting the military.

Gamer Super Computer

This is pretty cool

So here is the Crazy Idea

Cheap Game console

Three parts

Totally wireless (Including Power)

Controlled Main Console but VM's that are standard architecture so you can run Linux (or whatever other OS you want to buy from the "mother site"

Linkable so multiple consoles in the same vicinity or with IP access can share each others computing power.


More Later

Gasp For Breath - Political Success or at least progress

I am still alive. I am not even going to try to say that I will regularly post but I do not plan on abandoning the blog. So what has been happening.

I discovered that some of my previous posts were telegraphing my intentions so I quieted down. It worked. Long story short I followed the advice I recommended in several of my earlier posts with high emphasis on keeping to the truth and more importantly the provable truth. I did my best to keep pretty much everybody out of the muck.

Security By Self Delusion 1 and

Security By Self Delusion 2

Transforming Negligence to Non Compliance - Hat tip to Steve

and the beginning of 12 steps

Will give you an Idea of what was going on.

Mike at Episteme was being polite in his description but we are emerging from the dark.

Many of us have cooperated and the result is that one team's existence has been saved and even enhanced. A new team has been created and pushed up in the organizational hierarchy and I have been lucky (OK I worked pretty hard for it) enough to get a Director position and a heavy role in designing the new organization.

Of course the down side of the good news is that I have been completely buried and unable (and when I had time unwilling) to blog.

In any case I am back at least in part and will try to put up something close to weekly. Perhaps I can describe how we made progress in an intractable environment.


By the way for the Nukes out there there have been some interesting comments on the Brussard post and the Tokamak one. Thanks for the feedback it is encouraging.

Till sometime in the next month

Jim C

Some more Ammo on Layers