Innovative Minds - On Point - One Group  

42 Post(s) By: Matt Shepherd

11
Oct
2010

Current State of FISMA Part 3: What Is the Target?

By:

So, I’ve rambled a bit in the past several weeks on the current state of FISMA.  You’d think that somewhere in there I’d stop complaining about things and provide at least some sort of idea about what a FISMA-compliant security program should be.  Well, this post is intended to be my rough sketch of it

Read More

28
Sep
2010

A Follow-up on Quantitative Risk Analysis

By:

The other day Terry wrote a piece on risk assessment, and focused primarily on quantitative assessment.  It brought to mind this piece from earlier this year by Richard Bejtlich at taosecurity.blogspot.com.  In it, Richard rightly points out the flaws in Craig Wright’s formula for risk, but in constructing the piece he also throws out the

Read More

10
Sep
2010

The Current State of FISMA Part 2: The Chasm Between Compliance and . . Everyone Else

By:

  This is really a direct continuation of the last post in this series . .  the second half of a “to be continued” TV show if you will.  I was really going on quite a bit though so I had to break it into two posts.  Why did I highlight the relationship between SANS

Read More

03
Sep
2010

Current State of FISMA Part 1: FISMA-bashing

By:

  When it comes to FISMA we have seen two things: Over the last 8 years the federal government has spent an incomprehensible amount of money on security (whatever that means). People have railed against it as a stupid waste of time and an impediment to real security (again, whatever that means). One of the

Read More

25
Aug
2010

Gmail Account Hacks

By:

It seems that sometime within the last 12 hours there has been a widespread attack against Gmail.  I first noticed an issue last night around midnight when Outlook kept telling me it could not connect to send outbound email.  It popped up the login box twice, and then I went to Gmail to investigate.  By

Read More